Apple to Release iOS 15 iCloud Private Relay as a Public Beta

[RamGuy]

Similar results from me. 1.1.1.1 for DNS works for a while, then all of the sudden, sites can't be found. Change to a different DNS provider and it suddenly starts working.

1.1.1.1/1.0.0.1 is just a public DNS service hosted by Cloudflare. This is act as a encryted proxy solution that has two parts, one on Apple servers that can only see where you are coming from, the second part at Cloudflare that can only see where you are connecting go to. This makes it completely private as all the traffic is being encrypted so third-parties have no clue what you are doing. Apple has no clue about you destination as all they can see as the destination is the next hop in the chain which is the relay server hosted by Cloudflare. And Cloudflare has no clue where you are coming from as this information is being obfuscated by Apple before it's being relayed to Cloudflare.

End result is completely private all the way through the chain for every party that is involved. That's not to say that Apple won't be capable of putting on-device scanning like they do with CSAM. As the scanning is being done on-device it's done before the traffic is being encrypted and heading towards the relay servers. At that point it wouldn't be private as a result of Apple having insight on everything that is going on completely defeating the purpose of how Apple have designed iCloud Private Relay. At that point Apple could simply have a encrypted proxy directly to Apple and not have the two chain loop involving Cloudflare to make it completely private.


When it comes to 1.1.1.1/1.0.0.1, Cloudflare is a great service provider and their public DNS servers are considered to be some of the best in the business. You shouldn't use their iOS app, that one implements a VPN service to catch your DNS traffic which is horrible but the only way Cloudflare can make it happen in a easy way for users on iOS and iPadOS.

You should just grab a iOS/iPadOS/macOS mobile config file:

GitHub - paulmillr/encrypted-dns: DNS over HTTPS config profiles for iOS & macOS

DNS over HTTPS config profiles for iOS & macOS. Contribute to paulmillr/encrypted-dns development by creating an account on GitHub.

github.com

Grab the Cloudflare HTTPS mobileconfig and install it on iOS, iPadOS or macOS and you will have encrypted DNS towards Cloudflare directly. No VPN nonsense or anything going on like it is when using the 1.1.1.1 app from the App Store. Works so much better. If you don't like it, simply remove the profile. It's as simple as that.

It's better to use the HTTPS profile over the TLS profile. Some public and corporate networks might be blocking TCP-853 which is required for DNS over TLS to work. 99,99% of all networks will allow for outbound TCP-443 traffic as that's needed for Internet/webtraffic to work so DNS over HTTPS will work in almost any scenario so it's a safer bet.

 

[RamGuy]

looks like my ISP doesn’t like it. 😓
View attachment 1823481

iCloud Private Relay have had various issue so far. I had the same on my network, any my ISP doesn't filter anything (that isn't allowed in my country, unless you specifically opt-in for your ISP to "protect you") and I have complete control on my home network via my Palo Alto firewall so I know I'm not causing it to fail.

I simply had to turn if off and back on again. I also had to head into Settings --> WiFi --> Hit the "i" on my WiFi --> and make sure that the option for iCloud Private Relay was not disabled for my network.

It has been working ever since. I had to do this back on iOS/iPadOS 15 BETA5 if I remember correctly.

 

[svish]

A good feature. But works only with Safari.

 

[Z3roFlaw]

looks like my ISP doesn’t like it. 😓
View attachment 1823481

Yup, exatly the same with T-Mobile (for me). Pretty useless feature if it doesn't even work with major carriers. Not even sure if I leave it on if it even does anything when on Wifi.

 

[jhollington]

In the way of apology, Apple should immediately remove the CSAM feature, roll out end-to-end encrypted everything on iCloud as soon as is technically feasible, publicly reaffirm that there are no back doors in any Apple system in its latest Platform Security Report, and publicly reaffirm its commitment to privacy as a fundamental human right.

This would be wonderful, but I'm also not naive enough to believe that Apple could ever get away with this without having all of its privacy policies legislated completely out of existence.

