EU Mobile Operators Want Apple's iCloud Private Relay Service to Be Outlawed Over Concerns of 'Digital Sovereignty'

[Xtir]

I smell greed once again...

I wonder why apple agreed to have it not available in countries like russia or china?

Also greed? Control? Political? Aid and abed local 'policies' and law ? Doesn't people need their privacy there?

If it's in the businessmodel of apple it seems everything is allowed, if it's in the businessmodel of any other entity not..

 

[macgabe]

It's basically like a simplified version of Tor. You type Macrumors.com into Safari and iOS will encrypt that request into a package and then wrap that encrypted package inside another one which is sent to Apple. Apple then decrypt the outer package and forward the inner package along to the "third party" (I'm not sure who they are). The third party then decrypts the request and actually performs the fetch of the website data.

Then the same process basically happens in reverse with the data sent back to the user being double encrypted and then decoded when it reaches the user's iOS device. So the third party theoretically can't discern who requested the website, Apple can't see any of it, and the user's privacy is retained.

So the third party sees the website but doesn't see who requests it. Apple arguably has a very clear knowledge of the customer (better than local ISPs because now linked to a device by Apple ID) but no knowledge of the website. I guess 3rd party then sends all info to FBI and FBI requests relevant customer info from Apple - nice, data is all in one place, no foreign governments to deal with?

 

[Macintosh TV]

9

I wonder if they will want to outlaw VPNs too?

Let's be honest, they do it simply because Apple can entice many average users to enable it, thus hiding their browsing history from those companies. Those that find VPNs and/or encrypted DNSes on their own are minority and thus not a threat like this.

They'd love to. But businesses aren't going to go along with that and leave their data out there.

 

[now i see it]

Businesses that track you don’t like it when they can no longer track you

 

[mookc1]

Do you know what the difference is ? VPN is used just by a minority, while iDevices are used by millions and millions of people. carriers operators are just afraid of losing control of their data.

They are not afraid of losing control of "their data", they are worried about losing control of "my data".

 

[BootsWalking]

European carriers including Vodafone, Telefonica, Orange, and T-Mobile say that the feature "will impair others to innovate and compete in downstream digital markets and may negatively impact operators' ability to efficiently manage telecommunication networks."

In other words, private relay gets in the way of these carriers' ability to violate the EU's Net Neutrality laws.

 

[Quu]

One of the reasons the carriers want to do this is content caching. When you visit YouTube, Netflix and many other high-data usage websites these carriers have servers in their datacenter provided by these large companies to cache often accessed content.

In the case of Netflix they provide very beefy caching servers that can save petabytes of data from needing to be downloaded from outside of the carriers network. This saves the ISP money due to them having to pay other carriers for peering.

The problem with virtual private networks is the data you're accessing is encrypted and thus cannot be cached at all by the carrier. They are concerned that they've sized their networks with these caches as part of the design. If hundreds of thousands to millions of users suddenly have all their traffic uncacheable it may lead to bandwidth depletion, high latency and congestion.

You all I'm sure saw Netflix's Squid Game. A show that had all episodes released at the same time and was watched by more than 150 million people around the world. Many of those people watching it in 1080p or 4K. Almost all of those people watched it from a local ISP cache. That's how Netflix has their architecture designed, ship servers to ISP's datacenters so only a single copy of Squid Game (for instance) needs to be sent while hundreds of thousands of customers of that ISP can watch it without causing congestion for everybody.

I've laid out the problem. But I do not stand with the ISP's on this one. I feel that user privacy trumps the efficiency of their networks and companies should adapt. Netflix for instance can still do geographic based routing and use their content delivery network in specific regions to deliver content instead of at the ISP level as can Google when people watch YouTube.

There are solutions, they just cost money and are different to the current methods. I feel users shouldn't have to sacrifice privacy so some multi-billion dollar ISP's can get their way. They make enough money as it is, deal with the problem like grown ups instead of trying to abuse the court system to choose what kind of traffic you carry.

 

[mookc1]

And that’s really what Apple sells, and what I am buying these days with their products. Trust.

The second that Apple violates this trust, there will be a 'device revolt'; that will mean a flip phone for me......

 

[steve09090]

It’s an illusion

How is trust an illusion? Privacy maybe, but trust is trust whether its earned or not. But like your Blockchain comment, I think you’re failing to understand what this is about.

 

[Danfango]

I think this is actually the start of a desperate scramble because the EU are starting to push for rights to people's data for "investigative purposes" and this is the front line for the battle. When a conglomerate government comes knocking asking for technical measures to circumvent encryption, the easiest place to enforce compliance is at the carriers who have a history of selling the data already so are easy targets. When that gets pulled away by technical measures upstream they get all antsy about it.

Net neutrality, default strong encryption for all. That's the only society I want to live in. **** anyone who compromises that.

 

[steve09090]

There are solutions, they just cost money and are different to the current methods. I feel users shouldn't have to sacrifice privacy so some multi-billion dollar ISP's can get their way. They make enough money as it is, deal with the problem like grown ups instead of trying to abuse the court system to choose what kind of traffic you carry.

That’s why Apple do things like work on reducing file sizes or greater efficiencies on HEIF AAC, Pro Res etc…

 

[SedellJ]

This is crazy. Is it even legal to outlaw ONE company’s product? That doesn’t seem like it would happen here in America.

