• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Apples private relay, anyone else confused?

BreakOut

Member
So I’m using the private relay on my iPhone but I’ve noticed that some sites are still seeing my IP address. This might just not be the place to ask about this.
So is anyone here using an iPhone with the private relay feature enabled? I’m hoping maybe someone in here understands it a little better you can help me figure out why it isn’t hiding my IP address, or if it is hiding it but for some reason not from every site. Or maybe just a general explanation because it seems like the Apple discussion pages don’t really cover when I’m trying to find out because I’m not really sure what I’m trying to find out. This is such like a broad ask so I don’t know if anyone has information or a link to a page that might help with better resources I appreciate you.
 

Maiden Voyage

Gold™ Member
Read up on it. It's not a VPN exactly. You'll also need to have iCloud+ to have access to the feature.
 

BreakOut

Member
Read up on it. It's not a VPN exactly. You'll also need to have iCloud+ to have access to the feature.
Yeah I have a VPN separately. But it’s not an actual VPN it’s a 1Blocker‘s on device app tracking blocker. That is a mouthful holy hell. Although it runs under the guise of a VPN and keeps everything on device. But it’s possible that’s affecting it. I’ve considered that in the past. I should disable it and see what happens. The thing that really sparked me as I signed up for something and I got the verification email like normal, but it asks is this you? And then it shows where I am city wise and my public IP and I noticed it’s my real public IP. Is there a possibility that when it comes to those types sites it will collect the right information purposefully? Like Apple is aware and does it on purpose so you really know who is logging in? I guess that would kind of makes sense because someone can log into your shit and it would be harder to fix I think.. I don’t know I’m gonna really have to dig into it. I like the idea of the feature but sometimes it’s really hard for me to figure out how shit works on my iPhone. It seems like it’s very complicated setup for features that don’t seem complicated.

tldr; I should disable the third-party VPN and see if that works.
 

godhandiscen

There are millions of whiny 5-year olds on Earth, and I AM THEIR KING.
I have been using it OP, and it works as intended for me. I work on the other camp, the one that is trying to track you, and we are sorta fucked as long as you use an iOS device, I cannot do legal identification techniques in mail and Safari with much success. Thankfully people still trust Google for some reason and we can still track those who use Android, Chrome and other google apps.
 
Last edited:

BreakOut

Member
I have been using it OP, and it works as intended for me. I work on the other camp, the one that is trying to track you, and we are sorta fucked as long as you use an iOS device, I cannot do legal identification techniques in mail and Safari with much success. Thankfully people still trust Google for some reason and we can still track those who use Android, Chrome and other google apps.
That’s horrifying but at the same time nice to know. I appreciate you, if I can’t get a working I’ll get a hold of Apple support and see if I can get it sorted. It is a pretty cool feature and having a Phone in the past I was android I actually was hacked. And trust me having your phone hacked is a nightmare and you literally are at the whim of whoever has taken control of it. It is incredible how much we rely on her phone for everything without even realizing it.
Just a sidenote when I was hacked these people used the RTT and RTTYT (think that’s what they are called) features to communicate with each other while I was actively using my phone in order to change things. It turns out the weakest link in a phone settings or its accessibility settings.
Bringing up fake pages so I would enter my debit card when I was trying to do something. It was absolutely crazy and really left me with some serious fears man.
 

godhandiscen

There are millions of whiny 5-year olds on Earth, and I AM THEIR KING.
That’s horrifying but at the same time nice to know. I appreciate you, if I can’t get a working I’ll get a hold of Apple support and see if I can get it sorted. It is a pretty cool feature and having a Phone in the past I was android I actually was hacked. And trust me having your phone hacked is a nightmare and you literally are at the whim of whoever has taken control of it. It is incredible how much we rely on her phone for everything without even realizing it.
Just a sidenote when I was hacked these people used the RTT and RTTYT (think that’s what they are called) features to communicate with each other while I was actively using my phone in order to change things. It turns out the weakest link in a phone settings or its accessibility settings.
Bringing up fake pages so I would enter my debit card when I was trying to do something. It was absolutely crazy and really left me with some serious fears man.
Oh, I am no hacker, I work in the ad industry. The iPhone privacy measures are meant to help you hide your identity online to prevent ad trackers from identifying you and start shaping your digital reality in order to influence you; which is amoral too.

