Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy EU IOS The Internet United States Apple

Some Carriers Are Blocking iPhone Users From Enabling iCloud Private Relay (9to5mac.com) 77

Some European carriers, including T-Mobile/Sprint in the United States, are blocking iCloud Private Relay access when connected to cellular data. As 9to5Mac reports, "This feature is designed to give users an additional layer of privacy by ensuring that no one can view the websites that they visit." From the report: Apple says that Private Relay is a feature designed to give users another layer of privacy when browsing the web. The first relay is sent through a server maintained by Apple, and the second is a third-party operator. The feature was announced at WWDC last June and initially slated for inclusion in iOS 15. Apple ultimately shipped the feature as a "public beta," meaning that it is disabled by default in the newest iOS 15 and macOS Monterey releases. You can manually enable it by going to Settings on your iPhone, tapping your name at the top, choosing iCloud, and choosing "Private Relay."

T-Mobile was among the carriers in Europe that signed an open letter expressing concern about the impact of Private Relay. The carriers wrote that the feature cuts off networks and servers from accessing "vital network data and metadata and could impact "operator's ability to efficiently manage telecommunication networks." In the UK, carriers including T-Mobile, EE, and others have already started blocking Private Relay usage when connected to cellular data. 9to5Mac has also now confirmed that T-Mobile is extending this policy to the United States. This means that T-Mobile and Sprint users in the United States can no longer use the privacy-preserving iCloud Private Relay feature when connected to cellular data.
The report notes that T-Mobile appears to be "in the process of rolling it out," so some users might still be able to use the feature -- at least for now. "The situation could also could vary based on your location or plan," the report adds.

UPDATE: T-Mobile Says It Has 'Not Broadly Blocked' iCloud Private Relay, Blames iOS 15.2 Bug For Errors
This discussion has been archived. No new comments can be posted.

Some Carriers Are Blocking iPhone Users From Enabling iCloud Private Relay

Comments Filter:
  • At a guess, it looks like the state, or the EU, or secret squirrel has leaned on them ... cos the private relay makes it difficult to see what the users are doing.

    Somewhat predictable.

    SD

    • by fermion ( 181285 )
      It is much more likely the carriers are losing revenue. The companies we use to connect to the internet are in a unique position to collect our personal browsing and general I use information and sell it. In the US, in 2017, the only protection users had against these companies, comcast, Verizon, att, fully monetizing this information was eliminated. Apple has done work to protect users against tracking bugs in Facebook and Google, and this latest volley is prioritizing user privacy over the profits of the
    • More specifically, most carriers throttle video to reduce quality and overall bandwidth. They do this by the simplest means possible, so this probably completely opens the floodgates for streaming video at full quality.

  • by u19925 ( 613350 ) on Monday January 10, 2022 @04:49PM (#62162049)

    If T-Mobile can block iPhone specific features, then doesn't it open door for Apple to block certain iPhone features on T-Mobile? That can cause large defection to other carriers. What if Apple integrates this technology into Apple Pay in a way that Apple Pay will not work without cloud relay? Suddenly, T-Mobile users will not be able to use Apple Pay and the blame will fall on T-Mobile as iPhones are behaving identical way on all network and only T-Mobile is impacted. Customers will find that they can use Apple Pay using Wi-Fi but not on T-Mobile cell network.

    • Later this year: "Wow, it's so unfortunate that your stores didn't have any of the newest model of iPhone to sell, but your competitors do. Those darn supply chains."

      • by Sique ( 173459 )
        This is a very American view. In most of Europe, you don't have to buy the phone together with a plan.

        If I want an iPhone with my plan, I just buy one at a shop of my linking, and put the SIM card of my carrier in. And then I use my iPhone. Done.

        • You don't have to buy your phone from the phone company in Europe, but many do, hence: https://shop.ee.co.uk/mobile-p... [ee.co.uk]

          Last time I priced it out, it was £50 over two years to supply your own handset, so thereâ(TM)s clearly money in it for the providers.

          • by Sique ( 173459 )
            Of course European providers still sell handsets and contracts as a bundle. There is a market for those bundles. But they are not the only game in town, and there is no longer the symbiotic connection between a handset and a plan. Each customer can easily disbundle by just putting another SIM card in the handset, or using the SIM card in another handset.
    • by Sebby ( 238625 )

      What if Apple integrates this technology into Apple Pay in a way that Apple Pay will not work without cloud relay?

