• 0 Posts
  • 34 Comments
Joined 1 year ago
cake
Cake day: July 2nd, 2023

help-circle





  • I’m not going to defend Apple’s profit maximization strategy here, but I disagree. Most people won’t end up buying a cable and adaptare because they already have one, and in contrast to those pieces made of plastic and metal, the packaging is mostly made of paper. I’m pretty confident that the reduction in plastic and metal makes up for the extra packaging that’s produced for the minority that does buy a cable and/or adapter.





  • I don’t understand the relevance of what you’re saying. Do you mean that the platform should have the right to allow biological females only (following the definitions of your law system)? Do you think that that’s implied when a platform is female only and defensible in court? Not a snarky remark, just genuinely curious what you mean. This case was all about gender identity discrimination and I don’t see how biological sex fits into the picture.

    She had sued the platform and its founder Sally Grover in 2022 for unlawful gender identity discrimination in its services, and claimed Ms Grover revoked her account after seeing her photo and “considered her to be male”.

    Judge Robert Bromwich said in his ruling that while Ms Tickle was not directly discriminated against, her claim of indirect discrimination was successful as using the Giggle App required her “to have the appearance of a cisgender woman”.

    Judge Bromwich said the evidence did not establish Ms Tickle was excluded from Giggle directly “by reason of her gender identity although it remains possible that this was the real but unproven reason”.






  • It is, though. Safari has native support for 3rd party adblockers, it’s just that many people don’t know. AdGuard is one of the good options. Safari is doing the actual blocking for the most part (the extension just hands over the filterlists), but nowadays some of the adblockers include an optional extension that applies some rules for complex ads that are not supported by the Apple API, such as on YouTube. As an end user you just have to install and enable the adblocker.

    Then there are also other browsers available with built-in adblockers. Admittedly those are all limited in some ways because they’re forced to use the same browser engine (outside of the EU), but they are very effective at blocking ads.


  • I’m not sure, it depends on your configuration and blocking list. I don’t use native tracking protection, and my blocklist (oisd) prioritizes functionality over blocking, so in my case everything just works and I don’t have anything special added to my whitelist. I don’t like DNS blocking to be in the way and I also share my configuration with some family members, so that’s why I’ve made this choice, but if you prefer a stricter approach you might have to do some whitelisting.


  • If the iCloud Private Relay ODoH DNS server is used it will show up as a DNS leak, even if the IP address from its response isn’t used for browsing. For privacy it doesn’t matter, as with ODoH the DNS resolver doesn’t know your IP or identity, the most important thing is whether it will bypass the NextDNS blocklist. In my testing I couldn’t visit any website that was blocked by NextDNS, meaning that the iCloud DNS resolver wasn’t used as the primary DNS resolver, which matches with their documentation (that page 10 that I linked to earlier). Note that Apple will only use a custom DNS resolver if you’re using the native DoH option, so for example the configuration that you can get from https://apple.nextdns.io/.

    You can easily test it yourself: block a hostname in NextDNS that you haven’t visited recently (due to cache) and try to visit it in Safari.

    I don’t know why Apple still uses the Cloudflare DNS resolver even if it seems to be ignoring its responses. Maybe they use it for some custom metadata that’s sent along with the request which somehow is important for the relay. All I know is that I’ve never seen it bypassing the NextDNS blocklist, which again is exactly how it’s documented by Apple.


  • So for some reason Apple keeps using their DNS resolver even with a custom DoH resolver configured, but in my testing it didn’t affect the blocking capabilities of NextDNS at all, meaning that the answers from their resolver are just ignored (or used for some other purpose). The way NextDNS knows that you’re using another resolver is by letting the browser resolve some unique hostnames, so that way it will show up even if the answers from that resolver aren’t used. As to why Apple does this I don’t know. In theory it could be the case that Apple just used whichever answer arrives first and that NextDNS just happened to be faster in my testing, but that doesn’t match with how it’s documented in their PDF.

    Which one to pick (if you don’t just want to use them at the same time) depends on what your goal is. I use iCloud Private Relay + NextDNS + AdGuard, but nowadays I mainly use another browser with a built-in adblocker, so iCloud Private Relay and AdGuard aren’t used in that case.

    I use NextDNS everywhere I can and use a list that prioritizes not breaking anything. It’s a nice backstop. It’s not a replacement for an in-browser adblocker in my opinion, unless you don’t care that it’s less effective.


  • Contrary to common believe, iCloud Private Relay and NextDNS are compatible and can both be enabled at the same time, see page 10 of https://www.apple.com/icloud/docs/iCloud_Private_Relay_Overview_Dec2021.pdf. When you try to visit a blocked hostname in Safari, you’ll see that it won’t work. This is something that I’ve personally confirmed.

    What NextDNS solves and iCloud Private Relay doesn’t, is blocking hostnames system wide, thereby completely blocking some ads and tracking. What iCloud Private Relay solves is hiding your browsing traffic a bit better within your local network and from your ISP, as well as hiding your IP from trackers and hiding your identity from their DNS resolver (not from NextDNS, though).

    Some background information why using HTTPS together with encrypted DNS doesn’t fully hide which websites you visit (yet): https://blog.cloudflare.com/announcing-encrypted-client-hello.

    If I had to choose, I’d go with NextDNS for system wide blocking and I’d add an adblocker browser extension to block trackers and ads that can’t be blocked with DNS based blocking. But you don’t have to choose and can use both at the same time.