My favorite WWDC21 announcements: all new iCloud+

Last night was fun. Apple’s WWDC21 event announced multiple software updates across their iOS, MacOS, iPadOS and watchOS platforms. I enjoyed the full keynote, particularly the part where they announced the new iCloud+ subscription. The Health-related segments were arduously long though.

It was disappointing that the new 16 inch MacBook wasn’t announced as well.

My most favorite announcement is probably the new iCloud+ subscription that includes privacy-focussed services like “Hide My Email”, “Private Relay” and the new pixel blocking functionality on the Apple Mail app. Other favorite announcements include:

  • TestFlight for Mac.
  • SharePlay for watch party with friends and family.
  • FaceTime on Android, Windows and Linux using web browsers. This brings end-to-end encrypted video calling across all platforms.
  • Universal Control. I can finally use my 2015 MacBook Air keyboard on 2019 MacBook Pro.
  • App Privacy Report. It’s like a mini pi-hole report, for your iOS device.

iCloud+ subscription

I am not an iCloud member at the moment, but with the new functionalities announced last night, I might end up choosing the lowest iCloud tier. It costs 75 INR a month in India, which is roughly about 1 USD. That’s a great price for something that includes,

  • Private Relay, a browser-specific VPN that works on Safari.
  • Hide My Email, to generate random email aliases that redirect all incoming email to your primary email inbox.
  • Custom domain support for email.

It’s not clear what Private Relay is just yet, but in reading beta user experiences on Reddit, it seems that it’s a Safari-specific VPN. The idea seems to be that the customer’s IP address isn’t visible to the websites that they are browsing and their internet service provider. That’s pretty much what commercial VPNs like NordVPN and Mullvad do, and they apply throughout your device. Apple’s service is restricted to the Safari usage though.

I am a devoted Firefox user, but considering that I recently cancelled my NordVPN subscription, switching to Safari for Private Relay feels like a good idea. It boils down to how performant Private Relay is though. VPNs are known to throttle your browsing speeds as they encrypt your data/route traffic through the VPN provider’s node. Private Relay routes your traffic through two hops instead, which is even better privacy-wise but I wonder if performance would take a hit.

I am a huge fan of SimpleLogin and Anonaddy, of which I am a paying customer of the former. They are open source, can be self-hosted, offer API access and offer custom domain support. I wouldn’t be cancelling my SimpleLogin subscription, but using Apple’s “Hide My Email” functionality alongside feels like a good idea. Maybe compartmentalize usage for different purposes?

“Hide My Email” had been a feature that’s part of “Sign in with Apple” functionality but that changes today because “Hide My Email” becomes a standalone app/functionality.

Custom domain support on is very cool as well! In fact, I never signed up for mail until today. I am a ProtonMail user today and I am happy with it in most respects. The end-to-end encryption functionality of ProtonMail isn’t all that useful to me though, as 99% of the communication that I make are with non-ProtonMail customers.

Email, in general, is known to be a protocol that isn’t secure. For anyone that’s looking for secure, private communication, Signal must be the goto option. That brings me to the idea that ProtonMail subscription isn’t necessary for my use case. When it ends in 11 months, I plan on canceling the subscription. Also because iCloud Mail allows usage on third-party apps and platforms, it’s not any different from other IMAP-offerings. This enables me to use the new iCloud mailbox on Android and Windows. Pretty cool for the price it comes at.

TestFlight for Mac

I am very happy with this announcement, mostly because I test Tailscale and Signal releases. Until today, beta testing on Mac has been a waiting game because developers have to submit the release on the App Store, which takes multiple days to be available to the customers. TestFlight speeds up the availability tremendously. I am looking forward to seeing whether Tailscale and Signal devs adopt TestFlight in the coming months. There is no reason not to.


FaceTime’s new link generation functionality is quite nice, which allows inviting non-FaceTime users to join the call using their desktop and mobile browsers. I haven’t used FaceTime ever, but considering that it offers end-to-end encrypted communication (this time even on browsers), I could give it a shot. Performance on browsers is a question though, especially in slow networks.

