Is there a difference between iCloud+ Private Relay vs CloudFare’s 1.1.1.1
Similar.
First, Cloudflare has two 1.1.1.1 products:
1.1.1.1 VPN, the free version, it only sends DNS records to Cloudflare. It hides the names of sites from your ISP, but they will still see the IP of the servers you connect to and those servers will see your IP. This lets Cloudflare know the name of all sites you’re requesting.
1.1.1.1 Warp is a full VPN. It will route DNS to Cloudflare as well as all traffic. This hides the site names and servers you visit from your ISP. It also hides your personal IP from the sites. Cloudflare will know all of it though. Your IP, the site name, and the site IP.
Private Relay uses two relays. The first is run by Apple, the second by Cloudflare. The site name you want to access is encrypted on your phone and sent through the Apple relay, masking your IP, before sending it to Cloudflare. Cloudflare then decrypts the site name, but doesn’t know your IP. This mechanism prevents your ISP, Apple, and Cloudflare all from knowing the names of sites you’re trying to access. The second part of the service is a VPN that prevents your ISP from seeing the server you’re connecting to. The VPN provider (I believe Apple) would see the server (but not the hostname).
They perform two different functions.
1.1.1.1 modifies and encrypts your DNS on the client side (your phone) so your ISP doesn’t see all of your requests. This mostly helps with ISPs who throttle or serve ads based on what your browsing.
Private Relay acts more similar to a traditional VPN where it stops websites from seeing your data and location by obscuring it.
So the threat vector is different. 1.1.1.1 helps protect against the people serving your internet (ex. Verizon FIOS) while Private Relay protects against websites themselves (ex. Google).
VPN interferes with iOS Mail Privacy Protection have to turn off 1.1.1.1 even if your only using it for DNS
Does 1.1.1.1 / WARP work with all apps on the phone?
Private relay says connection is only secured on Safari and Mail…
is this correct or do they both secure internet traffic from all apps?
Can they work in conjunction (is it necessary/helpful to have 1.1.1.1 if you have private relay?) and, if using both, does 1.1.1.1 impact the performance of private relay and vice versa?
I’ve been using the free version (only DNS), and its not affecting internet speed / overall browsing experience. Do you know if Private Relay will affect this? Do you think its worth getting the iCloud+ and ditch the 1.1.1.1?
My understanding from using their free products is that the free tier now includes Warp. Which is a particular kind of VPN to their data center, so that everything between your device and their data center is private. Or Warp can be switched off and it would operate just as a secure DNS resolver as before.
The premium product is branded Warp+, which additionally says it uses intelligent routing in their edge network to improve browsing/data delivery speeds.Cloudflare Warp Client overview
What I still don’t understand about Apple Private Relay is whether the DNS requests are hidden the same way as 1.1.1.1.
Do you have an article or source that verifies/explains this? Currently using both, but don’t want my mail privacy protection inactive.
I can’t speak about all apps on the device but I use Firefox on iOS and private relay does not hide my IP while using Firefox.
WARP acts as a system-wide VPN which tunnels all traffic from the device. On the desktop version you have split-tunnelling, allowing you to exempt certain traffic from the VPN.
I have no idea if they can work together. Sorry.
It depends on your use case. Private relay only encrypts your safari traffic; the rest of the requests are still open, and app providers can see your original IP. If you want to ensure that your device’s total traffic is encrypted, then go with Warp only if you trust Cloudflare enough.
Nope, it’ll say:
Private Relay Unavailable
Software installed on this Mac is incompatible with Private Relay.
No idea. Depends on your Internet speeds and those of iCloud.
Yes, you can safely ignore iCloud+ if your only intention is to encrypt your DNS traffic. Alternatively, you can install encrypted DNS profiles from other major providers to achieve the same.
What I still don’t understand about Apple Private Relay is whether the DNS requests are hidden the same way as 1.1.1.1.
More hidden, actually. I describe that a bit above.
No can’t reference article currently I use private relay and mail protection and have removed 1.1.1.1 DNS protection as my understanding is don’t need both
Occasionally their is a site that has an issue but does not bother me