I would think Apple has some leverage to force it if they really wanted.
If Apple really wanted to force the issue, they could tell T-Mobile no more iPhone contracts unless you do it. Apple can survive and thrive on fewer networks - the iPhone was AT&T exclusive for a long time at the beginning.
If that happened, there would be no way for T-Mobile to get a supply of iPhones. People would need to buy iPhones from Apple and then replace the SIM cards themselves. It would make T-Mobile bend pretty quickly unless they managed to get Verizon and AT&T to join them on the issue.
But then Apple has a second card to play, and that's the court of public opinion. If Apple wanted to make a public ad lambasting the carriers for undermining people's privacy, the damage would also force them to bend.
Finally, of course, there's the fact that carriers need Apple just as much as Apple needs carriers. However, between the carriers and Apple, who has $200 billion in the bank to do things themselves if they wanted?
Edit: Heck, T-Mobile has a market value of $130 billion. AT&T has a market cap of $188B, and Verizon $223 billion. If Verizon and AT&T joined T-Mobile in protest, Apple could theoretically attempt (or at least threaten) a hostile takeover of any of them. That would cause a lot of discussion among the carriers and send a strong message very quickly.
Apple could simply reimplement APN and iCloud Files and etc over their own Private Relay connections, so that any carrier who blocks Private Relay ends up blocking all push notifications to all Apple devices. They have not yet done so, but if they do, either all US carriers will have to collude to block it — which could reasonably be considered anti-competitive behavior and would attract immediate governmental review — or they'd all have to allow Private Relay, as otherwise they'd bleed millions of customers due to being hostile to iPhone.
It seems safe to assume that Apple doesn't like user APN traffic being tracked any more than the rest of their traffic, and so I would imagine this is essentially the roadmap for all Apple Services provided to their users over the next few years.
It's also possible the Beta is just to see what happens when they make the traffic visible and possible to block, and having seen the carriers tending towards "block anything that inhibits tracking", they might simply target Private Relay 2.0 as "HTTP3 over 443/udp to http3.apple.com" and have that be an N-way reflector point for all customer-provided Apple services, including Private Relay and the rest as different channels over that multipath HTTP3 layer. They chose to implement Private Relay in a way that could be detected, and are measuring how neutrality-hating carriers respond. Assuming it's their final answer is not a bet I'd take.
It seems like any kind of forceful action would trigger government review. The safest option to me seems to be just having a modal pop up saying "T-Mobile blocks private relay from being used".
It isn't a forceful use of power by Apple and it clearly informs just the simple truth that the users carrier is hostile and maybe they want to switch.
In the US, big Carrier A implements the full array of iPhone capabilities for carriers under Settings > Cellular; big Carrier B does not. Most people aren’t aware of what they’re missing, but for example, when implemented by the carrier properly, the cellular data usage heading is “this billing cycle” instead of “however long it’s been since you last clicked Reset Statistics manually”; and Settings > Phone > Call Forwarding has an iOS native UI rather than forcing you to dial 1980s-style *#12##0112636382* modem strings into the dialer.
Does your carrier implement this? If not, will you switch carriers? It’s unclear what degree of importance you assign to your expectation, as it could be anything from “for the tasks I care about” to “in every possibly way without exception”. (For me: It’s not important eniugh to switch carriers on its own, though it’s certainly a factor if I have greater reasons.)
I was always wondering why statistics never correctly showed information for my billing cycle. Admittedly, I wasn't the account holder until recently, but I never understood that it was a carrier settings. Are there other carrier-specific features that you know about?
By the way, your parent comment hypothesizing about http/3 and Apple services likely being routed via Private Relay was also very insightful. The http/3 part seems quite speculative, but I could easily see the Apple services being routed over Private Relay as part of any standard "dogfooding" roadmap.
There is not a lot of difference between http3 and a VPN protocol that can bundle and transport multiple bidirectional channels asynchronously, especially when considering the restriction “only uses http protocols and none other” — a quality that many Apple services share with Private Relay.
It’s absolutely speculative to consider http3 a viable replacement for ”a VPN”, as many consider Private Relay to be^, but that’s not due to any technical limitation. We could benchmark Squid-over-http3 versus Wireguard VPN in various latency and packet loss scenarios today (if implemented), and get productive and interesting results. We could do the same with varnish / nginx versus openvpn / pptpd. Whether or not it supports CONNECT is worth noting, but is no obstacle for “let’s assume that everything is HTTP”, as appears widely applicable to both Apple’s services to their customers, and a significant majority of consumer VPN traffic, today.
Have those benchmarks been performed yet? Are we all doing it wrong by using wireguard et al. to Mullvad et al. for 99% HTTP traffic and we just don’t realize it yet? I look forward someday to finding out the answer :)
ps. iOS carrier APIs and functionality are NDA’d so I don’t have any other information or useful examples to offer, as my experience with carriers as their customer is very limited. Perhaps others will know; apologies.
^ I haven’t seen an FP yet titled “If it can’t carry SSH traffic, it’s not a VPN”, but certainly there’ll be one someday. I can’t predict when, though, anymore than I can guess when someone else will realize to seriously ask, supported by benchmarks and encapsulation overhead charts, “Should tcp be deprecated in favor of http?”. (I have no opinion on what the correct answers are at this time.)
That has never been the case. Carriers have been tampering with web traffic for a while now. If T-Mobile is specifically tampering with the network, the problem is external and out of the control of Apple.
ps. Everyone who’s reading this story and discussion, go read the report that T-Mobile only forces Private Relay off for customers who are enrolled in their content-filtering product:
There’s been an update to the article addressing this:
> However, many of the users we’ve heard from, and tested ourselves, do not have any such content filtering enabled. We’ve followed up with T-Mobile for additional clarification, but have not yet heard back.
> If Apple wanted to make a public ad lambasting the carriers for undermining people's privacy, the damage would also force them to bend.
That ad would be candy to the Apple PR team trying to push the “Apple is secure and respects your privacy” campaign. I bet we’ll see Apple use the court of public opinion here, and win with it.
I'm trying to think of a case in which Apple has used public opinion in this way. The closest I can come up with is Adobe Flash, but Apple was the one blocking a product on its platform then.
If Apple escalates this into a dirt-flinging war, I don't think any domestic carriers would take offense at reminding the public that Apple is the only one among them that still does business with China. But neither one will escalate things, because both Apple and every US cell carrier have so many skeletons in their closet that trying to call one another out wouldn't just be hypocritical, it would be mutually assured destruction.
I don't think that would be effective, everyone already knows that Apple builds their phones in China, it says on the back. The fact that your cell carrier wants so badly to spy on you that they are willing to go to go to bat with Apple will, however, surprise some people.
My point is that carriers and manufacturers have so much dirt on each other that trying to escalate things would just hurt them both. The reason why Apple (and mobile carriers, for that matter) don't take swings at each other is because they both need the other to look as pristine as possible to sell units. They have a mutual interest in looking good together, and neither Apple nor the carriers have any vested interest in breaking that relationship.
I don't think the American public would particularly care – and some would probably even support – that Apple does business with China. If that's the best the carriers can throw at Apple, versus Apple cutting them off from the single device doing the heaviest lifting to keep them relevant, then yikes.
Oh, that's certainly not the worst they'd grab for, but more of an example where they can call their bluff. Cell carriers and hardware manufacturers alike get bent over backwards for compliance in the United States, trying to assert that you're "the private one" is just going to get you called on every other front. It's not even a question that these companies do shady things, the real question is more about the lengths they'd go to diminish their competition.
Again though, rupturing this conversation is mutually assured destruction. The reason why Apple won't call T-Mobile's bluff is because it's better for them to look like a symbiotic company than an adversarial one, and T-Mobile can get away with this because data protection in the US is a moot-point anyways. It's about as unremarkable as news gets.
Hell, Apple was even nice enough to give T-Mobile a special error message when you try to use Private Relay:
> "Your cellular plan doesn’t support iCloud Private Relay. With Private Relay turned off, this network can monitor your internet activity, and your IP address is not hidden from known trackers or websites."
I wouldn't call it security theater if I couldn't see the curtains on the left and right.
It's strange that you think Americans would equate "people in China are suffering" and "X is spying on me".
Your suggested response doesn't change my mind at all, it seems quite desperate and pathetic. And I want to see a stronger moral stance on trade with China.
> Apple could theoretically attempt (or at least threaten) a hostile takeover of any of them.
If I were any of the carriers, I wouldn't worry about this in the slightest.
Apple attempting to gain ownership of a mobile carrier in order to impose it's will on the market would be met with incredibly harsh regulatory scrutiny.
Beyond that, there's a strategic reason Apple hasn't launched their own mobile offering. The minute Apple owns a particular mobile carrier, they would be pretty well cut off from the other mobile carriers, or they would have to negotiate deals that would probably be argued to be collusive trade practices.
The real solution is that the United States needs real data security and privacy laws that prevent network operators from reselling your usage history, location tracking, and other personal details. It's a national security issue at this point.
I was thinking the same, then I remembered that Google has its own phones, it owns Android, and it managed to start its own cellular network without a whisper. So, no reason why Apple can't do the same.
Launching an MVNO that pays out to network providers isn’t the same thing as a hostile takeover of a single carrier, for either case.
Also, as a carrier, I’m not worried about Google’s MVNO for one simple reason: Google hates humans.
For all that the carriers are bad to their customers, they at least have a footprint in meatspace. Google’s DNA finds physical footprint and real human interaction anathema.
I would gladly take Google in a customer foot race any day.
They contract it out, but Google Fiber had door to door sales people attempting to get people to switch to Google Fiber a few months ago. Several of my neighbors switched from these people reaching out.
There's a difference between temporary sales presence contracted out and a permanent retail presence, though, you're right.
I always felt like Fiber was a warning shot to all of the ISPs trying to constrain what/how/where customers could do while extracting as much money as possible.
