zimmie

22july2013 said:

Google won’t be copying this feature because Google’s raison d’être is to profit from your identity. Google might not even sell Android to hardware companies which copy this feature. This will be an Apple exclusive. However VPN companies may try to copy this. I wonder if Apple trademarked the phrase “private relay.”

I wonder if Amazon or Google could own and operate the “egress servers.” Are they “trustable?” I suspect there could be different egress server companies in each country. The reason Private Relay may not be available in some countries is that Apple knows it can’t get trusted egress server companies in those countries. (I.e., not simply a legal prohibition.)

Warrants issued to both the ingress and egress server companies might be able to get user identities. 

I look forward to some character in a TV detective/cop show saying, “We can’t locate the user, because they are using Apple’s Private Relay.” That will sell a few Apple devices. 

Google already offers something similar to this with their Fi virtual telco. Websites can still set a cookie on the client, otherwise you wouldn't be able to log in to any site through this service. This mostly affects telcos' ability to snoop on their customers' traffic. It potentially reduces the quality of their competitors advertising data without reducing the quality of Google's. They're all about that.

The third-party companies are clearly operating as proxies which don't require authentication. The point of the service is Apple authenticates the user for billing purposes, then they hide the identity of the traffic's source. The third-party can see where you're going, but as long as you're using TLS to the destination, that's all they can see.

Yes, a warrant to both companies could correlate user identities with the sites they are visiting, assuming the information is logged, and assuming the logging has enough specificity. Since they're operated by separate companies, they are unlikely to have their clocks synchronized well enough for timestamp-based correlation.

Sounds like you talk TLS or IPSec to the Apple server which acts as a proxy. You then talk client-anonymous TLS or IPSec through that to the third-party server, where you make your request.

Apple can tell who you are, but not where you’re going. The third-party server can tell where you’re going, but not who you are.

I still want more technical details, but this is a very promising start.

docno42 said:

Heh - Apple just Sherlocked VPN providers - many of which are pretty sketchy in and of themselves 

The sketchiness of "VPN" providers is seriously underreported. In a lot of cases, you're avoiding snooping from your local telco in exchange for snooping from Moldovan telcos. The provider also has the ability to mess with your traffic, such as by inserting ads.

I'm really looking forward to a technical analysis of how this works. If I understand it correctly from the non-technical description in the keynote, the FBI and NSA will be seriously upset, unlike their mostly-performative objections to device-level encryption.

tedz98 said:

The UI changes are nice user experience improvements but it’s still putting lipstick on a pig. Given all of the hacking/ransomeware issues that are out in the wild, Microsoft needs to implement some significant architectural updates that protects the Windows core/environment from hackers. Improved sandboxing would be a start. You can’t stop users from opening infected emails but you can certainly sandbox them and do a better job of inspecting attachments or links. The hacker threat and impact is incredibly high and Windows needs to be a more capable threat detector/preventer. Get that done then work on the artsy front end redesign.

Microsoft actually added a feature called Windows Sandbox a few versions ago. It works with Hyper-V containers to give you near-immediate access to VMs running a totally clean installation of the version of Windows you have outside the sandbox. They've been doing a lot of really admirable internal work lately. I suspect this event is mostly going to introduce user interfaces for stuff Windows 10 can already do.

cia said:

OK two things....

One:  Isn't TSMC having issues making chips in Taiwan because of the drought that's been happening there?  If water can be such an issue, why are they building this plant in Arizona, the driest state in the US?

Two:  By the time this plant goes online, 5nm is going to be old news.  Why aren't they aiming for 3nm or better?

Chandler, Arizona has Intel fabs 12 (22 nm, 14 nm), 22 (22 nm, 14 nm), 32 (22 nm, 14 nm), and 42 (10 nm today with 7 nm coming online in 2022). Only Hillsboro, Oregon beats it in number of semiconductor manufacturing facilities within the US. If you're looking to build manufacturing presence in the US, you have to build where the skilled workers are, and offer them significantly better pay and/or working conditions.