[HN Gopher] T-Mobile begins blocking iPhone users from enabling ...
___________________________________________________________________
T-Mobile begins blocking iPhone users from enabling iCloud Private
Relay in US
Author : monocularvision
Score : 406 points
Date : 2022-01-10 19:13 UTC (3 hours ago)
(HTM) web link (9to5mac.com)
(TXT) w3m dump (9to5mac.com)
| baby-yoda wrote:
| how long til ATT/Verizon do the same? is there any refuge, like
| Twilio?
|
| alternatively, what would it take to roll your own/DIY private
| relay?
|
| 2 DO droplets, droplet0 runs OpenVPN or something, then private
| networked to droplet1 which requests are proxied through, and
| droplet1 recycles IP/region on some scheduled interval?
| boringg wrote:
| I think what is also interesting about this article is that EU,
| long the privacy stalwart, were the original ISPs to block
| private relay. Seems counter intuitive to me.
| gostsamo wrote:
| I saw some newstitles that EU carriers want to block it, but I
| haven't seen them doing it nowhere. Do you have link?
| dathinab wrote:
| > doing it nowhere
|
| Reading the article and it's predecessor it seems they are
| mainly doing it on cheap contracts in the UK??
|
| Which would not be in the EU.
|
| I'm not sure if it's even legal to do so in the EU, tbh. it
| might be against the net neutrality rules in the EU (though
| they have loop holes, so not sure).
| boringg wrote:
| In the article: "Now, in addition to some carriers in Europe,
| it appears that T-Mobile/Sprint in the United States is also
| blocking iCloud Private Relay access when connected to
| cellular data."
| dathinab wrote:
| Though as far as I understood the European carriers voiced
| complains but did not act, thought UK carriers did (which
| isn't EU anymore).
|
| Tbh. the article is just not very well written, I also
| first thought the article implied that T-Mobile US is an EU
| carrier operating in the US (it isn't, it's an US carrier
| owned to around 43% by an EU carrier, with which it shares
| a bunch of thinks, like trademarks).
| astrange wrote:
| EU regulations aren't necessarily designed for privacy, they're
| designed to troll US tech companies. Covering the screen in
| cookie dialog boxes didn't accomplish much.
|
| One of the upcoming ones seems to just ban Kickstarter.
| dathinab wrote:
| not really,
|
| especially the mentioned banners affects US and EU companies
| alike (or at least did until the US decided to claim rights
| on EU citizens data through the Cloud act...).
|
| Wrt. to the cookie banner it you mean the one coming from
| GDPR then the problem is missing enforcement. It must be as
| easy to opt in as to opt out this means:
|
| - two clicks to opt out one for opt in => illegal
|
| - dark patterns which makes it easier to accidentally opt in
| => illegal
|
| - spamming people which don't agree to being spied on with
| "dialog boxes" => illegal (GDPR allows some forms purely
| functional data storage without consent, for example a
| non-3rd party cookie to remember that the user is opted out
| _which is not used for tracking_ is legal without asking for
| consent, hence there is a technical easy and legal way to not
| spam people with dialog boxes, hence making it harder for
| people to opt out by repeating forcing them to redo the
| action is illegal). Naturally doesn't apply if you clear
| cookies.
| stephbu wrote:
| > "vital network data and metadata and could impact "operator's
| ability to efficiently manage telecommunication networks."
|
| Complete bunk - Their (TMobile et.al) "value add services" are
| nowt more than network content provider toll-gates that the
| proxies bypass. Meanwhile they are also selling every bit of user
| context data (position, DNS/sites, cookies where unencryptable,
| phone-id's etc) that they can scrape individually and in
| aggregate to any and every advertiser. Context is worth serious
| money to advertisers.
| jeroenhd wrote:
| If carriers could be trusted (and they clearly can't), I'd
| actually agree with some of their technical requirements.
| Netflix's edge boxes work well to keep them from wasting
| peering capacity on video streams, and dedicated Youtube and
| Twitch uplinks would save the general-purpose peering links
| from a lot of unnecessary load. Unmasked routing would help
| ISPs route their traffic more efficiently and cheaper.
| Latencies would be lower, and rush hour throughput speeds could
| be higher. It might even be a small win for the environment to
| send all of your traffic back and forth between data centers.
|
| Sadly, many (American) ISPs are abusing their position to
| gather and sell personal information from their subscribers.
| They wasted their "ability to efficiently manage
| telecommunication networks" the moment they started selling
| data. They've become adversaries rather than partners because
| they thought they could have their cake and eat it too. It's
| sad, really, because with cooperation, everyone would actually
| be better off with proper network management!
| JohnTHaller wrote:
| I'd wager this is the prevent folks from streaming over 480p on
| the standard 'unlimited' plan, prevent unauthorized hotspot use,
| prevent hiding DNS for data harvesting, and a few other things.
| What would make more sense is simply to charge this at hotspot
| rates, since they can't determine if you're using more phone and
| low-res streaming bandwidth than your plan permits.
| withinboredom wrote:
| This is probably a good thing. When Private relay breaks (such as
| on my network at my house and some public wifi networks at a
| popular grocery chain), there's literally no indication that
| private relay is broken. Instead, friends tell me my wifi is
| broken or suddenly I can't use my grocery store's app to scan my
| products.
|
| When your product causes your customers to call someone else and
| complain, don't be surprised if that "someone else" disabled
| access to your product.
| jeffybefffy519 wrote:
| Your iPhone immediately throws up a notification saying
| "private relay unavailable".
| astrange wrote:
| Private relay doesn't apply to apps, only Safari. (though the
| app could use a web sheet)
| ssully wrote:
| I've had Private Relay stop working for me once and I was
| served a push notification indicating that it wasn't working.
| kylehotchkiss wrote:
| I wish there were better visual indications within Safari
| regarding whether it's on or off. Especially when connecting to
| a new wifi network with a portal, which almost always break it.
| Private relay only works within Safari though, why would it
| affect your grocery store app?
| dathinab wrote:
| Do I see it correctly that this is basically a direct consequence
| of not getting proper net neutrality rules?
| throwaway123x2 wrote:
| This is not very uncarrier, is it?
|
| Or did they do away with that branding?
| kup0 wrote:
| I expect it to be all downhill since the Sprint merger
| luke2m wrote:
| I no longer have an iPhone, but can anyone confirm that T mobile
| blocks cydia repos on Cellular?
| ROTMetro wrote:
| vmception wrote:
| Does this run counter to current net neutrality regulations? Or
| is this unrelated.
|
| Are there other legal remedies for either the subscriber or from
| Apple to the ISPs?
| daenney wrote:
| I would suspect it's fine. Disabling this feature is a built-in
| ability of iOS. It doesn't depend on ISPs treating the traffic
| differently.
| thehappypm wrote:
| Net neutrality doesn't even apply to mobile networks.
| vmception wrote:
| okay, should it? because we can make that happen if enough of
| us agree
| mcherm wrote:
| Nope - this doesn't violate net neutrality regulations in the
| US... because there aren't any!
|
| This article:
|
| https://www.eff.org/deeplinks/2021/12/where-net-neutrality-t...
|
| talks about how many are hoping that in the near future we will
| establish some net neutrality regulations, but for now there
| really isn't anything (at the federal level. Some states have
| tried).
| vmception wrote:
| So this would not be legal to block in California?
| ChuckMcM wrote:
| Slowly pushing the data wars into the public field of view. Kudos
| to Apple for pushing so hard on this front. Now to put some
| pressure on the FCC to have some rule making done about
| disallowing telecom interference in the data packets.
| tomjakubowski wrote:
| Weird. I'm a T-Mobile customer, and I just switched to cellular
| data and was able to enable Private Relay without any issue.
| whatismyip.com says my ISP is Akamai. Possible T-Mobile are still
| rolling the block out?
| gjsman-1000 wrote:
| I would think Apple has some leverage to force it if they really
| wanted.
|
| If Apple really wanted to force the issue, they could tell
| T-Mobile no more iPhone contracts unless you do it. Apple can
| survive and thrive on fewer networks - the iPhone was AT&T
| exclusive for a long time at the beginning.
|
| If that happened, there would be no way for T-Mobile to get a
| supply of iPhones. People would need to buy iPhones from Apple
| and then replace the SIM cards themselves. It would make T-Mobile
| bend pretty quickly unless they managed to get Verizon and AT&T
| to join them on the issue.
|
| But then Apple has a second card to play, and that's the court of
| public opinion. If Apple wanted to make a public ad lambasting
| the carriers for undermining people's privacy, the damage would
| also force them to bend.
|
| Finally, of course, there's the fact that carriers need Apple
| just as much as Apple needs carriers. However, between the
| carriers and Apple, who has $200 billion in the bank to do things
| themselves if they wanted?
|
| Edit: Heck, T-Mobile has a market value of $130 billion. AT&T has
| a market cap of $188B, and Verizon $223 billion. If Verizon and
| AT&T joined T-Mobile in protest, Apple could theoretically
| attempt (or at least threaten) a hostile takeover of any of them.
| That would cause a lot of discussion among the carriers and send
| a strong message very quickly.
| nimbius wrote:
| if i had to hypothesize why T-Mobile are doing this, its
| streaming media.
|
| TMobile has numerous pay-for-play access contracts in place for
| companies like netflix and hulu. in return they get a QoS tier
| and guaranteed minimums for their subscribers.
|
| conversely, as others have mentioned and the article itself,
| private relay is absolutely haram. it damages tmobiles ability
| to deliver edge content from their contractually obligated
| players like netflix (without a region netflix quality might
| suffer) and it completely sidesteps all of TMobiles lucrative
| user plans that include access to streaming media as a feature
| relative to the users data cap.
|
| increasingly private "anything" on a cellphone is becoming a
| hostile proposition for carriers as their revenue is largely
| based on predatory surveillance capitalism. without metrics and
| metadata, theyre no different than the water company.
| tssva wrote:
| So you want them act as monopolists which is something HN
| usually is very much against. Also the threat of trying to buy
| a carrier out is a completely empty one and the carriers would
| all know it. There is no way it would pass regulatory or court
| review for the market leader in cell phone sales to own a major
| carrier.
| jkaplowitz wrote:
| I agree with you that they probably wouldn't be allowed to
| buy a major US carrier. But they aren't a monopolist or the
| global market leader in cell phone sales. Even in the US
| where they are indeed the market leader, their percentage of
| sales hovers around half, well below monopoly levels.