      While I get your point, ApplePay doesn't need data to operate - I've been using it without any data plan just fine.

      However your point does stand for potentially other features of iOS (Messages comes to mind).

    • by AmiMoJo ( 196126 )

      It's probably as simple as an IP/DNS block.

    • Apple should absolutely block iMessage in retaliation. TMobile would hemorrhage users in the US
      • by tlhIngan ( 30335 )

        Apple should absolutely block iMessage in retaliation. TMobile would hemorrhage users in the US

        No, that inconveniences users more than T-Mobile.

        Apple would want to hurt T-Mobile more than its users, so Apple will choose to simply allocate the latest and greatest phones to T-Mobile. T-Mobile customers will see the phones as constantly out of stock, while other carriers have it available. Eventually they will either choose to buy the phone unlocked, or switch to a different carrier.

  • What this means to me is that it is VERY IMPORTANT that I get a VPN to use on my phone.

    This is _very_ indicative of what the networks are doing with my data.

    • Especially as the alternative of giving the data to the network is giving the data to Apple.

      • Giving the data to the company that already makes the hardware, os, and browser that's already processing all that data?

      • Especially as the alternative of giving the data to the network is giving the data to Apple.

        While I don't know anything about this feature beyond what I read in the summary, the fact that Apple is relaying through two servers, under the control of two different organizations, makes me think it's very likely that Apple has designed this so they don't get the data either.

        The only reason I can think of to use two successive relays is to ensure that neither of the two relays can tell which user is going to which site. I'm thinking of something that's basically a very stripped-down mix network [wikipedia.org] proto

        • I'm thinking of something that's basically a very stripped-down mix network [wikipedia.org] protocol.

          Wow..I'd not thought of the old mixmaster method of sending emails.

          I wonder if that is still a working thing or if all the nodes have been taken over by 3 letter agencies?

          • I'm thinking of something that's basically a very stripped-down mix network [wikipedia.org] protocol.

            Wow..I'd not thought of the old mixmaster method of sending emails.

            I wonder if that is still a working thing or if all the nodes have been taken over by 3 letter agencies?

            Every heard of Tor? It's the same concept. And, yes, I'd bet that a lot of Tor nodes are run by TLAs.

        • This is basically how it works. Not sure if the mix network idea is exactly how they implement (no one but Apple knows), but the marketing does point that way. It's actually quite a decent feature... for the users. The reason that carriers wouldn't like that is blindingly obvious to anyone following the recent trends in ISPs (especially mobile carriers) thinking they can do whatever they want with your traffic, including throttling it, inspecting it, data mining it, etc.

    • What this means to me is that it is VERY IMPORTANT that I get a VPN to use on my phone.

      This is _very_ indicative of what the networks are doing with my data.

      Right, because it's much better that the VPN provider can do that with your data.

  • Nothing the carriers lose access to is for them to see. Their statement is a flagrant admission of spying on their customers.

    • The same logic applies to ordinary mail and package deliveries. If the mailman said he needed to open all letters and parcels for better delivery management - I would set the PittBull onto him. But one recalls it is illegal to open mail that is not yours. Others are right - Apple users have enough clout to ditch those who cant do their job properly - deliver the goddd..med packages.
  • Gobbledygook (Score:4, Insightful)

    by PPH ( 736903 ) on Monday January 10, 2022 @04:56PM (#62162075)

    vital network data and metadata and could impact operator's ability to efficiently manage telecommunication networks.

    Get my packets from point A to point B as specified in the TCP headers. That's all the efficiency I want or need from them. If they have something else in mind, I'd like to hear it. If they can't put it in writing, it must be unethical. Or possibly illegal.

    • by jonwil ( 467024 )

      "Efficiently manage telecommunication networks" probably means "being able to shove less important stuff like Netflix to the back of the queue when the network is congested"

      • no no ⦠net neutrality means everything is equal, a netflix stream is just important as video call to a doctor for a cancer patient.
        • by PPH ( 736903 )

          a netflix stream is just important as video call to a doctor for a cancer patient

          You pay for the QoS that you want. And I'm sure that if a network operator would identify someones call as being to a doctor, they'd get slapped with a major HIPAA violation.