People need to pay more attention to what certain U.S. lawmakers have been threatening to do about end-to-end encryption for a few years already. Apple has already been repeatedly accused of creating a "safe haven" for child abusers as a result of its on-device iPhone encryption, and of course its refusal to acquiesce to the FBI's demands to create a backdoor.

From a 2019 MacRumors article:

"You're going to find a way to do this or we're going to go do it for you," said Senator Lindsey Graham. "We're not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion."

However, despite these threats by the U.S. Senate Judiciary Committee two years ago to "impose its will" on Apple, it seems that the comapny has managed to avoid the legislative sledgehammer by at least keeping things on the iCloud side reasonably accessible to search warrants. I have little doubt that if Apple tried to introduce full end-to-end encryption for iCloud Photos and iCloud Backups, we'd very quickly see lawmakers rallying to carry out those threats, with a blanket law prohibiting Apple — and any other tech company — from implementing end-to-end encryption.

I view the CSAM Detection algorithm as a necessary compromise on Apple's part. Right now, it seems lawmakers don't have the political capital or endurance to pull off a full E2EE ban, but rallying everybody behind the banner of "Won't someone think of the children?" would round up public support for such a bill very quickly.

 

[jhollington]

No you didn’t get it. It’s not the children bs, it’s the algorithm spying your files. No one has access to their source code running on devices and server side, basically they are full of bs using children as propaganda for mass surveillance.

This is the sort of comment I don't really understand.... Maybe some folks think they're only waking up now to "what Apple is really all about," but frankly Apple could have been doing this for years and would have been under no obligation to tell anybody about it, and it really still isn't even now.

If you don't trust Apple, then the CSAM Detection is actually the least worrisome thing that Apple has done recently, since it only compares stuff being uploaded to iCloud Photo Library with known images. Even if that "CSAM" database was updated with hashes of politically subversive photos, they'd still have to be images that were catalogued from other sources. CSAM Detection isn't going to find any pictures that you've taken or created yourself — even if they're of the same people or places that may otherwise be in the so-called "CSAM Database."

On the other hand, Apple added the ability to scan and catalog your entire photo library on your device with the release of iOS 10 back in 2016, allowing you to search for anything in your photos from bunny rabbits to firearms. You also can't turn this indexing off, and unlike CSAM Detection, it runs on your local photos whether you have iCloud Photo Library enabled or not. Then there's the VoiceOver AI added in iOS 14 that can describe photos to you based on the content in them — and it's eerily accurate — and of course the "Live Text in Photos" feature coming in iOS 15 that will be able to figure out everything that's written in any photos you take.

If you think Apple is going to be spying on you now, then who is to say that all of those catalogued photos from your iCloud Photo Library weren't already being reported to government and law enforcement agencies for the past five years. That's far more worrisome — IF you think Apple is up to something nefarious or willing to bow to government pressure.

After all, what's more dangerous? A system that only allows scanning of matches from a database of known photos, or an on-device algorithm that could be silently and secretly reporting photos based on the faces and objects found within them?

We've always had no choice but to take Apple's word for these things. If people don't trust Apple, they never should have been using an iPhone in the first place.

Again, for those who think that this is just Apple "showing its true colours," then fair enough, but Apple is either a company that's been spying on its users for years already, or it's a company that's still trustworthy today, and means it when it says that it won't allow its CSAM Detection system to be used for any other purpose.

 

[nger]

We get it. You don't want your phone checked for child abuse images. Now get over it.

We get it. You are a shill.
Now get used to every apple thread and announcement being undermined by people calling out apple’s hypocrisy until they change their direction. Now get over it.

This is the sort of comment I don't really understand.... Maybe some folks think they're only waking up now to "what Apple is really all about," but frankly Apple could have been doing this for years and would have been under no obligation to tell anybody about it, and it really still isn't even now.

