Apple Will Offer Onion Routing for iCloud/Safari Users

Comments

NombreNoImportane' • June 22, 2021 8:48 AM

“Not available in China, of course — and also Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines.”

So these are the countries doing DPI, gotcha.

metaschima • June 22, 2021 10:24 AM

Ok, but what if the site is running JavaScript? which all sites do. The site can use JS to grab your real IP, right? I mean that’s why you should disable JavaScript when running tor. Admittedly the tor browser omits WebRTC, which prevents outright nabbing of you real IP, but there are plenty of other ways to get your real IP address using JS.

Humdee • June 22, 2021 10:56 AM

The more and more Apple tries to convince me that it cares about security and privacy the more and more suspicious of their shenanigans I become. I can’t help but feel Apple is collecting all the fish in a barrel right before the killing spree. Guess I have become jaded and cynical in that way.

Impossibly Stupid • June 22, 2021 11:46 AM

Never mind the intended design, I’m only interested in the details of Apple’s actual implementation, especially when it comes to abuse. For Tor, it seems I invariably end up blocking most exit nodes because someone tries to use it to probe for web vulnerabilities. If Apple doesn’t have a policy in place to nip that kind of activity in the bud, they’ll be tainting whatever IP space their requests are coming from, too. Maybe they think only providing it to subscribers will limit the abuse, but I can see that just as easily creating an attack surface for malicious web sites (or extensions) to hijack any visitors using Privacy Relay to launch a DDoS (or similar).

Ross Snider • June 22, 2021 12:05 PM

Why not remove the requirement for iCloud subscription? How is it customer privacy value to link this to iCloud?

Why not have this be a local configuration (so it can’t be manipulated remotely)? How is this customer privacy value to rely on remote management?

Why not use the TOR network, rather than add an Apple managed (one-hop) proxy in the middle? How is this customer privacy value?

I’m skeptical this can be “privacy from everyone but us”?

metaschima@ has a good point re: browser fingerprinting. Humdee@ has a good point about centralization. Privacy model seems to still rely on trust in Apple. Security model isn’t captured, but I worry Safari isn’t hardened the same way Tor browsers are.

SpaceLifeForm • June 22, 2021 2:09 PM

Add Brown Sugar, Cinnamon, Butter, and now you’re cooking!

Otherwise, this is not a sound recipe.

NateD • June 22, 2021 10:46 PM

“Private Relay splits up two pieces of information that — when delivered to websites together as normal — could quickly identify you. Those are your IP address (who and exactly where you are) and your DNS request”

Because the DNS request is “normally” or “commonly” sent to the web host rather than your DNS provider?

Since when is your DNS query sent to the web-host? This seems to combine all sorts of misinformation with wizardry to “make things better” without actually doing anything.

Tor has failed in so many ways to obfuscate connections. I fail to see how this makes this better for users or corporate security.

SpaceLifeForm • June 23, 2021 2:58 AM

This court ruling is insane.

Some may recall pre-DNS days.

We need to go back to the future.

hxtps://torrentfreak.com/sony-wins-pirate-site-blocking-order-against-dns-resolver-quad9-210621/

Ismar • June 23, 2021 4:23 AM

Interesting, but what is this measure aimed at – undermining Google’s tracking for advertising purposes might be one option?
They cannot possibly think that exisiting TOR users would opt in for a solution based on closed proprietary code ?

Denton Scratch • June 23, 2021 7:30 AM

@NateD
“Since when is your DNS query sent to the web-host?”

Yeah, that business about splitting DNS and IP address didn’t make sense to me either. If you have an internet proxy, then all your internet traffic goes through the proxy, whether it’s DNS or HTTP.

It looks like Private Relay (not Privacy Relay) uses two hops, where Tor uses three. That’s OK; Tor bridge nodes are needed to protect against the possibility of collusion between an entry node and an exit node. And of course, there’s no possibility of Apple (provider of the ingress proxies) colluding with the subcontracted (and unnamed) CDN provider that runs the egress proxies. That would be unthinkable (I just unthunk it).