In other words, if they keep this behavior up, Google will begin to compete as well as advocate (fight for the regulation, laws, etc) for other, smaller, new ISPs to enter the market. Or fight harder on the net-neutrality front. Or potentially worst of all for the incumbent/monopolistic ISPs, fight to make them dumb-pipes.
Then again, maybe it's just another google product/service destined from conception for the graveyard...
Google is in slightly more of a "home-grown" situation, but more importantly Lina Khan was not in her current chair back when all that stuff happened. In marked contrast to previous officeholders, she won't be deferring to the "monopoly is good" FCC.
Right, but I think there's some incorrect conclusions being drawn.
The article asserts that an error in the settings menu appears: "Your cellular plan doesn’t support iCloud Private Relay. With Private Relay turned off, this network can monitor your internet activity, and your IP address is not hidden from known trackers or websites."
This doesn't appear to just be a situation where T-Mobile started blocking it at the network level; it appears to be one where Apple submitted.
While there's a lot of theories in this comment about how Apple will respond; I don't see that happening (in a public way, of course). Apple's leadership in 2022 doesn't have the same convictions their leadership has had in the past. They're capable of being a positive force for change, in fair weather; but when the weather gets rough, or when forces assert power over their expression of values, they fold.
What, so now displaying an error message means you're responsible for the error? See some of the other threads about why Apple might not like playing dirty to go behind T-Mobile's back--each one needs the other for its good reputation.
Its reasonable to assert that they wrote the error, and they phrased the error message intentionally, in a way which clearly says that they expected carriers to block the service. The settings app is owned by Apple; not T-Mobile; T-Mobile would certainly NEVER admit so plainly that they monitor network activity (even though they do).
Alternate phrasing which betrays different expectations: "We could not connect to the iCloud Private Relay servers. This may indicate an issue with your network provider, blah blah blah."
No VPNs is mostly standard-operating-procedure in, say, China. That being said: I'd assume that feature, let alone the settings page to configure it, is hidden in versions of the software distributed in countries like that. This error message is likely for countries where the service is available; just not on your carrier.
But putting that aside and even considering their stance of submission to the CCP; they betray every spoken value their American executives verbalize. That is standard operating procedure for 2022 Apple, and most other gigacorporations. That is the lens that every statement Tim makes, every word spoken at their keynotes, needs to be viewed through; that they're willing to invest their infinite money in whatever projects they believe aligns with their values, but they're wholly unwilling to stand up for those values when those projects are battle-tested in even such an absolutely inconsequential way as this.
Of course, they can prove me wrong by standing up to T-Mobile and using them as an example. I mean my god, you couldn't ask for a better example to make, T-Mobile/Sprint is a fourth-rate bargain bin cellular carrier, we're not talking about a nation state; this is a toddler mad at his parents because they won't let him eat candy for dinner. If they can't even resolve that, what hope do any of their values have?
The wording "doesn't support" seems very cooperative; it's less likely to generate angry calls to the network's customer service than "sabotages", "blocks", or "interferes with" - all of which are arguably more accurate descriptions.
Apple was the one who wrote that text out and put it in your iPhone. You can choose to interpret that any way you choose, but it's pretty clear that Apple either really loves and trusts T-Mobile or (more likely) their "Privacy is a Human Right" bit rides shotgun to their moneymaking shtick.
> Heck, T-Mobile has a market value of $130 billion. AT&T has a market cap of $188B, and Verizon $223 billion. If Verizon and AT&T joined T-Mobile in protest, Apple could theoretically attempt (or at least threaten) a hostile takeover of any of them.
OTOH, one way to become the most valuable company in history is to not go pulling stunts like that. Nothing the street loves more than predictability.
Of course, the odds of this are extremely small. It's just more to show that Apple has more leverage than the carriers in this situation.
Edit: Another, "smarter" tactic that Apple might use is by sending messages to the Board of Directors. If Apple can get the Board of Directors on their side (or at least convince them that management is fighting a war they can't win)... another way to freak out execs at the carriers.
The odds of any American company could start scooping up cell carriers without reproach is not just "small", but more along the lines of "complete impossibility". The SEC already gives Apple the stink-eye for gobbling up C-lister startup companies; if they tried acquiring anyone in the S&P 500, every trade commission in the world would be on them within seconds.
I also think it's silly to equate a company's power to the amount of money they have (at least in the first world) but your hypothetical does raise an interesting question: who's deeper in bed with the State, Big Telecom or FAANG? All of them answer to the government, even T-Mobile; but who's got the most favor? Understanding the heinous stuff the American government got away with when they had telecom under their thumb doesn't set a very optimistic baseline of expectations. It might even lead certain people to believe (surprise surprise) that Apple's dedication to privacy doesn't really mean much when there's money on the line. Arguing about how "Apple is better because they have more capital resources" has about as much pragmatic value as a child's crayon drawing.
Unless Apple has one-upped Room 641A, I think you're describing a power fantasy.
Sure, but on the other hand if there is one thing Apple (as well as Tesla, Facebook and Google) are known and loved by the stock markets for, it is vertical integration to an absolutely insane degree.
Apple would literally capture the entire value chain of the iDevice ecosystem with such a stunt, not to mention have yet another steady stream of income.
>the iPhone was AT&T exclusive for a long time at the beginning.
I think that was a very different time though. Smartphones were just becoming popular. A lot of other upcoming smartphones also had carrier exclusives at that time (Verizon with the Droid line). I don't know if that would be acceptable in today's world.
A joint move like that by the carriers would be subject to a lot of antitrust scrutiny, where as apple can move on it's own with a lot less scrutiny.
People would need to buy iPhones from Apple and then replace the SIM cards themselves.
I mean, why isn't this already a thing? This isn't difficult at all. I don't buy my phone from my carrier. When I get a new phone, I simply take the old sim out and put it in the new one. The last time I had to do more was when the phones changed from a standard SIM to a mini SIM - the old one wouldn't physically fit. That was some years ago, though.
I'd think the bigger issue might be with the US phone networks: Do they still force you to use your phone with the carrier even though this isn't necessary at all? And if so, why haven't folks protested since it is obviously a way to trap people into one carrier.
Also, since folks in non-US countries can just buy a phone and put a sim card in, Apple won't have any issues adjusting whatsoever.
It is already a thing, just not prevalent. Although I believe for the moment, you still have to choose your radio-specific variant as the transition to 4G and 5G isn't 100% complete yet; CDMA vs GSM. (I hope I'm wrong about this by now). Sometimes it's (or was) based on spectrum.
Another issue is probably the "incentives" provided through the network providers and their partners, especially when an iPhone is traded in. Often times it results in significant "savings" for the consumer. (I imagine Apple could implement something similar, if not superior if they wanted)
Finally it's physical presence. Apple has done a fantastic job of creating a physical place to serve your needs, and of course you can always buy online, but there are those that prefer or require going to a place to take care of their phone needs.
I also shudder to imagine what the Apple stores would look like if they had to deal with and resolve the kinds of network issues (not to mention some of the characters that need the help) I've seen the superabundance of network provider mall/strip-mall stores deal with.
Hopefully all of these are just remnants of a time we'd all like to put behind us.
> I mean, why isn't this already a thing? This isn't difficult at all. I don't buy my phone from my carrier.
There is no need to buy a phone from the mobile network in the US. People have been able to pop a SIM into a phone and call the mobile network and have them add the IMEI for many years.
Of course you can buy the phone from Apple and put in a SIM card in the US. I’ve done it many times. You shouldn’t take fake internet outrage so seriously.
If Apple really wanted to force the issue, they could tell T-Mobile no more iPhone contracts unless you do it. Apple can survive and thrive on fewer networks - the iPhone was AT&T exclusive for a long time at the beginning.
Or the other cellular networks could start running ads touting that they let iPhone users use all of the iPhone features.
"Does your cell phone company hold you back? With Cincinnati Bell, you can do things with your iPhone that T-Mobile won't let you."
Apple could even help pay for the ads. It's not like companies with aligned interests don't do ad cost-sharing all the time anyway.
So you want them act as monopolists which is something HN usually is very much against. Also the threat of trying to buy a carrier out is a completely empty one and the carriers would all know it. There is no way it would pass regulatory or court review for the market leader in cell phone sales to own a major carrier.
I agree with you that they probably wouldn't be allowed to buy a major US carrier. But they aren't a monopolist or the global market leader in cell phone sales. Even in the US where they are indeed the market leader, their percentage of sales hovers around half, well below monopoly levels.
Anti trust starts when abuse of a powerful position begins. There is no threshold requiring you to be a monopolist or even a dominant player. Just that you abuse your position.
I wouldn't be so certain of that. Antitrust review of mergers is mainly concerned with whether the merger will reduce competition in a market. Since Apple doesn't currently operate a mobile network and none of the carriers currently manufacture phones, it would be hard to argue a merger would lessen competition.
Now whether Apple shareholders want Apple operating a mobile network is a completely different question.
While I agree with your comment almost fully, I think it's a bit too early to judge Apple. They probably found out just a few days earlier than we did and are still weighing their options.
if i had to hypothesize why T-Mobile are doing this, its streaming media.
TMobile has numerous pay-for-play access contracts in place for companies like netflix and hulu. in return they get a QoS tier and guaranteed minimums for their subscribers.
conversely, as others have mentioned and the article itself, private relay is absolutely haram. it damages tmobiles ability to deliver edge content from their contractually obligated players like netflix (without a region netflix quality might suffer) and it completely sidesteps all of TMobiles lucrative user plans that include access to streaming media as a feature relative to the users data cap.
increasingly private "anything" on a cellphone is becoming a hostile proposition for carriers as their revenue is largely based on predatory surveillance capitalism. without metrics and metadata, theyre no different than the water company.
Having worked for a couple carriers, network operators, and the back end data processor for them, I agree that the carriers are fighting and losing the data wars. They did make a lot of money on surveillance, but it is dropping as more coms are encrypted. I don't quite understand why people feel comfortable with a $3T company holding all their data, but I guess it is just in fewer baskets. People like me who know too much only use VOIP and prepaid burner SIM's on phones that always run VPN and airplane mode 98% of the time. It is way cheaper and more secure.
