T-Mobile says it isn’t widely blocking iCloud Private Relay, blames iOS bug

  News
image_pdfimage_print
A person's hand holding a smartphone in front of a screen with T-Mobile logos.

T-Mobile has responded to complaints that it is blocking iCloud Private Relay on iPhones, saying that the block only affects subscribers who enabled parental controls or other types of content filtering. T-Mobile also says it has identified a bug in iOS that may be messing with users’ iCloud Private Relay settings, but Apple hasn’t confirmed this.

“Customers who chose plans and features with content filtering (e.g. parent controls) do not have access to the iCloud Private Relay to allow these services to work as designed. All other customers have no restrictions,” T-Mobile told Ars last night. This also applies to customers who subscribed to Sprint before the companies merged.

Customers affected by iCloud Private Relay blocking get an error message in the iPhone settings app when they try to enable the Apple privacy feature. The message says, “Your cellular plan doesn’t support iCloud Private Relay. With Private Relay turned off, this network can monitor your Internet activity, and your IP address is not hidden from known trackers or websites.”

Some users noticed that T-Mobile was blocking iCloud Private Relay yesterday, leading to speculation that the carrier plans to block the Apple privacy feature for all US-based customers. While it now appears the blocking is not widespread, it may be affecting some users who did not enroll in content filtering. One Sprint user told us on Twitter that iCloud Private Relay is blocked even though he doesn’t have filtering enabled on his account and that he needs to “talk to advanced tech support next” because T-Mobile support told him that “they couldn’t open a ticket.”

Additionally, a 9to5Mac report states that “many of the users we’ve heard from… do not have any such content filtering enabled.” 

T-Mobile says there’s an iOS 15.2 problem

In a further response to Ars today, T-Mobile suggested that there’s a problem with the default settings in iOS 15.2. “Overnight, our team identified that in the 15.2 iOS release, some device settings default to the feature being toggled off,” T-Mobile told us. “We have shared this with Apple. This is not specific to T-Mobile. Again, though, we have not broadly blocked iCloud Private Relay.” We contacted Apple and will update this article if we get more information.

iCloud Private Relay is available in beta and is designed to prevent network operators from monitoring customers’ Internet activity. “If you turn off Private Relay, network providers and websites can monitor your Internet activity in Safari,” Apple says.

T-Mobile’s Web Guard “prevents access to adult web content” when customers are connected to the T-Mobile cellular network. Apparently, it can’t block such content when Apple’s new privacy feature is protecting a user’s browsing.

Possible fix: “Limit IP Address Tracking”

An AT&T spokesperson told Ars today that it does not block iCloud Private Relay at all, even if customers have filtering enabled. We’re still waiting for answers from Verizon.

Some AT&T customers reported on Twitter that iCloud Private Relay wasn’t working on cellular data yesterday. However, some of those Twitter threads show that their problem was fixed by turning on “Limit IP Address Tracking” in the Cellular Data Options section of the iPhone Settings app.

The toggle description in the iPhone settings app says, “When this is turned off, iCloud Private Relay will also be turned off for this cellular provider.” If you’re having a problem with iCloud Private Relay, check to make sure that the “Limit IP Address Tracking” toggle is on.

A Verizon customer who reported a similar problem last month told us today that he never had content filtering turned on and that Private Relay is working for him now.

When iCloud Private Relay is enabled, web “requests are sent through two separate, secure Internet relays,” Apple says. “Your IP address is visible to your network provider and to the first relay, which is operated by Apple. Your DNS records are encrypted, so neither party can see the address of the website you’re trying to visit. The second relay, which is operated by a third-party content provider, generates a temporary IP address, decrypts the name of the website you requested, and connects you to the site.”

https://arstechnica.com/?p=1825105