https://news.ycombinator.com/item?id=10355868
_-__--- on Oct 8, 2015 | parent | favorite | on: Verizon revives "zombie cookie" device tracking on...
Tor as an OS-level feature may not spark the best reaction. It's been given a bad name ("deep web," silk road, etc) in mass media and many people don't understand it enough to think of it as anything other than bad.
I think that it'd be cool to have, but I don't think that Apple would ever implement it.
jameshart on Oct 8, 2015 [–]
Agree, it's phenomenally unlikely, but then again there is a part of me which could actually imagine Apple doing something like it. They wouldn't use Tor, of course, they'd build a proprietary equivalent, and then come out on a black stage to 'introduce Apple Undercover, a revolutionary enhancement to personal network privacy and security'.So much so that I would accept Apple using something other than Helvetica this one time for a Miami Vice typeface and a Michael Knight and Kitt intro at WWDC.
I cannot stress enough that Hasselhoff needs to stay in character the entire time or the whole concept doesn’t work.
At this point, Helvetica itself would give a retro feeling if used by Apple. They’ve been all in on San Francisco for several years.
(a) There is pressure from many governments to give backdoor for surveillance. Or just comply with subpoenas that are against human rights.
(b) Complying with local laws generates PR damage. It makes privacy and ethics as a brand strategy look disingenuous.
The solution is, of course, to generate truly secure system where Apple can't make backdoors. Those services may not be available in some countries, but then it's just missing service, not a compromised system.
The goal of this is to make it so that even if the FBI had an incident similar to 2016, Apple would not be able to fulfill their request to make a backdoor, and the FBI wouldn't be able to make a backdoor even if they had the power to sign and run any code they wanted on the phone.
That's how you make a secure system these days. You can't just make it secure to everyone but yourself and fight the government - you need to secure it from yourself as well.
Apple's already shown they don't like this behaviour with their randomised MAC addresses in iOS 8+.
I think there is a sense in which privacy was already a differentiator for Apple in iOS (as contrasted with Google’s motives in android in particular of course) - so this did feel like a not completely implausible way they could go to double down on that differentiator.
(No snark, I really do love it.)
Enjoy the moment, future seer.
I use a VPN for other reasons (downloading Ubuntu ISOs mostly) but I'll probably turn this on and leave it running on all my devices because of how transparent it appears to be. I trust Apple's onion-routing design more than I trust my VPN provider not to log things.
* I'm actually glad they don't try to get around region locks. I consume a lot of BBC content and live in the UK. I'm constantly struggling with my VPNs (with UK endpoints) being blocked because others outside the UK could be using them. It would be nice if the BBC didn't block like this, but UK residents do typically pay for the content whereas those outside the UK are unable to.
This made me smile. Good one.
For context, copyright trolls recently tried to extort torrent users for downloading and sharing Ubuntu ISOs.
https://arstechnica.com/gadgets/2021/05/fake-dmca-takedown-n...
Importantly, OpSec (the company doing this torrent-dmca-for-hire stuff) says the DMCA itself was spoofed
> OpSec Security’s DCMA notice sending program was spoofed on Wednesday, May 26, 2021, by unknown parties across multiple streaming platforms.
https://www.urbandictionary.com/define.php?term=Linux+ISO&am...
Semi-related to this, but they do offer an option to pick between preserving your approximate location and using a broader location.
The example they took in one of the sessions was, if you live in San José, with the first option, you'll get an exit node near San José so you can still get local "content". With the second one, you could get an exit node in Los Angeles.
In practice in Europe, it looks a bit different. I do live in the north west of France, and with the first option I regularly get an exit node in the southwest of France (from Fastly), about 700km away (which is pretty fine by me).
With the second one however, I get exit nodes in Germany and the Netherlands (pretty much exclusively Cloudflare), which can become an issue with region locked content. I had the issue with Prime Video last week not offering me a Tennis match for which they only bought rights for in France.
Obviously it's still early and they might tighten a bit the locations outside of the US, but overall it's definitely quick and well thought out.
Last thing, all your traffic from Safari (and presumably some other Apple services ? Still unclear) whether http or https will be routed through it. Only http traffic from 3rd party apps (Firefox, curl etc) is routed through the relays, which I think is a pretty sensible default.