So your DNS and HTTP packets presumably all pass through the ingress proxy. They are then forwarded to an egress proxy. DNS packets are sent on to some resolver (who knows who runs that), which might be a forwarder or a recurser – dunno. The answer comes back to the client via the ingress proxy. And then the HTTP request goes to the same ingress proxy, and emerges via the same or some other egress proxy, and is delivered to the website, which responds via the same egress proxy and ingress proxy used to deliver the request.

So maybe this business about separating DNS and HTTP just means that different egress serveers are used for your DNS and HTTP requests. But I can’t see what that gains you, whether or not collusion is possible.

/me not an Apple user, so I have no dog in this race. It all looks rather shifty to me.

Scott Lewis • June 23, 2021 9:47 AM

@Ross Snider “Why not remove the requirement for iCloud subscription? How is it customer privacy value to link this to iCloud?”

Apple’s goal here is to promote privacy when web browsing for their paying customers. You can be security focused, and for-profit all at once.

Robber • June 23, 2021 10:14 AM

@Scott, Apple is using the onion routing protocol and creating their own relays because they want control.

Apple has built jails so shiny that People would pay to be admitted. They could have made this a service based on Tor and contributed back to the upstream, given back to the Tor nodes which are run by many folks privately.

But we got to keep privacy!! We shall Keep it!!

Buy Jails!! Then Jailbreak??

Winter • June 23, 2021 10:40 AM

@Robber
“@Scott, Apple is using the onion routing protocol and creating their own relays because they want control.”

Tor nodes are run by volunteers. It would be “inappropriate” if Apple would abuse these volunteers by using the nodes for high volume commercial traffic.

Svarog • June 23, 2021 10:52 AM

Apple is doing this solely to continue to promote themselves as the only company that cares about privacy. The message is simple: if you care about privacy, we offer the best, for a price.

This is classic business strategy: find the thing that your competitors are weakest at (Android anyone), and position everything to exploit that. So, of course they put this behind their most expensive offering. After all, they are masters of premium.

David Leppik • June 23, 2021 2:00 PM

This is designed to be much faster than TOR, which has a reputation for being painfully slow. Apple claims this will be as fast as regular browsing.

Rather than using volunteers, Apple is using its own servers along with the major edge providers (Akamai, Fastly, and Cloudfare) so that the onion routing is done on fast computers near the user.

Obviously adding extra hops necessarily adds latency to the requests, but because this is a commercial operation running in commercial data centers, there’s a good chance that the extra hops will be in the same data center as the web server you’re trying to reach. So the latency should be equivalent to a website adding one extra level of middleware.

Apple will be charging for this service, but what do you expect when all of your web traffic is being processed by their servers? If you price what it would take for you to host a personal proxy on AWS, it wouldn’t be expensive, but it’s well beyond what Apple can afford to do for free for all their users.

As others have noted, this does require you to trust Apple to do things properly. But if you’ve already got an Apple computer running Apple software and using Apple services, you’ve already made that concession. Unfortunately the only other choice is Android, which requires putting the same level of trust in Google and your cell phone manufacturer.

Bruce said years ago that we were entering an era of feudalism, where you can’t secure yourself against the increasingly sophisticated attackers, so you have to choose one big team to trust. As it’s turned out, one of those teams (Google) seems more interested in targeted advertising than security.

Norio • June 23, 2021 2:01 PM

Not available in China, of course — and also Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines.

All the major companies are kissing dictator butt to get business. Apple & Tim Cook piss me off the most because of their extreme two-faced hypocrisy.
https://www.engadget.com/applenot-release-private-relay-china-090524919.html

echo • June 23, 2021 5:49 PM

To some service providers the cost of the data pipe is effectively free. It’s the same as being the owner of an airline. You get to travel for free on all airlines because of “indstry standard” peering arrangements.

Apple are providing a limited specification service. There will be kickbacks off this either off ISPs or security services.

Corporate hypocrisy usually doesn’t happen for no reason. It happens because of a culture of pwoer tripping and favouritism, and them and us culture, and lack of strict adherance to the meaning or spirit of the law, and decisions being “washed” via different departments or layers of an organisation, and legal advice which carefully tracks what they can get away with as opposed to what is strictly legal or in the public interest.

The US fundamentally does not respect human rights and they are not explicitly wired into the constitution so always get a back seat whether it’s at the political level, or regulatory level, or lower level organisational or personal level.

Schneier on Security

Comments

Leave a comment Cancel reply