Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
That's correct, sorry for my mistake. But that really is not satisfying for me. How does it make any sense for a company that prides itself in privacy? You already pay premium for the supposedly private devices, but you'll not be protected if you don't need a higher iCloud plan? What kind of logic is that other than that Apple tries to trick you to pay them even more for the thing you were promised to have just by using their devices?
It costs apple quite a bit of money to provide private relay. By definition, they need third parties to process and forward packets, which is an ongoing and continuing expense for them that continues as long as you own and use the device. Apple has to pay for that. That money is going to come from somewhere. If you don’t want it as part of the icloud plan, it will be a separate fee, or they’ll raise the price of the devices.
 
  • Like
Reactions: cyanite
It costs apple quite a bit of money to provide private relay. By definition, they need third parties to process and forward packets, which is an ongoing and continuing expense for them that continues as long as you own and use the device. Apple has to pay for that. That money is going to come from somewhere. If you don’t want it as part of the icloud plan, it will be a separate fee, or they’ll raise the price of the devices.
What I want is a total transparency about how they handle all this privacy stuff. Judging by all their “mistakes” in the past on this front I don’t believe a word they say. If they could provide this I would believe them a bit. But until they do I consider this just a cash cow.
 
  • Like
Reactions: BulkSlash
What I want is a total transparency about how they handle all this privacy stuff. Judging by all their “mistakes” in the past on this front I don’t believe a word they say. If they could provide this I would believe them a bit. But until they do I consider this just a cash cow.

What are you talking about? They’ve been 100% transparent on how private relay, and any network engineer can see what it does. Heck, anyone who knows how to tracert, find out their own ip, use a pi hole, etc. can see how it works.
 
And Apple is using what as a egress proxy? Surely some CDN provider… Amazon CloudFront makes sense. They’re already a AWS customer. That allows to physically keep ingress and egress proxies separate while having access to both. Now combine the information… it’s simple data mining.
Well, as far as I know, Apple said it’s independent third party/parties? handling the 2nd stage proxies. If both first and second stage is under Apple’s control, then what they claim is not true and they expose themselves to lawsuits. I believe Apple is paying for the services of the 2nd stage proxy and in turn monetizing it via iCloud+. They have no control of the 2nd stage proxies.

If Apple really wanted to harvest users data, this is a really stupid way to do it don’t you think? Much easier to do it on device.

Tor on the other hand is using 3 relays independently hosted. Better solution? Maybe. In the above case the egress proxy will surely be under US jurisdiction, which can be very problematic.
Sound similar to Apple Private Relay doesn’t it?

I believe Apple’s Private Relays will have to be distributed across the entire world. Otherwise latencies will be high and the user experience will be terrible. Could even be down to the country level.

AFAIK, most countries requires service providers to log network traffic, to aid in cyber crime investigation. Once anyone goes out into the Internet they leave their digital foot prints and can be traced if there is a strong enough desire. If you want true privacy, I’m afraid the Internet is not for you.

And yes, it’s not a VPN, it’s not supposed to be that. A VPN gives more options and the there’s of course no-log VPNs, which is usually the way to go for.
Not sure what is a no log VPN. Once you use a VPN service, they have the ability to know your Internet habits, because that’s the nature of a network. But if you feel ‘safe’ with the marketing of said service, I guess it give you peace of mind, so go for it.

A VPN service hides your source IP from target services, such as FaceBook or Google, but the VPN service provider have crystal clear views of your Internet access patterns. Food for thoughts?

Looks like Apple’s offering is not for you then.
 
  • Like
Reactions: amartinez1660
This is what soft-power looks like. You don't need to bribe people i.e. Foreign Aid budget, just make it rosier on the other side of the fence.
 
"......designed to encrypt all of the traffic leaving your device so no one can intercept it or read it"

wait a minute... does this mean someone has always been able to read the traffic between my iPhone and iCloud in the last several years? I've been paying extra for iCloud for years and never realized that.
Yes. Yes it does. Plus your data sits on admittedly secure storage platforms spread across multiple data centres that who knows how many people have access too.

Welcome to the cloud.
 
Then there would be no more iphones in russia, and there’d be no private relay in that case anyway?
You’re right; that would likely be the outcome. I was referencing their response to the question of repressive governments telling them to add non-CSAM-related image hashes to the CSAM-hash database: Apple claimed that they would simply refuse to do so. This iCloud Relay situation is just one of several examples of Apple bending to such regimes, so the point of my post was that Apple’s “refusal” statement regarding the CSAM database was insincere or, at best, simple-minded.
 
If Apple proceeds ahead, they are going to be getting forced to scan subject users photos for any/every thing by governments.
That’s speculation and fear mongering. Google has been scanning in the cloud for years. Have they been forced to scan by “every government”?

don’t believe a word they say.
In that case, I don’t think you should use their devices or services. I wouldn’t.