An unpatched zero day bug in the iPhone would still leave you vulnerable to the hack you described. However Apple is also pretty good at sandboxing processes. Nevertheless, some zero day bugs are pretty powerful, check this one which is an exploit on Bluetooth. The guy gets root access to your phone by only being on the vicinity. On his demo, he shuts down all the phones with just a single command.

 

BreakOut

Member
Oh, I am no hacker, I work in the ad industry. The iPhone privacy measures are meant to help you hide your identity online to prevent ad trackers from identifying you and start shaping your digital reality in order to influence you; which is amoral too.

An unpatched zero day bug in the iPhone would still leave you vulnerable to the hack you described. However Apple is also pretty good at sandboxing processes. Nevertheless, some zero day bugs are pretty powerful, check this one which is an exploit on Bluetooth. The guy gets root access to your phone by only being on the vicinity. On his demo, he shuts down all the phones with just a single command.

The amount of things that this hacker was able to do to me were unbelievable and if ever I could have PTSD from anything other than war that was it. I still get so fucking scared anytime a password doesn’t work. He was able to root my shit and I still don’t know how he did it. But I had a Samsung and I was able to pull the edge where you can write quick notes, and he had all of this phone information pinned to the notes. MAC address, IMEI, just lists and lists. And then inserted a digital SIM card. What’s crazy is no matter what I showed the people at the phone store they all thought I was just crazy as shit. Like I had just made it up or caused the issue myself, like having a phone half of my life with no issues but all of a sudden I forgot how to use it and all these issues were just happening. So much shit was in Russian they were super users they were just so many crazy things turning off Wi-Fi did not turn off Wi-Fi it made it look like it was off but it still was on. And when I took out the Sim card they inserted a digital one. I went through three phones doing this. Before I had an IT guy come out and look at the router which was just so fucking compromised it was mind blowing we had to get a new one.
And after three androids I finally got an iPhone. But I was ready to just get a throwaway phone and be done with it. My banking information, important phone numbers voicemails, authorizations and callbacks from Medical. There are so many things that we don’t realize we can’t het by with life using without a phone. And then he kept switching my keyboard to the Samsung keyboard and he would move letters around when I typed. It was the craziest thing I’ve ever seen, webpages would randomly refresh and it would be different shit on the page then it was supposed to be.
I remember he put the Yandex browser on and I could not get it off. And then I would have like access to six apps but I had no storage so they were just a ton of apps that were hidden that I couldn’t use. The worst part though honestly was that no one believed me for the longest time. It came down to a moment where it was just so indisputable that finally people had to admit OK somethings not right. As soon as I was able to get people on my side I was able to address it through the phone company and get definitive proof. That’s when I was able to move and have no issues. But it was just crazy how quickly people disregard what you’re saying even though it’s one of the toughest things I’ve ever been through. I would go to take pictures and then he would just blue the camera, anything I took the time to screenshot my phone will restart in the screenshot would be different than what I took. Just small alterations. Webpage names, the browser looks like Google. I knew he had access to my microphone and my camera. He was able to access some of my TV stuff because he downloaded the app because I had a Samsung. But accessibility settings for the biggest thing. I remember when I got my second android after like 20 minutes of it being on, barley even used, that voiceover just turned on randomly and it restarted and then started reading my phones information on a black screen. Like I couldn’t see anything but voiceover was like Sim card number phone number and it was just speak it out loud and I knew he was listening. He got this one app so anytime I went to unlock the phone it would snap a picture of me. It was just so crazy man.

tldr; if you want an interesting read on some of the crazy things I went through there it is, I’m sure there are spelling errors.
—Otherwise my whole life just got turned upside down by this guy, he owned me for like three years.
 

Mistake

Member
Oh, I am no hacker, I work in the ad industry. The iPhone privacy measures are meant to help you hide your identity online to prevent ad trackers from identifying you and start shaping your digital reality in order to influence you; which is amoral too.

An unpatched zero day bug in the iPhone would still leave you vulnerable to the hack you described. However Apple is also pretty good at sandboxing processes. Nevertheless, some zero day bugs are pretty powerful, check this one which is an exploit on Bluetooth. The guy gets root access to your phone by only being on the vicinity. On his demo, he shuts down all the phones with just a single command.