Please correct me if I'm wrong. If that's the case, I believe most/all iPhone users watch Netflix/content sites via an app, so that traffic would not be routed via Private Relay.
This may affect Mac Safari traffic, though. I am curious if they have any exceptions on the backend for edge content providers.
Apple could theoretically attempt (or at least threaten) a hostile takeover of any of them
Yeah, that's not Apple's style. Besides, they don't want all of the legacy crap that comes with owning a cell phone carrier.
I suspect the issue is making its way up the corporate ladder through various directors and Vice Presidents.
And I'm sure Apple's got a business plan for running their own MVNO they could dust off if things get out of hand. But let's hope it doesn't come to that.
Theoretically they could buy it, replace the management, sign a contract to never do such things again, and spin it off. They wouldn't necessarily have to deal with it beyond that.
But this would be rewarding existing ownership with a buy-out.
Just because the tech is standardized doesn't mean Apple could just fly on their own. The carriers are entrenched via spectrum ownership. It would be impossible for Apple to build a network without the right spectrum.
Regulators responsible for anti trust enforcement only give lip service to the laws they are meant to enforce. The rest of the time their lips are firmly pressed up against the asses of the people they are meant to regulate.
I don't think anyone thinks America's third-largest cell carrier has the same power as the Russian or Chinese government. Certainly Apple can say "We cannot make China and Russia do what we want" because they don't have that much leverage.
Apple has to abide by the law in each jurisdiction it operates in or cease operating there.
It doesn’t have the ability to give a middle finger to both those governments and still be able to sell devices to Russians and Chinese people to use Private Relay on.
I think you should avoid T-Mobile if you can. Not just as a matter of principle, but also pragmatism. They have an extremely crude SMS censorship/anti-spam system [1] which even blocks links to lichess.org, the popular online chess website.
They have poor security practices like storing passwords in plaintext [2], and they had a large data breach (probably about 100M customers affected) last year. [3]
PS: This isn't protocol blocking at the packet/port level, so I may have used "protocol blocking" a bit inappropriately. Apparently Apple allows the carriers to prevent people from enabling iCloud Private Relay, and T-Mobile is doing that. Apple is probably doing so due to the pressure by the carriers. In August, four carriers (Vodafone, Telefonica, Orange and T-Mobile ) signed a letter urging the European Commission to stop Apple from providing Private Relay. (According to a report by The Telegraph: https://archive.fo/BRUS4#selection-915.74-925.194) This, of course, still quite preposterous.
I would love to leave T-Mobile, but they are the only carrier in the US who offers such a core piece of functionality for me: International service included out-of-the-box.
I love to travel, and nothing beats being able to land in (pretty much) any country in the world, turn on your phone and have working service just like that. No SIM cards, no different numbers, no local pre-paid cards, and no crazy international fees.
As someone who enjoys work/travel for weeks to months at a time, every other major carrier is not feasible for this (think 10$/day, which becomes unreasonable when you're out of the country for 3+ weeks).
Unless somebody else could recommend another option it seems I'm stuck with T-Mobile for now.
This is the only reason I switched to T-Mobile originally and the only reason I still have them. Their coverage is so poor that I get no LTE service sitting in my house in a core part of the major metro area. I'm only able to maintain them because they were an early and ardent adopter of WiFi Calling. On a recent trip in the US I had no service off major interstate highways. Internationally though, T-Mobile is amazing. I honestly wish my experience in the US was as good as my experience while traveling... there's not much point in having uncapped LTE when you get 1 or 0 bars of service, at least internationally I get great service even if it is speed capped at 256kbps.
Does your phone support band 71 (600 MHz)? This band is only a few years old, and T-Mobile has been deploying it as their primary long-range, building-penetrable band. It's unsupported on phones made before approximately 2018.
Band 12 fulfills the same role in some areas, and is supported on most phones, but T-Mobile doesn't have a nationwide license for it.
I now do Unlocked phone that supports eSim + Airalo app for intl data packs + Mint Mobile for the US, this works extremely well and is very cost effective.
With Wifi calling + texting, you can even use your US number internationally since it will work off the eSim data.
Google Fi is an MVNO of T-mobile/Sprint (last I checked anyways). so if T-mobile blocks the private relay for their network, it could affect them too.
Also, Google Fi kinda sucks. They used to be the cheapest, but nowadays you can get better prices from other services. For example, Google charges $10/gb/mo, whereas Mint Mobile (another T-mobile MVNO) charges 4gb for $15/mo, or $30 for unlimited.
Google Fi is only cheaper if you use less than 1.5gb of data per month, and the service quality is probably the same.
...and that's not even mentioning all the privacy concerns attached to Google.
The difference is that Google Fi runs at the top network priority. You can find loads of dirt-cheap MVNOs, but your data is at the back of the line if there's any congestion.
The difference is that Google Fi runs at the top network priority. You can find loads of dirt-cheap MVNOs, but your data is at the back of the line if there's any congestion.
Get my vaccination card at the entrance to a stadium. Messaging, email, access my NAS at home through my VPN. Download a podcast or audiobook. I mean, the answer to that question is literally "anything except watch videos".
My car has an "unlimited" plan with AT&T, and holy crap, it's worthless. If I actually need to do something, like, now, usually I have to turn off my phone's wifi if the car's on.
And this isn't me modifying my behavior. If I had a habit of watching YouTube or Netflix from all over the place, I'd get a different phone plan. I'm not like penny pinching here. It's just that my current phone plan works, I like how easy it is to administer, and switching providers in a huge PITA for a family of 4, so something else better be damn good.
Google Fi has had alternative plans to the $10/GB one for a while now. Works out to be similar (slightly less) cost than going to T-Mobile, Verizon or another carrier direct. Still very happy with the service personally but they do also block iCloud Private Relay.
As someone who used Google Fi for a while internationally, DO NOT get Google Fi! So many problems on an iPhone 7. Little to no connectivity in many places where they advertised having connectivity. This was ~2018-2020, so maybe it has improved, but I had such a bad experience with them.
I have a newfangled 5G phone that doesn't do 5G even though I'm in Los Angeles, so I was glad to switch from VZW to TMo, to make them buy my phone, then I switched back to VZW because TMo doesn't have 5G either, no matter the maps they show on TV.
I'd do Cincinnati Bell in a heartbeat, if I could.
Oh god, their service was EVEN worse in the United States!! In major metropolitan cities, in San Francisco especially! I have never had a worse experience with a cell provider. And I use AT&T!
Google Fi has been blocking iCloud Private Relay for longer than T-Mobile. I’m a subscriber and it stopped working after the new iOS went to GA, but worked during the Developer Beta period.
Have you considered Google Fi? I've used it for the better part of a decade now and its always been great, especially internationally. The plane touched down, I turn off airplane mode, and I get a notification from the Google Fi app, "Welcome to The Netherlands!"
Plus, it's primarily the T-Mobile network anyways with the addition of the US Cellular network and the old Sprint network.
That's why many phones come with two SIM slots, and eSIM is starting to get popular ( on top of one or two physical slots). That way you can keep both your usual number and your local card in use simultaneously.
Google Fi uses T-Mobile in the background. Depending on what you mean by "service probably isnt [sic] as good", you may either be wrong or be making a niche point.
On Lopez Island T-Mobile is pretty much the only thing I been able to use. This is in the village area too, not just south end. And T-Mobile gets service on most of the ferry ride to Anacortes. When you are waiting in line for 90 minutes for a ferry ride in your car, cell service is really appreciated.
Counterpoint to the anecdata: I carry both TMobile (work) and AT&T (personal) phones most of the time. Often the only way to get any data response in a major metro is to tether the TMobile one to the AT&T phone - this is in a major metro area, and largely the reason I switched away from Google Fi (though it turns out Apple Watch cellular is so useful that Google Fi isn’t an option at all anymore).
Or that competition only worth anything if it is made in a very well regulated environment (as per Adam Smith himself). If the playing field had customer-friendly laws in place, none of these giants could be this scummy.
It looks like T-Mobile isn't actually preventing or blocking Private Relay, but that it doesn't function while T-Mo's Content Filtering is enabled. Here's more information on that.
Good point. I upvoted your comment, and I wish I could edit my comment to add this. It seems that I can't edit the comment anymore though.
PS: The 9to5mac article has an update which indicates that the blocking is _not_ exclusive to users who have "filtering and blocking features enabled".
I'd like to switch, but after testing Verizon, AT&T, and Sprint (prior to the merger) with SIMs in my unlocked iPhone, none of them had reliable coverage at my house. T-Mobile was the only provider that gave me a good signal. I'm in city limits, so it's not what I expected, but I guess the problem is very localized.
Unless someone can spare me $70,000 so I can pay the install fee for a Comcast Internet connection to my home in downtown Chicago, I have to stick with T-Mobile for my main Net connection.
Because there is no reason to get internet from any of the big boys if you're in downtown Chicago. All you need is fiber to the big brick building next to McCormick Place, and there is fiber under every El track, in the old freight tunnels, along the Metra tracks, and just plain old every street.
When I was shopping around there was a huge backorder on the receivers because of the chip shortage. In the end, for a wireless connection, the 5G T-Mobile one works out better in bandwidth and latency.
Dude, t-Mobile is leagues better than AT&T or Verizon.
AT&T essentially bankrolled OANN, Trump's propaganda network. Verizon has done tons of shady stuff in the past as well.
Plus my bill for TMO has been constant (like the same) for years straight - no overages or surprise bills. Not going back to ATT/VZ for a long time if ever.
I've come to really regret my recent switch to Verizon Prepaid. They are very over-provisioned, which means anyone not on post-paid (i.e. MVNOs and to my disappointment, vzw prepaid) will get deprioritized to practically zero even with plenty of data available in the plan. I am unable to load even the simplest of web pages when this happens, which is a terrible state to be in when one is trying to check-in to a store to pickup an order, for example. I feel I would have gotten more enjoyment out of the money I am paying them if I had set it on fire. I am frantically looking for a less nasty alternative.