Yes. Yes it does. Plus your data sits on admittedly secure storage platforms spread across multiple data centres that who knows how many people have access too.

Welcome to the cloud.
No. No it doesn’t. Not necessarily. Welcome to encryption is a thing.
 
I'm in the Philippines and it works on 12.0 Beta (21A5506j). Even though Philippines is on the restricted list

According to Apple, "regulatory reasons" prevent the company from launching Private Relay in China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines.
 

Attachments

  • Screen Shot 2021-09-18 at 4.20.55 PM.png
    Screen Shot 2021-09-18 at 4.20.55 PM.png
    998.5 KB · Views: 84
  • Like
Reactions: amartinez1660
You’re right; that would likely be the outcome. I was referencing their response to the question of repressive governments telling them to add non-CSAM-related image hashes to the CSAM-hash database: Apple claimed that they would simply refuse to do so. This iCloud Relay situation is just one of several examples of Apple bending to such regimes, so the point of my post was that Apple’s “refusal” statement regarding the CSAM database was insincere or, at best, simple-minded.

It's probably illegal to have such a service working in Russia. Apple shouldn't introduce feature into a country which are illegal in that country.

Apple's principle of not breaking the law in any markets they operate in and protecting their own employees, should override almost every time any other principle or beliefs they hold as a company.

There is also a difference of degree. Apple not introducing a insignificant illegal feature into a country can't be used as evidence what Apple would do if they were forced to break the integrity of the operating system, security and privacy.

Most companies and people are pragmatic with their principles and weight them against each other.
 
  • Like
Reactions: amartinez1660
My thoughts exactly. Anyway, it is sad to see Apple caving in to Russia, but short of not providing products and services there I doubt there is anything they can do. I guess this highlights that you cannot trust either technologies or companies to protect your privacy - the thing you can do is be careful who you elect to government (if you have a choice).

By caving do you mean breaking the law? Are you advocating for private business to just do what they wish?
 
  • Like
Reactions: amartinez1660
Well, as far as I know, Apple said it’s independent third party/parties? handling the 2nd stage proxies.
They don’t have to handle it, all they need is access to log files. Just because your data is anonymized, doesn’t meant it can’t be connected. I’ve worked on projects in the medical field where it was easily possible to connect fully anonymizes patient information simply based on symptoms and behavior to make connections.
Sound similar to Apple Private Relay doesn’t it?
With the exception of where and how the egress servers are hosted. That opens up another can of worms. I doubt Russia and a few others will be the minority here when it comes to Private Relay. In the end, it will probably be a major US only thing. With international projects, data hosting of any type on US servers is usually a big no-go. So we’ll have to wait and see if Apple is forced to change egress servers by market.
Not sure what is a no log VPN.
As the name suggests, it’s a VPN where absolutely no logs are written. So unless someone is sitting at a monitor, who’s using the VPN can not be said after it actually happened. Sure, while you’re using it, people can tell “who” you are. 2 seconds later, that information is gone. That’s why no log VPNs are so popular for legal (privacy concern) and illegal activities. You pay anonymously, say Bitcoin, can use the service, make a few additional hops around the world and unless someone is actively tracking you, you’re off the hook.
 
  • Like
Reactions: mrex
What are you talking about? They’ve been 100% transparent on how private relay, and any network engineer can see what it does. Heck, anyone who knows how to tracert, find out their own ip, use a pi hole, etc. can see how it works.

I'm confused.... I've been doing something stupid for years on my iPhone. Whenever I get a gift card(Apple, restaurant, Amazon or whatever), I always take a picture with my iPhone. The photos would include the card number and PIN#. I do that because years ago, I lost almost $500 in Best Buy gift cards when I accidentally dropped them in the trash and they ended up somewhere in the landfill.

Does that mean when those photos are transmitted from my iPhone to iCloud's server, people can intercept the photos and see those gift card numbers?
 
Does that mean when those photos are transmitted from my iPhone to iCloud's server, people can intercept the photos and see those gift card numbers?
No, your connection and storage on iCloud server is encrypted. That doesn’t mean it’s 100% safe, nothing is. The usual rules apply. If you don’t trust the type of encryption used here, then your better not shop at Amazon or use gift cards at all, it’s equally safe.
 
  • Like
Reactions: amartinez1660
Not 'ALL' traffice is encrypted, email and imessages for one. Using the private relay nows means everything is encrypted.
False. iMessage is encrypted and it's even end-to-end encrypted in transit. If you upload your iMessages to iCloud however, Apple holds the encryption keys but they do not store it in plain text. To even suggest something like that would mean that Apple sucks at privacy.
 