As an exiled Londoner, I would love to be able to pay to access BBC programmes. Unfortunately I can’t, so a VPN is often the only solution (well, I guess torrenting would be another one, but it’s not really better).
Obviously, this is something licensing agreements do not allow for, but it seems like such an obvious user friendly concept that it will never be allowed.
In essence, what you're saying boils down to "it's already paid for, but nobody else can have it anyway". It's unreasonable and there is no need to make excuses for this behaviour.
This is already paid for but the next show isn’t.
If the BBC were sold to the public as a soft dollar expenditure, it would be one thing. But it wasn’t. I’m not sure it could be in today’s Britain. Ignoring the freeloader problem threatens the support on which the BBC’s funding depends.
This is a debate with reasonable arguments on both sides.
Do you download directly from a mirror or use BitTorrent for this? (If the latter I think I kind of understand the rationale for the VPN)
(I think I was running uTorrent on Windows, it was weird and I really didn't know how to use it.)
However, in order to "acquire" [this][1], torrenting was realistically the only sensible option I had. A direct download from the Internet Archive would have taken roughly 7 hours @ 100 Mb/s. The torrent file was done in an hour.
To my great surprise, the link isn't dead, so...yeah :)
Transmission CLI FTW.
[1]: https://www.caseyliss.com/2021/2/14/a-concert-for-charlottes...
I used to use NordVPN but found it to be much slower, less stable, worse macOS integration, not as good on the privacy front.
I was under the assumption that it was mostly Cloudflare Warp repackaged with a different name?
Props to Apple for offering an (albeit low entropy) onion router on their own infrastructure. I can't imagine this is going to win them any friends in government circles but it's definitely a step in the right direction.
I'd also really like to see Apple come clean about the iCloud backup encryption debacle. A lot of people are trusting it to be something it's not and it should really be clarified on-device what it is and is not before opting in.
Are you referring to this article?:
https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...
It's why I only use my Apple ID for grabbing apps from the app store. I have disabled all the `cloud storage` features of iCloud. iCloud is a privacy nightmare.
I utterly agree that other direct-to-consumer options are in the same boat - but Apple is quite heavy-handed in it's messaging about, well, messaging being encrypted and private and no-one (including Apple) being able to read your messages. That's only true if you don't backup to iCloud.
I would expect most people on HN to be aware of all of this of course but when you're so strongly selling your privacy protections as part of your brand, it's a pretty glaring window to leave wide open.
And like the article says, they didn’t want to poke the bear anymore. Of course the FBI has congressional friends. It is possible that Apple saw the risk of it backfiring and making things worse as too great.
But I would be happy with iOS Time Capsule. Or even sell E2E Backup solution only with an iOS Time Capsule. Great way to increase their Services Revenue.
Apple is not without sin. If we get out of this entire epic lawsuit (another company not without sin) with consumers winning the ability to side-load, it's a win. But for the most part, Apple has a multi-decade history of usually working for customers in above-board ways, as opposed to Facebook, Googles and other(s).
re: non-encrypted iCloud storage: I agree with you. I keep medical and financial data encrypted (e.g., their Pages app supports encrypting documents, and you can encrypt PDFs, etc.) but I would rather they did this for me. That said, for the 90% of my files that I would post on a street corner, I find iCloud storage across my devices is handy.
Apple already has all the friends they need in the "government circles". They're fully enrolled in PRISM and are well-known to kowtow to the demands of corrupt leadership (see: Russian iPhones, Chinese iCloud hosting)
Quite the opposite. Governments probably already have taps to decrypted traffic.
Otherwise how come that would even be legal to run?
If someone commits a crime and government cannot find evidence, because Apple gives shielding, then isn't that making them hypothetically an accomplice?
Why wouldn’t it be? I was under the impression that what isn’t forbidden by law was legal by default. AFAIK, running a VPN platform isn’t illegal.
> If someone commits a crime and government cannot find evidence, because Apple gives shielding, then isn't that making them hypothetically an accomplice?
I hate this argument. It’s lazy and can be used to accuse anybody in any context, and shut down discussions that we should be having. By that standard we are all accomplices for some crimes.
I’m the scientist who purified the water that the criminal used to get enough strength to run away. I’m an accomplice now.