Signal is my choice of communication today, and it became even better recently because it offers screen sharing, which replaces my occasional need for Zoom. It’s in beta at the moment.

I look forward to trying FaceTime but convincing friends and families to use it is a challenge. Most are devoted WhatsApp users because their social circles are on it. Signal saw an increase in usage briefly in January 2021, which is when WhatsApp announced new terms (they have reversed that decision, by the way) but most of gone back to using WhatsApp because of the lack of social circles.

Overall, WWDC21 was quite nice. I hope to test the betas in the coming days.


It had been a busy few days at my end.

VALORANT greeted with a pleasant surprise tonight though. There’s a new map! Breeze! I have no clue how old this is, but I am definitely enjoy the new view.

Picture of a gameplay from VALORANT.
Picture of a gameplay from VALORANT.
Picture of a gameplay from VALORANT.
Picture of a gameplay from VALORANT.
Picture of a gameplay from VALORANT.
Picture of a gameplay from VALORANT.
Picture of a gameplay from VALORANT.

Facebook must be deleted

Look at this.

Facebook tracks your web presence and activities even outside of their “” domain. Facebook is not a social networking website anymore. They are a data mining corporation, focused on showing targeted ads. They are minting money based on your interests.

That Twitter thread has examples of the level of data that Facebook can collect. They can be so precise that they will know of the time you ordered pizza, what page of a website you are at, what kind of action you are taking on that website, what college you are applying to, and everything inย between!

Facebook must be deleted. Today.

At the least, you must be turning off their “Off-Facebook activity”ย settings. Get a copy of your data before you turn that off.

Setting up Pi-hole on the Tailscale network

I have been a fan of NextDNS for the last year or so. It’s easy to use, is cheap, and makes it incredibly easy to manage my ad-block lists. The configuration functionality of NextDNS is great as well, as it allows for compartmentalized setup.

However, I have always wanted to start using Pi-hole as it offers more data control (self-hosted) and because it’s open source. While Pi-hole setup is straightforward and can act as a network-wide ad-blocker within your house, extending that to mobile/other networks, for on-the-go usage is not easy. Pi-hole docs have this guide about setting up that extension, using OpenVPN protocol but I hear Wireguard has superior performance.

I tried Rajan’s guide involving Wireguard, and later came Tailscale which makes VPNs stupidly easy.

Tailscale is built on the top of the Wireguard protocol as well.

Once you have installed and logged into your Tailscale account on your devices, they will basically be available on a flat network, thus allowing your devices to talk to each other. Talk in this context refers to setting up a service/server on one device, making it listen on the Tailscale network and making the other devices connect to it.

For the purpose of this post, I will explain how I set up my Pi-hole to listen on the Tailscale network, allowing for network-wide ad blocking.

Get Tailscale on your devices and log with a Google or Microsoft account

  • Tailscale is available for download on Android, iOS, Windows, Mac and Linux. You can get your copy here.
  • Once you have installed it, log into each device using your Google or Microsoft account.
  • Do so on the Linux device that you are about to use for your Pi-hole as well. If you have a Windows device, you can install Linux on it using Windows Subsystem for Linux.
  • Once that’s completed, you can find your devices on this Tailscale admin page.

Set up Pi-hole on a Linux device

It’s time to install Pi-hole on your Raspberry Pi or the Linux device.

Work through the Pi-hole setup guide here. The basic installer at the top of the page can work.


While setting that up, you will be prompted to choose a “listening interface”. Choose “tailscale0”, not “eth0”.

Once the set up is done, you can visit Settings > DNS tab of your Pi-hole settings to verify that Listen only on interface tailscale0 is selected under Interface listening behavior.

Image to indicate the "Interface Listening Behavior" setting on Pi-hole
Indicates the “Interface Listening Behavior” setting on my Pi-hole

At this stage, Pi-hole set up is all done!