If you don't trust Apple, then the CSAM Detection is actually the least worrisome thing that Apple has done recently, since it only compares stuff being uploaded to iCloud Photo Library with known images. Even if that "CSAM" database was updated with hashes of politically subversive photos, they'd still have to be images that were catalogued from other sources. CSAM Detection isn't going to find any pictures that you've taken or created yourself — even if they're of the same people or places that may otherwise be in the so-called "CSAM Database."

On the other hand, Apple added the ability to scan and catalog your entire photo library on your device with the release of iOS 10 back in 2016, allowing you to search for anything in your photos from bunny rabbits to firearms. You also can't turn this indexing off, and unlike CSAM Detection, it runs on your local photos whether you have iCloud Photo Library enabled or not. Then there's the VoiceOver AI added in iOS 14 that can describe photos to you based on the content in them — and it's eerily accurate — and of course the "Live Text in Photos" feature coming in iOS 15 that will be able to figure out everything that's written in any photos you take.

If you think Apple is going to be spying on you now, then who is to say that all of those catalogued photos from your iCloud Photo Library weren't already being reported to government and law enforcement agencies for the past five years. That's far more worrisome — IF you think Apple is up to something nefarious or willing to bow to government pressure.

After all, what's more dangerous? A system that only allows scanning of matches from a database of known photos, or an on-device algorithm that could be silently and secretly reporting photos based on the faces and objects found within them?

We've always had no choice but to take Apple's word for these things. If people don't trust Apple, they never should have been using an iPhone in the first place.

Again, for those who think that this is just Apple "showing its true colours," then fair enough, but Apple is either a company that's been spying on its users for years already, or it's a company that's still trustworthy today, and means it when it says that it won't allow its CSAM Detection system to be used for any other purpose.

it’s already been used for other purposes…. What do u think they are doing in China…

there is a difference between indexing on your local device for local searching and scanning your photos for subversive materials, sending them to apple “for review” and then reporting you to the authorities.

 

[hatchettjack]

I use it along with proton vpn! I feel pretty safe!

 

[matrix07]

I simply had to turn if off and back on again. I also had to head into Settings --> WiFi --> Hit the "i" on my WiFi --> and make sure that the option for iCloud Private Relay was not disabled for my network.

Thank you! This works. Now it's on again.

 

[roosta]

still no two page view option in books for pdfs. I've been asking for this for several years.

the Mac version can do this, why can't iPadsOS?

 

[scvrx]

Not mine. Just sharing it. Someone commenting under CSAM daily r/apple
//////////////////////////////////////////////////////////////////////////////////////////////

The silence of Apple and Tim Cook is deafening.

The strategy is in place. The machine is working.
Thousands of Apple actors are trolling the web masqueraded as a normal people.

You-tubers are ready for promotion and exclusive apple news and rumors.
The cult is ready to buy the next big thing.

Politicians over the world are rubbing their hands with pleasure in anticipation of legal way to push agendas for money and power.
Apple users are beginning to ignore the screeching voices of minority. They ask how to disable this with naive belief that pushing a button in closed source OS will accomplish something. Yep. On a closed source OS made by corporation with proven record of privacy. Privacy by FBI and NSA.

It is all an illusion folks. Overpriced illusion made to feel you safer and entertained.

Thats all you want, that's what you will get.

Shiny toys made by workers safeguarded by suicide nets.
Even when Tim and friends are policing you, telling you what to watch, what is trending, telling you what to think and feel, you are not getting it.

Apple is global monopoly. They openly admit that every government will decide what are those magical hashes. They don't care at all, because they know that you are weaklings. That you are addicted to be part of a successful tribe. You don't have the technical skills to live the ecosystem. There is no option.
It is hard and inconvenient.

Hey Apple, what about reactions of professionals, cryptographers, programmers? They will screech and people will forget about it. iPhone 13 is coming, we have exclusivity from TMSC. Trust us everything will be magical.