          • by sconeu ( 64226 )

            And I'm sure that if a network operator would identify someones call as being to a doctor, they'd get slapped with a major HIPAA violation

            Actually, no. HIPAA applies to health care providers, health insurance provides, and contracted entities.

            Nobody else has any restrictions under HIPAA.

      • by ceoyoyo ( 59147 )

        I expect it means "sell a list of everything you've looked at to whoever wants to pay us for it."

      • Maybe, but it might be something more like recoding the video stream to a lower quality. Most if not all of the transcoding platforms that I know of that are used by wireless carriers can only process HTTP traffic. That should be unencrypted traffic, right?

        Since you can watch Youtube over a HTTPS connection, then supposedly the stream you are watching is protected by the HTTPS encryption and any attempt to transcode it would look like a MITM attack. Right?

        So what is to stop a carrier from gaining legal acce

    • by thule ( 9041 )
      What if going over a peering connection save 10 hops? But you can't use that shortcut being the device is forcing all traffic over the transit link due to the "relay" feature. I want to know more about the relay feature. If it is a VPN-like feature then it would break all the nice peering that the ISP setup. No one wants to go back to mid-90's Internet where all the traffic traversed a handful a backbone providers. Do we?
      • One of Apple's Private Relay relay node providers is Cloudflare. Another is Akamai. Between them, at least in the US, they have a presence in _most_ major and minor backbones. Follow the fiber -- pretty much everywhere the fiber is, these two companies have datacenters every few miles with edge servers and tier 1 peering with terabits of capacity.

        Since Cloudflare and Akamai are by and large responsible for delivering much of the web content we consume in the first place, the modern Internet is already large

    • by AmiMoJo ( 196126 )

      Their (dubious) argument is that they need to manage the bandwidth available on the network, which requires them to know a bit about the type of traffic. Is everyone streaming TikTok or YouTube videos, or are they doing Zoom calls? They also want to be able to degrade the traffic somewhat based on its type, e.g. put YouTube in a low priority rate limited queue so that it only streams 240p video and reduces their costs/allows them to over-sell even more.

      VPNs make it impossible to do that, which is one of the

    • Get my packets from point A to point B as specified in the TCP headers.

      What packets? I mean if we can read the TCP headers of the individual connections we can act accordingly. But if every packet has the same TCP header: Some SSL connection to an iCloud server, what's there to do?

      To be clear I think T-Mobile is bullshitting a lot, but your proposal also completely destroys the concept and capabilities of QoS on a network.

      • by PPH ( 736903 )

        But if every packet has the same TCP header: Some SSL connection to an iCloud server, what's there to do?

        Get my packets to the iCloud server. Nothing more, nothing less. If I want a higher QoS, I'll ask for it (my application will).

        • If I want a higher QoS, I'll ask for it (my application will).

          How? We can't see your application. All we see is a tunnel to the iCloud server.
          I think you didn't think your reply through, or didn't understand my post.

  • by Tom ( 822 )

    The carriers wrote that the feature cuts off networks and servers from accessing "vital network data and metadata and could impact "operator's ability to efficiently manage telecommunication networks."

    Let me guess: They didn't get more specific than that. They're not about to let us know which data that is and what for it is needed, right?

    • No one seems to have mentioned throttling yet, so I'll put that in the hat of what the carriers like to do with your connections
      • Throttling is still entirely possible. The only change here is that carriers won't be able to throttle your traffic based onits content or source, but that isn't something they should be able to do in the first place. After all, they're selling me X amount of data or Y throughput with "unlimited data" per month, so where I request my data from isn't any concern of theirs.

        OP nailed it: they didn't state their reasons for objecting in detail because we all know that this is about monetizing the data. They can

  • The problem cannot be resolved any other way

  • It is not the internet if you do not trust someone other than you to at some point handle your data. You have to trust someone.

  • Since it was a beta feature I had originally decided to leave it toggled off. However after reading this I have reconsidered. While I am not on T-Moble I imagine they are far from the the only carrier snooping and monetizing my browsing habits.
  • I could see where this would, indeed, break how they manage the network. Peering allows a network operator to offload traffic that would normally go over their transit connections. If an iPhone user is watching Youtube or Netflix with this relay feature turned on, that means all the traffic that would normally go over those peering connections go over the transit connection. Not only does this cause more congestion, but it also costs more. Most congestion for Netflix and more congestion for the ISP.
    • At the same time it's none of their goddamned business, and this wouldn't be a thing if they weren't abusing their power already. The operators play peering games all the time with content providers, now someone is playing with them and they're unhappy. boo fucking hoo
      • by thule ( 9041 )
        Peering games? Peering is critical to the modern Internet. Peering saved the Internet back in the late 90's.

