After reading their documentation a little closer, I discovered something else unsavory about Private Relay: it “relays” your approximate location, as it could usually be derived from your IP address.
A bit less private because things are going through one fewer hop, in addition to having to sign up. In my experience with Invisiv, it’s much faster and more reliable than Tor, but slower and much less stable than a traditional VPN.
It would be cool if more commercial VPN companies adopted this kind of tech.
I am absolutely aghast that Firefox would say Firefox is the best web browser. Their chart is, however, open to external audit so it is entirely unimpeachable.
(This is a parody of people who were arguing in favor of an “independent” browser privacy website run by someone paid by one of the browser companies)
Your computer, your IP address, your message to a destination gets encrypted in a couple layers and passed on.
Your ISP knows exactly who you are and that you’re reaching out to server 1. They can’t see your data but to them, you’re using a VPN probably.
The first server also necessarily knows who you are, unpacks one layer of your request and sends it on to a second server (in Invisiv’s case, Fastly; in Apple’s, Cloudflare).
The second server now knows that data was requested from the first server, and it can see the name of the domain you’re requesting (YouTube, for example) but because the request came from the first server, it theoretically won’t know it’s you making that request
The data moves on from the second server to the destination, with the destination only knowing it’s receiving data from the second server, and not knowing about the first server.
The obvious issues here:
Do you trust the people providing the multi-hop VPN-like service?
Do you trust the two servers, which have necessarily entered into an agreement of some sort, to not collaborate regarding transmitting data?
How easy is it to audit the code we can see?
What else is going on with your data?
In the case of Apple/Cloudflare, reputation is rather poor. From PRISM to false advertising to notification telemetry, Apple hasn’t exactly delivered on their promise. In terms of Invisiv, the company has some big names on board but Fastly and Cloudflare both have a rather significant grip on the internet (with Cloudflare’s being bigger) but any CDN gets a good view into personal data most of the time.
Update: in the case of Cloudflare/Apple, Apple adds additional location data to your request, making its “private” relay leak approximate location data the same way your IP address could leak it. To wit:
Apple relays geolocate user IP addresses and translate them into a “geohash”. Geohashes are compact representations of latitude and longitude.
But on the bright side: a VPN has far more issues than either of these, as it’s basically #4 above except the same service also has your identity by necessity. An untrustworthy VPN is as harmful as an untrustworthy ISP, with very little separating them.
It’s because of the difference in credentials. One is a website positing as having both privacy and cryptocurrency investment advice services, and the other is a random Lemur
I’ve trash talked this website before in my head, but maybe I was approaching it as a professional organization instead of more of a blog run by a small group of people.
They aren’t just doing ads dude, it’s a for-profit propaganda machine.
But seriously, Mullvad would do well to switch out their email provider to something that’s not Google. Even though email is inherently unsafe, email through Google is pretty much is unsafe as it can get.
Strict mode is used by roughly 0.5% of Brave’s users
Based exclusively on whether a user had not gone through the Brave’s browser settings and disabled the “Send statistics about my behavior to the Brave corporate HQ” flag.
In other words, the number is useless.
This low percentage actually makes these users more vulnerable to fingerprinting despite them using the more aggressive blocker, because they constitute a discernible subset of users standing out from the rest.
This argument could be used to tell people to avoid using the Brave browser too. After all, only a minority of people do. The best way to blend in would be to use Google Chrome on Windows 11, and improve no privacy settings.
Unless someone wants to argue that using Brave makes you an acceptable degree of unique, but using advanced tracking blocking makes you unacceptably unique.
Probably because LibreWolf is most of the way there, and the Mullvad branding + proprietary VPN is more than a bit much. I use(d) the VPN alongside it and found the add-on “hints” regarding the correct DNS settings more frustrating than helpful, too.