| ralph84 wrote:
| I wouldn't be so certain of that. Antitrust review of mergers
| is mainly concerned with whether the merger will reduce
| competition in a market. Since Apple doesn't currently
| operate a mobile network and none of the carriers currently
| manufacture phones, it would be hard to argue a merger would
| lessen competition.
|
| Now whether Apple shareholders want Apple operating a mobile
| network is a completely different question.
| reaperducer wrote:
| _If Apple really wanted to force the issue, they could tell
| T-Mobile no more iPhone contracts unless you do it. Apple can
| survive and thrive on fewer networks - the iPhone was AT &T
| exclusive for a long time at the beginning._
|
| Or the other cellular networks could start running ads touting
| that they let iPhone users use _all_ of the iPhone features.
|
| "Does your cell phone company hold you back? With Cincinnati
| Bell, you can do things with your iPhone that T-Mobile won't
| let you."
|
| Apple could even help pay for the ads. It's not like companies
| with aligned interests don't do ad cost-sharing all the time
| anyway.
| numbsafari wrote:
| > Apple could theoretically attempt (or at least threaten) a
| hostile takeover of any of them.
|
| If I were any of the carriers, I wouldn't worry about this in
| the slightest.
|
| Apple attempting to gain ownership of a mobile carrier in order
| to impose it's will on the market would be met with incredibly
| harsh regulatory scrutiny.
|
| Beyond that, there's a strategic reason Apple hasn't launched
| their own mobile offering. The minute Apple owns a particular
| mobile carrier, they would be pretty well cut off from the
| other mobile carriers, or they would have to negotiate deals
| that would probably be argued to be collusive trade practices.
|
| The real solution is that the United States needs real data
| security and privacy laws that prevent network operators from
| reselling your usage history, location tracking, and other
| personal details. It's a national security issue at this point.
| CerealFounder wrote:
| There is no chance Apple would be allowed to buy or run a
| mobile network. The monopoly dogs would be at the door before
| the email went out.
| lp0_on_fire wrote:
| The vertical integration of Amazon in the past 10 years or so
| makes me think those monopoly dogs can't hunt.
| pdimitar wrote:
| While I agree with your comment almost fully, I think it's a
| bit too early to judge Apple. They probably found out just a
| few days earlier than we did and are still weighing their
| options.
| hyperbovine wrote:
| > Heck, T-Mobile has a market value of $130 billion. AT&T has a
| market cap of $188B, and Verizon $223 billion. If Verizon and
| AT&T joined T-Mobile in protest, Apple could theoretically
| attempt (or at least threaten) a hostile takeover of any of
| them.
|
| OTOH, one way to become the most valuable company in history is
| to not go pulling stunts like that. Nothing the street loves
| more than predictability.
| gjsman-1000 wrote:
| Of course, the odds of this are extremely small. It's just
| more to show that Apple has more leverage than the carriers
| in this situation.
|
| Edit: Another, "smarter" tactic that Apple might use is by
| sending messages to the Board of Directors. If Apple can get
| the Board of Directors on their side (or at least convince
| them that management is fighting a war they can't win)...
| another way to freak out execs at the carriers.
| [deleted]
| smoldesu wrote:
| The odds of any American company could start scooping up
| cell carriers without reproach is not just "small", but
| more along the lines of "complete impossibility". The SEC
| already gives Apple the stink-eye for gobbling up C-lister
| startup companies; if they tried acquiring anyone in the
| S&P 500, every trade commission in the world would be on
| them within seconds.
|
| I also think it's silly to equate a company's power to the
| amount of money they have (at least in the first world) but
| your hypothetical does raise an interesting question: who's
| deeper in bed with the State, Big Telecom or FAANG? All of
| them answer to the government, even T-Mobile; but who's got
| the most favor? Understanding the heinous stuff the
| American government got away with when they had telecom
| under their thumb doesn't set a very optimistic baseline of
| expectations. It might even lead certain people to believe
| (surprise surprise) that Apple's dedication to privacy
| doesn't really mean much when there's money on the line.
| Arguing about how "Apple is better because they have more
| capital resources" has about as much pragmatic value as a
| child's crayon drawing.
|
| Unless Apple has one-upped Room 641A, I think you're
| describing a power fantasy.
| andrewxdiamond wrote:
| > If Apple wanted to make a public ad lambasting the carriers
| for undermining people's privacy, the damage would also force
| them to bend.
|
| That ad would be candy to the Apple PR team trying to push the
| "Apple is secure and respects your privacy" campaign. I bet
| we'll see Apple use the court of public opinion here, and win
| with it.
| SloopJon wrote:
| I'm trying to think of a case in which Apple has used public
| opinion in this way. The closest I can come up with is Adobe
| Flash, but Apple was the one blocking a product on its
| platform then.
| smoldesu wrote:
| If Apple escalates this into a dirt-flinging war, I don't
| think any domestic carriers would take offense at reminding
| the public that Apple is the only one among them that still
| does business with China. But neither one will escalate
| things, because both Apple and every US cell carrier have so
| many skeletons in their closet that trying to call one
| another out wouldn't just be hypocritical, it would be
| mutually assured destruction.
| gjsman-1000 wrote:
| Nah - that wouldn't work. Apple would just point out that
| they use networking gear made in China. Brilliant.
| smoldesu wrote:
| My point is that carriers and manufacturers have so much
| dirt on each other that trying to escalate things would
| just hurt them both. The reason why Apple (and mobile
| carriers, for that matter) don't take swings at each
| other is because they both need the other to look as
| pristine as possible to sell units. They have a mutual
| interest in looking good together, and neither Apple nor
| the carriers have any vested interest in breaking that
| relationship.
| thebradbain wrote:
| I don't think the American public would particularly care
| - and some would probably even support - that Apple does
| business with China. If that's the best the carriers can
| throw at Apple, versus Apple cutting them off from the
| single device doing the heaviest lifting to keep them
| relevant, then yikes.
| smoldesu wrote:
| Oh, that's certainly not _the worst_ they 'd grab for,
| but more of an example where they can call their bluff.
| Cell carriers and hardware manufacturers alike get bent
| over backwards for compliance in the United States,
| trying to assert that you're "the private one" is just
| going to get you called on every other front. It's not
| even a question that these companies do shady things, the
| real question is more about the lengths they'd go to
| diminish their competition.
|
| Again though, rupturing this conversation is mutually
| assured destruction. The reason why Apple won't call
| T-Mobile's bluff is because it's better for them to look
| like a symbiotic company than an adversarial one, and
| T-Mobile can get away with this because data protection
| in the US is a moot-point anyways. It's about as
| unremarkable as news gets.
|
| Hell, Apple was even nice enough to give T-Mobile a
| special error message when you try to use Private Relay:
|
| > "Your cellular plan doesn't support iCloud Private
| Relay. With Private Relay turned off, this network can
| monitor your internet activity, and your IP address is
| not hidden from known trackers or websites."
|
| I wouldn't call it security theater if I couldn't see the
| curtains on the left and right.
| sebzim4500 wrote:
| I don't think that would be effective, everyone already
| knows that Apple builds their phones in China, it says on
| the back. The fact that your cell carrier wants so badly to
| spy on you that they are willing to go to go to bat with
| Apple will, however, surprise some people.
| 015a wrote:
| Right, but I think there's some incorrect conclusions being
| drawn.
|
| The article asserts that an error in the settings menu appears:
| "Your cellular plan doesn't support iCloud Private Relay. With
| Private Relay turned off, this network can monitor your
| internet activity, and your IP address is not hidden from known
| trackers or websites."
|
| This doesn't appear to just be a situation where T-Mobile
| started blocking it at the network level; it appears to be one
| where Apple submitted.
|
| While there's a lot of theories in this comment about how Apple
| will respond; I don't see that happening (in a public way, of
| course). Apple's leadership in 2022 doesn't have the same
| convictions their leadership has had in the past. They're
| capable of being a positive force for change, in fair weather;
| but when the weather gets rough, or when forces assert power
| over their expression of values, they fold.
| r-w wrote:
| What, so now displaying an error message means you're
| responsible for the error? See some of the other threads
| about why Apple might not like playing dirty to go behind
| T-Mobile's back--each one needs the other for its good
| reputation.
| 015a wrote:
| Its reasonable to assert that they wrote the error, and
| they phrased the error message intentionally, in a way
| which clearly says that they expected carriers to block the
| service. The settings app is owned by Apple; not T-Mobile;
| T-Mobile would certainly NEVER admit so plainly that they
| monitor network activity (even though they do).
|
| Alternate phrasing which betrays different expectations:
| "We could not connect to the iCloud Private Relay servers.
| This may indicate an issue with your network provider, blah
| blah blah."
|
| No VPNs is mostly standard-operating-procedure in, say,
| China. That being said: I'd assume that feature, let alone
| the settings page to configure it, is hidden in versions of
| the software distributed in countries like that. This error
| message is likely for countries where the service is
| available; just not on your carrier.
|
| But putting that aside and even considering their stance of
| submission to the CCP; they betray every spoken value their
| American executives verbalize. _That_ is standard operating
| procedure for 2022 Apple, and most other gigacorporations.
| That is the lens that every statement Tim makes, every word
| spoken at their keynotes, needs to be viewed through; that
| they 're willing to invest their infinite money in whatever
| projects they believe aligns with their values, but they're
| wholly unwilling to stand up for those values when those
| projects are battle-tested in even such an absolutely
| inconsequential way as this.
|
| Of course, they can prove me wrong by standing up to
| T-Mobile and using them as an example. I mean my god, you
| couldn't ask for a better example to make, T-Mobile/Sprint
| is a fourth-rate bargain bin cellular carrier, we're not
| talking about a nation state; this is a toddler mad at his
| parents because they won't let him eat candy for dinner. If
| they can't even resolve that, what hope do any of their
| values have?
| smoldesu wrote:
| Apple was the one who wrote that text out and put it in
| your iPhone. You can choose to interpret that any way you
| choose, but it's pretty clear that Apple either _really_
| loves and trusts T-Mobile or (more likely) their "Privacy
| is a Human Right" bit rides shotgun to their moneymaking
| shtick.
| hffftz wrote:
| > People would need to buy iPhones from Apple and then replace
| the SIM cards themselves.
|
| Changing sims is VERY easy, but a sim that doesn't match an
| approved phone is also easy to block?