Hey Apple, what about Pegasus/NSO hack?
People are dead because of it but this is the reality, we cannot do anything about it.

Hey Apple, what about angry developers?
Apple will give some pennies to shut them up. They will continue to eat themselves.

Hey Apple, what about the anti-trust investigations?
We are willing to cooperate with everybody in successful protection of our brand. We can do magical things with NeuralCash.

Hey Apple, what about Tim Cook shares?
He made Apple super-duper-hyper successful and will get 750 million in shares. Our shareholders are happy and exited about the strategy.

This is our Brave New World.
Soma here, soma there, soma everywhere.
Enjoy your iSpy devices, people. Enjoy your modern privacy.

What happens on your iPhone, stays on Apple servers.
Forever.

E2E encryption, my ass.

 

[Jonas07]

Not mine. Just sharing it. Someone commenting under CSAM daily r/apple
//////////////////////////////////////////////////////////////////////////////////////////////

The silence of Apple and Tim Cook is deafening.

The strategy is in place. The machine is working.
Thousands of Apple actors are trolling the web masqueraded as a normal people.

You-tubers are ready for promotion and exclusive apple news and rumors.
The cult is ready to buy the next big thing.

Politicians over the world are rubbing their hands with pleasure in anticipation of legal way to push agendas for money and power.
Apple users are beginning to ignore the screeching voices of minority. They ask how to disable this with naive belief that pushing a button in closed source OS will accomplish something. Yep. On a closed source OS made by corporation with proven record of privacy. Privacy by FBI and NSA.

It is all an illusion folks. Overpriced illusion made to feel you safer and entertained.

Thats all you want, that's what you will get.

Shiny toys made by workers safeguarded by suicide nets.
Even when Tim and friends are policing you, telling you what to watch, what is trending, telling you what to think and feel, you are not getting it.

Apple is global monopoly. They openly admit that every government will decide what are those magical hashes. They don't care at all, because they know that you are weaklings. That you are addicted to be part of a successful tribe. You don't have the technical skills to live the ecosystem. There is no option.
It is hard and inconvenient.

Hey Apple, what about reactions of professionals, cryptographers, programmers? They will screech and people will forget about it. iPhone 13 is coming, we have exclusivity from TMSC. Trust us everything will be magical.

Hey Apple, what about Pegasus/NSO hack?
People are dead because of it but this is the reality, we cannot do anything about it.

Hey Apple, what about angry developers?
Apple will give some pennies to shut them up. They will continue to eat themselves.

Hey Apple, what about the anti-trust investigations?
We are willing to cooperate with everybody in successful protection of our brand. We can do magical things with NeuralCash.

Hey Apple, what about Tim Cook shares?
He made Apple super-duper-hyper successful and will get 750 million in shares. Our shareholders are happy and exited about the strategy.

This is our Brave New World.
Soma here, soma there, soma everywhere.
Enjoy your iSpy devices, people. Enjoy your modern privacy.

What happens on your iPhone, stays on Apple servers.
Forever.

E2E encryption, my ass.

The sad thing is masses are stupid and they believe Apple and Tim Cook are our saviours.

I mean just the advertising about the Apple Watch saving lives (no doctors included), already brainwashed the simple minds. It’s sad.

 

[nickdalzell1]

The sad thing is masses are stupid and they believe Apple and Tim Cook are our saviours.

I mean just the advertising about the Apple Watch saving lives (no doctors included), already brainwashed the simple minds. It’s sad.

MY Apple watch tried to kill me, both with impossible goals as well as the 'expected' exercise, stand, walk steps goals pretty much ruining my feet--I have a foot injury by following it and trying to earn those medals (which eventually vanish!)

Galaxy Watch has a much better algorithm that doesn't try to kill you. You fail to meet a goal, it dials it back, meanwhile Apple dials it up each week.

 

[jsamuelson]

MY Apple watch tried to kill me, both with impossible goals as well as the 'expected' exercise, stand, walk steps goals pretty much ruining my feet--I have a foot injury by following it and trying to earn those medals (which eventually vanish!)