We have recent and specific case law around this. The cherry on top is it was Apple on the other side.
No, this is not how being an accomplice works in the U.S. It’s not how it works anywhere with the rule of law.
> The first assigns the user an anonymous IP address that maps to their region but not their actual location. The second decrypts the web address they want to visit and forwards them to their destination. This separation of information protects the user’s privacy because no single entity can identify both who a user is and which sites they visit.
Apple is not saying nobody can deanonymize you - they are being very careful to only state that no single entity can deanonymize you. Hence you should still assume this is not a good protection against any entity with subpoena power, or the ability to compel the cooperation of Apple and their 3rd-party egress relay providers.
[0]: https://9to5mac.com/2021/06/07/apple-icloud-private-relay-fe...
Are they able to assign a set for an entire country? If so, that doesn't narrow it down all that much. However, major league sports blackouts wouldn't work, so is it by city?
Apple has already confirmed that other app traffic will go through iCloud Private Relay “no matter what networking API you're using”, with some exemptions:
> Not all networking done by your app occurs over the public internet, so there are several categories of traffic that are not affected by Private Relay.
> Any connections your app makes over the local network or to private domain names will be unaffected.
> Similarly, if your app provides a network extension to add VPN or app-proxying capabilities, your extension won't use Private Relay and neither will app traffic that uses your extension.
> Traffic that uses a proxy is also exempt.
From https://developer.apple.com/videos/play/wwdc2021/10096/.
Maybe I am missing something but I view this is a rather genius move. They have plausible deniability + actually introduce some protection for their users.
Not sure how to read the original post though. Is it praising Apple? Is it mocking them? We don't have to be polar of course, I am just wondering.
Courts can compel them to log this information, so all claims about not keeping logs are just theater. The second they're ordered to by a court in the US, they will.
Sounds like praise to me.
Having a US megacorporation kill a whole market segment and pull it into their monopolized walled garden sure seems like an improvement. After all, they pinky promise they will not ever abuse that! /s
>Preference falsification is the act of communicating a preference that differs from one's true preference. The public frequently conveys, especially to researchers or pollsters, preferences that differ from what they truly want, often because they believe the conveyed preference is more acceptable socially.
The reason why the VPN business is booming is to avoid those pesky content infringement letters, and to workaround geo restrictions.
OP is upset that they advertise themselves as privacy tools, but that's just marketing.
I find it funny that people here mistrust companies like Facebook and Google, but then turn around and hand off their entire network activity to a faceless, anonymous VPN company.
Yes, I get that now my VPN provider can build that data profile, but I am certain that my ISP is a vile monopoly that has corrupted the regulators that are supposed to represent me.
That’s complete FUD. HTTPS completely avoids this issue (especially with a bank). Very few websites use HTTP now.
While VPNs do have their valid use (preventing your ISP from spying, changing geolocation, and private networks for eg, work), most of the marketing is spreading misinformation.
If you are only hiding from your local network and ISP its fine
If you want to do that and change your location to a website it’s fine
If you are hiding from any government for a civil or criminal charge it is not fine
If you are hiding from any government intelligence so nobody knows anything it is not fine
It doesnt matter what “no logging” claims the internet reseller has, this is not verifiable and can also change at any moment
This isn’t true though, they have specified who the independent third parties will be: CloudFlare Warp, Fastly, and Akamai. See here: https://www.barrons.com/articles/fastly-stock-outage-think-a...
I don't think Apple cares as much about video content providers, though.
A more likely reason is that video streaming services with georestrictions like Netflix, Amazon, or BBC would have lost their minds.
But I agree that making the exit node in the same country probably goes beyond video content providers, it avoids all sorts of potential legal, diplomatic and practical issues.
Not being able to watch Netflix, Amazon Video etc. in Safari seems like something Apple would in fact care about.
It does mean you now have to trust Apple since that's the first hop. However you're already doing this when you spin up your AWS Lightsail Wireguard instance, say. AWS can see ingress and egress traffic and so you just need AWS to not be part of your threat model. Same here. Though I dont see this as too much of a problem since it applies to devices and services where you've already made this explicit choice.
The app limitation thing is a shame and hopefully there will be an API at a later date.