| kongolongo wrote:
| >the iPhone was AT&T exclusive for a long time at the
| beginning.
|
| I think that was a very different time though. Smartphones were
| just becoming popular. A lot of other upcoming smartphones also
| had carrier exclusives at that time (Verizon with the Droid
| line). I don't know if that would be acceptable in today's
| world.
|
| A joint move like that by the carriers would be subject to a
| lot of antitrust scrutiny, where as apple can move on it's own
| with a lot less scrutiny.
| bogomipz wrote:
| >"There's likely not much that Apple can do here, but it
| underscores another limitation of Private Relay as a feature as
| well as the power that carriers hold."
|
| Doesn't Apple have a lot that can do there? Wouldn't there be TOS
| set by Apple that would cover interfering with functionality? I
| would hope apple would flex some muscle here as this would
| otherwise set a new dismal precedent where features were only
| available on a carrier by carrier basis. At one time T-Mobile
| seemed to try to cultivate a pro-customer perception. I guess
| those days are long over?
| nerdjon wrote:
| I really hope this doesn't catch on, but I am concerned that
| settings has a message for this instead of it just mysteriously
| being not working. Makes me wonder if there is an official way
| carriers can block this?
|
| I know at home since I have pihole setup I got an alert that
| private relay can't work on my home network.
| Shank wrote:
| If you block the domains that private relay uses, it won't
| work. Those are `mask.icloud.com` and `mask-h2.icloud.com`.
| Then it'll display a message informing you that it doesn't
| work. I imagine the carrier restriction just shows up in the
| carrier panel because there isn't a way to access the Internet
| on cellular via private relay if it's disabled.
|
| [0]: https://developer.apple.com/support/prepare-your-network-
| for...
| nerdjon wrote:
| I guess thinking about it more, it would be fairly simple to
| say something like "if consistently can't setup private
| relay" and "on cellular" display this message.
|
| For a moment I was thinking it would only trigger with
| something specific from the carrier, but I see little reason
| apple would actually work with them on this. They are not
| really in the business of making the carriers happy.
|
| Edit: someone else pointed out it is actually a feature that
| the carriers can do. that... is disappointing.
| woodruffw wrote:
| From Apple's developer docs for Private Relay: they're probably
| displaying that message if either of the well-known endpoints
| returns NXDOMAIN[1].
|
| They explicitly identify school and enterprise networks as
| legitimate cases where Private Relay needs to be blocked, so
| that's probably how carriers are doing it as well.
|
| [1]: https://developer.apple.com/support/prepare-your-network-
| for...
| josephcsible wrote:
| > They explicitly identify school and enterprise networks as
| legitimate cases where Private Relay needs to be blocked
|
| Why are these legitimate? Censorship is wrong even when
| schools do it.
| woodruffw wrote:
| "Legitimate" in the sense of "pre-existing policies," not
| "I personally believe this is morally acceptable."
| [deleted]
| rcarmo wrote:
| Like I pointed out in the sister thread about EU telcos:
|
| https://news.ycombinator.com/item?id=29875805
|
| Phone carriers do not want to be a dumb pipe - and having Private
| Relay go through their networks breaks:
|
| - HTTP header enrichment (which they use for self-care/customer
| sites/services),
|
| - zero rating (which they set up deals for with social networks,
| music streaming services, etc., often applying specific QoS tags)
| and
|
| - all sorts of value added services (many using deep packet
| inspection and DNS analytics) that they offer instead of raw,
| unfettered connectivity.
|
| I don't think many people are aware of exactly how much data
| telcos are sitting on, anonymized or not.
|
| And, of course, it also plays havoc with legal interception
| because there is no easy way to do MITM.
|
| (edit: readability)
| jeroenhd wrote:
| Is this really about EU telcos, though? In the European article
| I mostly see messages about this from UK telcos, which are
| European but no EU anymore. I've heard that UK net neutrality
| law is kind of a joke, and now that they're outside of EU
| control the UK can do whatever the hell it wants, and I fear
| for UK citizens that the mostly consumer-focused EU ideals
| aren't shared by the current UK leadership.
|
| Plenty of telcos want to force competitors out of the market
| with zero rating and triple play subscriptions, but I don't
| think any of them have made any moves against net neutrality
| this bad. A few years ago I've seen carriers doing HTTP
| introspection to force images through their compression proxies
| (usually budget ISPs who want to stop people from actually
| using up their data plan so they can make a profit) but that
| seems to have stopped completely now.
|
| As for legal interception, this doesn't make any difference.
| When law enforcement finds that the suspects are communicating
| over Apple's network, they'll just knock on Apple's door with a
| warrant and demand a wire tap from their network. That's how
| legal interception of "privacy protection" VPN providers works,
| and Apple isn't even trying to ship traffic outside national
| borders, just to the closest data center.
| lstamour wrote:
| I doubt long term that it causes much havoc with three letter
| agencies. If anything, it simplifies it a small bit because now
| they can look at the records of only two intermediaries, Apple
| and the CDNs they use. That said, why go to the trouble?
| Depending on how it's configured, Apple would already likely be
| tracking your browser history in iCloud, backups, etc. Plus
| websites that track user activity (e.g. have logins) can be
| asked directly for data.
| jyrkesh wrote:
| Shouldn't those all be true of ISPs too, though? Why are telcos
| different? Is it just because they need stricter QoS because of
| airwaves vs. cables? Do you think that argument still holds
| water in a post-5G-saturated world?
| nathanyz wrote:
| Exactly, carriers really don't want anything that helps push
| net neutrality in any real way. They don't want to be
| commoditized to where it's just pipe for Internet data to
| transmit through as you mentioned.
| Spooky23 wrote:
| MITM is pretty moot right now with TLS everywhere. Apple is
| taking this stand because it's inline with their business.
|
| Zero-rating is really bad for Apple. And by making themselves
| the virtual network layer, they have the ability to roll out
| their own last mile networks later.
| r-w wrote:
| To be fair, you could make the same argument that TLS is moot
| because everything at the other layers (routing, application,
| and even hardware) is extremely vulnerable to attack. MITM is
| still a very real thing.
|
| If anything makes it moot, it's not other technology; it's
| social engineering attacks.
| paxys wrote:
| The point of TLS is that every bit of network
| infrastructure could be compromised but your connection
| would still be secure as long as your own device and the
| end server (and the cert authority) remained clean.
| oflannabhra wrote:
| One big difference in the US is that most telcos also have ad
| businesses, and this will negatively impact them.
| kevin_thibedeau wrote:
| This is more about selling data to aggregators.
| 88840-8855 wrote:
| I have been working through some consulting activities with 8
| telcos over the past years on the topic BiG DaTa. While it is
| true that telcos have data, ALL of the telcos I have worked
| with lack the capability to do ANYTHING with that data.
|
| First, they dont get the right people, because good people dont
| go to telco. Second, they have super fragmented stacks,
| especially in markets that have consolidated over the years.
| Third, they simply dont have figures out ANY business model for
| that data (except some We SeLl LoCaTiOn DaTa To GoVeRnMenTs
| that is illegal in most Western countries anyway by now).
|
| So... all this "TELCO SOOO BAD BECAUSE ALL MY DATA THEY EAT"
| talking is laughable to me after seeing the truth. I am
| surprised what people here in HN think of the capabilities of
| telcos.
|
| Edit: as I saw some comments below on "three letter agencies".
| Fun fact, ALL the 8 telcos that I have experienced hat guys
| from the local "three letter agencies" working there to detect
| crime stuff.
| nickysielicki wrote:
| FWIW, it's working for me on a TMobile MVNO.
| AlexCoventry wrote:
| Has T-Mobile given any indication that they're planning to block
| VPNs more generally?
| jonathanmayer wrote:
| I previously served as CTO of the FCC Enforcement Bureau. A
| couple thoughts on the regulatory dimensions of this report.
|
| * This could be a Federal Trade Commission problem. T-Mobile,
| like all major ISPs, has made public representations about
| upholding net neutrality principles [1]. These voluntary
| commitments were part of the Trump-era FCC's rationale for
| repealing net neutrality rules. Breaching the commitments could
| constitute a deceptive business practice under Section 5 of the
| Federal Trade Commission Act.
|
| * This could also be a Federal Communications Commission problem.
| When repealing the Obama-era net neutrality rules, the Trump-era
| FCC left in place a set of transparency requirements [2]. Making
| an inaccurate statement about network management practices can be
| actionable under that remaining component of the FCC's net
| neutrality rules.
|
| I haven't seen a comment from T-Mobile, so to be clear, that's
| just based on the report.
|
| [1] https://www.t-mobile.com/responsibility/consumer-
| info/polici...
|
| [2]
| https://www.ecfr.gov/current/title-47/chapter-I/subchapter-A...
| inetknght wrote:
| > _Making an inaccurate statement about network management
| practices can be actionable under that remaining component of
| the FCC 's net neutrality rules._
|
| Who would be responsible for bringing about that action and, if
| they don't bring about action, what can regular people do about
| it?
| bkmrkr wrote:
| Looks like I am leaving Tmobile
| NaturalPhallacy wrote:
| Anybody know if this applies to companies that use tmobile's
| network, like Ting?
| jzig wrote:
| Right, and Mint Mobile
| selimthegrim wrote:
| Ting may be transitioning to another network soon if rumors
| about Dish are to be believed.
| rgrmrts wrote:
| AFAIK Google Fi uses T-Mobile, and I'm still able to use
| private relay.
| gigel82 wrote:
| Private Relay was always a sketchy proposition; if privacy is
| your concern, you're almost always better off using a VPN.
|
| Yes, granted, Apple could always extract (and to some extent
| probably is) your history directly via OS hooks, but the
| "Private" relay gives them a completely opaque off-device way to
| centrally track what everyone is visiting, which is just another
| data point feeding into their rapidly-growing advertisement
| business.
|
| Paranoid? Maybe, but after the whole on-device scanning fiasco I
| view Apple in the same category as Google, Facebook and Microsoft
| when it comes to privacy guarantees.
| mindslight wrote:
| Give credit where credit is due. I haven't owned an Apple
| device since my trusty IIgs and am not a fan of Disneyland
| computing in general, but I may seriously ponder buying a Mac
| mini simply to gain access to their popular VPN that will be
| impractical for websites to block or CAPTCHA-hell.
| jedberg wrote:
| The thing is, I already have to trust Apple because they can do
| anything they want on my device. Why would I want to add a
| third party to that, especially one that runs a VPN service?
