top | item 30665637

(no title)

tkw01536 | 4 years ago

I’m wondering what prevents network operators from just disabling the use of Private Relay on their networks.

This could be achieved both via legal means (in e.g. their terms of service to prohibit use of any VPNs or similar software) as well as on a technical level. As per [1]:

> The fastest and most reliable way to do this is to return a negative answer from the network’s DNS resolver, preventing DNS resolution for the mask.icloud.com and mask-h2.icloud.com hostnames necessary for Private Relay traffic.

These ISPs surely operate some DNS resolvers - just make them return NXDOMAIN results. This doesn’t require consent or collaboration from Apple.

[1] https://www.apple.com/privacy/docs/iCloud_Private_Relay_Over...

discuss

Gigachad|4 years ago

Because then you have about half your customer base ringing support asking why the internet doesn’t work. Many will complain on social media claiming this ISP just doesn’t work, many will switch to other providers.

Apple is bigger and more important than the ISP and likely much more trusted by the consumer.