Marking Pi-hole as DNS resolver for all Tailscale devices

Log into your Tailscale admin dashboard. Under the Name servers section, enter the Tailscale node address for the device you installed Pi-hole on.

Magic DNS

Make sure that you do not enable magic DNS. I am fuzzy on what it’s supposed to do, but I have noticed that non-Tailscale traffic doesn’t work when magic DNS is enabled. It’s probably being discussed on this GitHub issue.

In my case, I have two Pi-holes. One on my Raspberry Pi at home, and one on the Google Cloud. As such, the two addresses that I entered on my Tailscale name servers section are and

An image to indicate the DNS name servers settings on the Tailscale website
Name servers entered on my Tailscale account

Once your name servers are added, enable Tailscale on your computer/mobile devices. By doing so, your VPN configuration will be enabled, and all DNS queries will be tunneled to your Pi-hole. This will work even when you are on a mobile network, outside of your house!

Disable private DNS on Android

If you have a private DNS address added on your Android settings, turn it off.

Things to note

One of the things that Tailscale promises is that the Tailscale node address never changes for your device. This ensures that the name servers that you just entered always work, thus not leaving you without a DNS resolver.

Are apps/websites not loading?

It’s possible that you enabled Tailscale on your computer/mobile before adding the Pi-hole’s node address on Tailscale DNS page. In such a case, restart Tailscale on your device and it must fetch the name servers from your admin.

Do not enable Block connections without a VPN setting on your Android VPN settings. Brad explains why here.

You can share your Tailscale node where Pi-hole is running (your Raspberry Pi device or the Linux device) with other Tailscale users. Once they accept the invite, they can add your Tailscale node address as the name server on their DNS page. By doing so, they will get the benefit of your Pi-hole as well.

This is not an open resolver. This Pi-hole DNS resolver will be accessible only by Tailscale nodes on your Tailscale network, and by those that you invite to that device.

Whoogle on Tailscale

Access ad-free, tracker-free Google search results.

Hydroxide on Tailscale

Access your ProtonMail emails on a self-hosted, open-source bridge called Hydroxide.

libreddit on Tailscale

Self-host a private, ad and tracker-free reddit frontend UI with libreddit.

Kudos to Apple for privacy-focussed features

I have been using ProtonMail, Signal, DuckDuckGo and SimpleLogin for a fairly long time. These make up an integral part of my online presence, and I cannot go back to a time where these didn’t exist.

Without doubt, I truly enjoy and recommend using privacy-respecting products.

In a recent conference, Tim Cook committed to advancing user privacy by giving them tools to control where their data is shared. Especially in today’s world, it’s important to understand the implications of online data tracking, and it’s necessary to be informed about ways to prevent that. Apple’s recent release of an illustration explaining implications of data tracking will be a great read. While the conclusion of that report focusses on Apple-centric tools to prevent data tracking, the content of the report holds true, that companies profit by monitoring users.

At Apple, we made our choice a long time ago. We believe that ethical technology is technology that works for you. It’s technology that helps you sleep, not keeps you up. It tells you when you’ve had enough, it gives you space to create, or draw, or write or learn, not refresh just one more time. It’s technology that can fade into the background when you’re on a hike or going for a swim but is there to warn you when your heart rate spikes or help you when you’ve had a nasty fall. And with all of this, always, it’s privacy and security first, because no-one needs to trade away the rights of their users to deliver a great product.

Tim Cook at the Computers, Privacy and Data Protection conference, MacRumors

Starting with the next beta release of iOS 14, Apple will be launching a new tool called App Tracking Transparency that will enable users of apps to control sharing of data with app makers. By taking away data tracking functionality within the iOS ecosystem, Apple is definitely making a sizeable dent in businesses that primarily focus on monetizing user data, read Facebook.