| kylehotchkiss wrote:
| The purpose of private relay is more to prevent ISPs/Cell
| carriers from vacuuming up your data and selling it in probably
| totally identifiable ways to the lowest sketchy bidder.
|
| All the big carriers have already been sued by FCC for selling
| location data without permission[1], and even last month
| Verizon is trying to justify collecting more data on everything
| you use your phone for[2]. Apple's business model is less gross
| than ISPs and their partnership with Cloudflare to prevent even
| themselves from being able to access traffic logs is an extra
| plus
|
| [1] https://www.nytimes.com/2020/02/27/technology/fcc-
| location-d... [2]
| https://www.theverge.com/2021/12/17/22841372/verizon-custom-...
| moolcool wrote:
| > if privacy is your concern, you're almost always better off
| using a VPN
|
| I am really skeptical of this. Not that ISPs are extremely
| trustworthy, but they're at least bound by some state mandated
| privacy protections which <Foreign VPN Provider> is not.
| gigel82 wrote:
| Valid concerns, you need to pick your VPN carefully if using
| a public provider. In my case, I relay everything to a VM I
| trust that is running a firewall and AdGuard for DNS ad-
| blocking.
|
| The system may not work for everyone (for example, streaming
| services optimize based on your location, which will break
| down if the VM lives in some cloud), but I use my phone for
| music, browsing and email (not video consumption) so it works
| for me.
| djrogers wrote:
| > Yes, granted, Apple could always extract (and to some extent
| probably is) your history directly via OS hooks, but the
| "Private" relay gives them a completely opaque off-device way
| to centrally track what everyone is visiting
|
| Err, no it doesn't - that's the whole point of the way it's
| engineered. All Apple sees is your IP address with none of the
| request details, and your IP is obscured before being sent to
| the second relay (Cloudflare, fastly, etc) , who only see the
| request detail with no origin/requestor information.
|
| [1]
| https://www.apple.com/privacy/docs/iCloud_Private_Relay_Over...
| atty wrote:
| The entire point of private relay is that neither Apple nor the
| third party CDN can match the destination website to an
| individual.
|
| If your argument is "they probably aren't doing what they say
| they're doing" and so you shouldn't use their tools, then you
| better start writing your own operating system from scratch and
| designing and fabbing your own silicon, because there's no
| guarantee any of these companies or open source projects aren't
| compromised.
| josho wrote:
| Apple is also capturing DNS queries, so they minimally have
| that as a data point.
|
| Regardless, the more general concern that parent seems to
| make is what is to stop Apple in the future from monetizing
| this data? I think the only thing protecting us as consumers
| is their policy. And as we all know policies can change very
| simply with a change to the terms of service.
| dwaite wrote:
| I believe Apple now supports ODoH (oblivious DNS over
| HTTPS) although I do not know if it is used for private
| relay.
| No1 wrote:
| They are using ODoH in the private relay.
|
| https://www.apple.com/privacy/docs/iCloud_Private_Relay_O
| ver...
| tylerchr wrote:
| To quote the relevant section:
|
| "ODoH sends DNS queries through the first internet relay,
| so the DNS server cannot identify the user issuing a
| query. Each query itself is padded and encrypted using
| Hybrid Public Key Encryption (HPKE) to help ensure that
| the first internet relay cannot tell the domain name a
| user is looking up."
|
| Apple is the "first internet relay" and they seem to
| explicitly state that they don't see the DNS queries
| themselves.
| gigel82 wrote:
| I will eat my hat if Apple doesn't enter the ad market big-
| time in a couple of years. All the signs point to them
| building a massive privacy-invading trove of data on their
| customers to exploit.
|
| Of course, their PR will spin it up as "privacy focused,
| totally anonymous, personalized advertisement" and some
| will just gobble that up as gospel.
|
| I don't trust any of these fuckers any more... :)
| josho wrote:
| I think 2 things are stopping apple from entering that
| market in earnest.
|
| 1. Privacy is a differentiator for Apple's business.
| Google et al can't compete and win on privacy. Apple can
| use this to win at recruiting and win at selling their
| ecosystem.
|
| 2. Apple's hitting revenue/ growth targets. Other r&d
| investments better align with their ecosystem so there is
| no business driver today to enter this market.
|
| Having said that I won't be surprised if Apple misses a
| few qrtly earning targets and decides to enter the ad
| market.
| fshbbdssbbgdd wrote:
| It already happened: https://amp.ft.com/content/074b881f-
| a931-4986-888e-2ac53e286...
| pram wrote:
| It uses ODoH for DNS.
|
| https://blog.cloudflare.com/oblivious-dns/
| asimpletune wrote:
| Apple should just start their own carrier
| ballenf wrote:
| I would guess Xfinity and other ISPs will be watching this
| closely. They have the same incentives and Xfinity among others
| strongly lobbied Congress when there were browsing privacy bills
| (that failed) in Congress.
| Volker_W wrote:
| Everytime I think carriers cannot get even more scummier, they
| manage to do it.
| blcknight wrote:
| I had turned private relay off during the beta since it seemed
| flaky when connections were poor. I have a VPN for torrents that
| I just installed on my phone because of this. Screw T-Mobile.
| hnburnsy wrote:
| I wonder if this would this apply to MVNOs who use the
| TMobile\Sprint network?
| busterarm wrote:
| That would mean Google Fi VPN wouldn't work.
|
| I was using my own always-on VPN w/ GrapheneOS on T-Mobile's
| network and was having tons of problems with calls and texts
| not getting through.
| doctorsher wrote:
| This does not seem to be the case. Elsewhere in the comments,
| neurobashing said their private relay works fine for an MVNO on
| T-Mobile.
| hedgehog wrote:
| These kinds of shenanigans are exactly the reason you shouldn't
| trust carriers with plain text data. People bash Apple for not
| adopting RCS over iMessage but it would just lead to more crap
| like this but for your text messages.
| tomComb wrote:
| RCS supports E2E encryption, and Google's apps implement it.
|
| (And I think the complaints about iMessage are its exclusivity
| - the best solution is an iMessage for Android.)
| hedgehog wrote:
| Thanks, I missed they'd added E2E last summer. It looks like
| it's only for 1:1 chats and only on some phones depending on
| handset vendor and carrier, is that accurate? If so it still
| seems like adding RCS would have pretty limited usefulness vs
| interop with say WhatsApp.
|
| I don't fault any one company on the messiness of the
| situation, it's kind of a tragedy of the commons situation.
| Apple isn't willing to compromise the UX complexity of adding
| more messaging types with different behavior, Google isn't
| willing to force carriers and handset manufacturers to make
| RCS really good, and carriers just don't care about anything
| other than ARPU and being "value added".
|
| Oh, and WhatsApp interop will never happen even though that
| would probably actually be good because Facebook.
| [deleted]
| jeroenhd wrote:
| RCS is a shitty system set up by a shitty telco industry. The
| protocol is behind what most countries in the world use
| already. I see it as just an attempt from the telco industry to
| start charging subscriptions for Whatsapp again, but about five
| to ten years too late.
|
| iMessage would be fine if it wasn't for the shitty vendor lock-
| out. Everyone I know uses some kind of cross platform chat app,
| usually either Whatsapp or Telegram. It's sad to see the green
| bubble shaming that Apple's exclusionary tactics has created be
| of such influence in US social circles.
| Rebelgecko wrote:
| TMobile's RCS supports e2e encryption
| ballenf wrote:
| Carriers generally don't care about payloads, they can monetize
| you from the metadata. What kind of websites you frequent and
| when. They don't need to know which color of maternity clothes
| you're shopping for to know you're pregnant.
| jrochkind1 wrote:
| Can anyone explain the case from T-Mobile's end?
|
| (Not asking for sarcastic not-in-good-faith explanations of BS
| reasons that you are imagining.
|
| Asking for anyone who understands more about a cell carrier's
| needs than I do, to explain what <<the feature cuts off networks
| and servers from accessing vital network data and metadata and
| could impact "operator's ability to efficiently manage
| telecommunication networks.>> actually means, to someone who is
| not a telecom engineer but does understand engineering.
|
| And/or other motives, but based on understanding more of their
| business than I do, not just wild guesses!)
| jasongill wrote:
| The reason is right in the "what's new" section of the T-Mobile
| privacy policy: https://www.t-mobile.com/privacy-center/our-
| practices/privac...
|
| > "However, starting April 26, 2021, T-Mobile will begin using
| some data we have about you, including information we learn
| from your web and device usage data (like the apps installed on
| your device) and interactions with our products and services,
| for our own and 3rd party advertising, unless you tell us not
| to."
|
| T-Mobile sells browser history data to advertisers, and Private
| Relay blocks that revenue stream. They are on the offensive to
| protect their new-found profit center, and most likely are
| doing this now to show Apple that this is not a feature that
| they want to see be turned on by default.
|
| It's the beginning of the same saber rattling that Facebook did
| when Apple announced it would simply ask customers if they
| wanted to allow apps to track them
| wronglebowski wrote:
| I belive this functions like a VPN in some ways and blocks
| video throttling. They use traffic inspection to throttle video
| streams down to 480p unless you have the most premium of plans.
| aeonflux wrote:
| I've never heard that IPS (not the content provider) is
| throttling down Video Quality by altering the traffic. Do you
| have some links to back up that claim? This doesn't make much
| sense, as they would have to download the high quality video
| anyway, then invest massive CPU power to downscale this. Most
| content providers will scale down the quality if they detect
| bad network conditions. If ISP would want lower quality, they
| could just artifficaly slow the connection.
| [deleted]
| aaron42net wrote:
| On cell networks, video content is by far the largest consumer
| of bandwidth. And the default for video generally is to auto-
| adjust the resolution to the highest quality that the network
| supports. This kind of sucks, since bandwidth is a shared
| resource for all users of a given antenna on a cell tower.
|
| Though Speedtest on your cell might show your connection speed
| as 100 megabits/sec down, cell networks special-case video by
| identifying it as video and rate-limiting it to something like
| 1 megabit/sec. This is considered "efficient network
| management". For T-Mobile, this based on the plan
| (https://www.t-mobile.com/cell-phone-plans), they sell either
| "SD streaming" or "4k UHD streaming". "SD streaming" is a fancy
| way to express that they rate-limit identified video streams to
| 1 megabit/sec.