AT&T and Verizon have very checkered pasts, advocating to switch to them is ridiculous. That's not to say T-Mobile is perfect or even great, but at least for me they are the significantly lesser evil. That might just be down to the fact that they've only been around for 2 years.
I also can't complain that I get 8 lines of unlimited everything for $150.
Is this really about EU telcos, though? In the European article I mostly see messages about this from UK telcos, which are European but no EU anymore. I've heard that UK net neutrality law is kind of a joke, and now that they're outside of EU control the UK can do whatever the hell it wants, and I fear for UK citizens that the mostly consumer-focused EU ideals aren't shared by the current UK leadership.
Plenty of telcos want to force competitors out of the market with zero rating and triple play subscriptions, but I don't think any of them have made any moves against net neutrality this bad. A few years ago I've seen carriers doing HTTP introspection to force images through their compression proxies (usually budget ISPs who want to stop people from actually using up their data plan so they can make a profit) but that seems to have stopped completely now.
As for legal interception, this doesn't make any difference. When law enforcement finds that the suspects are communicating over Apple's network, they'll just knock on Apple's door with a warrant and demand a wire tap from their network. That's how legal interception of "privacy protection" VPN providers works, and Apple isn't even trying to ship traffic outside national borders, just to the closest data center.
> Via The Telegraph, operators including Vodafone, Telefonica and T-Mobile signed an open letter voicing their opposition to the rollout of the feature.
Those are each large telcos with operations in a multitude of countries.
They are, but most telcos have entirely separate businesses in each EU country, the same way T-Mobile USA has little to do with its European counterpart.
The Telegraph only seems to provide any sources that are about the UK. I can't find any sources outside of the Telegraph for Telefonica, for example, mostly because Google only lists articles copy/pasting the Telegraph.
Apple allows network providers to turn this feature off, but any DPI and analysis the ISPs do would be highly illegal in the EU, so I don't see the advantage that disabling private relays would get them.
Honestly, Apple should provide an override for this block. It seems to be based on DNS, so a custom DNS server should be enough to bypass the block entirely it seems?
> The Telegraph only seems to provide any sources that are about the UK. I can't find any sources outside of the Telegraph for Telefonica, for example, mostly because Google only lists articles copy/pasting the Telegraph.
I read it as referring to those telcos' international HQ's. The Telegraph article reports that the letter to the European Commission was signed by Vodafone, Telefónica, Orange and T-Mobile.
First, Telefónica isn't active in the UK under that name, only as part of Virgin Media O2 (their joint venture with Liberty Global) [1]. T-Mobile (Deutsche Telekom) and Orange (France Télécom) haven't even been active in the UK at all since 2016 (when BT acquired their joint venture EE) [2].
Therefore, if the Telegraph were reporting on the UK only, the list of telcos that signed the letter doesn't make sense in the first place.
Second, if the letter were indeed authored by UK telcos, why would they have sent it to the European Commission? That's an EU institution, and the UK isn't part of the EU anymore.
Exactly, carriers really don't want anything that helps push net neutrality in any real way. They don't want to be commoditized to where it's just pipe for Internet data to transmit through as you mentioned.
MITM is pretty moot right now with TLS everywhere. Apple is taking this stand because it’s inline with their business.
Zero-rating is really bad for Apple. And by making themselves the virtual network layer, they have the ability to roll out their own last mile networks later.
To be fair, you could make the same argument that TLS is moot because everything at the other layers (routing, application, and even hardware) is extremely vulnerable to attack. MITM is still a very real thing.
If anything makes it moot, it's not other technology; it's social engineering attacks.
The point of TLS is that every bit of network infrastructure could be compromised but your connection would still be secure as long as your own device and the end server (and the cert authority) remained clean.
I have been working through some consulting activities with 8 telcos over the past years on the topic BiG DaTa. While it is true that telcos have data, ALL of the telcos I have worked with lack the capability to do ANYTHING with that data.
First, they dont get the right people, because good people dont go to telco. Second, they have super fragmented stacks, especially in markets that have consolidated over the years. Third, they simply dont have figures out ANY business model for that data (except some We SeLl LoCaTiOn DaTa To GoVeRnMenTs that is illegal in most Western countries anyway by now).
So... all this "TELCO SOOO BAD BECAUSE ALL MY DATA THEY EAT" talking is laughable to me after seeing the truth. I am surprised what people here in HN think of the capabilities of telcos.
Edit: as I saw some comments below on "three letter agencies". Fun fact, ALL the 8 telcos that I have experienced hat guys from the local "three letter agencies" working there to detect crime stuff.
Shouldn't those all be true of ISPs too, though? Why are telcos different? Is it just because they need stricter QoS because of airwaves vs. cables? Do you think that argument still holds water in a post-5G-saturated world?
There is very little room for EU telcos to do any sort of inspection of packets, beyond maybe identifying if its streaming traffic or regular traffic (there are some subscriptions which give you free streaming traffic). Storing personal information is a big no-no, and anyone can at any time request a dump of all identifyable information a telco has about you. While I understand that private relay will give telcos less actional information, its not that much to work with to begin with.
I doubt long term that it causes much havoc with three letter agencies. If anything, it simplifies it a small bit because now they can look at the records of only two intermediaries, Apple and the CDNs they use. That said, why go to the trouble? Depending on how it's configured, Apple would already likely be tracking your browser history in iCloud, backups, etc. Plus websites that track user activity (e.g. have logins) can be asked directly for data.
I am pretty bad with networks, but isn’t most of the http traffic https nowadays? How can they do header enrichment and the others, then? Isn’t that the purpose of https to forbid that? The only thing they are supposed to see is the target domain.
(Not asking for sarcastic not-in-good-faith explanations of BS reasons that you are imagining.
Asking for anyone who understands more about a cell carrier's needs than I do, to explain what «the feature cuts off networks and servers from accessing vital network data and metadata and could impact “operator’s ability to efficiently manage telecommunication networks.» actually means, to someone who is not a telecom engineer but does understand engineering.
And/or other motives, but based on understanding more of their business than I do, not just wild guesses!)
2. Video streaming management. Carriers typically restrict video streaming on some/all of their plans to certain resolutions. For example, I think most American carriers limit video streaming to around 480/720p at 1.5Mbps or less unless you have bought a premium plan. VPNs often get around this and I know that my carrier can't detect Netflix access through iCloud Private Relay. Right now, iCloud Private Relay doesn't proxy app traffic, but it could in the future.
3. It looks like mobile carriers are looking to get into "edge cloud" stuff. Verizon has been pushing this and they recently emphasized this in their 5G Ultra presentation. If traffic is going through iCloud Private Relay, buying expensive "edge cloud" services from Verizon is a waste of money since the traffic would be leaving the network to go through Private Relay.
3a. Netflix ships "Open Connect Appliances" that ISPs can hook into their network to serve Netflix content. If your traffic is going through a proxy, you start accessing the content on a server farther away. This mostly doesn't apply given that Private Relay only does Safari traffic, but one could see Private Relay expanding to apps in the future.
4. I think there is a certain knowledge of what is using data that can be helpful to carriers. For example, I worked for a university and they wanted to set different QoS for things like peer-to-peer file sharing vs. web browsing. The university didn't want to punish P2P tech or anything like that. They just wanted to make sure that P2P usage didn't overwhelm other users and uses of the network. Likewise, it could help the university spot patterns like viruses/bots that might be using a lot of network traffic.
4a. I think this can also play into how companies position their offerings. For example, T-Mobile has introduced features like "Music Freedom" and "Binge On" that allowed unlimited audio streaming and video streaming before unlimited plans were a thing. They surely did analysis of network usage of those features before introducing them. You can look at how much video streaming users are doing and then model how much data would be used if you limited it to 480p (including accounting for an uptick in usage due to it being unlimited). However, if you don't know how data is being used, you lose the ability to spot patterns that might be opportunities.
4b. It makes sense to want to offer different QoS for different services. If someone is using FaceTime, you want that to be a good experience. You don't want to prioritize a speed test over someone's FaceTime call. You don't want to prioritize downloading from YouTube over a FaceTime call. That YouTube video can be buffered and if you know that you've transferred 15 megabits worth of 1.5Mbps video, you kinda know that the user doesn't need the next 1.5 megabits of video for 10 seconds.
4c. I know that a lot of people want their connection to be an unbiased dumb-pipe, but I think that people only want that because they tend to see crappy stuff from companies looking for money. Seeing it from a university that only wanted to give people the best possible network experience feels a bit different. QoS can be a positive thing and a dumb-pipe isn't always great.
I'm a bit surprised that T-Mobile would go this route at this time. iCloud Private Relay doesn't proxy app traffic at this time and I haven't seen that they have a similar browsing-history program like Verizon's. Still, there are reasons to want to be able to understand your traffic both for business reasons and for a better customer experience. Again, I'm surprised because it seems like the reasons today are slimmer. I think the Netflix OCA use case is a good one since it reduces network usage in a way that simply helps the parties involved, but wouldn't really be possible if the traffic first went via another external server.
I'd emphasize that nothing here is to say that T-Mobile is doing the right thing. It's just to bring up areas where a company might want to know more about its network access patterns. Some of that can be used for good like the Netflix OCA system or giving higher QoS guarantees to FaceTime. Some of it can be used for bad like knowing using browsing history for advertising.
Very good point on cache servers for Netflix and YouTube. Telcos save a lot of money when they terminate the traffic in their network. Private relay may affect that. Although apple’s solution could be clever about it.
I think this is honestly the biggest legitimate concern for the carriers: where the bits go.
Right now a hypothetical metro area might have a 20G circuit to Carrier A, a 20G circuit to Carrier B, and 20G of private peering to {Netflix, Google, etc}. With private relay they need to rip all that out and replace it with a 60G pipe to Apple.