 

[idmean]

It's basically like a simplified version of Tor. You type Macrumors.com into Safari and iOS will encrypt that request into a package and then wrap that encrypted package inside another one which is sent to Apple. Apple then decrypt the outer package and forward the inner package along to the "third party" (I'm not sure who they are). The third party then decrypts the request and actually performs the fetch of the website data.

Then the same process basically happens in reverse with the data sent back to the user being double encrypted and then decoded when it reaches the user's iOS device. So the third party theoretically can't discern who requested the website, Apple can't see any of it, and the user's privacy is retained.

In my experience thus far, these 3rd parties have been Akamai and Cloudflare.

 

[ghostface147]

Well iCloud private relay is slow, so I don’t use it.

 

[svish]

Private relay is a very good feature. Looks like Apple will face some trouble in the EU . Network operators might not be able to gather much information with private relay turned on. Might be the reason why they are opposing

 

[BootsWalking]

One of the reasons the carriers want to do this is content caching. When you visit YouTube, Netflix and many other high-data usage websites these carriers have servers in their datacenter provided by these large companies to cache often accessed content.

In the case of Netflix they provide very beefy caching servers that can save petabytes of data from needing to be downloaded from outside of the carriers network. This saves the ISP money due to them having to pay other carriers for peering.

The problem with virtual private networks is the data you're accessing is encrypted and thus cannot be cached at all by the carrier. They are concerned that they've sized their networks with these caches as part of the design. If hundreds of thousands to millions of users suddenly have all their traffic uncacheable it may lead to bandwidth depletion, high latency and congestion.

You all I'm sure saw Netflix's Squid Game. A show that had all episodes released at the same time and was watched by more than 150 million people around the world. Many of those people watching it in 1080p or 4K. Almost all of those people watched it from a local ISP cache. That's how Netflix has their architecture designed, ship servers to ISP's datacenters so only a single copy of Squid Game (for instance) needs to be sent while hundreds of thousands of customers of that ISP can watch it without causing congestion for everybody.

I've laid out the problem. But I do not stand with the ISP's on this one. I feel that user privacy trumps the efficiency of their networks and companies should adapt. Netflix for instance can still do geographic based routing and use their content delivery network in specific regions to deliver content instead of at the ISP level as can Google when people watch YouTube.

There are solutions, they just cost money and are different to the current methods. I feel users shouldn't have to sacrifice privacy so some multi-billion dollar ISP's can get their way. They make enough money as it is, deal with the problem like grown ups instead of trying to abuse the court system to choose what kind of traffic you carry.

I'm no expert on enterprise-level CDNs but I'd have to think the cost of ISP's trying to run their own internal CDNs would be high. Do they really save money after accounting for those costs vs just paying the extra interconnect fees?

 

[Cesar Battistini]

They will lose the money they get selling WEB history to google and Facebook, that is why they are whining

 

[makitango]

One way to get into a dialogue would be to speak out what it really is about. But that of course requires some integrity and character.
No one gets educated from these PR texts.

 

[makitango]

They will lose the money they get selling WEB history to google and Facebook, that is why they are whining

I don't think that's the case, otherwise they would ban public DNS' instead. Most of our HTTP(S) traffic should be encrypted by now.

 

[LV426]

But it's literally just a VPN?

Almost, but not quite.

• It's a Safari-only thing, whereas a typical VPN will cover traffic from your other apps and services
• It's more likely to be blocked by websites, as it is easily identifiable as a proxy server
• Your traffic can't pretend to originate from a different country, unlike that of a VPN

 

[foobarbaz]

I wonder why apple agreed to have it not available in countries like russia or china?

Also greed? Control? Political? Aid and abed local 'policies' and law ? Doesn't people need their privacy there?

If it's in the businessmodel of apple it seems everything is allowed, if it's in the businessmodel of any other entity not..

Are you really asking why Apple "agreed" to follow the law?

 

[Quu]

I'm no expert on enterprise-level CDNs but I'd have to think the cost of ISP's trying to run their own internal CDNs would be high. Do they really save money after accounting for those costs vs just paying the extra interconnect fees?

They do yes. Many mid to large ISP's (think 100,000+ subscribers) will have caching in their DC for YouTube, Netflix, Steam and other services. It has become quite common.

You may remember a few years ago many many ISP's were demanding that Netflix pay for the traffic they generate (Verizon and Comcast were quite vocal). This has mostly mellowed since Netflix provides servers to these ISP's that do all the caching for them.

You can read all about the Netflix initiative here on their website: https://openconnect.netflix.com/

Also I should mention this isn't all about saving bandwidth to save pennies and cents. In a lot of cases the ISP's literally are at their maximum link saturation and to gain more bandwidth they have to spend millions of dollars.

My own ISP in the UK is the largest in our country by subscriber count and yet they only have 2 x 10Gbps links to CloudFlare which is the largest CDN in the world by the volume of websites that use them. This just goes to illustrate the situation.

 

[Stella]

Translate: We can't monetize your internet usage and so relay must be disabled.

THough, I'm sure there's infrastructure reasons too, Quu take above is interesting.

 

[Christoffee]

I wasn't that interest in Private Relay. Now, all of a sudden, I am very interested!

 

[bigboy29]

There are data residency concerns here; especially with business data.

The solution to this is to have Private Relay servers in EU datacenters, and send EU originating requests to EU servers. It is problematic that data would go from EU to US for private relay purposes only, from purely data residency perspective. This is something that every large service has to navigate.

I do think it is a bit rich / questionable what the driving force behind those complaints is for those carriers, but the concern is technically valid IMO and Apple needs to figure it out.