An image showing Apple's new App Tracking Transparency feature
Apple’s new App Tracking Transparency feature that will be available in the next beta release of iOS 14

Open-source software like Pi-hole has existed for a while, and recently, online services like NextDNS and AdGuard have emerged that offer similar controls. I am a happy user of these products and services, but I particularly like how Apple is championing this effort.

iOS takes up 50% of the market share in the US, which is Facebook’s largest market. If Facebook is feeling threatened by Apple iOS 14’s new privacy features, we are moving in the right direction.

It’s also worth noting that WhatsApp will be sharing user data with Facebook group of companies. It’s particularly worse for those WhatsApp Business API users as their messages wouldn’t be end-to-end encrypted. Differently put, they will be visible to third-party Business Solutions Providers, including cloud-based version of the API hosted by Facebook:

Some organizations may choose to delegate management of their WhatsApp Business API endpoint to a third-party Business Solution Provider. In these instances, communication still uses the same Signal protocol encryption. However, because the WhatsApp Business API user has chosen a third party to manage their endpoint, WhatsApp does not consider these messages end-to-end encrypted. In the future, in 2021, this will also apply to businesses that choose to leverage the cloud-based version of the API hosted by Facebook.

Gizmodo – This Was WhatsApp’s Plan All Along

On the flip side, Apple is fighting back, highlighting that this will impact small businesses that depend on personalized ads for sales. Facebook also highlights that Apple’s own apps will be exempted from App Tracking Transparency, but it’s not clear if that’s true, based on Apple’s press release.

Other privacy efforts by Apple that I appreciate

In June of 2020, Apple announced support for native encrypted DNS throughout the device. This is a big deal for users like me that have a NextDNS subscription.

In iOS 14 and iPad OS 14, Apple also launched a new App Store functionality, called the privacy nutrition labels. It gives users a quick overview of the apps’ privacy practices — as in, what level of data is obtained by the app, what these details are used for, and also outlines how they may be linked to an individual. Apple’s own apps, like Apple Music, are required to show these labels; they are not exempted.

An image showing the new privacy nutrition labels feature on the Apple App Store
An image showing the new privacy nutrition labels feature on the Apple App Store

If you are not aware, the messaging app Signal collects only your mobile number. It doesn’t link that mobile number to your identity either! If you are a WhatsApp or Telegram user, it’s time to consider switching to Signal.

An image highlighting the data that the messaging app Signal may collect and link to your identity
Signal’s privacy nutrition labels on the App Store

I am keen on seeing where things head from here!

“A Day in the Life of Your Data” by Apple

It’s a great illustration!

While the conclusion of that story is Apple-centric, with recommendation being to use their products to protect one’s privacy, the content is very true. We all must give it a read, possibly with our parents or children, to bring awareness on what’s truly happening.

It’s available here: A Day in the Life of Your Data by Apple.

Majority of these companies’ focus is on mining user data, for profit.

Choosing privacy-respecting alternatives do not have to come with a compromise.

Most think that by choosing Signal over WhatsApp, they will have to give up on connections with their friends. It’s true to some extent — I understand that network effect can be a friction, I can only hope that we consider privacy-feature-set tradeoff to make the jump. Signal is growing fast and already has basic features to get your communication going.

That’s one example.

NextDNS, ProtonMail, Tutanota, SimpleLogin are a few other privacy-respecting products that I use every day.

If you are looking for privacy-respecting choices in other categories, Privacy Tools has a great list here.

In particular, I want to note NextDNS.

There is nothing to lose by NextDNS. You will only see benefits by using such a DNS resolver, in that, your ISP (Internet Service Provider, like Airtel, Jio, Comcast) will not be able to monitor your DNS queries anymore. You will also get a great level of flexibility, like blocking ads/trackers from these data mining corporations, and like preventing unwanted content from appearing on yourย children’s devices.

Pi-hole is an alternative to NextDNS. It is a free, open-source software as well that you can further extend to devices on the go.

Let your change begin today!

Of messaging apps

After WhatsApp announced an update to their privacy policy, I have answered countless questions from my friends and family. In the last week, most of my family members have jumped shipped, and I have lost track of the amount of time where I explained differences between the apps.

