Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Private Relay captures DNS

M

matt_and_187_like_this

macrumors 6502a
Dec 8, 2015
588
2,034
So basically a proprietary TOR browser. It's a great idea, but it really worries how much I rely on Apple's promises already.

Don't think anyone gets a pihole just for blocking ads in a browser. That's the easiest thing to do. Pihole is most useful for everything but the browser (apps, smart tv, ...)
 
djlythium

djlythium

macrumors 65816
Jun 11, 2014
1,170
1,619
Runs For Fun said:
A lot of people run DNS based ad blockers like piHole and pfblockerng. This would bypass those meaning you’ll get all the ad crap again.
Click to expand...
Right, I gathered that from the comments, but I guess I mean why is it important to focus on the DNS anyway? Like, why use a DNS-based adblocker vs a different type? Thanks for the info!
 
TehFalcon

TehFalcon

macrumors 65816
Jan 6, 2011
1,128
1,067
United States
Looks like they are using Cloudflare for the backbone of the service as well. Speedtest.net shows my ISP as cloudflare with private relay on.
 
ParagJain

ParagJain

macrumors 6502a
Jul 24, 2011
590
141
Does this work like a VPN service like Nord or Surfshark ? What Private Relay really does? thx.
 
R

revs

macrumors 6502
Jun 2, 2008
454
398
UK
If it didn't block DNS it wouldn't be very private 🙂
Sucks if you use a local DNS, but very few users do that (Yes probably more than a few here, but for 'non techys')

Is private relay system wide, or Safari only?
 
roderik

roderik

macrumors newbie
Original poster
Feb 26, 2011
26
8
Belgium
Well, doing on my router, makes sure that all devices (e.g. the managed school computer of my son I cannot modify) do not get ads, or that a slower computer/device is not spending time and effort doing content blocking in the browser. And (have not checked recently) Adguard which is the best content blocker as far as I'm concerned does not have an ARM version.
 
  • Like
Reactions: jagooch
RamGuy

RamGuy

macrumors 65816
Jun 7, 2011
1,362
1,922
Norway
It's understandable why it catches DNS traffic as well. It's a privacy feature after all so why wouldn't Apple make sure your DNS traffic is getting the same treatment.

I have all DNS traffic on my local network running DNS-over-TLS using IPv6 towards NextDNS already. And the most annoying part about this is that I no longer have local DNS resolving and I have various things on my local network that I reach using hostname and not IP. It's not a huge problem to use IP but as I'm mostly IPv6 native at home having to type those IPv6 addresses becomes annoying even though they aren't that hard to memorise. I could always make my local hostname resolvable using public DNS but that puts security complications into play when I have no real need for them to be resolvable outside my local DNS server.

I'm glad to see that Apple's iCloud+ Relay gives you both IPv4 and IPv6. Apple has been one of the main pucheres behind a native IPv6 world for the longest time so it's great to see that they keep implementing it whenever possible. Barely any of the big VPN-providers supports IPv6. This will make it so that all Apple One and iCloud+ users, unless they disable this privacy feature will all become IPv6 native users. That's a huge push towards making the Internet move towards IPv6.

This relay feature seems very limited for the time being. I have the option for "Preserve Approximate Location" enabled and I'm still getting a IP-address located in San Fransicso, USA. I live in Scandinavia so this is far from ideal when it comes to latency, localistation and throughput. But it's most likely a result of this relay network not being fully operational this early in the developer process.


Do anyone know if it's relaying only Apple Safari and nothing else? Will this be a browsing privacy feature only? You will still need to run a system-wide VPN if you want to anonymise your IP-address for apps? Have anyone tested what happens if you have this feature enable while also running a system-wide VPN? Will Safari bypass your VPN and still use the iCloud+ relay service instead? Or will activating a system-wide VPN temporarily disable iCloud+ Relay? Or do they work in tandem making your Safari traffic using the system-wide VPN and then it will run through the iCloud+ Relay afterwards?
 
Jumpie

Jumpie

macrumors 68020
Jul 7, 2008
2,129
1,765
Atlanta
RamGuy said:
It's understandable why it catches DNS traffic as well. It's a privacy feature after all so why wouldn't Apple make sure your DNS traffic is getting the same treatment.

I have all DNS traffic on my local network running DNS-over-TLS using IPv6 towards NextDNS already. And the most annoying part about this is that I no longer have local DNS resolving and I have various things on my local network that I reach using hostname and not IP. It's not a huge problem to use IP but as I'm mostly IPv6 native at home having to type those IPv6 addresses becomes annoying even though they aren't that hard to memorise. I could always make my local hostname resolvable using public DNS but that puts security complications into play when I have no real need for them to be resolvable outside my local DNS server.

I'm glad to see that Apple's iCloud+ Relay gives you both IPv4 and IPv6. Apple has been one of the main pucheres behind a native IPv6 world for the longest time so it's great to see that they keep implementing it whenever possible. Barely any of the big VPN-providers supports IPv6. This will make it so that all Apple One and iCloud+ users, unless they disable this privacy feature will all become IPv6 native users. That's a huge push towards making the Internet move towards IPv6.

This relay feature seems very limited for the time being. I have the option for "Preserve Approximate Location" enabled and I'm still getting a IP-address located in San Fransicso, USA. I live in Scandinavia so this is far from ideal when it comes to latency, localistation and throughput. But it's most likely a result of this relay network not being fully operational this early in the developer process.


Do anyone know if it's relaying only Apple Safari and nothing else? Will this be a browsing privacy feature only? You will still need to run a system-wide VPN if you want to anonymise your IP-address for apps? Have anyone tested what happens if you have this feature enable while also running a system-wide VPN? Will Safari bypass your VPN and still use the iCloud+ relay service instead? Or will activating a system-wide VPN temporarily disable iCloud+ Relay? Or do they work in tandem making your Safari traffic using the system-wide VPN and then it will run through the iCloud+ Relay afterwards?
Click to expand...

So i'm using Privacy Pro VPN for ad blocking across my device. With Private Relay running, Safari won't connect to the internet but ever other app works fine.
 
  • Like
Reactions: jagooch
B

bbplayer5

macrumors 68040
Apr 13, 2007
3,133
1,141
Doesn't work for me on MacOS, but it does on iOS 15. I check my external IP address in safari and it never changes. I check on my phone, and its some random IP not located near me. Anyone actually verify this working in Mac OS?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom