Dear reader,
I have grown tired of websites blocking my access just because I use a VPN. Streaming sites are notorious for this, but this year, sites like Reddit and YouTube have joined in, which has made browsing feel miserable. You can try switching to a different VPN server (preferably from a different server provider), which usually fixes things, but it’s annoying to do this regularly.
About a month ago, I had become so fed up with this that I wanted to fix the issue once and for all. The problem is that there are no perfect solutions, so I needed to find a workflow that wouldn’t suck as much as my current experience.
I ended up giving Safari and iCloud Private Relay a chance. As a result, websites that previously restricted my access were now letting me in without issues. Yet, Safari came with its own limitations and annoyances that were too big to overcome. It felt like I had to use Safari the way Apple wants, so instead of making Safari work for me, I had to change the way I use my browser.
After using this setup for multiple weeks, I ended up switching to Firefox on my MacBook and Android phone, while with my iPad, I stayed with Safari.
At the end of this experiment, I had understood that I cannot let a single decision factor become so dominating that it determines my whole browser choice, at least with my average threat model. Instead, I have to look at each of my devices separately to figure out the best setup.
For the rest of this article, I will share more about my experience with Safari, and why I chose my current setup instead.
iCloud Private Relay is actually amazing
Private Relay works kind of like a multi-hop in a regular VPN, but where no single entity can see all the traffic. Compared to my regular issues with VPN blocking, there were no such issues with Private Relay. There were fewer CAPTCHAs, and websites were only blocking me because of paywalls, which I can usually get around. I still preserved strong privacy protections with Safari’s built-in protections and Private Relay. In private mode, these protections are even boosted.
Separate sessions per tab. Every tab that the user opens in Private Browsing now uses a separate session to the iCloud Private Relay proxies. This means that web servers won’t be able to tell if two tabs originated on the same device. Each session is assigned egress IP addresses independently. Note that this doesn’t apply to parent-child windows that need a programmatic relationship, such as popups and their openers.
This is why I used Safari’s private mode a lot when I was testing it.
With streaming sites, the difference was the most noticeable. While they often block VPN connections, Private Relay worked perfectly. I never even attempt to use my VPN to access streaming content outside of my geographic location, but I would still like to keep my VPN on, as I care about my privacy. I still get blocked, even when connecting to a server in my country. With Private Relay, its technical limitation of only allowing its users to connect to their own country probably makes it something even streaming sites can get behind because regular VPNs cannot provide this kind of guarantee.
Besides Private Relay’s impressive performance, Safari’s energy efficiency was its biggest benefit, but otherwise, the experience wasn’t exactly great.
Issues with Safari
The biggest annoyance I had with Safari was its limited customization options. For example, there are only 5 search engines to choose from, DuckDuckGo being the only privacy-focused option, and if you want to use something else, you need to install an extension or bookmark your favorite search engine. Other downsides include Safari’s closed-source nature, being limited to Apple devices, and not having access to the original uBlock Origin. However, uBlock Origin Lite was a solid replacement, even though I had to live without dynamic filtering or other powerful features.
Alternative solutions
Before I discuss my new setup, I wanted to talk about some alternative solutions some people might prefer, but that didn’t work for me.
Probably the easiest thing one could do is switch VPN servers until one works. However, this becomes frustrating when sites block a lot of IP addresses, which often leads to a situation where a server that works with one site doesn’t work with another one. As a result, I would need to change servers constantly, which was one of the key reasons for wanting to experiment with something else.
You could also try using something like Proton VPN’s browser extension, which allows you to use split tunneling for problematic sites. Yet, if you don’t have a paid plan, you don’t have access to this feature, and you’re also left with only a few countries. What’s even worse is that the extension would regularly connect to countries on the other side of the world, making browsing feel slow. While Proton VPN is probably the best free VPN that exists, it didn’t fit into my workflow.
Using split tunneling could also be another potential solution in a system-wide VPN app, which would allow you to split your browsing into two separate browsers. One with the VPN connection and one without it. The problem is that there are a lot of sites that have issues with VPN connections, and exposing this traffic to my ISP, while exposing my IP address to these sites, wouldn’t be great for privacy.
My new setup
Firefox
I have enjoyed my time with Firefox again after not using it for around a year. Before testing Safari, I had mostly been using either Brave, Zen, or Mullvad Browser or some combination of them. Firefox provides robust customization options, and the Mullvad browser extension is the killer extension I have learned to love again. The extension allows me to dedicate a specific proxy server to a website, so Reddit and YouTube, and most problematic sites work as expected since I know which servers work with them. The extension also saves my configuration, so the next time I’m visiting one of these sites, it will automatically use the proxy server I had previously used.
Firefox’s Multi-Account Containers is another underrated extension, which I have now used to keep my browsing more separate. It has mostly eliminated my need for multiple browsers or user profiles. While these approaches are also great, they have never worked that well in my use.
Speaking of extensions, it’s great to take advantage of uBlock Origin’s more advanced features again. I don’t think this gets enough attention when considering how much you can reduce your attack surface just by blocking all third-party scrips and / or frames by default.
Of course, Firefox has strong privacy features on its own, such as the Enhanced Tracking Protection and Total Cookie Protection. These are the kinds of features people too often forget in discussions about Firefox.
It’s also important that we continue to support Firefox and other browsers based on it as the concerns related to Google’s control over the web are growing, and Manifest V3 is only the beginning. I don’t think we have the luxury of solely looking at browsers’ technological merits while ignoring what something like a browser engine monopoly can do to the wider web. We only need to look to the past to understand why letting a single company monopolize the web isn’t a great idea.
Safari
While I use Firefox on my other devices, with my iPad, I continue with Safari + iCloud Relay. Accessing streaming apps would otherwise require me to disable the VPN every time I want to watch something. On my MacBook, I can just use Mullvad’s split tunneling and use a dedicated browser for streaming, but on iOS, this functionality doesn’t exist.
Firefox also doesn’t support ad blocking on iOS, which is a deal-breaker for me, while uBlock Origin Lite does a good job keeping the browsing experience pleasant on Safari. While using two browsers makes bookmark management more challenging, I have realized that I don’t need to have all of my bookmarks on my iPad. I could also occasionally import all the bookmarks from Firefox, so this issue doesn’t seem as significant as I had previously thought.
Closing words
Choosing a browser can get complicated as there are a lot of aspects to consider. If you also use a VPN, the choice can become even more challenging. But I feel like I’m now in a good place with my browser setup, and hope that I don’t have to do any major changes too soon. 🌔