Apple's solution could be clever about it, and it currently doesn't even block edge routing on mobile apps. It currently only supports Safari traffic, and most streaming will be via an app with things like Netflix. I suppose if YouTube routes to an edge that may be affected if viewing via Safari, but I'd be surprised if peering agreements aren't made when Private Relay goes out of beta.
> "However, starting April 26, 2021, T‑Mobile will begin using some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services, for our own and 3rd party advertising, unless you tell us not to."
T-Mobile sells browser history data to advertisers, and Private Relay blocks that revenue stream. They are on the offensive to protect their new-found profit center, and most likely are doing this now to show Apple that this is not a feature that they want to see be turned on by default.
It's the beginning of the same saber rattling that Facebook did when Apple announced it would simply ask customers if they wanted to allow apps to track them
T-Mobile, Verizon, AT&T, and other ISPs joined together and successfully lobbied Republicans in the US government for permission to record what their customers do online and sell that information [0, 1]. Apple's proxy service takes away that revenue source.
On cell networks, video content is by far the largest consumer of bandwidth. And the default for video generally is to auto-adjust the resolution to the highest quality that the network supports. This kind of sucks, since bandwidth is a shared resource for all users of a given antenna on a cell tower.
Though Speedtest on your cell might show your connection speed as 100 megabits/sec down, cell networks special-case video by identifying it as video and rate-limiting it to something like 1 megabit/sec. This is considered "efficient network management". For T-Mobile, this based on the plan (https://www.t-mobile.com/cell-phone-plans), they sell either "SD streaming" or "4k UHD streaming". "SD streaming" is a fancy way to express that they rate-limit identified video streams to 1 megabit/sec.
They identify video streams by watching the IP your phone is connecting to and/or the hostname mentioned in the TLS SNI header and checking if it is Youtube, Netflix, etc. Sending video content over a VPN removes their ability to understand what the content is.
Then couldn’t apple add some metadata on the user’s behalf that this traffic is a video stream? Of course it can be spoofed by the user, but if the hard-to-change default is well-defined by apple, then networks can depend and use that info.
There is a solid, technical problem with VPN usage on such a massive scale. Carriers, like T-Mobile, can arrange traffic exchange with big content providers. Majority of traffic generated goes to a handful of providers, like YouTube, Netflix, Facebook. It's not even about direct, financial incentives. It's a win-win for both ISP and content providers to peer directly and limit the amount of traffic routed through paid uplinks. It's a win for users too, since they can get their content with less hops, through bigger pipes. Even Tier-1 network operators (https://en.wikipedia.org/wiki/Tier_1_network) can optimize traffic by making the direct inter-connections for traffic-heavy content.
When everything is encrypted and goes over the ISP just to the VPN endpoints, they can't do anything. In the end, they will have to arrange peering not with content providers but with VPN providers, who works for Apple.
PS. There is a lot of tension in current setup, even without Apple stepping up. In the old fashion market, the last mile is the king. Big grocery chains have direct access to users, so they are the strong side in the relation with producers. They can position brand X over Y, if they have better margin. They also create their own brand Z rip-off and sell that directly. Just look what Amazon does in that space. When it comes to ISP, they have direct users and have very little to say. They are basically dump pipes, just like the power line.
T-Mobile was very vocal in the past in that space. They often wanted the MANGAs (heh) of the world to pay them a share from their ads. I remember T-Mobile threatening, that they might replace some ads with their own ads. Since they provide the users with phones, they can install their own certs on devices. Chrome has SSL pinning not only, to save users from hackers, but to save their own business model being attacked by ISPs.
Wouldn't most carriers have peering relationships with Apple for Apple TV content? Presumably iCloud Private Relay traffic could be sent over that connection as well, meaning that of all the VPN-esque solutions, Apple's is the most efficient from a traffic exchange perspective.
(Of course, it was likely never about the traffic exchange itself, but rather the ability to route, shape, and track traffic dynamically on a host-by-host basis, as others have speculated.)
I am guessing that AppleTV traffic is very low compared to Netflix or YouTube. Anyway I guess this setup must be super complicated. Apple is probably partnering with tons of entities to provide this all over the world. It must be a huge challenge at Apple scale. I wonder if they have any long term goals, which are not obvious.
Well the ISPs and content providers can cry me a river about their network optimization. They brought this all upon themselves. Remember when nobody used to use VPNs?
I belive this functions like a VPN in some ways and blocks video throttling. They use traffic inspection to throttle video streams down to 480p unless you have the most premium of plans.
I've never heard that IPS (not the content provider) is throttling down Video Quality by altering the traffic. Do you have some links to back up that claim? This doesn't make much sense, as they would have to download the high quality video anyway, then invest massive CPU power to downscale this. Most content providers will scale down the quality if they detect bad network conditions. If ISP would want lower quality, they could just artifficaly slow the connection.
Non-cynically, it probably does introduce some issues in these legacy telecom systems.
For example, if you run out of data for a month, many carriers will continue giving you access to the internet APN, but then block access to "external" websites. This is so you can easily open your browser and "top up" on data to continue using your device.
Or the usage of HTTP (not HTTPS) was relatively common back when I was in the space (7-10 years ago). There wasn't a need to use HTTP because the carrier was in full control of the pipe between the device and the server. Adding in a VPN that somehow tries to intercept that traffic (that was supposed to exist entirely within the telecom) is not going to work.
I just tried it. I'm on the cheapest T-Mobile prepaid plan [1].
I turned off WiFi, turned on iCloud Private Relay, and browsed to a site at work while watching the Apache logs for the hit.
Site showed up, and the Apache logs showed the hit came from 172.224.242.xx, which is in the block 172.224.0.0/12 which is assigned to Akami.
I turned iCloud Private Relay off, hit refresh, and the hit came from 172.58.46.xx, which is in the block 172.32.0.0/11 which is assigned to T-Mobile.
I then turned WiFi on and iCloud Private Relay on, hit refresh, and it came from the same IP that it had with it on when WiFi was off.
I then turned iCloud Private Relay off, hit refresh, and it came from an IP in the block 73.0.0.0/8 which belongs to Comcast, which is my wired home ISP.
Looks like there is no blocking going on for my T-Mobile plan.
Customers who chose plans and features with content filtering (e.g. parent controls) do not have access to the iCloud Private Relay to allow these services to work as designed. All other customers have no restrictions.
Which may be true, but I'm still suspicious. An update FTA:
> However, many of the users we’ve heard from, and tested ourselves, do not have any such content filtering enabled. We’ve followed up with T-Mobile for additional clarification, but have not yet heard back.
The message says that the user's "cellular plan doesn’t support iCloud Private Relay," so is this the same thing they've done with other VPN providers? That is, do they just count the traffic against the tethering/hotspot limit, since they can't shape traffic on it to, e.g., limit video quality to 480p when a user has a plan with that limitation? I don't know if they actually do this, but I've heard it before.
No, they do not allow users to enable Private Relay at all because Apple allows carriers to determine whether it's available or not. Even FaceTime over cellular is still something that carriers get to decide whether to allow or not, although I'm not aware of any carriers that don't.
From my limited testing, carriers are whitelisting traffic for high-bandwidth. When I establish a vpn tunnel on my Tmobile sim card, bandwidth drops dramatically. Presumably because they can't inspect it.
There are legitimate reasons why a specific business network might not allow it. For example, if you're on the employee network of a bank or hospital, it's very likely that your web connections are going through a proxy to make sure you're not sharing confidential data, and to block malware and such. Private Relay would go around those proxies. Allowing networks to opt out of Private Relay, then, is a better business decision than having enterprise networks just block all iPhones.
Corporate networks makes sense, but giving carriers the ability to disable it on the phone (i.e. not via blocking mask.icloud.com) doesn’t make sense. It’s not like personal hotspot where it allows you to bypass network policies, except for maybe the streaming shaping (but how long did they think that would work anyway?).
These deals are old. FaceTime when it came out was in the era of 3G. FaceTime over 3G could be a bandwidth hog.. and iPhones were not nearly as popular, so the negotiations were more give-and-take.
This is the worst thing. Not for Apple or Apple users, but for the general internet. If that goes through, and countries effectively end up making Private Relay illegal, that is a very VERY strong precedent to block regular VPNs. And that's terrible.
I wonder if the same could happen to TOR, if VPN end up the same way...
> The carriers wrote that the feature cuts off networks and servers from accessing “vital network data and metadata and could impact “operator’s ability to efficiently manage telecommunication networks.”
But seriously, it is because it prevents T-Mobile from monetizing you and slowing you down.
It also cuts down on the number of companies they can extort for transit. Right now they can go to Netflix and say "would be a shame if T-Mobile customers couldn't view movies during peak hours" and Netflix has to pay them for that not to happen. With all the traffic going through Apple, Apple is the only company they can extort this way. (Meanwhile, Apple or their "third-party provider" could of course play this game, but historically tech companies have been super uninterested in doing this.)
Basically, what everyone wants is for companies like T-Mobile to be a dumb pipe. They invested in spectrum and a network, and they should just lease that network for cost + profit margin. Instead, they want to milk it. They want you to pay more for particular packets. They want the rest of the Internet to pay more for particular packets. They want to inject their own ads into unaffiliated websites. They want to build a marketing profile based on what sites you visit, and send you "offers" based on this. Right now, that is all technically possible, so they'd be defrauding their shareholders if they didn't try. But, we can of course say "no" and route around the damage. Apple is letting their customers say "no", and that means T-Mobile is doomed to irrelevance, and that's a great thing. Infrastructure should be infrastructure.
(Can you imagine what it would be like if other utilities did this kind of shit? Your water would cost less if you were using it to run a Coke-branded soft drink dispenser, but not a Pepsi one. Or, Dell computers could get electricity at a 10% discount, but not Asus ones. It would be unthinkable! But with these big ISPs, it's mandatory.)
I hate to reply to myself, but I wanted to say one other thing. When governments sell RF spectrum to companies, the expectation is that they become good stewards of the shared resource. The taxpayers are saying "you know, we think private industry can give us more value from our RF spectrum than the government", and this is their chance to prove that. What we didn't want was to enable a monopolist to nickel-and-dime the Internet to death.
I'm guessing the exact legal agreements didn't spell it out like this, but that's how I think of it. Only one company can use this finite resource at once, but just because they bought it doesn't mean there is no limit to what they can do with it.
> Right now, that is all technically possible, so they'd be defrauding their shareholders if they didn't try.
This sounds like a clumsy restatement of the urban legend that companies have an obligation to maximize shareholder value. There is in fact no such rule, for the obvious reason that nobody can accurately predict the future and calculate the optimal value.
In this case, a company like Apple could say that they are choosing to forgo short-term profits from selling out their users’ privacy because they feel that the long-term loyalty will be greater, and anyone arguing otherwise would still have to admit that this approach has been phenomenally profitable.
Does T-Mobile actually extort companies for transit? When they announced their video streaming throttling + zero-rating, I looked through their the publicly available documents. From what I recall, there wasn't any sort of payment process, and mostly there was two parts: identifying the traffic so T-Mobile knew to zero rate it, and either adaptive bandwidth usage (which seems pretty common for video streaming anyway) or identifying the traffic so the provider could serve lower bandwidth streams.
It's not in line with the net neutrality, but it's useful for the direct parties:
a) a video streaming customer wins because they can do video streaming without touching their data allotment.
b) the video streaming server wins because their customers are able to do more streaming
c) t-mobile wins because they've reduced bandwidth requirements
Competitive streaming services that are not included in the program don't win, but t-mobile made it fairly easy to join. Users who want to stream at 4k or whatever don't win, but they can turn off the bandwidth restrictions and use their data allotment if that's what they want to do.
At my last job, I was involved with a lot of zero-rating deals as the application provider; we never paid for it, and I don't recall ever being asked for payment. Some of the carriers even setup plans without our knowledge or consent or assistance; this didn't usually work great long term, because of misidentified traffic, but it indicates the demand was there without us pushing it.
> Right now, that is all technically possible, so they'd be defrauding their shareholders if they didn't try.
Can you expand on this? Are you saying that if a business opportunity exists and a company elects not to pursue it that constitutes defrauding shareholders? I would have thought it constituted nothing more than a disagreement over strategy.
Yup, you're exactly right. I wrote it without thinking much (but wasn't fully serious), and didn't realize it would generate this much discussion. That's my bad for being a little careless with my rant. Thanks for clarifying it a little on my behalf.
> Meanwhile, Apple or their "third-party provider" could of course play this game, but historically tech companies have been super uninterested in doing this.
Apple notoriously "extorts" developers to be in the app store.
> Basically, what everyone wants is for companies like T-Mobile to be a dumb pipe. They invested in spectrum and a network, and they should just lease that network for cost + profit margin.
I don't think you've considered the alternatives if T-Mobile can no longer monetize traffic:
* Go back to subscribers pay per kb usage
* Eat the costs themselves
* Raise cost of mobile data plans
> Can you imagine what it would be like if other utilities did this kind of shit?
They side step this problem by charging per-use. During peak demand, prices go up. Each customer pays their share. Downside see Texas snowstorm.
They charge $70/month for “unlimited” data which is only 50GB before throttling. I’m pretty sure they can profitably afford to run a network for that much without reselling user data.
They already charge per kb. Look at the small print -- once you hit a certain amount of usage, you are drastically rate-limited. The only difference is that some months, when you don't hit your limit, you pay more per byte.
iCloud Private Relay isn’t like full blown VPN that hides everything you do on the internet, only your web browsing in Safari goes through it. So their existing systems to throttle the connection of your video streaming apps will continue to work just fine.
It’s completely about monetizing your browsing history.
I believe it also takes non-https traffic from apps but since they made https mandatory quite some time ago now I suspect that is not much. Also content loaded inside email in Mail.
Carriers nat/proxy everything and in addition to bandwidth throttling, they will rate limit or otherwise whack misbehaving applications.
VPNing everything at scale will impact that monitoring/management. And that will absolutely impact towers, or cause the carriers to throttle users vs apps.
VPNs work at a higher level. They have to see the radio traffic to be able to deliver packets to your phone, which is where billing and access control happens (this is why you can’t spoof someone else’s IP to avoid paying your bill), and at the IP level your VPN traffic is carried from your carrier-issued IP address to your VPN provider’s addresses.
The one legitimate argument here is that this prevents traffic shaping based on the destination, which T-Mobile uses to do things like offer unlimited streaming separate from your general data quota.
...they throttle at the phone-number/SIM. Even with a VPN your phone is still auth'ing itself to the cell towers, and those towers know what device is sending which traffic.
What this prevents is allowing say Youtube to pay TMobile to never throttle their traffic.
I've always wondered if you could start a internet speed testing website, get in the trusted list of companies like T-Mobile. Then release a VPN on the exact same servers, forcing the companies to provide the best speed to the VPN.
Only problem is that you would have to be large enough that the ISPs would care if their scores looked bad.
This is basically what Netflix did. They launched fast.com, which comes off the same servers as Netflix video. The whole goal was to get people to call their ISP and complain they aren't getting the speeds they paid for and getting them to unthrottle Netflix.
T-Mobile partners with various video providers to provide lower-bandwidth streams that don't count against bandwidth caps. Less-cynically, this may be to enforce that.
I consider those agreements to be violations of Net Neutrality, since they're inherently not treating all data the same.
It is a blatant violation of net neutrality, but somewhat paradoxically, actually benefits the consumer in my experience. Several friends of mine on T-Mobile have raved about how Netflix/Spotify/et al. don’t count towards their monthly data limit.
That said, iCloud private relay only applies to Safari, so T-Mobile blocking it probably doesn’t have much to do with their variable data caps.
It's not paradoxical at all, net neutrality also protects from bad effects kicking in long-term. Zero-rating is effectively the same as providing dumping prices compared to the competition. It may benefit the customer now, but leads to lock-in.
T-Mobile is pretty up-front about the various video quality options with their plans, and also has ways to temporarily boost your video quality for a few dollars.
For many people, a cheaper plan with slightly lower quality video is a great tradeoff.
> I consider those agreements to be violations of Net Neutrality, since they're inherently not treating all data the same.
I would agree if they do not make that available to all services. At least at the time they did that for music there was a pretty long list of partners so I’d be most interested in knowing whether they charge money or reject applicants.
I don’t think they’ve made the terms of those deals public, so it’s impossible to know if they’re fair or not. Either way, it can lead to service lock-in, because the next Netflix will be at even more of a disadvantage until they’re big enough to sign on with T-Mobile.
One reason could be that T-Mobile limits video streaming resolution based on the subscriber's plan. Only the most expensive plan can stream 4K video, otherwise it will "typically" be limited to 480p. https://www.t-mobile.com/cell-phone-plans?lines=2
You can extract a whole lot of value by mapping which sites someone is visiting even if you don't know what they're doing there, and you can get that information just from IPs.
If so, it's a hassle, but you can specify custom DNS servers (even DoH and DoT) for mobile connections using a .mobileconfig file. https://dns.notjakob.com/ can generate them for you.
Probably a good idea to do this anyway to keep your carrier from spying on your DNS requests.
No, they're (very likely) using the same mobile entitlements system that does tethering/mobile hotspot and WiFi calling enablement checks (the Entitlement Layer Protocol).
> “vital network data and metadata and could impact “operator’s ability to efficiently manage telecommunication networks.”
Complete bunk - Their (TMobile et.al) “value add services” are nowt more than network content provider toll-gates that the proxies bypass. Meanwhile they are also selling every bit of user context data (position, DNS/sites, cookies where unencryptable, phone-id’s etc) that they can scrape individually and in aggregate to any and every advertiser. Context is worth serious money to advertisers.
If carriers could be trusted (and they clearly can't), I'd actually agree with some of their technical requirements. Netflix's edge boxes work well to keep them from wasting peering capacity on video streams, and dedicated Youtube and Twitch uplinks would save the general-purpose peering links from a lot of unnecessary load. Unmasked routing would help ISPs route their traffic more efficiently and cheaper. Latencies would be lower, and rush hour throughput speeds could be higher. It might even be a small win for the environment to send all of your traffic back and forth between data centers.
Sadly, many (American) ISPs are abusing their position to gather and sell personal information from their subscribers. They wasted their "ability to efficiently manage telecommunication networks" the moment they started selling data. They've become adversaries rather than partners because they thought they could have their cake and eat it too. It's sad, really, because with cooperation, everyone would actually be better off with proper network management!
I previously served as CTO of the FCC Enforcement Bureau. A couple thoughts on the regulatory dimensions of this report.
* This could be a Federal Trade Commission problem. T-Mobile, like all major ISPs, has made public representations about upholding net neutrality principles [1]. These voluntary commitments were part of the Trump-era FCC's rationale for repealing net neutrality rules. Breaching the commitments could constitute a deceptive business practice under Section 5 of the Federal Trade Commission Act.
* This could also be a Federal Communications Commission problem. When repealing the Obama-era net neutrality rules, the Trump-era FCC left in place a set of transparency requirements [2]. Making an inaccurate statement about network management practices can be actionable under that remaining component of the FCC's net neutrality rules.
I haven't seen a comment from T-Mobile, so to be clear, that's just based on the report.
> Making an inaccurate statement about network management practices can be actionable under that remaining component of the FCC's net neutrality rules.
Who would be responsible for bringing about that action and, if they don't bring about action, what can regular people do about it?
Thank you. Is there a form where one could file a complaint with the FCC to inform them of this? I'm not sure that this would be widely reported.
I am also curious if the reports about content filtering being required to deactivate the feature are accurate, and if so, what the default status of that feature is on TMobile's network.
These kinds of shenanigans are exactly the reason you shouldn't trust carriers with plain text data. People bash Apple for not adopting RCS over iMessage but it would just lead to more crap like this but for your text messages.
