Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Private relay isn’t very private - searches showed up on social media

LionTeeth

LionTeeth

macrumors 6502
Original poster
Oct 8, 2022
252
518
I was searching for specialty pillows for my wife for Christmas. Spent a good couple hours looking at websites, reading up on best materials etc. I usually use safari in private mode, but for this used normal just so if I was on a site I could find it again.

All was fine until I opened up Facebook the next day and Lo and behold bunch of ads for pillows. I thought private relay was supposed to stop this from happening? I used my iPhone, and use the Facebook app on the same phone.

I hadn't bought one yet, so it wasn't a purchase history that failed me, like a purchase info linked to my email and sold. Seems to be private relay not doing what it’s supposed to (or as is my understanding of it).
 
If your browser was still in normal mode then Facebook would have still known who you were. This is no different from opening Facebook at a friend's place: you don't need to log in again, unless you'd explicitly logged out and deleted the cookies.
 
  • Like
Reactions: fatTribble and NoGood@Usernames
Nermal said:
If your browser was still in normal mode then Facebook would have still known who you were. This is no different from opening Facebook at a friend's place: you don't need to log in again, unless you'd explicitly logged out and deleted the cookies.
Click to expand...
But isn’t PR supposed to stop that?

Hides who you are, IP, fingerprinting etc?
 
VPN isn't meant to prevent targeting of advertising. I'm sure google and fb have figured out a way around that with other kinds of fingerprinting. It's meant so if **** goes down, nobody can trace it back to you.
 
  • Like
Reactions: iLuddite and LionTeeth
So the apple site describes private relay like this:

How Private Relay works​

Normally when you browse the web, information contained in your web traffic, such as your DNS records and IP address, can be seen by your network provider and the websites you visit. This information could be used to determine your identity and build a profile of your location and browsing history over time.

iCloud Private Relay is designed to protect your privacy by ensuring that when you browse the web in Safari, no single party — not even Apple — can see both who you are and what sites you're visiting.

——

It just seems pretty clear “no single party can see what sites you’re visiting”

Except that is just not the case, clearly Facebook was able to pick up I was searching for pillows.

All the fingerprinting settings in safari, and this private relay thing etc, amounted to nothing.

I get that there’s cookies etc, I just thought it would work as advertised. Just kinda disappointed
 
Nermal said:
It hides your IP address, but if you're logged into a Facebook account then that's irrelevant. Facebook doesn't need to use fingerprinting if you're saying "this is me" when you visit a site.
Click to expand...
I am not logged into the Facebook website, just the app on my phone. And it’s my understanding they’re “not able” to track me across this device?
 
LionTeeth said:
I am not logged into the Facebook website, just the app on my phone. And it’s my understanding they’re “not able” to track me across this device?
Click to expand...

The app is fingerprinting your device and sucking up lots of data whenever it can. Private relay won’t help with that. I’m actually surprised Apple even permits it in the App Store.

Perhaps that’s dramatic but I delete the app after I use it, and reinstall it when I need it every few weeks. It’s amazing how much better my battery is when it’s not on the phone.
 
  • Like
Reactions: FJB, NoGood@Usernames and LionTeeth
LionTeeth said:
I am not logged into the Facebook website, just the app on my phone. And it’s my understanding they’re “not able” to track me across this device?
Click to expand...
re-read what you quoted.

keyword is -safari-

also you 'get that there is cookies'
... im not sure you do.
 
  • Like
Reactions: NoGood@Usernames
erihp said:
re-read what you quoted.

keyword is -safari-

also you 'get that there is cookies'
Click to expand...

And keyword omitted by OP, ”both”. Apple knows who you are, but not what you‘re visiting (encrypted request for page and page returned encrypted), 3rd party partner, generally Cloudflare iirc, knows the request but does not know who the requester is.

Only half of what’s going on is known to each of the relay parties.

And as pointed out: cookies. Signing in into something, cookies. Page has cookie code for Google, Meta, etal ad networks, cookies.