No, this thing is like a VPN. And VPNs have really excelled with their marketing making people believe that their traffic is unencrypted without them. Fact is, most connections are encrypted anyway via HTTPS. Like when browsing websites, your browser will show you a lock icon on most websites, means that it's encrypted. The vast majority of websites these days do that. Goes for apps too. You don't need to pay extra for any VPN.
Exactly. Pretty much everything is encrypted these days and you are considered a very low quality company if you do not offer default encryption like HTTPS. And yes, VPNs just encrypt everything again and sends it through their servers and can then let you send your traffic from any place in the world where they have servers. VPNs also obfuscate your IP adress so that you are much harder to track. Or rather, they provide an anonymous IP. Nonetheless, you are only as secure as the VPN provider you use. Make sure they are a non-logging, third-party audited and transparent one if you use a VPN.
 
Yes. Yes it does. Plus your data sits on admittedly secure storage platforms spread across multiple data centres that who knows how many people have access too.

Welcome to the cloud.
Not true, it's all encrypted and the master keys to that encryption are kept to very few people and they would have to have very good reason (read: warrant) to decrypt your data.
 
They don’t have to handle it, all they need is access to log files. Just because your data is anonymized, doesn’t meant it can’t be connected. I’ve worked on projects in the medical field where it was easily possible to connect fully anonymizes patient information simply based on symptoms and behavior to make connections.
I would think it’s a lot easier to harvest such details on device if Apple is so desperate for it. I’ll give Apple the benefit of the doubt that they are really pushing this as a privacy feature, like Tor, because it makes for good business.

With the exception of where and how the egress servers are hosted. That opens up another can of worms. I doubt Russia and a few others will be the minority here when it comes to Private Relay. In the end, it will probably be a major US only thing. With international projects, data hosting of any type on US servers is usually a big no-go. So we’ll have to wait and see if Apple is forced to change egress servers by market.
Ingress/egress really only make sense when discussing router/switches. Both first stage and second stage proxies of App,e’s Private Relay have ingress and egress. As I’ve said earlier, the user experience will be bad if the proxies are centrally located, and will run afoul with countries’ laws where Internet traffic cannot leave the country without filters.

As the name suggests, it’s a VPN where absolutely no logs are written. So unless someone is sitting at a monitor, who’s using the VPN can not be said after it actually happened. Sure, while you’re using it, people can tell “who” you are. 2 seconds later, that information is gone. That’s why no log VPNs are so popular for legal (privacy concern) and illegal activities. You pay anonymously, say Bitcoin, can use the service, make a few additional hops around the world and unless someone is actively tracking you, you’re off the hook.
I dunno. You seem dead set on Apple willing to harvest users data, but you believe that no logs are captured by the VPN providers because of what they claimed. What I know is that when law enforcements knocks on the door of these no log VPN providers, I would believe that they will have logs to provide. Besides, like you said, logs can be collected from many sources and ultimately pin-point it back to you with big-data analysis.

Well, I for one am not losing sleep over this.
 


Alongside iOS 15, Apple introduced an iCloud+ service that adds new features to its paid ‌iCloud‌ plans. One of these features is ‌iCloud‌ Private Relay, which is designed to encrypt all of the traffic leaving your device so no one can intercept it or read it.

icloud.jpg

According to Apple, "regulatory reasons" prevent the company from launching Private Relay in China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines.

Apple mentioned these country limitations in June, but it seems that Private Relay will not be available in Russia either, after Apple apparently disabled the feature there over the last day or so.

Based on reports from Twitter users and as reported by iPhones.ru, the feature was previously available to use in Russia via beta versions of iOS 15 and iPadOS 15, but now when they try to enable it, those same users are met with the message "Private Relay is not supported in this region."

Private Relay works by sending web traffic to a server that is maintained by Apple to strip the IP address. Once IP info has been removed, Apple sends the traffic to a second server maintained by a third-party company that assigns a temporary IP address and then sends the traffic to its destination, a process that prevents your IP address, location, and browsing activity from being used to create a profile about you.

Involving an outside party in the relay system is an intentional move that Apple says was designed to prevent anyone, including Apple, from knowing a user's identity and the website the user is visiting.


Why Apple has apparently disabled Private Relay in Russia only recently isn't entirely clear, but the company has bowed to demands from the Russian authorities in the past, so there's good reason to presume this is down to another regulatory issue.

iOS 15, iPadOS 15, watchOS 8, and tvOS 15 will be released on Monday, September 20.

Article Link: Apple Seemingly Adds Russia to List of Countries Where iCloud Private Relay Won't Be Available
In short, private relay will not be available in any country where it’s actually needed. Because it’s nothing more than a gimmick.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.