Bluetooth hacks go wayyy back. Surprised they still haven’t gotten it right honestly. In fact, it’s worse than ever now, since most people have it on because of headphones or cars. iOS doesn’t even fully turn it off unless you go in settings.
 

godhandiscen

There are millions of whiny 5-year olds on Earth, and I AM THEIR KING.
The amount of things that this hacker was able to do to me were unbelievable and if ever I could have PTSD from anything other than war that was it. I still get so fucking scared anytime a password doesn’t work. He was able to root my shit and I still don’t know how he did it. But I had a Samsung and I was able to pull the edge where you can write quick notes, and he had all of this phone information pinned to the notes. MAC address, IMEI, just lists and lists. And then inserted a digital SIM card. What’s crazy is no matter what I showed the people at the phone store they all thought I was just crazy as shit. Like I had just made it up or caused the issue myself, like having a phone half of my life with no issues but all of a sudden I forgot how to use it and all these issues were just happening. So much shit was in Russian they were super users they were just so many crazy things turning off Wi-Fi did not turn off Wi-Fi it made it look like it was off but it still was on. And when I took out the Sim card they inserted a digital one. I went through three phones doing this. Before I had an IT guy come out and look at the router which was just so fucking compromised it was mind blowing we had to get a new one.
And after three androids I finally got an iPhone. But I was ready to just get a throwaway phone and be done with it. My banking information, important phone numbers voicemails, authorizations and callbacks from Medical. There are so many things that we don’t realize we can’t het by with life using without a phone. And then he kept switching my keyboard to the Samsung keyboard and he would move letters around when I typed. It was the craziest thing I’ve ever seen, webpages would randomly refresh and it would be different shit on the page then it was supposed to be.
I remember he put the Yandex browser on and I could not get it off. And then I would have like access to six apps but I had no storage so they were just a ton of apps that were hidden that I couldn’t use. The worst part though honestly was that no one believed me for the longest time. It came down to a moment where it was just so indisputable that finally people had to admit OK somethings not right. As soon as I was able to get people on my side I was able to address it through the phone company and get definitive proof. That’s when I was able to move and have no issues. But it was just crazy how quickly people disregard what you’re saying even though it’s one of the toughest things I’ve ever been through. I would go to take pictures and then he would just blue the camera, anything I took the time to screenshot my phone will restart in the screenshot would be different than what I took. Just small alterations. Webpage names, the browser looks like Google. I knew he had access to my microphone and my camera. He was able to access some of my TV stuff because he downloaded the app because I had a Samsung. But accessibility settings for the biggest thing. I remember when I got my second android after like 20 minutes of it being on, barley even used, that voiceover just turned on randomly and it restarted and then started reading my phones information on a black screen. Like I couldn’t see anything but voiceover was like Sim card number phone number and it was just speak it out loud and I knew he was listening. He got this one app so anytime I went to unlock the phone it would snap a picture of me. It was just so crazy man.

tldr; if you want an interesting read on some of the crazy things I went through there it is, I’m sure there are spelling errors.
—Otherwise my whole life just got turned upside down by this guy, he owned me for like three years.
Was your home router that was compromised? How were they able to hack multiple phones?

Also, are you some sort of VIP? I have heard of them doing things like that, but they usually only put that much effort if you are a high value target.

At work, we get regular training against phishing and scamming techniques. You pretty much cannot do anything nowadays without being highly alert. For example, emails are such a vulnerable vector; you click on a calendar invite, and boom, you just sent your keychain (file that contains all of your passwords and usernames) to an attacker and from then on, it is just about how much computing power they have to decrypt it.

Your story makes me paranoid since people are always trying to fuck with me and I can tell it is only a matter of time before I fall for something.
 
Last edited:

BreakOut

Member
Was your home router that was compromised? How were they able to hack multiple phones?

Also, are you some sort of VIP? I have heard of them doing things like that, but they usually only put that much effort if you are a high value target.

At work, we get regular training against phishing and scamming techniques. You pretty much cannot do anything nowadays without being highly alert. For example, emails are such a vulnerable vector; you click on a calendar invite, and boom, you just sent your keychain (file that contains all of your passwords and usernames) to an attacker and from then on, it is just about how much computing power they have to decrypt it.