The exit node choice based on exit-locality kinda makes me think Apple either:
- Want to restrict this service being (ab)used for geolocked content (Netflix etc)
- Want to speed up the service by providing the closest exit node (Performance)
Of course given all the FBI cases, you also have to consider other possibilties for the creation of this service.
[0] https://daringfireball.net/thetalkshow/2021/06/11/ep-316
This will still be your fixed IP, not adding much to your privacy.
Google, the engineering company, always plays second fiddle to Google, the advertising company.
Some of them make sense to me, i.e. China which has a long history of censoring their citizens.
But in particular, I'm trying to find out why South Africa is on that list seeing as I live there.
Edit: In [1], Apple is quoted as saying, "We respect national laws wherever we operate" but did not elaborate further.
[1] https://mybroadband.co.za/news/internet/400893-apple-will-no...
And, of course it could be politics. The South African government, I wouldn’t know, but it could be possible that they wouldn’t let tech companies from the US build servers in their nation.
https://www.reuters.com/world/china/apples-new-private-relay...
- This breaks DNS resolution for company-internal domains.
- This routes all my traffic through CloudFlare or another CDN I might or might not trust (yes, the IP is hidden, but not the data)
- it significantly slows down my internet access on my location.
- it tends to turn itself on again without my intervention
especially the last point is very problematic for me
I turned it on and actually forgot I did. Performance is decent here. I mean of course it's going to be worse than native, but that's the compromise.
As to trusting Cloudflare -- what do you mean? You understand your connection is still TLS end-to-end encrypted (presuming that's what we're talking about), right? I mean...presuming the site your talking to isn't using Cloudflare SSL. In no way does this reduce that security. If you're talking about HTTP, well everyone in between can already see that.
Why is it so clear? An iPhone hotspot turns itself off as soon as a device disconnects, with no option to leave it on, presumably for security or battery reasons.
Of course I’m talking about the beta version. But I can assure you that once I found out that it interferes with internal DNS, I turned it off (it’s on by default on the current betas) and a day later it was back on.
That’s what I meant with „it turns itself on again“
Funny story, I was shocked and quite annoyed that an iPhone automatically turns on Wifi and stuff every day by itself - even if you turn it off...
Still dont know how to actually turn it off
The fact they can see unencrypted HTTP data is a downside with all VPNs. At least you have the double hop going in your favor.
As for turning on by itself, it’s annoying, but it is the very first developer-only preview so I’m not complaining yet.
Is this not the case for any VPN or proxying service? In fact, it could even be a security flaw if your internal domains were accessible on external VPN style endpoints?
No, it's not.
> In fact, it could even be a security flaw if your internal domains were accessible on external VPN style endpoints?
It would be, but then this is not something that happens on a network configured in the way you describe.
Using TLS it certainly should be.
Because if it is instead actually unwrapping the connection somehow (eg. mitm) then they would be able to see the content, and that seems like a huge no-go -- both for the users, AND for apple as I would think it would open them up to liability.
note: they certainly would be able to see unencrypted http traffic regardless though.
This is listed as a known issue in the release notes
Why would it? The WWDC developer video clearly states that it’s only for public domains.
Isn't the great majority of your traffic HTTPS?
It doesn't replace a VPN into your company's or university's network (for accessing private resources).
It's not for accessing streaming TV in different regions.
HTTPS is already secure.
In theory it seems like it could be used for illegal torrent downloading, but given that Apple is in the media business, something tells me they'll do their best to block torrenting.
And for things like videoconferencing, it will almost certainly degrade performance to a degree (latency, bandwidth, or both).
The only thing left seems to be your ISP and/or coffee shop WiFi being able to track what IP addresses you communicate with. Instead, they don't, but Apple does. Is that really a benefit, or a benefit any average consumer cares about?
I wonder what advantage this gives over using NextDNS?
"YO, WHERE'S THE GROCERY STORE AGAIN? ALSO AFTER THAT I'M VISITING THE STRIP CLUB, AGAIN."
NextDNS turns that shout into a signal/telegram message, to a different neighbor. There's still a neighbor involved, but at least the neighborhood doesn't get to hear anymore.
If they include DNS in the onion routing scheme, it turns into a game of telephone, where the neighbor doesn't know you anymore.
Your traffic, and directions become more private.
