Apple is working with Cloudflare and their Warp service at least in some countries[0].
The 'Manage your Network' section starts at 11:34 and the important thing here is that Apple is using QUIC to communicate to their proxies, and that includes almost all DNS queries. They do say that enterprises/schools can block the ingress hostnames to disable private relay (13:56).
I shouldn't be surprised any more, but how apple always gets away with hand-wavy explanations does still surprise me:
Who are these "content-providers" who get insight into what domain names are being resolved? (I understand they don't know who the query originated from)
I'd love to get to pick my egress providers as a user.
I am concerned it's going to be cloudflare to be honest. Concerned because my understanding of how WARP was implemented was precisely to NOT hide ip addresses from cloudflare enterprise customers[0].
Notwithstanding their stated intentions [1], cloudflare has moved more toward proprietary, closed implementations for which both enterprise and end-users are now being asked to pay.
The way I understand it, Warp is just a VPN without the double proxy setup of Private Relay. Is there any commercial service similar to Private Relay? Tor is not great for day to day usage but a Tor Lite could be good enough for most people.
judge2020|4 years ago
The 'Manage your Network' section starts at 11:34 and the important thing here is that Apple is using QUIC to communicate to their proxies, and that includes almost all DNS queries. They do say that enterprises/schools can block the ingress hostnames to disable private relay (13:56).
0: https://twitter.com/wongmjane/status/1402027672767664128?s=2...
fjni|4 years ago
Who are these "content-providers" who get insight into what domain names are being resolved? (I understand they don't know who the query originated from)
I'd love to get to pick my egress providers as a user.
I am concerned it's going to be cloudflare to be honest. Concerned because my understanding of how WARP was implemented was precisely to NOT hide ip addresses from cloudflare enterprise customers[0].
Notwithstanding their stated intentions [1], cloudflare has moved more toward proprietary, closed implementations for which both enterprise and end-users are now being asked to pay.
[0] https://news.ycombinator.com/item?id=21070846 [1] https://news.ycombinator.com/item?id=21071020
johnwayne666|4 years ago