|
| They identify video streams by watching the IP your phone is
| connecting to and/or the hostname mentioned in the TLS SNI
| header and checking if it is Youtube, Netflix, etc. Sending
| video content over a VPN removes their ability to understand
| what the content is.
| room500 wrote:
| Non-cynically, it probably does introduce some issues in these
| legacy telecom systems.
|
| For example, if you run out of data for a month, many carriers
| will continue giving you access to the internet APN, but then
| block access to "external" websites. This is so you can easily
| open your browser and "top up" on data to continue using your
| device.
|
| Or the usage of HTTP (not HTTPS) was relatively common back
| when I was in the space (7-10 years ago). There wasn't a need
| to use HTTP because the carrier was in full control of the pipe
| between the device and the server. Adding in a VPN that somehow
| tries to intercept that traffic (that was supposed to exist
| entirely within the telecom) is not going to work.
| josephcsible wrote:
| But if that were the only reason why, then couldn't they just
| turn off Private Relay in that specific case, instead of all
| the time?
| mdasen wrote:
| These aren't wild guesses, but I also don't have inside
| information.
|
| 1. Browsing history. We know that Verizon is tracking it for
| their gain: https://www.wired.com/story/verizon-user-privacy-
| settings/. It seems reasonable that T-Mobile and others don't
| want that door to close on them.
|
| 2. Video streaming management. Carriers typically restrict
| video streaming on some/all of their plans to certain
| resolutions. For example, I think most American carriers limit
| video streaming to around 480/720p at 1.5Mbps or less unless
| you have bought a premium plan. VPNs often get around this and
| I know that my carrier can't detect Netflix access through
| iCloud Private Relay. Right now, iCloud Private Relay doesn't
| proxy app traffic, but it could in the future.
|
| 3. It looks like mobile carriers are looking to get into "edge
| cloud" stuff. Verizon has been pushing this and they recently
| emphasized this in their 5G Ultra presentation. If traffic is
| going through iCloud Private Relay, buying expensive "edge
| cloud" services from Verizon is a waste of money since the
| traffic would be leaving the network to go through Private
| Relay.
|
| 3a. Netflix ships "Open Connect Appliances" that ISPs can hook
| into their network to serve Netflix content. If your traffic is
| going through a proxy, you start accessing the content on a
| server farther away. This mostly doesn't apply given that
| Private Relay only does Safari traffic, but one could see
| Private Relay expanding to apps in the future.
|
| 4. I think there is a certain knowledge of what is using data
| that can be helpful to carriers. For example, I worked for a
| university and they wanted to set different QoS for things like
| peer-to-peer file sharing vs. web browsing. The university
| didn't want to punish P2P tech or anything like that. They just
| wanted to make sure that P2P usage didn't overwhelm other users
| and uses of the network. Likewise, it could help the university
| spot patterns like viruses/bots that might be using a lot of
| network traffic.
|
| 4a. I think this can also play into how companies position
| their offerings. For example, T-Mobile has introduced features
| like "Music Freedom" and "Binge On" that allowed unlimited
| audio streaming and video streaming before unlimited plans were
| a thing. They surely did analysis of network usage of those
| features before introducing them. You can look at how much
| video streaming users are doing and then model how much data
| would be used if you limited it to 480p (including accounting
| for an uptick in usage due to it being unlimited). However, if
| you don't know how data is being used, you lose the ability to
| spot patterns that might be opportunities.
|
| 4b. It makes sense to want to offer different QoS for different
| services. If someone is using FaceTime, you want that to be a
| good experience. You don't want to prioritize a speed test over
| someone's FaceTime call. You don't want to prioritize
| downloading from YouTube over a FaceTime call. That YouTube
| video can be buffered and if you know that you've transferred
| 15 megabits worth of 1.5Mbps video, you kinda know that the
| user doesn't need the next 1.5 megabits of video for 10
| seconds.
|
| 4c. I know that a lot of people want their connection to be an
| unbiased dumb-pipe, but I think that people only want that
| because they tend to see crappy stuff from companies looking
| for money. Seeing it from a university that only wanted to give
| people the best possible network experience feels a bit
| different. QoS can be a positive thing and a dumb-pipe isn't
| always great.
|
| I'm a bit surprised that T-Mobile would go this route at this
| time. iCloud Private Relay doesn't proxy app traffic at this
| time and I haven't seen that they have a similar browsing-
| history program like Verizon's. Still, there are reasons to
| want to be able to understand your traffic both for business
| reasons and for a better customer experience. Again, I'm
| surprised because it seems like the reasons today are slimmer.
| I think the Netflix OCA use case is a good one since it reduces
| network usage in a way that simply helps the parties involved,
| but wouldn't really be possible if the traffic first went via
| another external server.
|
| I'd emphasize that nothing here is to say that T-Mobile is
| doing the right thing. It's just to bring up areas where a
| company might want to know more about its network access
| patterns. Some of that can be used for good like the Netflix
| OCA system or giving higher QoS guarantees to FaceTime. Some of
| it can be used for bad like knowing using browsing history for
| advertising.
| mleonhard wrote:
| T-Mobile, Verizon, AT&T, and other ISPs joined together and
| successfully lobbied Republicans in the US government for
| permission to record what their customers do online and sell
| that information [0, 1]. Apple's proxy service takes away that
| revenue source.
|
| [0] https://www.techrepublic.com/article/the-real-reason-
| behind-...
|
| [1] https://mashable.com/article/how-to-stop-tmobile-att-
| verizon...
| nickhalfasleep wrote:
| Revenue from tracking customers for advertisements.
| aeonflux wrote:
| There is a solid, technical problem with VPN usage on such a
| massive scale. Carriers, like T-Mobile, can arrange traffic
| exchange with big content providers. Majority of traffic
| generated goes to a handful of providers, like YouTube,
| Netflix, Facebook. It's not even about direct, financial
| incentives. It's a win-win for both ISP and content providers
| to peer directly and limit the amount of traffic routed through
| paid uplinks. It's a win for users too, since they can get
| their content with less hops, through bigger pipes. Even Tier-1
| network operators
| (https://en.wikipedia.org/wiki/Tier_1_network) can optimize
| traffic by making the direct inter-connections for traffic-
| heavy content.
|
| When everything is encrypted and goes over the ISP just to the
| VPN endpoints, they can't do anything. In the end, they will
| have to arrange peering not with content providers but with VPN
| providers, who works for Apple.
|
| PS. There is a lot of tension in current setup, even without
| Apple stepping up. In the old fashion market, the last mile is
| the king. Big grocery chains have direct access to users, so
| they are the strong side in the relation with producers. They
| can position brand X over Y, if they have better margin. They
| also create their own brand Z rip-off and sell that directly.
| Just look what Amazon does in that space. When it comes to ISP,
| they have direct users and have very little to say. They are
| basically dump pipes, just like the power line.
|
| T-Mobile was very vocal in the past in that space. They often
| wanted the MANGAs (heh) of the world to pay them a share from
| their ads. I remember T-Mobile threatening, that they might
| replace some ads with their own ads. Since they provide the
| users with phones, they can install their own certs on devices.
| Chrome has SSL pinning not only, to save users from hackers,
| but to save their own business model being attacked by ISPs.
| kstrauser wrote:
| "User begins blocking T-Mobile from future consideration."
|
| I'm not using an ISP that prevents me from accessing perfectly
| legal Internet services. No matter how they want to brand
| themselves, today's telcos are ISPs, no more, no less.
|
| When shopping for cell phone providers, our considerations are 1)
| complete Internet access, 2) coverage, and 3) cost. T-mobile
| could charge $5 a month for unlimited usage, but if they can't
| satisfy requirements #1 and #2, then #3 is moot.
| SkyMarshal wrote:
| _> our considerations are 1) complete Internet access, 2)
| coverage, and 3) cost._
|
| Anyone know how Google Fi compares on this criteria? I've been
| considering switching over for Fi's better security [1], but
| curious what Fi users think of the service. Since it piggybacks
| on other networks, does it inherit any of their service
| restrictions or other problems too?
|
| [0]:https://fi.google.com/
|
| [1]:https://blog.kraken.com/post/219/security-advisory-mobile-
| ph...
| hentrep wrote:
| If you're in the US, have you found a wireless provider that
| meets your criteria?
| aaomidi wrote:
| Small Business AT&T
| MBCook wrote:
| As far as I know Verizon doesn't block things. They have
| great coverage.
|
| They're not cheap.
|
| Woo oligopoly!
| kstrauser wrote:
| They block private relay on my phone.
| zachberger wrote:
| Strange, I'm on Verizon too and its not blocked
| kstrauser wrote:
| No kidding? If I go into Settings > iCloud > iCloud >
| Private Relay (Beta), I see:
|
| > Private Relay is turned off for your cellular plan.
|
| > Your cellular plan doesn't support iCloud Private
| Relay.
| kevdev wrote:
| I'm on Verizon, and it works fine for me.
| skykooler wrote:
| Verizon just blocked personal hotspot from my phone with
| the message that I would need to switch to a non-unlimited
| plan to reenable it.
| darkarmani wrote:
| How can they change your existing contract?
| jaywalk wrote:
| That doesn't sound right at all. All of Verizon's
| unlimited plans aside from the lowest one come with
| hotspot data.
| PascLeRasc wrote:
| Ting's been great for me and it meets those three
| requirements. I'm a little hesitant now that they're owned by
| Dish though.
| kstrauser wrote:
| I'd been happy with Verizon until recently when they blocked
| Private Relay. I'm starting the search again now.
| jaywalk wrote:
| I don't use Private Relay, but I do have Verizon. I just
| tried enabling it (with WiFi disabled, obviously) and had
| no issues. Do you have a source to back up your claim that
| Verizon blocks it?
| kstrauser wrote:
| Here's a screenshot of my Private Relay settings: https:/
| /www.icloud.com/iclouddrive/0eaTQXkx0FGrIINRWsrF3wagg...
|
| I'd like to be proven wrong, but that looks clear.
| jaywalk wrote:
| That's really strange. Are you on an old grandfathered
| plan of some sort? It has to be either that or a bug,
| because it's pretty clear that Verizon is not blocking
| Private Relay in any large scale manner.
| kstrauser wrote:
| I don't _think_ so. We 're switched to the Verizon Plan
| Unlimited a couple years ago.
| lotsofpulp wrote:
| As another data point, I do not see private relay being
| blocked using ATT.
| ortusdux wrote:
| Verizon is the only network that is reliable in my area.
| I've had great luck with visible, which is a spin-off on
| their network. Cheap as hell too - $25/mo for unlimited
| everything.
| [deleted]
| kstrauser wrote:
| Whoa. I'll check into that.
| fotta wrote:
| Note that Visible is an MVNO subject to deprioritization.
| I'm on the lowest Verizon Unlimited plan which is subject
| to the same and my service is nigh unusable when my
| broadband internet goes out or I'm in a really large
| crowd (e.g. music festival)
| nathanyz wrote:
| Yes, adding in a second data point as well. Verizon
| directly is great in this one area nearby, but using
| Visible in that same area was painful for anything data
| related. Would show full signal bars with Visible, but
| actual data rates were throttled and/or strongly
| deprioritized.
|
| You genuinely get what you pay for when you spend the
| extra dollars for the direct carrier relationship with
| AT&T and Verizon. All of the MVNO's as well as their own
| prepaid plans will not compare if the towers are busy.
| ifaxmycodetok8s wrote:
| I have Verizon and I'm able to use private relay. Maybe
| it's because I bought an unlocked phone directly from
| Apple? Idk.
| jaywalk wrote:
| All Verizon phones are unlocked, but the lock status does
| not change whether or not they can manage the carrier
| settings that Apple exposes to them.
| spullara wrote:
| AT&T hits all of those for me.
| LeoPanthera wrote:
| You will not find any, because there are none.
| [deleted]
| diebeforei485 wrote:
| Is this because it prevents T-Mobile from monetizing and selling
| user browsing data?
| ascagnel_ wrote:
| T-Mobile partners with various video providers to provide
| lower-bandwidth streams that don't count against bandwidth
| caps. Less-cynically, this may be to enforce that.
|
| I consider those agreements to be violations of Net Neutrality,
| since they're inherently not treating all data the same.
| MontyCarloHall wrote:
| It is a blatant violation of net neutrality, but somewhat
| paradoxically, actually benefits the consumer in my
| experience. Several friends of mine on T-Mobile have raved
| about how Netflix/Spotify/et al. don't count towards their
| monthly data limit.
|
| That said, iCloud private relay only applies to Safari, so
| T-Mobile blocking it probably doesn't have much to do with
| their variable data caps.
| rhn_mk1 wrote:
| It's not paradoxical at all, net neutrality also protects
| from bad effects kicking in long-term. Zero-rating is
| effectively the same as providing dumping prices compared
| to the competition. It may benefit the customer now, but
| leads to lock-in.
|
| See Facebook's internet.org.
| aeternum wrote:
| T-Mobile is pretty up-front about the various video quality
| options with their plans, and also has ways to temporarily
| boost your video quality for a few dollars.
|
| For many people, a cheaper plan with slightly lower quality
| video is a great tradeoff.
| cglong wrote:
| I believe T-Mobile's newer plans (Magenta tiers) don't do
| this.
| acdha wrote:
| > I consider those agreements to be violations of Net
| Neutrality, since they're inherently not treating all data
| the same.
|
| I would agree if they do not make that available to all
| services. At least at the time they did that for music there
| was a pretty long list of partners so I'd be most interested
| in knowing whether they charge money or reject applicants.
| lkxijlewlf wrote:
| No, it is because...
|
| > The carriers wrote that the feature cuts off networks and
| servers from accessing "vital network data and metadata and
| could impact "operator's ability to efficiently manage
| telecommunication networks."
|
| But seriously, it _is_ because it prevents T-Mobile from
| monetizing you and slowing you down.
| wlesieutre wrote:
| iCloud Private Relay isn't like full blown VPN that hides
| everything you do on the internet, only your web browsing in
| Safari goes through it. So their existing systems to throttle
| the connection of your video streaming apps will continue to
| work just fine.
|
| It's completely about monetizing your browsing history.
| lathiat wrote:
| I believe it also takes non-https traffic from apps but
| since they made https mandatory quite some time ago now I
| suspect that is not much. Also content loaded inside email
| in Mail.
| andiareso wrote:
| IIRC it redirects DNS queries system-wide as well which
| definitely would hinder general interest tracking.
| nunez wrote:
| Thank goodness the carriers can't do anything about
| solutions that use VPN to override default nameservers
| jrockway wrote:
| It also cuts down on the number of companies they can extort
| for transit. Right now they can go to Netflix and say "would
| be a shame if T-Mobile customers couldn't view movies during
| peak hours" and Netflix has to pay them for that not to
| happen. With all the traffic going through Apple, Apple is
| the only company they can extort this way. (Meanwhile, Apple
| or their "third-party provider" could of course play this
| game, but historically tech companies have been super
| uninterested in doing this.)
|
| Basically, what everyone wants is for companies like T-Mobile
| to be a dumb pipe. They invested in spectrum and a network,
| and they should just lease that network for cost + profit
| margin. Instead, they want to milk it. They want you to pay
| more for particular packets. They want the rest of the
| Internet to pay more for particular packets. They want to
| inject their own ads into unaffiliated websites. They want to
| build a marketing profile based on what sites you visit, and
| send you "offers" based on this. Right now, that is all
| technically possible, so they'd be defrauding their
| shareholders if they didn't try. But, we can of course say
| "no" and route around the damage. Apple is letting their
| customers say "no", and that means T-Mobile is doomed to
| irrelevance, and that's a great thing. Infrastructure should
| be infrastructure.
|
| (Can you imagine what it would be like if other utilities did
| this kind of shit? Your water would cost less if you were
| using it to run a Coke-branded soft drink dispenser, but not
| a Pepsi one. Or, Dell computers could get electricity at a
| 10% discount, but not Asus ones. It would be unthinkable! But
| with these big ISPs, it's mandatory.)
| jrockway wrote:
| I hate to reply to myself, but I wanted to say one other
| thing. When governments sell RF spectrum to companies, the
| expectation is that they become good stewards of the shared
| resource. The taxpayers are saying "you know, we think
| private industry can give us more value from our RF
| spectrum than the government", and this is their chance to
| prove that. What we didn't want was to enable a monopolist
| to nickel-and-dime the Internet to death.
|
| I'm guessing the exact legal agreements didn't spell it out
| like this, but that's how I think of it. Only one company
| can use this finite resource at once, but just because they
| bought it doesn't mean there is no limit to what they can
| do with it.
| balls187 wrote:
| > Meanwhile, Apple or their "third-party provider" could of
| course play this game, but historically tech companies have
| been super uninterested in doing this.
|
| Apple notoriously "extorts" developers to be in the app
| store.
|
| > Basically, what everyone wants is for companies like
| T-Mobile to be a dumb pipe. They invested in spectrum and a
| network, and they should just lease that network for cost +
| profit margin.
|
| I don't think you've considered the alternatives if
| T-Mobile can no longer monetize traffic:
|
| * Go back to subscribers pay per kb usage
|
| * Eat the costs themselves
|
| * Raise cost of mobile data plans
|
| > Can you imagine what it would be like if other utilities
| did this kind of shit?
|
| They side step this problem by charging per-use. During
| peak demand, prices go up. Each customer pays their share.
| Downside see Texas snowstorm.
| Spivak wrote:
| I really don't see the horror that would be carriers
| charging for usage. I would rather that than pay for
| stupid things like "lines" or "devices."
| acdha wrote:
| > Go back to subscribers pay per kb usage
|
| They charge $70/month for "unlimited" data which is only
| 50GB before throttling. I'm pretty sure they can
| profitably afford to run a network for that much without
| reselling user data.
| darkarmani wrote:
| They already charge per kb. Look at the small print --
| once you hit a certain amount of usage, you are
| drastically rate-limited. The only difference is that
| some months, when you don't hit your limit, you pay more
| per byte.
| acdha wrote:
| > Right now, that is all technically possible, so they'd be
| defrauding their shareholders if they didn't try.
|
| This sounds like a clumsy restatement of the urban legend
| that companies have an obligation to maximize shareholder
| value. There is in fact no such rule, for the obvious
| reason that nobody can accurately predict the future and
| calculate the optimal value.
|
| https://corpgov.law.harvard.edu/2012/06/26/the-
| shareholder-v...
|
| In this case, a company like Apple could say that they are
| choosing to forgo short-term profits from selling out their
| users' privacy because they feel that the long-term loyalty
| will be greater, and anyone arguing otherwise would still
| have to admit that this approach has been phenomenally
| profitable.
| markbnj wrote:
| > Right now, that is all technically possible, so they'd be
| defrauding their shareholders if they didn't try.
|
| Can you expand on this? Are you saying that if a business
| opportunity exists and a company elects not to pursue it
| that constitutes defrauding shareholders? I would have
| thought it constituted nothing more than a disagreement
| over strategy.
| sodality2 wrote:
| It sounds like a sarcastic statement of the "profits not
| gained is profit lost" mindset and that shareholders
| would be upset, not literally a crime.
| toast0 wrote:
| Does T-Mobile actually extort companies for transit? When
| they announced their video streaming throttling + zero-
| rating, I looked through their the publicly available
| documents. From what I recall, there wasn't any sort of
| payment process, and mostly there was two parts:
| identifying the traffic so T-Mobile knew to zero rate it,
| and either adaptive bandwidth usage (which seems pretty
| common for video streaming anyway) or identifying the
| traffic so the provider could serve lower bandwidth
| streams.
|
| It's not in line with the net neutrality, but it's useful
| for the direct parties:
|
| a) a video streaming customer wins because they can do
| video streaming without touching their data allotment.
|
| b) the video streaming server wins because their customers
| are able to do more streaming
|
| c) t-mobile wins because they've reduced bandwidth
| requirements
|
| Competitive streaming services that are not included in the
| program don't win, but t-mobile made it fairly easy to
| join. Users who want to stream at 4k or whatever don't win,
| but they can turn off the bandwidth restrictions and use
| their data allotment if that's what they want to do.
|
| At my last job, I was involved with a lot of zero-rating
| deals as the application provider; we never paid for it,
| and I don't recall ever being asked for payment. Some of
| the carriers even setup plans without our knowledge or
| consent or assistance; this didn't usually work great long
| term, because of misidentified traffic, but it indicates
| the demand was there without us pushing it.
| nojito wrote:
| Tmobile deprioritizes devices depending on high usage.
| Private Relay would allow individuals who are deprioritized
| to bring down entire cell towers.