I figured it might be helpful to document these discussions as a blog here, here goes.

About WhatsApp’s policy update

It’s misreported by most, that WhatsApp can now read personal conversations between two users, but that’s not the case. With this policy update, the end-to-end encrypted communication aspect of WhatsApp does not change. WhatsApp will not be able to read personal, 1:1 conversations. The conversations on WhatsApp have been end-to-end encrypted since April of 2016, which is when they adopted Signal protocol.

What’s changing this time is that, or better said, what Facebook is disclosing this time is that, WhatsApp Business API customers may have access to tools that will enable them to communicate outside of WhatsApp. An example being, ability to communicate with their customers on WhatsApp, via Facebook interface, where Facebook is the vendor for this WhatsApp Business API.

This Gizmodo article[1] is a deep-drive and probably most accurate that I have read so far on the WhatsApp debacle:

Some organizations may choose to delegate management of their WhatsApp Business API endpoint to a third-party Business Solution Provider. In these instances, communication still uses the same Signal protocol encryption. However, because the WhatsApp Business API user has chosen a third party to manage their endpoint, WhatsApp does not consider these messages end-to-end encrypted. In the future, in 2021, this will also apply to businesses that choose to leverage the cloud-based version of the API hosted by Facebook.

If you are someone that does not use the Business accounts functionality of WhatsApp, you are okay to continue using WhatsApp for personal conversations. Facebook, or WhatsApp, will not be able to read your personal communication.

Is WhatsApp the best choice though?

While WhatsApp is unable to read your messages, WhatsApp has access to various other information surrounding your account, including your purchase history, location, your contact number, your contacts, identifiers (user ID specific to your installation of the app), diagnostics data, for troubleshooting bugs, financial information, user content, and usage data. This information is from the privacy policy that WhatsApp disclosed to Apple, to publish the app on the App Store.

We will never know how Facebook is using this data. Some of these are mentioned to be used only for app functionality, but Facebook is known to be a company that has been sharing WhatsApp data for years. As such, we will never know what happens behind the scenes, and the onus is on the user to vet.

What happens in the future

Millions across the world scrambled to alternatives, which include Signal and Telegram. Shortly after this exploding growth, WhatsApp made another announcement to bust some myth surrounding their update. They even went to the extent of buying full-page, front-page ads on top newspapers:

It’s important to note their usage of shared location term in their ads. By shared location, WhatsApp is referring to the location sharing functionality inside of your 1:1, or group messages. This data is end-to-end encrypted as well, as it’s part of your message. That’s not visible to Facebook, or WhatsApp.

But, WhatsApp is sneakingly dodging the fact that they have access to users’ location. It must be concerning that they are not disclosing that on their ads, where their focus is to prove that they don’t mess with users’ privacy.

Signal vs Telegram

In this section, I want to cover some fundamental differences between Signal and Telegram.

In particular, it’s worth noting that Telegram is a downgrade from WhatsApp.

While WhatsApp and Signal are end-to-end encrypted with the Signal protocol, Telegram has its own encryption protocol[2] called MTProto. While all of Telegram is using this technology, it’s only secret chats that are end-to-end encrypted. The rest of the chats, including cloud-hosted 1:1 chats with other users, and group chats, are not end-to-end encrypted.

Durov’s explanation to why Telegram does not offer end-to-end encryption[3] by default is that, they focus on speed, functionality and synchronization. The intention seems to be that, users must be able to access their data without losing it, when they switch between devices. Durov also goes on to cover how Telegram’s cloud-hosted storage is a better solution over WhatsApp’s backups on a Google Drive.

The way I see it, storing personal messages on Telegram’s servers is not any different from storing on Google Drive, via WhatsApp backups. True privacy starts when one chooses to store their messages locally on the device they use.

Telegram’s secret chats offer that, but that not being default is a deal breaker for me.