Your story makes me paranoid since people are always trying to fuck with me and I can tell it is only a matter of time before I fall for something.
So one of the conclusions that Apple came to was it a possibility of someone local getting into the router. Maybe testing out what was capable or possible or someone who had a grudge. I was on android, someone told me this, and it seems to work well in my mind, I download an ad-blocker or a Phone speed up app. Android doesn’t have the best App Store. The app wants to update its filters but wants to do it from a third-party website. Like a side load, me thinking everything‘s cool does it. Soon enough there’s advertisements. Overtime it seems like the more I fuck with it the worse it got. At a certain point it became clear that there was someone on the other end as well though. I’m not really sure what sparked it all, but I had an IT guy out and I had my phones looked at afterwards once people were willing to actually listen. Definitely not a VIP, I have some family in law-enforcement so maybe that was it. But overall I don’t know. Someone also told me it could’ve been a hacker testing a new hack. Like 1 million different things that could’ve been possible.
I don’t think I was targeted for any specific reason other than I downloaded some thing and updated it like a fool through third-party website. I tend to believe more that it was someone testing out a hack. Seeing where they could go with it and how far I could get. Then I think it became personal because I started talking to them, I would open google Notes and type shit my phone would restart and there would be answers to it. It was a really fucked up weird situation.
in the end I lost access to every account I ever had over more than 10 years. When I switch to Apple the attempt on a hack was made but Apple was able to correct it. I got sent a brand new phone two times. After some thing happened I would send it to Apple they would look at it and send me a new phone.
After making a lot of changes, basically just going way the fuck overboard with security things have worked out. I am extremely cautious now with where I put any information. If I even remotely am concerned about some thing I just don’t do it.
I dodge anything made by Samsung and I will never have a Gmail account ever again. The reason for the Samsung dodge is I was led to believe that they, being the most popular devices, are the ones most hacks are created for.
 

BreakOut

Member
Bluetooth hacks go wayyy back. Surprised they still haven’t gotten it right honestly. In fact, it’s worse than ever now, since most people have it on because of headphones or cars. iOS doesn’t even fully turn it off unless you go in settings.
I haven’t turned on Bluetooth in over two years because of what I learned. The only thing good to come of all this was learning so much shit about what is capable and what is done. Having experienced it for years and basically being tortured by it I went from someone who didn’t understand shit to someone who understands exactly how things are done. And although not able to re-create any of it I am very aware and cautious. I have not owned a computer in over 10 years. Everything that happened to me happen directly through a router and a phone.

My biggest piece of advice is to be careful with accessibility settings. They are made to easily access your phone and that is what is taken advantage of.
 
Last edited:
The amount of things that this hacker was able to do to me were unbelievable and if ever I could have PTSD from anything other than war that was it. I still get so fucking scared anytime a password doesn’t work. He was able to root my shit and I still don’t know how he did it. But I had a Samsung and I was able to pull the edge where you can write quick notes, and he had all of this phone information pinned to the notes. MAC address, IMEI, just lists and lists. And then inserted a digital SIM card. What’s crazy is no matter what I showed the people at the phone store they all thought I was just crazy as shit. Like I had just made it up or caused the issue myself, like having a phone half of my life with no issues but all of a sudden I forgot how to use it and all these issues were just happening. So much shit was in Russian they were super users they were just so many crazy things turning off Wi-Fi did not turn off Wi-Fi it made it look like it was off but it still was on. And when I took out the Sim card they inserted a digital one. I went through three phones doing this. Before I had an IT guy come out and look at the router which was just so fucking compromised it was mind blowing we had to get a new one.
And after three androids I finally got an iPhone. But I was ready to just get a throwaway phone and be done with it. My banking information, important phone numbers voicemails, authorizations and callbacks from Medical. There are so many things that we don’t realize we can’t het by with life using without a phone. And then he kept switching my keyboard to the Samsung keyboard and he would move letters around when I typed. It was the craziest thing I’ve ever seen, webpages would randomly refresh and it would be different shit on the page then it was supposed to be.
I remember he put the Yandex browser on and I could not get it off. And then I would have like access to six apps but I had no storage so they were just a ton of apps that were hidden that I couldn’t use. The worst part though honestly was that no one believed me for the longest time. It came down to a moment where it was just so indisputable that finally people had to admit OK somethings not right. As soon as I was able to get people on my side I was able to address it through the phone company and get definitive proof. That’s when I was able to move and have no issues. But it was just crazy how quickly people disregard what you’re saying even though it’s one of the toughest things I’ve ever been through. I would go to take pictures and then he would just blue the camera, anything I took the time to screenshot my phone will restart in the screenshot would be different than what I took. Just small alterations. Webpage names, the browser looks like Google. I knew he had access to my microphone and my camera. He was able to access some of my TV stuff because he downloaded the app because I had a Samsung. But accessibility settings for the biggest thing. I remember when I got my second android after like 20 minutes of it being on, barley even used, that voiceover just turned on randomly and it restarted and then started reading my phones information on a black screen. Like I couldn’t see anything but voiceover was like Sim card number phone number and it was just speak it out loud and I knew he was listening. He got this one app so anytime I went to unlock the phone it would snap a picture of me. It was just so crazy man.

