Does my ISP can see the websites I visit if I only use the Private Relay?
Can the website “spy” my location, which device, etc…?
How about third party eyes? How does the Private Relay protect?
How about the mobile version of iCloud Private Relay?
I already use NordVPN and AdGuard AdBlocker, but I mostly use Safari and only visit “legit” websites, so no piracy websites or similar ones.
Sometimes I’m on travel so I use the WiFi of the hotels.
I wonder if the iCloud Private Really may be enough for me, so that I can uninstall AdGuard and the VPN.
Moreover, my plan is to get back to the most minimal setup and uninstall the Apps I don’t really need.
I’ve already searched the Web, but I’m not a tech so I don’t understand how I am protected in my daily use.
Private relay only works for Safari, whereas a VPN & an encrypted, no logging DNS service will work for everything on your computer (except perhaps Apple services, I’m unsure about that point).
Apple’s support page on iCloud private relay answers some of your questions.
A VPN should force all network connections to go through it, including any Apple services, otherwise you’re leaking data, and there’s no point of a VPN. However, Apple was caught intentionally bypassing VPN with iOS 16. This has since probably been resolved.
In addition to not protecting your entire internet use (as it works in Safari only), it also has its issues every now and then (right now, it has not been working properly for two days, disconnecting and not being available randomly, etc.).
Thank you all for your replies.
So I see the only solution to stay safe is still a good VPN + AdBlocker.
A safe behaviour on the Web is still mandatory, of course.
So I can get rid of the iCloud Private Relay because I already have my protections.
Trying to protect our privacy is frequently a case of closing the barn door after the horses have fled. Despite company promises of “security” and “privacy” there is very little than can be done about much of our information.
Here’s an example of public information in the US. Much of which is available for free on many websites.
Name, previous names and aliases
Age and gender
Current and previous addresses
Current and previous roommates
Phone numbers and email addresses
Marital status, records and divorce records
Family members, including children, parents and extended family
Social media profiles and other online activity
Occupation and estimated income
Political affiliations
Education level
Property records
Criminal and civil records, including bankruptcies, liens and judgments
It’s a tradeoff. Most people are going to keep using the things you mention, but it’s easy to reduce tracking of your web history by using a privacy search engine and browser along with a VPN you trust for general browsing, and use a separate browser (other than Chrome) for web apps and sites you have to sign into.
Absolutely. Talking about tradeoffs and going offtopic, I have a colleague that does not use any cards for regular store payments because he doesn’t “want to be tracked”. Dude, you are with a bank, they do not need your card info to know basically everything about you! Plus, he is carrying with him a non trivial amount of cash in his physical wallet, ready to get lost or stolen…
Again, to each its own: it’s a matter of tradeoffs.
Edit: adding that, technically, your card purchase history is shared between your bank and the card payment scheme, so my friend’s concerns are not unfounded.
Hotel WIFI - avoid if you possibly can. Clients of mine at a security agency have shown me how dangerous public WIFI is. Just assume your machine is under attack.
Private Relay - yes it’s been flaky in the past few weeks. The idea is clever, it makes you part of larger group, since all of your browsing is mixed in with other browsers at the same exit point. (Browser Fingerprinting still gets around that to a degree). When it works it protects you from your ISP since they only see traffic to an Apple server
VPN - sometimes reduces your privacy, if few enough people are using the same exit node as you then you can be tracked. A VPN really only hides you from the carrier. People from the same security agency showed me that sophisticated actors pay special attention to the traffic that is going to/from an VPN exit nodes. So you get some protection in tradeoff for some scrutiny.
AdGuard - etc, another tradeoff - less noise the web page because fewer ads are delivered. Less privacy because it more uniquely identifies you.
I do take some steps. I empty my browser cache after each session and I use a VPN when researching private matters or traveling. But there’s nothing I can do to keep a merchant, etc from selling my transaction data or sharing it with other businesses.
I’ve been a user of AdGuard products for years, and yet I receive letters and emails notifying me of some breach or another and we are offering you one year of credit monitoring service… oh well.
Not just hotels—any public wifi, including your favorite coffee shop is risky. It’s best to always use a VPN with public wifi or tether to your phone’s cellular internet.
Iirc, Private Relay isn’t a full VPN. Correct me if I’m wrong, but I’m thinking it only encrypts your DNS queries, and your ISP can still track the site you go to after each query is resolved. If so, it mostly just protects against DNS poisoning on public networks, which is good but limited.
Also, Private Relay only works in Safari. There’s no protection for other browsers.
Yes, you are wrong . And it is a full “VPN”. Your sessions traffic and DNS are encrypted/ anonymized between your browser and the relay, then proxied there out to the internet.
There are many types of VPN. Your old POTS telephone with a dial tone is a VPN. For some reason the term has kind of been hijacked to mean one thing but that’s not accurate.
Iirc, Private Relay isn’t a full VPN. Correct me if I’m wrong, but I’m thinking it only encrypts your DNS queries, and your ISP can still track the site you go to after each query is resolved. If so, it mostly just protects against DNS poisoning on public networks, which is good but limited.
It’s different and better in some ways from a VPN. It’s not just DNS lookup. All people using Safari in one area are routed through one exit, so you look as if you’re a single web browser.
Also, Private Relay only works in Safari. There’s no protection for other browsers.
I forgot to add - one of the people at the security agency showed me how attacker was using an open WiFi (Hotel/Coffee shop etc), to conduct an attack on devices using the network. The VPN offers no additional protection that case. Not being connected to the WIFI and using your phone instead does work.
. And it is a full “VPN”. Your sessions traffic and DNS are encrypted/ anonymized between your browser and the relay, then proxied there out to the internet.