You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Private Relay has problems with other software

but does not say what software or suggest things to do.

I would guess NordVPN or other VPN's but the article I was referred to did not mention problem software

MacBook Pro (2021)

Posted on Jun 22, 2023 7:43 AM

Reply
Question marked as Top-ranking reply

Posted on Jun 22, 2023 9:13 AM

MLSReality wrote:

1. Thanks for the quick reply.
My understanding from your answer above is:
it is likely the NordVPN software is causing the problem.
2. that NordVPN and other such VPN's (does that include Google's new VPN service?) are not necessary software for privacy and protection, but perhaps for other uses?
1. so a NordVPN is NOT any additional protection when using WiFi at McDonalds, Starbuck, or hotels wit no password??


Adding a second and known-credentials and thus weaker first-few-hops tunnel that centralizes all your traffic and then wrapping that weaker tunnel around your existing and stronger end-to-end tunnels (SSL/TLS/HTTPS) is less than useful for your privacy, but is much more useful for collecting your authenticated traffic, and collecting your non-ODoH traffic.


3. therefore leave it OFF most of the time and the problem with Private Relay will be resolved


I don’t have any first-few-hops VPNs around. I use the existing end-to-end tunnels; SSL/TLS/HTTPS.


I do have end-to-end VPNs for access into affiliated internal networks. Some VPN server administrators will check the originating IP address (a check which might cause issues with Private Relay), though I and many others don’t.


If I did need a first-few-hops VPN for geolocation testing of a website or CDN caching or such, I’d use Algo VPN server and my own or hosted servers. And I would not be using those with Private Relay enabled.


4. but perhaps use NordVPN for it's other purpose of "relocating my shown location"
1. like when I am overseas telling Netflix or some banking apps that I am still in the US?


You’ll want to discuss that access with Netflix or with your bank. I’d expect those and other entities to increasingly detect known tunnel exits too, as already do the entities that intentionally detect Tor network exit relays.


Private Relay is roughly analogous to a two-hop Tor or I2P connection. Two hops is not good against those with adversaries with pervasive network access, but is more than good enough for the rest of us.


Do read the above-linked Apple description of Private Relay, too. And what first-few-hops VPNs do and do not provide.

3 replies
Question marked as Top-ranking reply

Jun 22, 2023 9:13 AM in response to MLSReality

MLSReality wrote:

1. Thanks for the quick reply.
My understanding from your answer above is:
it is likely the NordVPN software is causing the problem.
2. that NordVPN and other such VPN's (does that include Google's new VPN service?) are not necessary software for privacy and protection, but perhaps for other uses?
1. so a NordVPN is NOT any additional protection when using WiFi at McDonalds, Starbuck, or hotels wit no password??


Adding a second and known-credentials and thus weaker first-few-hops tunnel that centralizes all your traffic and then wrapping that weaker tunnel around your existing and stronger end-to-end tunnels (SSL/TLS/HTTPS) is less than useful for your privacy, but is much more useful for collecting your authenticated traffic, and collecting your non-ODoH traffic.


3. therefore leave it OFF most of the time and the problem with Private Relay will be resolved


I don’t have any first-few-hops VPNs around. I use the existing end-to-end tunnels; SSL/TLS/HTTPS.


I do have end-to-end VPNs for access into affiliated internal networks. Some VPN server administrators will check the originating IP address (a check which might cause issues with Private Relay), though I and many others don’t.


If I did need a first-few-hops VPN for geolocation testing of a website or CDN caching or such, I’d use Algo VPN server and my own or hosted servers. And I would not be using those with Private Relay enabled.


4. but perhaps use NordVPN for it's other purpose of "relocating my shown location"
1. like when I am overseas telling Netflix or some banking apps that I am still in the US?


You’ll want to discuss that access with Netflix or with your bank. I’d expect those and other entities to increasingly detect known tunnel exits too, as already do the entities that intentionally detect Tor network exit relays.


Private Relay is roughly analogous to a two-hop Tor or I2P connection. Two hops is not good against those with adversaries with pervasive network access, but is more than good enough for the rest of us.


Do read the above-linked Apple description of Private Relay, too. And what first-few-hops VPNs do and do not provide.

Jun 22, 2023 8:13 AM in response to MLSReality

MLSReality wrote:

but does not say what software or suggest things to do.
I would guess NordVPN or other VPN's but the article I was referred to did not mention problem software


First-few-hops commercial VPNs—as differentiated from the end-to-end VPNs that macOS uses by default, and from the VPNs intended to connect you into the internal network of an organization you are affiliated with—are intended to protect you from a problem which really hasn’t existed for a decade or so, awhile centralizing your network activities and related data for easier personalized tracking and logging. There are some other uses, but privacy isn’t among those.


Too many of the VPN providers are either themselves sketchy, or some of the “no logging” services have gotten caught logging when the logs they didn’t have containing data they didn’t collect leaked onto the ‘net.


iCloud+ Private Relay with the existing VPNs masks the source and destination IP addresses, and encrypts and obfuscates your DNS traffic.


iCloud+, the already-ubiquitous TLS VPNs, and ODoH is what you want from your add-on VPN, and likely aren’t getting.


https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF


Short answer: remove the first-few-hops VPN apps, and use what Apple provides.


What other apps might be doing weird things with IP addresses? That’s unclear, but some apps and some web services do try to track you, and that tracking can be for either reasonable or for sketchy reasons. There’s no good list of those apps or web services.

Jun 22, 2023 8:37 AM in response to MrHoffman

Thanks for the quick reply.

My understanding from your answer above is:

  1. it is likely the NordVPN software is causing the problem.
  2. that NordVPN and other such VPN's (does that include Google's new VPN service?) are not necessary software for privacy and protection, but perhaps for other uses?
    1. so a NordVPN is NOT any additional protection when using WiFi at McDonalds, Starbuck, or hotels wit no password??
  3. therefore leave it OFF most of the time and the problem with Private Relay will be resolved
  4. but perhaps use NordVPN for it's other purpose of "relocating my shown location"
    1. like when I am overseas telling Netflix or some banking apps that I am still in the US?

Private Relay has problems with other software

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.