Comment by chatmasta
10 hours ago
I buy Apple products not just because they do a great job with security and privacy, but because they do this without needing to do it. They could make plenty of money without going so deep into these features. Maybe eventually it’d catch up with them but it’s not like they even have competition forcing them to care about your privacy.
Their commitment to privacy goes beyond marketing. They actually mean it. They staffed their security team with top hackers from the Jailbreak community… they innovated with Private Relay, private mailboxes, trusted compute, multi-party inference…
I’ve got plenty of problems with Apple hypocrisy, like their embrace of VPNs (except for traffic to Apple Servers) or privacy-preserving defaults (except for Wi-Fi calling or “journaling suggestions”). You could argue their commitment to privacy includes a qualifier like “you’re protected from everyone except for Apple and select telecom partners by default.”
But that’s still leagues ahead of Google whose mantra is more like “you’re protected from everyone except Google and anyone who buys an ad from Google.”
What is non-private about Wi-Fi calling?
If you have it enabled, then every thirty seconds (regardless of whether you’re actively on a call), your phone will make a request to a signaling server owned by your mobile ISP. So if you’re on T-Mobile and traveling in some other country with no cell service, but you’re connected to WiFi, then T-Mobile will see your public IP address. (IIRC, this also bypasses any VPN Profile you have enabled on your device, because the signaling system is based on a derivative of IPSec that could have problems communicating over an active VPN tunnel.)
I found out about this when I was wiresharking all outbound traffic from my router and saw my phone making these weird requests.
Apple actually does warn you about this in the fine print (“About WiFi calling and privacy…”) next to the toggle in Settings. But I didn’t realize just how intrusive it was.
I know my mobile ISP can triangulate my location already, but I don’t want to offer them even more data about every public IP of every WiFi network I connect to, even if I’m not roaming at the time.