Is there any positive or negative using an MPR in combination with a Traditional VPN? For example, Proton VPN with iCloud Relay enabled on the device?
If I’m not mistaken, it would be similar to using a VPN + TOR.
A setup like this is fine:
- You → VPN → MPR → Internet
A setup like this undermines any benefit of the MPR and places absolute trust in the VPN provider:
- You → MPR → VPN → Internet
- You → VPN → MPR → VPN → Internet
- Any other configuration
(Path visualization adapted from Privacy Guides, also recommended for further reading.)
That sounds probably about right, although I’m not sure how iCloud Private Relay specifically works on a technical level. It’s very possible, knowing Apple, that Private Relay traffic bypasses regular VPN traffic.
If that is the case then having it enabled could potentially reduce your privacy, if you’re expecting everything to go through Proton VPN but that isn’t actually happening.
I was imagining MPRs more generally rather than specifically iCloud Private Relay.
It seems you are correct though, according to this PDF from Apple:
“If a device has a VPN installed, for either enterprise or personal reasons, traffic that goes through the VPN will not use Private Relay.”
That being said, you could probably use a network-wide VPN, which would allow you to use Private Relay while overcoming the location restrictions.
Really interesting read @fria
I would be interested in your take on what you think a reasonable timeline for something like Multi-Party Relays or another technology to become a reasonable alternative to current VPNs?
That leaves iCloud Private Relay as the only commercial offering that I’m aware of, but it’s limited to Apple devices only. Great for Apple users, but everyone else is left high and dry.
Your post seems to indicate there really arent any multi-party relays coming down the pipeline, so i’m surprised you still seem optimistic VPNs will become obsolete.
There is one more honorary mention: OHTTP.
Your honorary mention of OHTTP made me wonder if you know of any status update to Oblivious DoH and your thoughts on that since you have said you use 1.1.1.1 IIRC
I really couldn’t say, all I know is that the technology is already deployed and proven, all it needs is some companies to step up and offer it.
Yes ODoH is used in iCloud private relay I believe, it’s definitely ready to go and deployed just not widely available. OHTTP is seeing a lot of use by Apple and Google currently as well as a handful of other companies, I’d expect it to be a pretty standard protocol in the future for telemetry or any cloud processing.
INVISV’s Pretty Good Phone Privacy service never seemed to make it out of beta.
Small correction I think. INVISV Relay was the name of the MPR service. INVISV PGPP was a different service which was a cycled & shared IMSI + mobile data subscription service for Android devices. I don’t know if INVISV Relay ever made it out of beta, but they did promise the client would be open-source in future and that never happened.