Galaxy Watch has a much better algorithm that doesn't try to kill you. You fail to meet a goal, it dials it back, meanwhile Apple dials it up each week.

Please tell me you forgot the /s tag...

 

[nickdalzell1]

No, I didn't. It's not sarcasm. There's threads on this forum where people get impossible goals such as 'run 250 miles this month to earn this award' and so on. Apple thinks everyone is an athlete. It obviously doesn't know that everyone is different. I'm a tiny guy. It must have assumed despite what I plugged into it that I'm a beefy 6 footer. If I kept following its advice I'd likely be dead.

Is Apple trying to kill you with your November Challenge?

I figured watchOS 5 would have some new challenges. I wasn't expecting this though. http://flickr.com/suomynona/45666118211

forums.macrumors.com

 

[scvrx]

No, I didn't. It's not sarcasm. There's threads on this forum where people get impossible goals such as 'run 250 miles this month to earn this award' and so on. Apple thinks everyone is an athlete. It obviously doesn't know that everyone is different. I'm a tiny guy. It must have assumed despite what I plugged into it that I'm a beefy 6 footer. If I kept following its advice I'd likely be dead.

Is Apple trying to kill you with your November Challenge?

I figured watchOS 5 would have some new challenges. I wasn't expecting this though. http://flickr.com/suomynona/45666118211

forums.macrumors.com

I don't use smart watches. For me mechanical watch is all I need But aside of this your experience sounds as bad app design. Did they not ask for your physical data in onboarding when you launch it at first? Inclusive design is a big thing in UX. If Apple are not aware this is another example of bad design plague of "To Big to Fail" corporations.

 

[jsamuelson]

No, I didn't. It's not sarcasm. There's threads on this forum where people get impossible goals such as 'run 250 miles this month to earn this award' and so on. Apple thinks everyone is an athlete. It obviously doesn't know that everyone is different. I'm a tiny guy. It must have assumed despite what I plugged into it that I'm a beefy 6 footer. If I kept following its advice I'd likely be dead.

Is Apple trying to kill you with your November Challenge?

I figured watchOS 5 would have some new challenges. I wasn't expecting this though. http://flickr.com/suomynona/45666118211

forums.macrumors.com

Sorry to hear you're hurt, that sucks. But you can't blame the watch for your injury, surely...that's a personal responsibility.

You can adjust the main metrics to suit your lifestyle (stand, move, exercise).

The challenges are entirely optional...and I don't think they are mega customised for each individual. As always Apple are providing something that many people can do most of the time. I suspect the only accurate custom thing is the calorie burn as it will use your personal measurements vs your HR and come out with a reasonably good number. Everything else is just an absolute number, distance, elevation, time, or maybe a multiple of what you have achieved in the past.

I've never seen anything that was flat out impossible for the average person, in fact my complaint would be that some of them are so easy as to be almost worthless, like the latest National Parks Challenge, which neither needed to be done in a park, or was much of a challenge (walk a mile).

Obviously the one where they said to do 7 hours of exercise a day was a bug...!

Now please please don't get me wrong I absolutely understand that for some people walking a mile is an accomplishment, and more power to anyone trying to improve themselves. There are always outliers in the population, on both ends of the spectrum.

I would say that if it is tracked it can be improved, that the delta/trend in things is more important than accuracy, so the health (psychological and physical) benefits that arise from seeing that someone walked a mile today a little bit faster than they did last week is hugely beneficial.

If your watch is recommending challenges beyond your current abilities, and it's not obviously a bug, I would see that as aspirational and maybe that's the whole point?

 

[Jonas07]

Sorry to hear you're hurt, that sucks. But you can't blame the watch for your injury, surely...that's a personal responsibility.

You can adjust the main metrics to suit your lifestyle (stand, move, exercise).

