Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Seemingly Adds Russia to List of Countries Where iCloud Private Relay Won't Be Available
- Thread starter MacRumors
- Start date
- Sort by reaction score
... except for Apple of course... things are becoming quite clear here. They're blocking everyone else from collecting information (which is good), but at the same time they're the ones who can still do it. They finally figured out that in the days of AI and data mining, the data is the most important element.
So... basically the places where you'd want to use this feature are the places you can't.
Correct, and the sooner people realize that and stop moaning and groaning, wringing their hands, castigating, denigrating companies over the issue the better. We are ALL being watched no matter what steps one takes. Your only hope is that you’re in a big enough school of fish that the predators don’t single you out.
Kinda spotlights the concerns we had during the csam debate, ultimately Apple will do what governments tell them to do
It seems to take the location from the device. A VPN does not change the situation. Most probably it would work if I was physically in a supported country.
Don’t tell me that Apple wouldn’t bend the knee to a country’s demand for CSAM tech to expand to whatever “offensive” material they want to detect.
This is unrelated to iCloud storage and has a different focus. No one can read HTTPS traffic in the first place, but with this they can't see what destination you're reaching either.
It is completely unrelated to iCloud storage.
This is incorrect. Apple doesn't see the website either, as it's a two-layer onion-style encryption. Also, all Apple can see, or anyone could see before, is the websites you connect to. Not any data sent, since that will be encrypted with HTTPS.
****! Living in Bangkok with a European Apple ID/Account, I was hoping to use it. What a shame
I think you probably do not understand how Apple's Private Relay works?
Apple only knows the device's users are accessing the Internet (from the device's source IP address), but Apple will not know what the target IP/URL that the device's user is requesting. This makes the information effectively useless for Apple. Unless my understanding is wrong, there's no way Apple can harvest anything useful from the Private Relay servers they are maintaining.
My thoughts exactly. Anyway, it is sad to see Apple caving in to Russia, but short of not providing products and services there I doubt there is anything they can do. I guess this highlights that you cannot trust either technologies or companies to protect your privacy - the thing you can do is be careful who you elect to government (if you have a choice).
Apple, especially under Tim Cook, has always done its marketing riding on a moral high horse. It is a profitable strategy given this generation of hypocritical virtue signaling. But it has never been a privacy or human rights company. Apple is a business is a business is a business, nothing more. Whether that's good or bad is one thing, but it is what it is. Other businesses are the same way, but somewhat less hypocritical and misleading. Nevertheless, this is a double-edged sword. Riding that moral high horse also increasingly creates a burden to live up to the message, and it can backfire when you ride it too hard. When it becomes unprofitable to ride it, I would not be surprised if Apple turn the other way and go full evil, throwing off all pretension. But it's still a long time before that happens.
Last edited:
People, I hope you get it right: this service is unavailable not for Russians or users of Russian version of AppStore or what. It is unavailable in Russia. So if you arrive to Russia, it will stop working for you. If any Russian arrives to other (non restricted) country, PR will be available to them. At least this is how it was written on Apple's screenshots.
apple: "Privacy is a fundamental human right. At Apple, it’s also one of our core values. Your devices are important to so many parts of your life. What you share from those experiences, and who you share it with, should be up to you. We design Apple products to protect your privacy and give you control over your information. It’s not always easy. But that’s the kind of innovation we believe in."
Except when you're living in..
Except when you're living in..
So let's say I request amazon.com (for shopping), that information is encrypted, then sent off to Apple servers, then to a 3rd party server and then the content of amazon.com is returned to me. If my information is encrypted (the URL amazon.com) how to they they requested the content from amazon? Someone has to know I want to visit amazon. Please not I'm not talking about the actual site content here, only the information that I want to visit the amazon site. If everything I sent over to Apple is encrypted and safe, then they can't know what website I want to visit.
^^^ THIS ^^^^
All day.
The only way to avoid this problem is not build in the capability to start with.
If Apple proceeds ahead, they are going to be getting forced to scan subject users photos for any/every thing by governments. They will be turning themselves into an abhorrent wing of local police.
I’ll try to explain as best as I understand it, with simplification of course.
Your device has the 2nd stage proxy’s (i.e. not Apple) public key. When your device request for Amazon, your device encrypts the request with said public key. Part f the request will contain your device’s public key. Your device then sends this encrypted payload to Apple’s first stage proxy.
Apple’s server doesn’t have the private key of the second stage proxy to decrypt the payload, so it remains a secret to Apple. Apple scrubs your device IP and replaces with its own IP and sends your device’s request to the 2nd stage server. You can think of Apple’s 1st stage proxy as your home’s IPv4 broadband router, as they essentially uses the same technique to NAT internal IP to external IP.
The 2nd stage proxy servers only know that the request comes Apple, but it has the private key to decrypt your device’s request to Amazon, and sends it off to Amazon. When the results returns, it uses your device’s public key to encrypt the results and sends it back to Apple.
Now, Apple doesn’t have your device’s private key, so cannot decrypt the results. It can only send it back to your device.
So, in short, Apple knows your device is requesting for something but doesn’t know what.
The third party knows someone is requesting for Amazon but don’t know exactly who. It only knows it’s from Apple.
And no, this is not a VPN implementation. A VPN server knows and must know your source and destination, or it can’t work its magic.
Last edited:
That's correct, sorry for my mistake. But that really is not satisfying for me. How does it make any sense for a company that prides itself in privacy? You already pay premium for the supposedly private devices, but you'll not be protected if you don't need a higher iCloud plan? What kind of logic is that other than that Apple tries to trick you to pay them even more for the thing you were promised to have just by using their devices?
And Apple is using what as a egress proxy? Surely some CDN provider… Amazon CloudFront makes sense. They’re already a AWS customer. That allows to physically keep ingress and egress proxies separate while having access to both. Now combine the information… it’s simple data mining.
Tor on the other hand is using 3 relays independently hosted. Better solution? Maybe. In the above case the egress proxy will surely be under US jurisdiction, which can be very problematic.
And yes, it’s not a VPN, it’s not supposed to be that. A VPN gives more options and the there’s of course no-log VPNs, which is usually the way to go for.