tldr; if you want an interesting read on some of the crazy things I went through there it is, I’m sure there are spelling errors.
—Otherwise my whole life just got turned upside down by this guy, he owned me for like three years.

I understand your frustration. I'm in the opposite situation where I am teaching someone twice my age basic computer skills, and since they barely used a computer before this job they have all sorts of weird ideas about how things work. I might as well be casting magic spells when I copy and paste a file. If you deal with enough people who dont have basic computer skills it seems way more plausible that when someone comes at you with something weird that they are the problem.


I'll never forget the time I had to wait in line at McDonalds behind this lady who insisted the reason her debit card didn't work was that fairies were dancing on the ceiling and this creates a magnetic field that interferes with electronics. When I finally got to order the cashier informed me that the persons cars was declined due to insufficient funds.
 
Last edited:

BreakOut

Member
I understand your frustration. I'm in the opposite situation where I am teaching someone twice my age basic computer skills, and since they barely used a computer before this job they have all sorts of weird ideas about how things work. I might as well be casting magic spells when I copy and paste a file. If you deal with enough people who dont have basic computer skills it seems way more plausible that when someone comes at you with something weird that they are the problem.


I'll never forget the time I had to wait in line at McDonalds behind this lady who insisted the reason her debit card didn't work was that fairies were dancing on the ceiling and this creates a magnetic field that interferes with electronics. When I finally got to order the cashier informed me that the persons cars was declined due to insufficient funds.
That’s gnarly I hate when faeries dance on my bank account lol. After I was able to get everything confirmed and file the reports it was just a sit and hope situation. Hope they weren’t able to come back or hope to get whatever information I could to apple and the police. The police couldn’t do pretty much anything.. other than say this happens a lot, but apple said to make a report either way.
 

BreakOut

Member
Ok, I’ve got another question, seeing as you guys know a little bit. Should I change my routers DNS service away from my ISP? With that private relay on it’s still showing DNS leaks. Since I’m not even 100% sure what a DNS leak is, I just keep reading that I don’t want them. I don’t want to run a VPN. I’m not doing anything that will require that, but I don’t like the fact that my ISP can tie everything and a nice bow.. Or more importantly that someone could get a hold of it and it would already be pre-packaged.
 

BreakOut

Member
Using Safari I have all these different experimental features. I read a lot of stuff about ones I should enable and disable but I’m never sure what to trust or what it is.
I would NEVER use Chrome, if Google has even considered buying it I don’t want it. If Facebook knows it exists I’m not going near it. Lol.
 

Maiden Voyage

Gold™ Member

Has this been fixed yet?
"Please note that this leak only occurs with iCloud Private Relay on iOS 15—the vulnerability has been fixed in MacOS Monterey beta."

PR is in beta on both iPhone, iPadOS, and MacOS. So if this concerns you, then don't opt into the beta and wait for full release.
 

Deku Tree

Member
"Please note that this leak only occurs with iCloud Private Relay on iOS 15—the vulnerability has been fixed in MacOS Monterey beta."