GoofyCyborg said:
My understanding of how it works is that it hides your IP and exact location when browsing the web.
Click to expand...

This. This is the main purpose of IPR. Site will know you are in city/region Y, just not hyper aware where (eg. Can map a public wifi at a coffee shop to exact address via its IP without IPR).
 
Last edited:
NoBoMac said:
And keyword omitted by OP, ”both”. Apple knows who you are, but not what you‘re visiting (encrypted request for page and page returned encrypted), 3rd party partner, generally Cloudflare iirc, knows the request but does not know who the requester is.

Only half of what’s going on is known to each of the relay parties.

And as pointed out: cookies. Signing in into something, cookies. Page has cookie code for Google, Meta, etal ad networks, cookies.
Click to expand...

Right ok so Facebook can see it is me, but not what I’m looking at.

Or Facebook can see what I’m looking at, but not that it’s me.

But then yes there are cookies which apparently identify you anyways no matter which privacy option you have enabled in safari settings.

So again I just tend to think really there’s no point in private relay. What’s the benefit? Apple spells it out in plain English like I posted above, but it clearly doesn’t accomplish that.
 
Some people don't want others seeing their IP address or knowing their location for a variety of reasons. A VPN works the same way. When you use a VPN, all you are doing is hiding your location and IP address. It doesn't prevent ads or stop cookies from being placed on your machine which in turn can be used to push custom ads your way. Some VPN's offer custom DNS along side their VPN service which blocks ads but it doesn't come as standard.
 
  • Like
Reactions: NoGood@Usernames and LionTeeth
GoofyCyborg said:
Some people don't want others seeing their IP address or knowing their location for a variety of reasons. A VPN works the same way. When you use a VPN, all you are doing is hiding your location and IP address. It doesn't prevent ads or stop cookies from being placed on your machine which in turn can be used to push custom ads your way. Some VPN's offer custom DNS along side their VPN service which blocks ads but it doesn't come as standard.
Click to expand...
Right ok that makes sense

Edit: so someone can be rude the entire thread, and tell me to kys, and it’s fine.
But me thanking someone for not being rude is removed due to “off topic”

This doesn’t make any sense.
 
Last edited:
erihp said:
re-read what you quoted.

keyword is -safari-

also you 'get that there is cookies'
... im not sure you do.
Click to expand...
I or the poster I quoted not once mentioned “safari”, what are you on about?
 
LionTeeth said:
IMG_0699.png

I or the poster I quoted not once mentioned “safari”, what are you on about?
Click to expand...
"iCloud Private Relay is designed to protect your privacy by ensuring that when you browse the web in Safari, no single party — not even Apple — can see both who you are and what sites you're visiting."

read this until you understand that anything you do outside of safari doesnt go through the proxy.

when you use the facebook app (that youve granted every permission under the sun) none of that traffic goes through the relay.

even if you had cookies in browser disabled or deleted everytime you started it, facebook fingerprints your device and identifies your ip and location in order to correlate everything you search for in the app data you have allowed permissions for.

so when you read and understand the context of what they claim it is and does, youll realize you are playin yourself by using the app if you want some semblance of anonymity from facebook or advertisers
 
Maybe the pillow websites don’t have a clue who you are, but if one of them also utilises facebook login, facebook comments, their like buttons, or whatever else facebook offers, then facebook will still know you visited them
 
  • Like
Reactions: genexx
The issue at hand here is that you (OP) went outside of Apple's private relay so you could save/bookmark the site you was browsing so you could return to it. The website you browsed would have a cookie that would have Facebook as one of it's 'partners' and thus anything you browsed would have been sent to facebook. Because you was outside of Apple's private relay, the website would have captured your IP address and because Facebook already knows your IP address due to you having the facebook app on your phone, it can put two and two together and know that it was you browsing the website.

This was your error:
I usually use safari in private mode, but for this used normal just so if I was on a site I could find it again.
Click to expand...

and it is why facebook was able to give you the pillow ad's.
 
  • Like
Reactions: LionTeeth
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back