Thanks, I missed they'd added E2E last summer. It looks like it's only for 1:1 chats and only on some phones depending on handset vendor and carrier, is that accurate? If so it still seems like adding RCS would have pretty limited usefulness vs interop with say WhatsApp.
I don't fault any one company on the messiness of the situation, it's kind of a tragedy of the commons situation. Apple isn't willing to compromise the UX complexity of adding more messaging types with different behavior, Google isn't willing to force carriers and handset manufacturers to make RCS really good, and carriers just don't care about anything other than ARPU and being "value added".
Oh, and WhatsApp interop will never happen even though that would probably actually be good because Facebook.
Carriers generally don't care about payloads, they can monetize you from the metadata. What kind of websites you frequent and when. They don't need to know which color of maternity clothes you're shopping for to know you're pregnant.
RCS is a shitty system set up by a shitty telco industry. The protocol is behind what most countries in the world use already. I see it as just an attempt from the telco industry to start charging subscriptions for Whatsapp again, but about five to ten years too late.
iMessage would be fine if it wasn't for the shitty vendor lock-out. Everyone I know uses some kind of cross platform chat app, usually either Whatsapp or Telegram. It's sad to see the green bubble shaming that Apple's exclusionary tactics has created be of such influence in US social circles.
I’m not a T-Mobile customer, but I am a network architect and have done some work and research on blocking and enabling iCloud private relay. It appears what’s happening here is the T-Mobile is blocking it and people have content filtering enabled, because they can’t filter contact if they can’t see it.
talks about how many are hoping that in the near future we will establish some net neutrality regulations, but for now there really isn't anything (at the federal level. Some states have tried).
We did, briefly, under Obama. More recently, the previous administration unwound those rules.
More technically: NN was implemented via the existing authority of the FCC, rather than any new law. Then the FCC, under new leadership, decided that internet service was outside of that authority, actually, and dropped that enforcement. Under Biden, there has been no change back in the other direction. (And at no point has there been a separate, federal law.)
The previous administration even attempted to prevent states from having net neutrality by claiming that disclaiming FCC authority was a prohibition on it. Yes, by attempting to claim FCC had no authority to regulate they also simultaneously claimed this prohibited states from regulating it.
The paradoxical was a direct reflection of the corruption within the FCC at the hands of the previous administration.
If anyone is aware of any grassroots efforts to reinstate NN, please comment. I had basically forgotten about the rollback under Ajit Pai, which, is in my cynical view, exactly what they want.
Same here, except instead of commonly, always, my cellular data won't work if I'm not connected. If they interfered with that I would switch carriers in a heartbeat.
I really hope this doesn't catch on, but I am concerned that settings has a message for this instead of it just mysteriously being not working. Makes me wonder if there is an official way carriers can block this?
I know at home since I have pihole setup I got an alert that private relay can't work on my home network.
From Apple's developer docs for Private Relay: they're probably displaying that message if either of the well-known endpoints returns NXDOMAIN[1].
They explicitly identify school and enterprise networks as legitimate cases where Private Relay needs to be blocked, so that's probably how carriers are doing it as well.
I've heard from a tech in one of those "protect you child online" software companies that some American states hold their educational facilities liable for things kids do on school-issued computers (like Chromebooks) or networks (like school WiFi). If a kid Googles porn on a school laptop while doing homework and a parent gets angry, they could actually win a lawsuit in some places, and the situation would be worse if the school doesn't try their hardest to block such things from the school networks. Of course, this is from the perspective of a company selling block boxes, but apparently their story worked out.
It's silly (and honestly sad) legislation but these companies were scooping up customers everywhere. If the choice is between "block porn and circumvention" or "no student internet access", choosing the latter could have devastating effects on kids without stable internet access at home. In my opinion, these laws should obviously not reach so far, and anything but a basic DNS block should even be illegal in my opinion, but reality is rarely what I want it to be. In the end, private relays suffer from the same restrictions and DoH and other privacy-enhancing protocols.
If you block the domains that private relay uses, it won't work. Those are `mask.icloud.com` and `mask-h2.icloud.com`. Then it'll display a message informing you that it doesn't work. I imagine the carrier restriction just shows up in the carrier panel because there isn't a way to access the Internet on cellular via private relay if it's disabled.
I guess thinking about it more, it would be fairly simple to say something like "if consistently can't setup private relay" and "on cellular" display this message.
For a moment I was thinking it would only trigger with something specific from the carrier, but I see little reason apple would actually work with them on this. They are not really in the business of making the carriers happy.
Edit: someone else pointed out it is actually a feature that the carriers can do. that... is disappointing.
"User begins blocking T-Mobile from future consideration."
I'm not using an ISP that prevents me from accessing perfectly legal Internet services. No matter how they want to brand themselves, today's telcos are ISPs, no more, no less.
When shopping for cell phone providers, our considerations are 1) complete Internet access, 2) coverage, and 3) cost. T-mobile could charge $5 a month for unlimited usage, but if they can't satisfy requirements #1 and #2, then #3 is moot.
Verizon is the only network that is reliable in my area. I've had great luck with visible, which is a spin-off on their network. Cheap as hell too - $25/mo for unlimited everything.
Note that Visible is an MVNO subject to deprioritization. I’m on the lowest Verizon Unlimited plan which is subject to the same and my service is nigh unusable when my broadband internet goes out or I’m in a really large crowd (e.g. music festival)
Yes, adding in a second data point as well. Verizon directly is great in this one area nearby, but using Visible in that same area was painful for anything data related. Would show full signal bars with Visible, but actual data rates were throttled and/or strongly deprioritized.
You genuinely get what you pay for when you spend the extra dollars for the direct carrier relationship with AT&T and Verizon. All of the MVNO's as well as their own prepaid plans will not compare if the towers are busy.
I don't use Private Relay, but I do have Verizon. I just tried enabling it (with WiFi disabled, obviously) and had no issues. Do you have a source to back up your claim that Verizon blocks it?
That's really strange. Are you on an old grandfathered plan of some sort? It has to be either that or a bug, because it's pretty clear that Verizon is not blocking Private Relay in any large scale manner.
> our considerations are 1) complete Internet access, 2) coverage, and 3) cost.
Anyone know how Google Fi compares on this criteria? I've been considering switching over for Fi's better security [1], but curious what Fi users think of the service. Since it piggybacks on other networks, does it inherit any of their service restrictions or other problems too?
Internet Access - err... it works? I am able to stream Netflix and YT without being locked to 480p.
Coverage - it's basically TMo coverage.
Cost - Fi is a bad deal if you plan to use a lot of data. It's almost 10$/GB (in the worst plan) or around 70$ for an "unlimited" plan, however it can get cheaper with a group (https://fi.google.com/about/plans/) . For me, its a great deal; I'm always close to a WiFi and rarely need mobile data. My bills ended up being around 25$. I'd say Fi's killer "feature" is it's international roaming charges... though I doubt that will be useful anytime soon :')
In the US, at least, Google Fi is essentially a T-Mobile MVNO. It was previously T-Mobile, Sprint, and U.S. Cellular, but T-Mobile bought Sprint, and U.S. Cellular divested a fair amount of its network.
I saw conflicting reports about whether Google Fi was affected by T-Mobile's reported text message censorship. I don't know where it stands on this iCloud Private Relay issue.
Ever more convinced it's been a good idea to route all my phone traffic through WireGuard.
Though it interests me why mobile networks feel they are able to do this whereas landline ISPs don't tend to in such great numbers. At least, as far as I am aware, Deutsche Telekom aren't adding headers to bare HTTP requests etc.
I'm wondering if it's actually worth caving and having my home traffic tunneled to some provider more reputable.
I recall reading that starting their own MVNO was the backup plan under Jobs if they had not been able to convince any existing carriers to allow the iPhone.
At the time, the carriers specified much of how the software must work on any phone that they allowed onto their networks, both functionality and UI. Apple wanted the relationship with the carrier to be that Apple was in charge of everything except the low level code for dealing with the cellular network.
Cingular agreed, the iPhone was a huge success, the other carriers then agreed, and that's where we are today.
Apple still shouldn't make it so easy to block this wholesale, even on corporate networks. Instead, they should have a way to make only corporate-internal traffic not go through it.
I'd wager this is the prevent folks from streaming over 480p on the standard 'unlimited' plan, prevent unauthorized hotspot use, prevent hiding DNS for data harvesting, and a few other things. What would make more sense is simply to charge this at hotspot rates, since they can't determine if you're using more phone and low-res streaming bandwidth than your plan permits.
I am careful on what side I am favouring. There is Apple, a company known for its golden cage system and then there are the telcos with their strange extra features.
In the end, I want to have a clean network. And that means no private relay for 50% of mobile users and no telcos screwing my DNS, headers, zero rate my traffic whatever.
There's only one legitimate justification to block it; to better manage their network by caching data locally and not going over the internet. Private relay retains your rough physical location but it obviously connects outside of your ISP's network.
Thing is that's a legit reason to block it, but it isn't a strong one.
That's not a legit reason to block it for everyone on the network. That's a legit reason for individual iPhone owners to turn it off if they value better performance over privacy.
>"There’s likely not much that Apple can do here, but it underscores another limitation of Private Relay as a feature as well as the power that carriers hold."
Doesn't Apple have a lot that can do there? Wouldn't there be TOS set by Apple that would cover interfering with functionality? I would hope apple would flex some muscle here as this would otherwise set a new dismal precedent where features were only available on a carrier by carrier basis. At one time T-Mobile seemed to try to cultivate a pro-customer perception. I guess those days are long over?
There are currently two subdomains associated with Private Relay. Apple's documentation implies that all connections are initiated through one or the other.
Some organizations might be required to audit all network traffic by policy. To
comply with such a requirement, these networks can block access to Private
Relay. Users will be alerted that they need to either disable Private Relay for the
network or choose another network.
The fastest and most reliable way to do this is to return a negative answer from
the network’s DNS resolver, preventing DNS resolution for the mask.icloud.com
and mask-h2.icloud.com hostnames necessary for Private Relay traffic."
I'm not familiar with Private Relay's details, but based on the available public information: every connection is initiated through a proxy server controlled by Apple, so all Verizon (probably) has to do is detect that initiation pattern and/or figure out which IPs/subdomains are specifically responsible.
Apple can probably improve the situation by making Private Relay more like a VPN (instead of a fancy web proxy + DNS masker), including reusing the same IPs and domains that iCloud traffic is already going through.
Edit: Apple's docs show two well-known subdomains for Private Relay[1]. Blocking both of those is probably what Verizon's doing.
While its trivial to edit DNS settings for wifi, its actually quite difficult to change your DNS server on the cellular profile on iOS as comment from Easton here rightly points out. I was kinda surprised the first time I found out you can't edit the cellular DNS server settings via the phone's Settings app.
One option that works for me to get custom DNS on iOS cellular connections (I like PiHole ad blocking on my phone) was to setup my own VPN connection to a VPS instance running PiHole for DNS and WireGuard for the VPN. Lets me get custom DNS, pihole adblocking over cellular so long as VPN isn't blocked by your cellular provider etc. Was two trivial Docker containers to get running, costs very little in AWS.
Same trick also lets me access region blocked TV services from my iOS devices over US cellular simply by turning a VPN on - I just stand up the containers on a VPS host based in source country and connect to that.
Slowly pushing the data wars into the public field of view. Kudos to Apple for pushing so hard on this front. Now to put some pressure on the FCC to have some rule making done about disallowing telecom interference in the data packets.
Apple was the one who wrote this error message for T-Mobile. If there is some kind of "data war" going on, it would appear that T-Mobile and Apple are on the same side.
Weird. I'm a T-Mobile customer, and I just switched to cellular data and was able to enable Private Relay without any issue. whatismyip.com says my ISP is Akamai. Possible T-Mobile are still rolling the block out?
I would guess Xfinity and other ISPs will be watching this closely. They have the same incentives and Xfinity among others strongly lobbied Congress when there were browsing privacy bills (that failed) in Congress.
There seems to be a lot of tacit assumption here that phone companies want to do bad things with your browsing metadata and Apple doesn't, but I don't see any firm reason to make that assumption.
I had turned private relay off during the beta since it seemed flaky when connections were poor. I have a VPN for torrents that I just installed on my phone because of this. Screw T-Mobile.
Private Relay was always a sketchy proposition; if privacy is your concern, you're almost always better off using a VPN.
Yes, granted, Apple could always extract (and to some extent probably is) your history directly via OS hooks, but the "Private" relay gives them a completely opaque off-device way to centrally track what everyone is visiting, which is just another data point feeding into their rapidly-growing advertisement business.
Paranoid? Maybe, but after the whole on-device scanning fiasco I view Apple in the same category as Google, Facebook and Microsoft when it comes to privacy guarantees.
> Yes, granted, Apple could always extract (and to some extent probably is) your history directly via OS hooks, but the "Private" relay gives them a completely opaque off-device way to centrally track what everyone is visiting
Err, no it doesn't - that's the whole point of the way it's engineered. All Apple sees is your IP address with none of the request details, and your IP is obscured before being sent to the second relay (Cloudflare, fastly, etc) , who only see the request detail with no origin/requestor information.
The purpose of private relay is more to prevent ISPs/Cell carriers from vacuuming up your data and selling it in probably totally identifiable ways to the lowest sketchy bidder.
All the big carriers have already been sued by FCC for selling location data without permission[1], and even last month Verizon is trying to justify collecting more data on everything you use your phone for[2]. Apple's business model is less gross than ISPs and their partnership with Cloudflare to prevent even themselves from being able to access traffic logs is an extra plus
> if privacy is your concern, you're almost always better off using a VPN
I am really skeptical of this. Not that ISPs are extremely trustworthy, but they're at least bound by some state mandated privacy protections which <Foreign VPN Provider> is not.
Valid concerns, you need to pick your VPN carefully if using a public provider. In my case, I relay everything to a VM I trust that is running a firewall and AdGuard for DNS ad-blocking.
The system may not work for everyone (for example, streaming services optimize based on your location, which will break down if the VM lives in some cloud), but I use my phone for music, browsing and email (not video consumption) so it works for me.
The thing is, I already have to trust Apple because they can do anything they want on my device. Why would I want to add a third party to that, especially one that runs a VPN service?
Give credit where credit is due. I haven't owned an Apple device since my trusty IIgs and am not a fan of Disneyland computing in general, but I may seriously ponder buying a Mac mini simply to gain access to their popular VPN that will be impractical for websites to block or CAPTCHA-hell.
The entire point of private relay is that neither Apple nor the third party CDN can match the destination website to an individual.
If your argument is “they probably aren’t doing what they say they’re doing” and so you shouldn’t use their tools, then you better start writing your own operating system from scratch and designing and fabbing your own silicon, because there’s no guarantee any of these companies or open source projects aren’t compromised.
Apple is also capturing DNS queries, so they minimally have that as a data point.
Regardless, the more general concern that parent seems to make is what is to stop Apple in the future from monetizing this data? I think the only thing protecting us as consumers is their policy. And as we all know policies can change very simply with a change to the terms of service.
I will eat my hat if Apple doesn't enter the ad market big-time in a couple of years. All the signs point to them building a massive privacy-invading trove of data on their customers to exploit.
Of course, their PR will spin it up as "privacy focused, totally anonymous, personalized advertisement" and some will just gobble that up as gospel.
I think 2 things are stopping apple from entering that market in earnest.
1. Privacy is a differentiator for Apple’s business. Google et al can’t compete and win on privacy. Apple can use this to win at recruiting and win at selling their ecosystem.
2. Apple’s hitting revenue/ growth targets. Other r&d investments better align with their ecosystem so there is no business driver today to enter this market.
Having said that I won’t be surprised if Apple misses a few qrtly earning targets and decides to enter the ad market.
“ODoH sends DNS queries through the first internet relay, so the DNS server cannot identify the user issuing a query. Each query itself is padded and encrypted using Hybrid Public Key Encryption (HPKE) to help ensure that the first internet relay cannot tell the domain name a user is looking up.”
Apple is the “first internet relay” and they seem to explicitly state that they don’t see the DNS queries themselves.
how long til ATT/Verizon do the same? is there any refuge, like Twilio?
alternatively, what would it take to roll your own/DIY private relay?
2 DO droplets, droplet0 runs OpenVPN or something, then private networked to droplet1 which requests are proxied through, and droplet1 recycles IP/region on some scheduled interval?
I think what is also interesting about this article is that EU, long the privacy stalwart, were the original ISPs to block private relay. Seems counter intuitive to me.
Reading the article and it's predecessor it seems they are mainly doing it on cheap contracts in the UK??
Which would not be in the EU.
I'm not sure if it's even legal to do so in the EU, tbh. it might be against the net neutrality rules in the EU (though they have loop holes, so not sure).
In the article:
"Now, in addition to some carriers in Europe, it appears that T-Mobile/Sprint in the United States is also blocking iCloud Private Relay access when connected to cellular data."
Though as far as I understood the European carriers voiced complains but did not act, thought UK carriers did (which isn't EU anymore).
Tbh. the article is just not very well written, I also first thought the article implied that T-Mobile US is an EU carrier operating in the US (it isn't, it's an US carrier owned to around 43% by an EU carrier, with which it shares a bunch of thinks, like trademarks).
EU regulations aren't necessarily designed for privacy, they're designed to troll US tech companies. Covering the screen in cookie dialog boxes didn't accomplish much.
One of the upcoming ones seems to just ban Kickstarter.
especially the mentioned banners affects US and EU companies alike (or at least did until the US decided to claim rights on EU citizens data through the Cloud act...).
Wrt. to the cookie banner it you mean the one coming from GDPR then the problem is missing enforcement. It must be as easy to opt in as to opt out this means:
- two clicks to opt out one for opt in => illegal
- dark patterns which makes it easier to accidentally opt in => illegal
- spamming people which don't agree to being spied on with "dialog boxes" => illegal (GDPR allows some forms purely functional data storage without consent, for example a non-3rd party cookie to remember that the user is opted out _which is not used for tracking_ is legal without asking for consent, hence there is a technical easy and legal way to not spam people with dialog boxes, hence making it harder for people to opt out by repeating forcing them to redo the action is illegal). Naturally doesn't apply if you clear cookies.
This is probably a good thing. When Private relay breaks (such as on my network at my house and some public wifi networks at a popular grocery chain), there's literally no indication that private relay is broken. Instead, friends tell me my wifi is broken or suddenly I can't use my grocery store's app to scan my products.
When your product causes your customers to call someone else and complain, don't be surprised if that "someone else" disabled access to your product.
I wish there were better visual indications within Safari regarding whether it's on or off. Especially when connecting to a new wifi network with a portal, which almost always break it. Private relay only works within Safari though, why would it affect your grocery store app?
Pretty sure you're talking about something that's not iCloud Private Relay, because if that's not the case it sounds like you're just making stuff up.
First of all, Private Relay doesn't affect your grocery store's app - 3rd party app traffic doesn't use it. It also can't 'break' your home wifi for your friends. And finally, when it's not working, it's automatically disabled, you are notified, and you continue browsing without it.
It’s also quite possible it’s changed quite a bit since it first hit the public beta. The grocery store app required you to connect to WiFi, which had a TOS you had to accept to use the WiFi.
But my home network’s DNS is quite … convoluted (intercepted and sent through DOT depending on which vlan you’re on, which somehow broke private relay). From the comments here, I’ve learned how to disable this feature remotely. So that’ll be nice.
I never saw the “it’s broken” notification. So either it came after I last used private relay, or it never broke through my “no notifications” settings.
Verizon, AT&T and T-Mobile say they’re not blocking Apple’s iCloud Private Relay - https://news.ycombinator.com/item?id=29901056