T-Mobile begins blocking iPhone users from enabling iCloud Private
Relay in the US

Earlier today, a report indicated that some European carriers were
blocking the Private Relay feature introduced by Apple with iOS
15. This feature is designed to give users an additional layer of
privacy by ensuring that no one can view the websites that they visit.

Now, in addition to some carriers in Europe, it appears that
T-Mobile/Sprint in the United States is also blocking iCloud Private
Relay access when connected to cellular data.

https://9to5mac.com/2022/01/10/t-mobile-block-icloud-private-relay/

+_***************************************************************_+
+_ And-the-truth-of-the-matter-is deptartment .... _+
+_ _+
+_ In their insatiable quest for knowledge about every aspect _+
+_ of our online lives, T-Mobile/Sprint are sabotaging _+
+_ any chance Apple users may have had to keep their click _+
+_ list private - or at least limited to Apple's walled _+
+_ garden of Mac Minions. Of course, what they really want is _+
+_ the /CONTENT/ of every interaction with every website, but _+
+_ for their purposes the click list will suffice: this is a _+
+_ part of intelligence gathering known as "Traffic Analysis," _+
+_ which tells the eavesdropper enough to make business _+
+_ decisions such as which vendor of which product or service _+
+_ they can offer "enhanced" access - to the identities of the _+
+_ customers whom are looking at competitors' websites, or _+
+_ seeking help with a serious illness, or finding out which of _+
+_ them wants to read the views of rabble-rousing un-americun _+
+_ opponents in upcoming elections, etc., etc. _+
+_ _+
+_ Ain't no bystanders in this battle, folks: you are what you _+
+_ eat, and the advertising agencies are busy constructing more _+
+_ fairy tales about how you should be glad to swallow more _+
+_ ... ah, "postive images" ... which will convince you that _+
+_ things are fine the way they are and that you should never _+
+_ question your betters^h^h^h^h^h^h leaders. _+
+_ -+
+_ Bill Horne _+ +_***************************************************************_+

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 1/10/2022 3:35 PM, Monty Solomon wrote:

Now, in addition to some carriers in Europe, it appears that
T-Mobile/Sprint in the United States is also blocking iCloud Private
Relay access when connected to cellular data.

Not being an Apple user, I gotta ask, does iCloud Private Relay do
anything that a VPN doesn't? My VPN vendor has an apps for Android and
iOS, as well as most desktop OS and the popular web browsers. This
must be pretty standard, I checked a few of the reputable ones (Nord,
PIA, Express, Mullvad) and they all did. Only issue is, they're not
free and included on the phone.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"Dave Garland" <dave.garland@wizinfo.com> writes:

On 1/10/2022 3:35 PM, Monty Solomon wrote:

Now, in addition to some carriers in Europe, it appears that
T-Mobile/Sprint in the United States is also blocking iCloud Private
Relay access when connected to cellular data.

Not being an Apple user, I gotta ask, does iCloud Private Relay do
anything that a VPN doesn't? My VPN vendor has an apps for Android and
iOS, as well as most desktop OS and the popular web browsers. This
must be pretty standard, I checked a few of the reputable ones (Nord,
PIA, Express, Mullvad) and they all did. Only issue is, they're not
free and included on the phone.

I believe many VPNs don't necessarily force DNS requests all over the
tunnel, and still uses the local DNS resolvers as defined by the
local setup (at least a few VPN services I have used have acted this
way, I can't say definitively what every service does).

Part of the meta data providers suck up is through DNS lookups.
Comcast pretty was hard opposed to DNS over HTTP until they setup
their own DoH servers so they can still collect their meta data. Their
xFi routers have no option to setup your own DNS servers (by some
reports) to be handed out via DHCP to your network (you could always
do this manually yourself, but the percentage of users that do that is
a rounding error).

iCloud Private Relay does tunnel both web traffic and DNS through
Apple's network, and then a 2nd hop through the CDN network.

Also, iCloud Private Relay does rotate exit IP addresses from time to
time, while a VPN service probably will have you come out of the same
exit IP everytime you connect through the endpoint you choose. Of
course, you could always switch up your end VPN endpoints from time to
time to mimic this, but the private relay does it automatically.

So, a few differences.







--
Doug McIntyre
doug@themcintyres.us

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Jan 17, 2022 at 02:39:29PM -0600, Doug McIntyre wrote:

"Dave Garland" <dave.garland@wizinfo.com> writes:

On 1/10/2022 3:35 PM, Monty Solomon wrote:

Now, in addition to some carriers in Europe, it appears that
T-Mobile/Sprint in the United States is also blocking iCloud Private
Relay access when connected to cellular data.

Not being an Apple user, I gotta ask, does iCloud Private Relay do
anything that a VPN doesn't? My VPN vendor has an apps for Android and
iOS, as well as most desktop OS and the popular web browsers. This
must be pretty standard, I checked a few of the reputable ones (Nord,
PIA, Express, Mullvad) and they all did. Only issue is, they're not
free and included on the phone.

I believe many VPNs don't necessarily force DNS requests all over the
tunnel, and still uses the local DNS resolvers as defined by the
local setup (at least a few VPN services I have used have acted this
way, I can't say definitively what every service does).

I'm sorry, but we're missing the point by debating the technical
details. This isn't a problem caused by technical methods or
procedures.

This blocking is due to a squable between two major players in the
mobile Internet sector of the industry: Apple wants it's users to
think that their click lists aren't going to be inspected by cellular
carriers. One of those carriers is fighting back by putting up a
blockade and demanding that Apple share the (immense) wealth that
comes from selling the click lists of iPhone users.

Apple has spent a long time constructing a Potemkin Village, made from
press releases and posturing, where they try to demand that their
users pay attention to the smoke and mirrors, and ignore that man
behind the curtain: the company has been staging Kabuki theatre
episodes that feature sincerly pretty spokesmen claiming that Apple is
standing on principle, and denying local law enforcement this or that
detail from this or that suspect in this or that local crime, but none
of it matters. We could debate - endlessly - the merits or demerits of
any given company's "security" features, but it's shadow boxing: the
NSA vacuums up anything it wants to see, and delivers those printouts
to any government employee or officeholder that asks for them.

The question we need to talk about is *WHY* U.S. citizens don't have
anything but a small fraction of the privacy protectdions European
cellular users enjoy. *THAT* is worth talking about.

Bill

--
Bill Horne
(Please remove QRM from my email address to write to me directly)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 1/18/2022 8:23 AM, Bill Horne wrote:

The question we need to talk about is *WHY* U.S. citizens don't have
anything but a small fraction of the privacy protectdions European
cellular users enjoy. *THAT* is worth talking about.

That's certainly true. But (some of us) who use VPNs also use the DNS
service the VPH provides. Sure, we should get more, I'm working with
what we have now.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)