PR is in beta on both iPhone, iPadOS, and MacOS. So if this concerns you, then don't opt into the beta and wait for full release.

ok, but that wasn’t my question. It says that as of 9/20 it was fixed on Monterey beta. I was wondering if it was also fixed on iOS15 as of now a month later. Thanks!
 

Maiden Voyage

Gold™ Member
ok, but that wasn’t my question. It says that as of 9/20 it was fixed on Monterey beta. I was wondering if it was also fixed on iOS15 as of now a month later. Thanks!
No clue as I don't follow the ins-and-outs behind most beta products. If they fixed on MacOS I would imagine a smilier fix can be implemented for their other OS platforms. Again, if it worries you, then just opt-out until the service is out of Beta.
 

BreakOut

Member
"Please note that this leak only occurs with iCloud Private Relay on iOS 15—the vulnerability has been fixed in MacOS Monterey beta."

PR is in beta on both iPhone, iPadOS, and MacOS. So if this concerns you, then don't opt into the beta and wait for full release.
I made a few changes in my router and I have no idea exactly what I’d do.. but it seems to be working. It’s possible I had some thing set up in my router incorrectly and so of course relay wouldn’t have done anything. But I did read that the DNS leak is actually normal, as long as it’s only leaking to ISP because- It’s just leaking the relay so they see that you’re connecting to the relay. Because it’s not a VPN, So the ISP sees you connected to the relay but not the actual domain information.. This is me regurgitating when I’ve read to the best I can with limited knowledge I have.
 

BreakOut

Member
No clue as I don't follow the ins-and-outs behind most beta products. If they fixed on MacOS I would imagine a smilier fix can be implemented for their other OS platforms. Again, if it worries you, then just opt-out until the service is out of Beta.
Another stupid thing I noticed was you have to turn it on not only on iCloud ~ but if you go to Wi-Fi where you connect, like the SSID name then hit information (I) it actually has another spot there to turn it on as well.
Has private relay, private address etc. So I think it has to be turned on specifically for each network. My guess would be for people who don’t feel like they need to use it at home but do want to turn it on when on public Wi-Fi.
 

Maiden Voyage

Gold™ Member
Another stupid thing I noticed was you have to turn it on not only on iCloud ~ but if you go to Wi-Fi where you connect, like the SSID name then hit information (I) it actually has another spot there to turn it on as well.
Has private relay, private address etc. So I think it has to be turned on specifically for each network. My guess would be for people who don’t feel like they need to use it at home but do want to turn it on when on public Wi-Fi.
I can see a use case for it at home. Like if I am browsing, then ads that geotrack get the wrong area.
 

BreakOut

Member
I can see a use case for it at home. Like if I am browsing, then ads that geotrack get the wrong area.
Yeah I plan to just always leave it on. I don’t see why anyone wouldn’t but I guess choice? It’s funny though because I think that was the main issue the whole time, just had to be enabled per Wi-Fi connection along with iCloud as a whole.
 

Deku Tree

Member
Another stupid thing I noticed was you have to turn it on not only on iCloud ~ but if you go to Wi-Fi where you connect, like the SSID name then hit information (I) it actually has another spot there to turn it on as well.
Has private relay, private address etc. So I think it has to be turned on specifically for each network. My guess would be for people who don’t feel like they need to use it at home but do want to turn it on when on public Wi-Fi.

for me at least, if I turn on private relay in iCloud then it is automatically turned on over every Wi-Fi network and over mobile data. The toggle option in specific Wi-Fi networks in the Wi-Fi settings then functions more as an option to turn off private relay for a specific network for some reason but leave it on more globally for other networks.
 

Deku Tree

Member
No clue as I don't follow the ins-and-outs behind most beta products. If they fixed on MacOS I would imagine a smilier fix can be implemented for their other OS platforms. Again, if it worries you, then just opt-out until the service is out of Beta.

no reason for me to turn it off. During the iOS15 betas in August private relay was super slow compared to my internet speed without private relay. But right now and since the public release in September in general private relay is essentially the same speed for me as not using private relay on my gigabit internet connection.

this bug just makes it possible for some people to find your actual IP if they look hard enough. But they would be able to see that much easier if I turned off private relay. And whenever the bug is fixed then they won’t be able to see it anyway.
 
Top Bottom