| deadbunny wrote:
| Currently:
|
| P ---- CT ---- S
|
| With VPN/whatever:
|
| P ---- CT ---- VE ---- S
|
| P = Phone
|
| CT = Cell Tower
|
| S = Server
|
| VE = VPN endpoint
|
| So given this the cell tower can still determine who is
| using lots of traffic, they just can snoop on that traffic.
| dpratt wrote:
| You're a little off, currently: P --- CT --- NAT
| Proxy/Traffic Shaper --- Possible MITM host --- S
| MikeBVaughn wrote:
| Can you give a detailed model of how this would bring down
| a tower? I'm very skeptical.
| kstrauser wrote:
| No, it wouldn't. They'd still have the ability to throttle
| individual phones generating lots of traffic.
| Spooky23 wrote:
| Carriers nat/proxy everything and in addition to
| bandwidth throttling, they will rate limit or otherwise
| whack misbehaving applications.
|
| VPNing everything at scale will impact that
| monitoring/management. And that will absolutely impact
| towers, or cause the carriers to throttle users vs apps.
| cobookman wrote:
| ...they throttle at the phone-number/SIM. Even with a VPN
| your phone is still auth'ing itself to the cell towers,
| and those towers know what device is sending which
| traffic.
|
| What this prevents is allowing say Youtube to pay TMobile
| to never throttle their traffic.
| Spooky23 wrote:
| I know from firsthand experience that Verizon at least
| can and did do more circa 2016.
| acdha wrote:
| VPNs work at a higher level. They have to see the radio
| traffic to be able to deliver packets to your phone,
| which is where billing and access control happens (this
| is why you can't spoof someone else's IP to avoid paying
| your bill), and at the IP level your VPN traffic is
| carried from your carrier-issued IP address to your VPN
| provider's addresses.
|
| The one legitimate argument here is that this prevents
| traffic shaping based on the destination, which T-Mobile
| uses to do things like offer unlimited streaming separate
| from your general data quota.
| woodruffw wrote:
| T-Mobile probably isn't extracting too much of value from HTTPS
| traffic. It's probably more about traffic shaping.
| kstrauser wrote:
| You can extract a whole lot of value by mapping which sites
| someone is visiting even if you don't know what they're doing
| there, and you can get that information just from IPs.
| mox1 wrote:
| The hostname of most (all?) TLS connections is sent plaintext
| at the start of a new connection. This is called SNI (Server
| Name Indication).
|
| That provides some (or a lot) of value I am guessing.
| kstrauser wrote:
| Even without that, it's a pretty easy traffic analysis for:
|
| - Time T0: User requests the DNS record for example.com
|
| - Time T0+10ms: DNS returns "example.com. 193 IN A
| 10.1.2.3"
|
| - Time T0+20ms: User opens a connection to 10.1.2.3 port
| 443
|
| Chances are pretty good they're looking at example.com,
| even if you can't examine a single packet.
| symlinkk wrote:
| Still hides HTTP level metadata like the path, POST body,
| cookies, etc, no? All you'd have is the hostname
| kstrauser wrote:
| TLS hides all that already.
| gruez wrote:
| DoH mitigates this by hiding all DNS queries.
| astrange wrote:
| This is solved by ECH/ODoH but for full effect you have to
| trust the DNS server.
| cmelbye wrote:
| One reason could be that T-Mobile limits video streaming
| resolution based on the subscriber's plan. Only the most
| expensive plan can stream 4K video, otherwise it will
| "typically" be limited to 480p. https://www.t-mobile.com/cell-
| phone-plans?lines=2
| kylehotchkiss wrote:
| Or because they can't throttle video streaming sites down and
| internet speed test sites up?
| wlesieutre wrote:
| Private Relay only touches traffic from Safari, and while
| people _could_ watch Netflix in the browser instead of the
| Netflix app, I doubt that many do
| rolobio wrote:
| I've always wondered if you could start a internet speed
| testing website, get in the trusted list of companies like
| T-Mobile. Then release a VPN on the exact same servers,
| forcing the companies to provide the best speed to the VPN.
|
| Only problem is that you would have to be large enough that
| the ISPs would care if their scores looked bad.
| jedberg wrote:
| This is basically what Netflix did. They launched fast.com,
| which comes off the same servers as Netflix video. The
| whole goal was to get people to call their ISP and complain
| they aren't getting the speeds they paid for and getting
| them to unthrottle Netflix.
| rolobio wrote:
| Didn't know that! Wonderful!!
| jaywalk wrote:
| This is almost certainly the main driver.
| daenney wrote:
| Yes.
| newshorts wrote:
| I smell an opportunity for t-mobile to add a "private relay
| enabled" tier to their pricing structure.
|
| Pay extra for privacy
| asadlionpk wrote:
| I wonder when will Apple launch their own network. Would be fun!
| tuetuopay wrote:
| This is the worst thing. Not for Apple or Apple users, but for
| the general internet. If that goes through, and countries
| effectively end up making Private Relay illegal, that is a very
| VERY strong precedent to block regular VPNs. And that's terrible.
|
| I wonder if the same could happen to TOR, if VPN end up the same
| way...
| bonyt wrote:
| The message says that the user's "cellular plan doesn't support
| iCloud Private Relay," so is this the same thing they've done
| with other VPN providers? That is, do they just count the traffic
| against the tethering/hotspot limit, since they can't shape
| traffic on it to, _e.g._ , limit video quality to 480p when a
| user has a plan with that limitation? I don't know if they
| actually do this, but I've heard it before.
|
| https://www.reddit.com/r/tmobile/comments/9ja8y1/i_can_confi...
| jaywalk wrote:
| No, they do not allow users to enable Private Relay at all
| because Apple allows carriers to determine whether it's
| available or not. Even FaceTime over cellular is still
| something that carriers get to decide whether to allow or not,
| although I'm not aware of any carriers that don't.
| amaccuish wrote:
| iPhones sold in the UAE have FaceTime removed.
| chinathrow wrote:
| Why is Apple even giving them an option in this?
| jaywalk wrote:
| Because Apple wants to keep their carrier partners happy,
| so they give them control over things that will have an
| impact on cellular data.
|
| Like I noted with FaceTime over cellular, it's nothing new.
| joe5150 wrote:
| I can't imagine what kind of leverage they think they
| have. is any provider going to just drop iPhone support
| from their network?
| thehappypm wrote:
| These deals are old. FaceTime when it came out was in the
| era of 3G. FaceTime over 3G could be a bandwidth hog..
| and iPhones were not nearly as popular, so the
| negotiations were more give-and-take.
| kstrauser wrote:
| There are legitimate reasons why a specific business
| network might not allow it. For example, if you're on the
| employee network of a bank or hospital, it's very likely
| that your web connections are going through a proxy to make
| sure you're not sharing confidential data, and to block
| malware and such. Private Relay would go around those
| proxies. Allowing networks to opt out of Private Relay,
| then, is a better business decision than having enterprise
| networks just block all iPhones.
| easton wrote:
| Corporate networks makes sense, but giving carriers the
| ability to disable it on the phone (i.e. not via blocking
| mask.icloud.com) doesn't make sense. It's not like
| personal hotspot where it allows you to bypass network
| policies, except for maybe the streaming shaping (but how
| long did they think that would work anyway?).
| haswell wrote:
| If I had to speculate, in order to continue operating in
| regions where governments more tightly control carriers.
| flerchin wrote:
| From my limited testing, carriers are whitelisting traffic
| for high-bandwidth. When I establish a vpn tunnel on my
| Tmobile sim card, bandwidth drops dramatically. Presumably
| because they can't inspect it.
| neurobashing wrote:
| FWIW I am using Deadpool Telephony LLC, which uses the
| T-Mobile network (as MVNO), and Private Relay works fine.
| gennarro wrote:
| Can someone explain how it's possible to block this? Just stop
| the whole IP range from the network?
| kstrauser wrote:
| iPhones find the entry servers to Private Relay via DNS. If you
| drop those hostnames, then it's effectively blocked.
| vmception wrote:
| should let users run them
|
| like Tor exit nodes, or obfs4 bridges
|
| turn it into a war of attrition!
| gennarro wrote:
| So with a custom dns server you are fine?
|
| Edit: woodruffs above provided docs
| giobox wrote:
| While its trivial to edit DNS settings for wifi, its
| actually quite difficult to change your DNS server on the
| cellular profile on iOS as comment from Easton here rightly
| points out. I was kinda surprised the first time I found
| out you can't edit the cellular DNS server settings via the
| phone's Settings app.
|
| One option that works for me to get custom DNS on iOS
| cellular connections (I like PiHole ad blocking on my
| phone) was to setup my own VPN connection to a VPS instance
| running PiHole for DNS and WireGuard for the VPN. Lets me
| get custom DNS, pihole adblocking over cellular so long as
| VPN isn't blocked by your cellular provider etc. Was two
| trivial Docker containers to get running, costs very little
| in AWS.
|
| Same trick also lets me access region blocked TV services
| from my iOS devices over US cellular simply by turning a
| VPN on - I just stand up the containers on a VPS host based
| in source country and connect to that.
| easton wrote:
| Yes, but you can't set custom DNS for cellular networks
| without a configuration profile or an app, so it's unlikely
| that most people have that set.
| kstrauser wrote:
| Depends on the ISP. If they block or re-write DNS packets,
| then setting your own servers wouldn't fix it. That's a
| real thing people see in the wild:
| https://superuser.com/questions/897543/how-can-i-check-if-
| my...
| woodruffw wrote:
| I'm not familiar with Private Relay's details, but based on the
| available public information: every connection is initiated
| through a proxy server controlled by Apple, so all Verizon
| (probably) has to do is detect that initiation pattern and/or
| figure out which IPs/subdomains are specifically responsible.
|
| Apple can probably improve the situation by making Private
| Relay more like a VPN (instead of a fancy web proxy + DNS
| masker), including reusing the same IPs and domains that iCloud
| traffic is already going through.
|
| Edit: Apple's docs show two well-known subdomains for Private
| Relay[1]. Blocking both of those is probably what Verizon's
| doing.
|
| [1]: https://developer.apple.com/support/prepare-your-network-
| for...
| sa1 wrote:
| Apple allows networks to block Private Relay:
|
| "Network settings
|
| Some organizations might be required to audit all network
| traffic by policy. To comply with such a requirement, these
| networks can block access to Private Relay. Users will be
| alerted that they need to either disable Private Relay for the
| network or choose another network. The fastest and most
| reliable way to do this is to return a negative answer from the
| network's DNS resolver, preventing DNS resolution for the
| mask.icloud.com and mask-h2.icloud.com hostnames necessary for
| Private Relay traffic."
