Wondering what the best free set up is to avoid my ISP seeing my web browsing traffic on my Mac and iOS devices. I would love to get Mullvad VPN but cannot afford it at the moment.
Would iCloud Private relay be the best since I have access to it for free through a family member and I am sadly stuck on the Apple ecosystem right now?
Or would Proton VPN free be better?
Wondering if NextDNS or Mullvadās DNS would work or help at all to hide my traffic from my ISP.
Canāt really decide between iCloud Private Relay and Proton VPN free. Leaning towards Proton so I donāt have to use Safari. Thinking of maybe using Windscribe on my iPhone.
I am dying to leave the Apple ecosystem but cannot afford it at the moment.
Iāve never tried Proton VPN free, though Iād assume that youād find iCloud Private Relay to be faster for every-day use. Itās a nice tool for an extra layer of privacy, but like @TheLegend27 already mentioned, itās missing a lot of the features included with most fully fledged VPNs. āRelayā is a pretty good term for it, soā¦ good on Apple for that
Isnāt Private Relay locked behind iCloud+, or another subscription? So thats a cost, right there. Apple is also known to have some nice privacy features, but I wouldnāt trust them with all my data. Remember that like Google, they have their own advertising network.
I would sooner go for Proton, than Apple, for a VPN. While their free option does limit speed, and are limited to their more congested servers, theyāre easily the more privacy friendly.
Now saying all thisā¦ If you just want to hide your browsing data from your ISPā¦ either option will work. Just remember who youāll be giving that data too.
Also worth noting. Apple does not allow all data to go through a VPN, on iOS. Private Relay also only works on Sefari. Like I said, Apple has some nice privacy aspects, but they also do a lot of asinine stuff, that limit their devices for the privacy community.
Changing DNS can be a good way of helping your privacy, adding a bit of security, etc, but will not hide your internet traffic, from an ISP.
Windscribe is another really good option. Though. I donāt think they have a free tier.
I edited the post to add that I have iCloud+ through a family member. Making it (and iCloud Private Relay) free for me.
I am still very torn but I think I will try both approaches and see which one works best for me. But as soon as I can afford it I will get Mullvad, and leave the Apple ecosystem.
Canāt wait to leave the Apple ecosystem and use Linux (and a custom Rom) after Appleās recent user hostile actions in Europe.
I have yet to test Private Relay, but can users not run something like Proton VPN Free 24/7 and enable Private Relay which I assume will override Proton within Safari? (edit: you canāt!)
That way you at least get a speedy experience in your web browser and then youāre getting some protection throughout the rest of your apps?
But this is just a hypothetical workflow based on assumptions I have about how Private Relay works, which again I have yet to use myself.
VPN connections override Private Relay, including in Safari. If you enable Private Relay (PR) and connect to a VPN, PR gets disabled temporarily. When the VPN disconnects, PR should kick back in. I have had mixed results with that though.
Oh wow thatās pretty unexpected behavior from Apple! I would assume Apple would put Private Relay above VPNs, because thatās the Apple Way :idk:
Thanks for clearing that up for me!
In that case if it were me @b-9 Iād be deciding between some options:
Private Relay + NextDNS (or another DNS provider)
Proton VPN Free + their own DNS
Proton VPN Free + NextDNS using annoying AdGuard workarounds (do not recommend for usability reasons)
If it were me Iād try Proton free and see how it works for you. If itās too slow/restricted/etc. then you can just downgrade to Private Relay + custom DNS provider as a compromise until you can find a better solution.
Custom DNS settings
If a user has configured custom-encrypted DNS settings using a profile or an
app, the DNS server specified will be used instead of ODoH. Safari connections
and all unencrypted HTTP connections will also resolve names using the
specified DNS server prior to routing through Private Relay.
An unencrypted DNS server provided by a local network or manually edited
in Settings (iOS) or System Preferences (macOS) will not be used for iCloud
Private Relay traffic
There is also the issue of leaks that Mullvad has reported, so it probably isnāt a good idea to even try to run VPN and Private Relay at the same time.
I think I found/decided on a solution. Based on how I was leaning and with help from all the responses and particularly @Henry 's response.
I will try Proton Free on my Mac (with Mullvad browser), and I somehow apparently also have NextDNS working/running on my Mac. I got 100% with the d3ward ad blocker! iCloud Private Relay will be my backup plan.
On iPhone I think I will try Windscribe free. With iCloud Private Relay and custom DNS as a backup. Proton Free was giving me horrible results (like 2-38%!) on the d3ward ad blocker in Firefox and Safari for some reason. With two free servers I tried anyway. Not sure what is going on. Maybe less ad blocking on the free servers? Need to test more.
Update: Currently decided to use iCloud Private Relay and NextDNS on iPad.
Not ideal, for me, to have three separate setups on three devices. Ideally I want just one solution on all three devices, like Mullvad. But that is the compromise with free. I will get Mullvad as soon as I can afford it.
I havenāt tried that myself and Iām not 100% sure, but from my understanding (after reading that part of the paper): yes, as long as itās configured using a profile or an app.
If a user has configured custom-encrypted DNS settings using a profile or an
app, the DNS server specified will be used instead of ODoH.
An unencrypted DNS server provided by a local network or manually edited
in Settings (iOS) or System Preferences (macOS) will not be used for iCloud
Private Relay traffic.
Yes it is a cost (though the cheapest option is just $1 month) and its a service many Apple users already need/pay for other reasons (photo and device backups for instance).
I wouldnāt trust them with all my data either, BUT, Advanced Data Protectionnow exists, which allows almost all categories of iCloud data to be E2EE. The 3 glaring omissions which cannot be E2EE are (1) Contacts (2) Calendar (3) Mail so disabling iCloud backup for these 3 things is prudent from a privacy perspective.
While Apple does generate some revenue from advertising, it is not in the same ballpark as Google (the largest data harvesting and advertising company in the world, almost all of Googleās revenue comes from targeted ads and data harvesting, they are utterly dependent on ad revenue. For Apple on the other hand, Ad revenue is just a minor supplemental source of revenue, and is mostly only in a few of their preinstalled apps (like news and the app store). While there ad business has grown, the vast majority of their revenue comes from selling overpriced hardware and (increasingly) selling services. So while its right to acknowledge that Apple does have an ad business, and this is or could become a conflict of interest for them, they are not comparable to Google in scope, scale, deliberate invasiveness or dependence on a privacy-violating business model.
.