The beauty of Apple’s double hop is that if one partner was hacked, secretly wiretapped, or had lied about not keeping logs, your connection would still be private.
But, that assumes that nobody on this network is keeping logs. If they are, then it could be theoretically possible to piece them together. However considering Apple’s marketing with privacy, it would be interesting to see whether they keep logs on each endpoint or not.
Many claim they don't have logs, and my understanding is that it has been sometimes revealed that they do have logs. Also, how do you run a server without logs? Many think those claims are BS.
I believe everything is encrypted on device before being sent to Apple.
Courts can compel them to keep logs.
So how do you assemble “all traffic to this site” even by subpoenaing both parties?
It would work the other way around as well (going from visited sites to a given Apple id). If you can monitor all nodes in an onion routing network, you can deanonymize everybody.
My personal threat model doesn't include state level actors, but if it did I would certainly differentiate between a solution that the NSA can break with some expense and one that my local police department can break with a warrant.
My actual threat model is advertisers, so I think the Apple solution is quite elegant and will serve me well. It shouldn't be conflated with TOR though.
Why haven't there been more onion routing projects. (Maybe there have been and I am just not aware.)
Perhaps the same reason(s) we never saw widespread adoption of remote proxies, despite their usefulness in many situations.
Although in some respects onion routing seems quite an improvement over "simple" proxies.
Tor isn't very large as it is, and (I would guess) it's the largest. If another onion routing network didn't grow the audience, you would have two even smaller networks.
> the Tor network can carry most kinds of traffic
Isn't Tor limited to routing TCP? That would rule out QUIC, for example.
I seriously doubt any reasonable video streaming service would cut off such a huge chunk of their user base just because they are using an iPhone.
Expected this to take the top spot right after the keynote.
Surely TOR is a type of VPN?
Maybe there’s some details I’m missing. I’m no expert
However WARP, being more like a VPN, requires you to trust Cloudflare to not log DNS lookups / the servers you connect to and associate that with your origin IP.
Why do I hesitate to call WARP a real VPN? It reveals your actual IP address to websites you visit via X-Forwarded-For. [2]
Also I think the fact that iCloud Private Relay will be built-in makes it more private than WARP — more users’ traffic will come out of each node.
[1]: Obviously this is imperfect because the Apple (which knows your IP) and third-party (which knows the network traffic) nodes will likely be in the same jurisdiction as each other, subject to the same laws, as mentioned by other commenters.
[2]: https://twitter.com/eastdakota/status/1176987146177196032
edit: typo, line break, clarified Private Relay concept
Still, this is interesting.
ProtonVPN does.
Also the corollary would be, that anyone who is able to bypass the protection mechanisms Apple has in place to control DDoS, can use it to DDoS a service like Google, Microsoft and get the entire service banned for all iCloud+ users. Right?
Pretty sure Nord already does. Probably others.
How could it be a "sop" to video services, isn't it exactly what they want, no more no less?
I wish there was a non-dubious VPN service with an exit in a non GDPR country, or at least one with internet privacy. I rolled a strongswan VPN through AWS EC2 but all the egress points are in countries that can be exposed.
Two part strategy as always:
1. Get yourself in-between of an already functioning system, by force if needed 2. Abuse your market position to gain millions of users, make it super easy to use this as default, and make existing players compete for their 70% share of what they already were earning.
- Enjoy new billions on top of existing trillions
A pretty decent overview of the scope of the product.
As mentioned in the video, the service also is involved if your app does HTTP over port 80, offering at least some marginal level of improvement. Otherwise it leaves your app traffic as is.
As to Mail, the linked comment mentions that but I don't remember it being a part of the solution (nor does it seem feasible that it could be). Apple offers privacy improvements in mail, but not via the private relay.
Privacy Relay is also discussed in the privacy pillars video for a few minutes, starting at 24m30s.
- VPNs are actually less private than iCloud+ double hop design, but could be much faster due to only having a single hop.
- Unlike a VPN, you can’t choose the location of the server you exit at, and the exit server cannot be in a different nation. If you are in the US, iCloud+‘s relays are in the US. No circumventing georestrictions here.
- Apple does not market their service as a VPN and never said it is one. For most customers, they don’t know this is a VPN substitute because it doesn’t call itself one. So if you have “VPN” in your mind, this isn’t something you think of as an option.