|
| https://www.apple.com/privacy/docs/iCloud_Private_Relay_Over...
| stefan_ wrote:
| No, Apple built-in a feature for carriers to disable it.
| Neil44 wrote:
| There seems to be a lot of tacit assumption here that phone
| companies want to do bad things with your browsing metadata and
| Apple doesn't, but I don't see any firm reason to make that
| assumption.
| janandonly wrote:
| Does this mean Verizon and t-mobile are also blocking all VPN
| traffic?
|
| Also, how can the "land of the free" not have net-neutrality
| laws?
| skunkworker wrote:
| No, Verizon is not at least. I will commonly connect to my home
| network over self-hosted vpn while on Verizon LTE.
| joe-collins wrote:
| We did, briefly, under Obama. More recently, the previous
| administration unwound those rules.
|
| More technically: NN was implemented via the existing authority
| of the FCC, rather than any new law. Then the FCC, under new
| leadership, decided that internet service was outside of that
| authority, actually, and dropped that enforcement. Under Biden,
| there has been no change back in the other direction. (And at
| no point has there been a separate, federal law.)
| kevin_b_er wrote:
| The previous administration even attempted to prevent states
| from having net neutrality by claiming that disclaiming FCC
| authority was a prohibition on it. Yes, by attempting to
| claim FCC had no authority to regulate they also
| simultaneously claimed this prohibited states from regulating
| it.
|
| The paradoxical was a direct reflection of the corruption
| within the FCC at the hands of the previous administration.
| jondwillis wrote:
| If anyone is aware of any grassroots efforts to reinstate NN,
| please comment. I had basically forgotten about the rollback
| under Ajit Pai, which, is in my cynical view, exactly what
| _they_ want.
| thebigjewbowski wrote:
| You could say our ISPs are free to make deals with whomever wrt
| bandwidth.
|
| Is free, unlimited HD Netflix steaming worth more than private
| relay? I'm guessing most people would say yes.
|
| I'd consider switching. Oddly enough though I was able to turn
| on private relay on T-Mobile USA.
| divbzero wrote:
| For me, this new policy will be reason enough to switch away from
| T-Mobile at the nearest opportunity.
| finite_jest wrote:
| I think you should avoid T-Mobile if you can. Not just as a
| matter of principle, but also pragmatism. They have an extremely
| crude SMS censorship/anti-spam system [1] which even blocks links
| to lichess.org, the popular online chess website.
|
| They have poor security practices like storing passwords in
| plaintext [2], and they had a large data breach (probably about
| 100M customers affected) last year. [3]
|
| And now, it seems they are throwing in some protocol blocking
| too.
|
| PS: This isn't protocol blocking at the packet/port level, so I
| may have used "protocol blocking" a bit inappropriately.
| Apparently Apple allows the carriers to prevent people from
| enabling iCloud Private Relay, and T-Mobile is doing that. Apple
| is probably doing so due to the pressure by the carriers. In
| August, four carriers (Vodafone, Telefonica, Orange and T-Mobile
| ) signed a letter urging the European Commission to stop Apple
| from providing Private Relay. (According to a report by The
| Telegraph: https://archive.fo/BRUS4#selection-915.74-925.194)
| This, of course, still quite preposterous.
|
| [1]: https://news.ycombinator.com/item?id=29744347
|
| [2]: https://news.ycombinator.com/item?id=16776347
|
| [3]: https://news.ycombinator.com/item?id=28192423 (The first
| comment by @jonathanmayer has a list of other recent T-Mobile
| security incidents)
| jc_811 wrote:
| I would love to leave T-Mobile, but they are the only carrier
| in the US who offers such a core piece of functionality for me:
| International service included out-of-the-box.
|
| I love to travel, and nothing beats being able to land in
| (pretty much) any country in the world, turn on your phone and
| have working service just like that. No SIM cards, no different
| numbers, no local pre-paid cards, and no crazy international
| fees.
|
| As someone who enjoys work/travel for weeks to months at a
| time, every other major carrier is not feasible for this (think
| 10$/day, which becomes unreasonable when you're out of the
| country for 3+ weeks).
|
| Unless somebody else could recommend another option it seems
| I'm stuck with T-Mobile for now.
| lancesells wrote:
| I have AT&T and it's a toggle to turn it on but you're right
| about the $10/day. I've felt the sting many times.
| mtoner23 wrote:
| Google fi? service probably isnt as good as t mobile though
| ac29 wrote:
| Google Fi is T-mobile service in the US (and Sprint, which
| T-mobile acquired).
| r-w wrote:
| Google Fi uses T-Mobile in the background. Depending on
| what you mean by "service probably isnt [sic] as good", you
| may either be wrong or be making a niche point.
| vageli wrote:
| Google Fi does everything you ask for (and works with more
| phones that just those that Google manufactures).
| [deleted]
| bogwog wrote:
| Google Fi is an MVNO of T-mobile/Sprint (last I checked
| anyways). so if T-mobile blocks the private relay for their
| network, it could affect them too.
|
| Also, Google Fi kinda sucks. They used to be the cheapest,
| but nowadays you can get better prices from other services.
| For example, Google charges $10/gb/mo, whereas Mint Mobile
| (another T-mobile MVNO) charges 4gb for $15/mo, or $30 for
| unlimited.
|
| Google Fi is only cheaper if you use less than 1.5gb of
| data per month, and the service quality is probably the
| same.
|
| ...and that's not even mentioning all the privacy concerns
| attached to Google.
| pkulak wrote:
| The difference is that Google Fi runs at the top network
| priority. You can find loads of dirt-cheap MVNOs, but
| your data is at the back of the line if there's any
| congestion.
| reidjs wrote:
| As someone who used Google Fi for a while internationally,
| DO NOT get Google Fi! So many problems on an iPhone 7.
| Little to no connectivity in many places where they
| advertised having connectivity. This was ~2018-2020, so
| maybe it has improved, but I had such a bad experience with
| them.
| tristor wrote:
| This is the only reason I switched to T-Mobile originally and
| the only reason I still have them. Their coverage is so poor
| that I get no LTE service sitting in my house in a core part
| of the major metro area. I'm only able to maintain them
| because they were an early and ardent adopter of WiFi
| Calling. On a recent trip in the US I had no service off
| major interstate highways. Internationally though, T-Mobile
| is amazing. I honestly wish my experience in the US was as
| good as my experience while traveling... there's not much
| point in having uncapped LTE when you get 1 or 0 bars of
| service, at least internationally I get great service even if
| it is speed capped at 256kbps.
| perfectstorm wrote:
| avoid T-Mobile and join AT&T or Verizon? i'm sure they have
| their fair share of shady/borderline illegal things they do.
| manuelabeledo wrote:
| > i'm sure they have their fair share of shady/borderline
| illegal things they do.
|
| That might be true, but at least AT&T doesn't block private
| VPNs, nor has plans to do so.
| r-w wrote:
| Here is what your comment boils down to:
|
| "A."
|
| "But B!"
|
| >> "But still, A." <<
| k4ch0w wrote:
| And go where? I've had bad experiences with service with AT&T
| and Verizon in my area, Washington State. It's shockingly
| spotty.
| reaperducer wrote:
| Good timing. My wife is going to get a cellular data plan for her
| new iPad this week.
|
| Now I know to cross T-Mobile off the list.
| hendersoon wrote:
| It's very easy to block private relay on your network by simply
| blocking resolution of two hosts, Apple has this documented.
|
| https://developer.apple.com/support/prepare-your-network-for...
|
| There's only one legitimate justification to block it; to better
| manage their network by caching data locally and not going over
| the internet. Private relay retains your rough physical location
| but it obviously connects outside of your ISP's network.
|
| Thing is that's a legit reason to block it, but it isn't a
| _strong_ one.
| josephcsible wrote:
| That's not a legit reason to block it for everyone on the
| network. That's a legit reason for individual iPhone owners to
| turn it off if they value better performance over privacy.
| amaccuish wrote:
| Ever more convinced it's been a good idea to route all my phone
| traffic through WireGuard.
|
| Though it interests me why mobile networks feel they are able to
| do this whereas landline ISPs don't tend to in such great
| numbers. At least, as far as I am aware, Deutsche Telekom aren't
| adding headers to bare HTTP requests etc.
|
| I'm wondering if it's actually worth caving and having my home
| traffic tunneled to some provider more reputable.
| somebodythere wrote:
| I wonder why Apple allows this. Do the carriers really have more
| leverage than Apple here?
| josho wrote:
| Apple has good reasons to allow this. Inside a corporate
| network for example you may not want DNS queries going to
| Apple's servers.
|
| So Apple has made it very easy for a network admin to disable
| private relay. All an admin needs to do is blocking name
| lookups for relay.Apple.com*
|
| *I don't recall the actual DN used, it's in Apple's docs if you
| are curious.
| josephcsible wrote:
| Apple still shouldn't make it so easy to block this
| wholesale, even on corporate networks. Instead, they should
| have a way to make only corporate-internal traffic not go
| through it.
| somebodythere wrote:
| The OS should be able to distinguish between a corporate
| network and mobile carrier, right?
| easton wrote:
| It can, but if mask.icloud.com is where the relay
| connection needs to go that wouldn't help.
| [deleted]
| badlucklottery wrote:
| I think if you gave most people the choice to either:
|
| a) disable this feature (that they likely don't fully
| understand) or
|
| b) change their cellular service provider
|
| they're going to choose the former even though migrating your
| phone number is pretty damn easy nowadays.
| sprite wrote:
| Is there a list of private relay addresses used by Apple?
| seligman99 wrote:
| If you mean IP addresses, then, yes, they publish a .csv with
| the IP addresses [1]
|
| It seems to update once a month [2]
|
| [1] https://developer.apple.com/support/prepare-your-network-
| for...
|
| [2] https://imgur.com/a/35HIV5M (only showing counts for IPv4,
| they have huge IPv6 blocks)
| woodruffw wrote:
| There are currently two subdomains associated with Private
| Relay. Apple's documentation implies that all connections are
| initiated through one or the other.
| mask.icloud.com mask-h2.icloud.com
___________________________________________________________________
(page generated 2022-01-10 23:00 UTC)