Signal, on the other hand, is built with the core idea of not knowing anything about the user. It has end-to-end encryption enabled by default, thus enabling the user to get going. For those users that are moving away from WhatsApp, Signal must be the preferred choice. Should one choose to use Telegram, it’s very important to note that only 1:1, opted-in, secret chats are end-to-end encryption.

This article also covers how Signal is a superior solution overall:

Between Signal and WhatsApp

You must be choosing Signal.

While WhatsApp and Signal may seem similar, there is a vast difference in functionality and privacy aspects of the apps. I want to cover two primary factors.

The only information that Signal knows is your mobile number, and Signal makes no attempt to link that to your identity. In other words, Signal wouldn’t know that a certain mobile number belongs to you, wouldn’t know who you are communicating with, using that mobile number, how often you do that, or use that information to map to external services/products. Even during the latest outage on the 15th of Jan, 2020, Android developers from the Signal team had to ask for debug logs from the community, to troubleshoot the cause of the outage. It was necessary for them to ask for it, because Signal does not collect any details by default.

Data that Signal is involved with
Data that Telegram is involved with

Signal also offers linked devices, which include tablets, desktops and laptops, that can work without having your mobile device active. WhatsApp requires your mobile device to be active, or online, to have the desktop counterpart work.

One may read the desktop version of WhatsApp as a “beam”-able version of your mobile display.

Signal doesn’t work that way. Signal can work even when your mobile device is switched off. And when your mobile device is activated again, your desktop messages sync over to mobile.

[1] This Was WhatsApp’s Plan All Along
[2] MTProto Mobile Protocol
[3] Why Isnโ€™t Telegram End-to-End Encrypted by Default?


I don’t have a WhatsApp (and Facebook) account, but I did hear about their terms change — users are required to accept to the new policies wherein WhatsApp data can now be shared with Facebook. As I understand, this does not impact the e2e (end-to-end encrypted) messages aspect of WhatsApp. It’s based on the Signal protocol and messages will continue to remain as private as possible.

Related Hacker News thread: WhatsApp gives users an ultimatum: Share data with Facebook or stop using app.

What’s changing this time though, or better said, what’s made more explicit is that, other aspects of WhatsApp usage may now be shared with Facebook. Paul’s article here particular covers what’s changing in detail, and also backs up with relevant sources:

In practice, this means that WhatsApp shares a lot of intel with Facebook, including account information like your phone number, logs of how long and how often you use WhatsApp, information about how you interact with other users, device identifiers, and other device details like IP address, operating system, browser details, battery health information, app version, mobile network, language and time zone. Transaction and payment data, cookies, and location information are also all fair game to share with Facebook depending on the permissions you grant WhatsApp in the first place.

As I understood from a few other Hacker News and media articles, WhatsApp made another drive-by change: Removed text about not having access to private keys. This comment in particular highlights that an user’s opt-in for WhatsApp business account delegates access to Facebook, which as a vendor of WhatsApp Business API.

To most, this sharing of access may not matter, but I feel differently. Especially in a world where better, privacy-focussed options, like Signal and Telegram (only via secret chats) are available, it’s a no-brainer to consider these options. Mohan has covered some privacy-respective messenger app alternatives that you may like to read.

I have been a Signal user for many years, but have truly stood by it in the last year or so.

I am very pleased with their growth, especially in India, and I am pleased that most of my friends and family are moving over as well. If you haven’t moved yet, you may consider doing so today. We may as well read Brian Acton, Elon Musk and Edward Snowden’s work/tweets as an endorsement. It’s particularly interesting to know that WhatsApp co-founder (Brian Acton) left Facebook post acquisition, to infuse 50 million dollars in Signal.

Signal is a non-profit company, free, publishes their client-side and server-side code in the open, and promises unexpected focus on privacy. It’s among the very few apps (the only other platform that I know of is Matrix, but it’s riddled with bugs) in the market that offer synchronized, end-to-end encrypted messaging.

With their focus being on privacy, it’s natural that they are not able to offer advanced features like Telegram bots, and that’s okay.

I see that as a decent tradeoff.