PGPP Beta Support

PGPP Beta Support Notes

Updated 2022.08.10

Overview

Pretty Good Phone Privacy (PGPP) is a fundamentally new type of service that gives you private mobile connectivity. Since this is a beta service, it will be under constant improvement. Please email us at pgpp@invisv.com and let us know what you’d like to see next. For more basic information on the service, please see the main PGPP page.

Private DNS

PGPP always uses Private DNS when Relay is enabled, currently Cloudflare’s 1.1.1.1/1.0.0.1 Private DNS service. In fact, more than just ordinary Private DNS, PGPP is performing a type of Oblivious DNS: your DNS requests are made over PGPP Relay itself, so even Cloudflare’s DNS service does not know your IP address when you are using their DNS service on Relay. However, as a result of this, you may run into problems if you have manually configured a specific Private DNS server to use on your device. If you instead select “Automatic” for Private DNS, Relay will work normally. We plan to enable support for configuring which Private DNS service you use on Relay in a future version.

Changing ID takes some time

Changing your Mobile ID (IMSI) takes some time – depending on your phone make/model, it can take anywhere from 30 seconds to a few minutes. This has to do with many factors not under any one company’s control – the eSIM chip on your phone, where you are in the world, your Android OS, etc.

We plan to add an option for automatic ID changing so that you don’t need to manually choose when to update your ID.

IP Geolocalization

Many sites on the Internet use IP address geolocalization (geoIP) to provide region-specific content. They typically accomplish this by using third-party geoIP databases, each of which has its own inaccuracies. More than just providing region-specific content, some sites also use geoIP to find a nearby, fast server to direct network traffic to. There are perhaps a dozen major geoIP companies, each of which makes its own geoIP decisions.

PGPP Relay ensures that you do not reveal your IP address coupled with your Internet traffic to anyone. If you are going through the nearest Relay site and Fastly egress, though, you probably still want good performance while preserving your privacy, and we have engineered PGPP Relay to ensure this. However, in a few cases, geoIP companies have not yet updated where in the world they believe Fastly’s IPs to be, and as a result they will mistakenly send you to a far away server (such as a speed test server, yielding less than accurate results).

PGPP Relay Traffic Restrictions

PGPP Relay currently has a few restrictions to ensure performance and security of the system, and will evolve over time. Currently Relay does not allow TCP traffic on select port numbers or UDP traffic generally. Applications that attempt to create such traffic will find their traffic blocked on the device itself. Eventually PGPP Relay will allow UDP traffic to certain destination port numbers.

Interference by VPN apps

Previously-used / previously-installed VPN apps can interfere with PGPP Relay depending on their settings. In particular, if you are having trouble turning on PGPP Relay, it is good to check VPN settings in your Android settings. Ensure that no VPN app has “always on” or “block…” enabled, as this will prevent PGPP Relay from turning on. Once PGPP Relay is working, you can use the same VPN Android settings to enable “always on” and/or “block…” for PGPP to ensure stricter traffic policies on the phone.

Hotspot / Tethering

Mobile plan eSIMs support the use of hotspot/tethering. While tethering, tethered device traffic is currently not sent over Relay when it is active on the phone.

Blocked network ports

For security and anti-spam reasons, Fastly blocks certain network ports, including the ports used by SMTP and IMAP email clients and SSH. (This does not, however, affect apps that are Web-based or Web-style, as these use HTTPS.) Since neither Fastly nor INVISV have visibility into actual network traffic, this type of blanket port blocking is the only current option for these measures. We are exploring whether to unblock certain ports based upon need.