PGPP Beta Support Notes
Updated 2023.01.31
Overview
Pretty Good Phone Privacy (PGPP) is a fundamentally new type of service that gives you private mobile connectivity. Since this is a beta service, it will be under constant improvement. Please email us at pgpp@invisv.com and let us know what you’d like to see next. For more basic information on the service, please see the main PGPP page.
Private DNS
PGPP always uses Private DNS when Relay is enabled, currently Cloudflare’s 1.1.1.1/1.0.0.1 Private DNS service. In fact, more than just ordinary Private DNS, PGPP is performing a type of Oblivious DNS: your DNS requests are made over PGPP Relay itself, so even Cloudflare’s DNS service does not know your IP address when you are using their DNS service on Relay. However, as a result of this, you may run into problems if you have manually configured a specific Private DNS server to use on your device. If you instead select “Automatic” for Private DNS, Relay will work normally. We plan to enable support for configuring which Private DNS service you use on Relay in a future version.
Changing ID takes some time
Changing your Mobile ID (IMSI) takes some time – depending on your phone make/model, it can take anywhere from 30 seconds to a few minutes. This has to do with many factors not under any one company’s control – the eSIM chip on your phone, where you are in the world, your Android OS, etc.
We plan to add an option for automatic ID changing so that you don’t need to manually choose when to update your ID.
IP Geolocalization
Many sites on the Internet use IP address geolocalization (geoIP) to provide region-specific content. They typically accomplish this by using third-party geoIP databases, each of which has its own inaccuracies. More than just providing region-specific content, some sites also use geoIP to find a nearby, fast server to direct network traffic to. There are perhaps a dozen major geoIP companies, each of which makes its own geoIP decisions.
PGPP Relay ensures that you do not reveal your IP address coupled with your Internet traffic to anyone. If you are going through the nearest Relay site and Fastly egress, though, you probably still want good performance while preserving your privacy, and we have engineered PGPP Relay to ensure this. However, in a few cases, geoIP companies have not yet updated where in the world they believe Fastly’s IPs to be, and as a result they will mistakenly send you to a far away server (such as a speed test server, yielding less than accurate results).
PGPP Relay Traffic Restrictions / Blocked Ports
PGPP Relay currently has a few restrictions to ensure performance and security of the system, and will evolve over time. Currently Relay does not allow traffic on select TCP/UDP port numbers. Applications that attempt to create such traffic will find their traffic blocked on the device itself.
Specifically, for security and anti-spam reasons, Fastly blocks outbound connections to ports used by insecure SMTP and IMAP email clients and SSH, along with ports used by several outdated protocols. (This does not, however, affect apps that are Web-based or Web-style, as they use HTTPS.) Since neither Fastly nor INVISV have visibility into actual network traffic, this type of port blocking is the only current option for these security measures. We are exploring whether to unblock certain ports based upon need.
Interference by VPN apps
Previously-used / previously-installed VPN apps can interfere with PGPP Relay depending on their settings. In particular, if you are having trouble turning on PGPP Relay, it is good to check VPN settings in your Android settings. Ensure that no VPN app has “always on” or “block…” enabled, as this will prevent PGPP Relay from turning on. Once PGPP Relay is working, you can use the same VPN Android settings to enable “always on” and/or “block…” for PGPP to ensure stricter traffic policies on the phone.
Hotspot / Tethering
Mobile plan eSIMs support the use of hotspot/tethering. While tethering, tethered device traffic is currently not sent over Relay when it is active on the phone due to Android limitations.