        By games are you're talking about how a well known company that was providing CDN services for Netflix? If so, then you should know that the company didn't want to pay for traffic when they fell outside their settlement-free agreement. Nothing wrong with another company trying to hold them to the contract.
        • More like fights between providers like Netflix and ISPs (as an example) impacting other services/vendors because the ISP would route Netflix through an already saturated exchange and cause it to fail. Games like that have collateral damage and cause lasting effects for vendors who are in no way involved nor have the financial or political power of either primary party to the fight. Fuck ISPs
          • by thule ( 9041 )
            Ya know there was another party involved during that era, right? It wasn't Netflix vs ISPs. It was Netlfix's CDN (Cogent) vs the ISPs. Look up Cogent in a peering map. Cogent has been very, very savvy in their peering agreements. Taking on Netflix turned out to be a very bad idea for them. It pushed them outside of their peering agreements. Unfortunately the dump press used the drama to spin for the politics of Net Neutrality even though peering has nothing to do with prioritizing packets or traffic shaping
            • This whole train thread somehow revolves around Netflix. Apple would be very not smart to not cut out a hole so that Netflix traffic goes direct. Remember, Netflix doesn't work with VPNs. Netflix sees a lot of subscribers coming in over one IP and guess what? Your whole subnet is labelled (by Netflix) as a VPN.

  • Nuke them from orbit, it's the only way to be sure.

  • Why haven't they said that the feature hides terrorists and pedophiles yet? That's the go-to justification in these sorts of situations.

    • Because people would just bring up iMessage. For the same reasons.

    • Why haven't they said that the feature hides terrorists and pedophiles yet? That's the go-to justification in these sorts of situations.

      Apple is already going to scan your images to see if you are a pedophile. Just as soon as the commotion dies down a little more. They care about your privacy, you know?

  • by edi_guy ( 2225738 ) on Monday January 10, 2022 @05:50PM (#62162287)

    Not sure if it's based on location (USA) or cell provider, but when I went to activate this beta feature Apple notified me that I would need to subscribe to iCloud+ at 99 cents per month. Not saying it's good or bad, just is. I'm not against paying for things that add value to me. But this one I will pass on for the time being.

    • Not sure if it's based on location (USA) or cell provider, but when I went to activate this beta feature Apple notified me that I would need to subscribe to iCloud+ at 99 cents per month. Not saying it's good or bad, just is. I'm not against paying for things that add value to me. But this one I will pass on for the time being.

      This feature is indeed an extra benefit you get when you sign up for iCloud.

      Well if you want more than I think the free bit they give you with purchase of a phone.

      I did it for back

    • by drhamad ( 868567 )
      That's correct, it's an iCloud+ feature. iCloud vs (first tier, $0.99) iCloud+ is: 5 GB vs 50 GB, Hide My E-mail, Private Relay, Custom e-mail domains, HKSV
  • This is tracked by the #GSD https://globalsecuritydatabase... [globalsecu...tabase.org] in GSD-2022-1000065 ( https://github.com/cloudsecuri... [github.com] ) if you have any updates (especially additional carriers) please let us know (file a PR/issue/tweet @ us). Thanks
  • Why does Apple route traffic through itself like China? Are they trying to spy on everybody? Sound like a terrible idea. Or an anti-trust case against other VPN providers, at least.

    • No. Read up on what iCloud Private Relay does. First, it's opt-in by the user. Second, it uses double encryption, so that neither Apple nor their transit partners (basically, companies with a lot of servers in a lot of datacenters and a huge amount of network capacity) can see both _who you are_ and _what site you're visiting_. And if the destination site is using HTTPS, neither one can see the traffic payload either - only you and the site owner can see the traffic. It doesn't MITM any crypto protocols you

    • Apples produces your hardware and software. And its closed source. They already spy on everybody. Choose something better.

My sister opened a computer store in Hawaii. She sells C shells down by the seashore.

Working...