iCloud Private Relay is Blocked by Hagezi Multi Pro!
If anyone is having issues with iCloud Private Relay, Hagezi is currently blocking it. Not sure why. An issue was also raised in GitHub. Calling u/hagezi
Now someone would have to explain to me why services like NextDNS are used with Private Relay. Private Relay is a bypass and in this combination two DNS queries are performed, one to “Apple”, one to NextDNS. Why do you protect yourself with NextDNS and then use Private Relay?
Doesn’t really make sense to me.
Apart from the fact that this has no place in a normal blocklist, I think it should be blocked to protect privacy.
Also the Apple DoH servers and other DoH servers that can be used by apps and devices as a bypass.
I was having the same issue. I thought it was my ISP or Apple.
In addition, for anyone who use Private Relay, make sure to keep the Block Page Feature off which also conflicts with PR.
It was an accident in the OISD. I have just fixed it.
This was kinda my thought process, too. I want to block it, but don’t use apple myself and don’t wanna disturb my family that does, does blocking this affect any services such as apple cloud or anything else for ios to function properly?
According to Apple’s documentation, the custom DoH server should be leading, which has also been my experience. Apple’s own DoH is oblivious DoH, so should not pose a privacy risk per se, and the Private Relay also makes sure that no one can snoop on your traffic. Even HTTPS traffic leaks the hostnames of sites you visit, because the certificate request itself is not encrypted (unless both the client and server support ECH).
You can check for yourself here on page 10 about the custom encrypted DNS settings being honored.
The consensus is that it is an easily-used improvement for the average user. Those in need of the highest level of security clearly would look elsewhere.
Quote from NextDNS forum.
I think it is similar to Pi-hole as it provides protection at home only. There are ways to access it outside, but opening your network to the outside brings other risks. PiVPN, on the other hand, another guide to follow, may brings other possible issues and doubles the maintenance task. Moreover, when power or internet outages happen, you can’t access your network. Therefore, you either get unprotected outside of your home, for example, at college, university, work, friend’s place, etc., or you need another service for the outside. That’s where NextDNS steps in as a whole protection service, no matter where you are.
As for Private Relay, an average user turns it on and gets some protection, while we tech-savvy minority, find it weak and need more advanced protection. I think we shouldn’t encourage people to block Private Relay, as it would negatively affect those average users who rely solely on PR (such as your guests, friends, etc.), or if it is blocked in the workplace, all workers, work guests, etc. when they leave the place, for instance. People often forget to turn it back on, which could leave them vulnerable.
Also, both iOS and Adroid seem to bypass custom DNS and even VPNs for certain tasks and services according to this twitter thread and ProtonVPN article. It seems this is another measure to protect users from bad DNS and free VPN services that are actually there to do harm rather than help.
Appreciate it. Thanks,
is it blocking emoji in youtube app?
No, it is blocked my networks. I have not noticed any problems. People who want to use this on my network get a message on their device that private relay is not allowed on this network. There is documentation from Apple that you should block exactly these two domains if you do not want to allow private relay on your network.
My bad. Sorry for that.