The challenges are entirely optional...and I don't think they are mega customised for each individual. As always Apple are providing something that many people can do most of the time. I suspect the only accurate custom thing is the calorie burn as it will use your personal measurements vs your HR and come out with a reasonably good number. Everything else is just an absolute number, distance, elevation, time, or maybe a multiple of what you have achieved in the past.

I've never seen anything that was flat out impossible for the average person, in fact my complaint would be that some of them are so easy as to be almost worthless, like the latest National Parks Challenge, which neither needed to be done in a park, or was much of a challenge (walk a mile).

Obviously the one where they said to do 7 hours of exercise a day was a bug...!

Now please please don't get me wrong I absolutely understand that for some people walking a mile is an accomplishment, and more power to anyone trying to improve themselves. There are always outliers in the population, on both ends of the spectrum.

I would say that if it is tracked it can be improved, that the delta/trend in things is more important than accuracy, so the health (psychological and physical) benefits that arise from seeing that someone walked a mile today a little bit faster than they did last week is hugely beneficial.

If your watch is recommending challenges beyond your current abilities, and it's not obviously a bug, I would see that as aspirational and maybe that's the whole point?

It’s just a stupid watch ffs why do u feel attacked for his own bad experience wearing it.

 

[Tech198]

Seems good for though to keep the data on device, and don't wanna use VPN's for others to do the same "off-device"

However, wouldn't be better still to think about what we put online in the first place?

 

[jsamuelson]

It’s just a stupid watch ffs why do u feel attacked for his own bad experience wearing it.

I don't feel attacked at all...I'm very happy with life but thanks for asking.

Just suggesting that the watch is a tool for good and that I'm sorry he's injured.

If you don't agree with the points I have made, always happy to discuss, or of course you can feel free to scroll on by!

A+

 

[DeepIn2U]

You do realize when they say these will be features in iOS 15, they don’t mean the first day. They mean, in iOS 15….

Well technically if Apple says these features will be IN iOS 15 and yet their not yet - why bother even calling it iOS 15 then if not IN it? Moreover Apple was NOT clear in stating when or if rhese features WOULD be delayed, so it’s like snake oil not being clear. Apple knows what their doing by doing this.

with so many coders and employees the bulk NOT in retail you get to wonder who’s slacking off or needs better training or more time being productive.
Why couldn’t these features be beta tested right after wwdc launch?

 

[DeepIn2U]

Haven't really seen anyone else talk about this, but is Private Relay supposed to work over cellular or only when on Wifi? Cause the moment I joined the beta and went to turn on private relay, I immediacy got a message about T-Mobile not supporting it...the toggle is still on, so I'm not even sure if it's on and doing anything. I've seen no changes with it on or off.

mom presuming all the data gateways on T-Mobile USA’s network is not allowing Apples Private Relay to work. I suspect Apple will need to work with various telcos globally to get this to work.

note to Apple:
Before announcing any feature invoking internet think beyond home Wi-Fi / internet connections. Work with partners and test with them and internally first before even announcement.

at this rate it maybe in iOS 16 before we all get a full working solution.

 

[nickdalzell1]

Or maybe T-Mobile is in on it as well? I wouldn't be surprised if all the major carriers start suddenly being 'incompatible' with the privacy app or apps. Or worse, blacklist them from app stores. You know, the future looked so bright back in 2010. We had tons of phone variety, sliders, big screens, small screens, phones with folding screens (yes, there was a Sony Xperia folding phone in 2012) and UI design was at its peak. We were on the verge of holographic display tech and then BAM! we not only regressed back to 1980s UI design schemes but worse we are starting to see a real-life 1984 level 'new normal'. I want to go back to 2010 again and just stay there. At least my 2010 Samsung Flight II still works. The future 2020+ isn't as optimistic as I'd had hoped.

EDIT: It was a Kyocera phone not a Sony. It's the Kyocera Echo from 2012. Everyone thinks folding phones are the 'future' but it's just another regression to the past.