What Is INVISV Relay?
Privacy is a layered problem, which means we need to create layered solutions. Normally, when you connect to sites on the Internet, they can see your IP address and use it to identify you. As a partial solution, people use VPN services to hide their IPs to servers, but this doesn’t solve the problem because, as an essential aspect of a VPN’s design, the VPN company still knows your identity (your IP address and, often, your customer information) and all of your Internet usage. Instead, INVISV Relay uses a Multi-Party Relay (MPR) architecture that is private by design. (Learn more here about why VPNs are wrong for privacy and MPRs provide privacy in the architecture itself.)
INVISV Relay provides decoupled IP privacy - separating users’ IP addresses from their data traffic - through a partnership between INVISV and Fastly. With Relay, neither INVISV nor Fastly can tie your IP address to your Internet traffic, which means unlike a VPN there’s no single point of monitoring.
INVISV Relay service can be used when on WiFi or mobile data, and supports a wide range of Android devices. (We will be open sourcing Relay very soon.)
INVISV Relay Details
- Internet privacy utilizing the Multi-Party Relay (MPR) architecture - In partnership with Fastly, this plan ensures your IP address and all your network usage on both WiFi and mobile data are decoupled, and your browsing hidden from connectivity providers including us at INVISV (unlike with a VPN).
- In the MPR architecture, when a user uses the Internet, the network traffic (including the name of the site and any data sent/received) is encrypted using TLS so INVISV (the first server) and the Internet Service Provider do not know where the request is going or what it contains. The second server, Fastly, is a content delivery network that will connect the request to its destination but will not know who it’s from or the actual content of the request/browsing.
- **This plan is a supplemental privacy feature for those with existing Internet connectivity through WiFi or a mobile plan. This plan by itself does not provide mobile data service.
Free service: 2500 MB/month
- By popular request, all users now can receive 2500 MB/month of free Relay service.
- We’re a small organization working to improve privacy on the Internet. If you like the service, please consider subscribing: that will remove your data limit and support the infrastructure that makes this possible and the 2500 MB/month available to all users.
Unlimited: 5 USD/month (or equivalent in local currency)
- Upgrade anytime for unlimited usage.
September 2022 – Beta Launch
INVISV Relay works on any Android device that has Internet access (whether using WiFi or mobile data service). However, as a Beta service, you may run into some issues and we’d love to hear about them at firstname.lastname@example.org – please let us know what you think and any questions you have.
DNS Privacy Filter
To improve your privacy, Relay includes an optional DNS-based privacy filter. We aggregate many standard DNS privacy lists, including this and this, which list sites of trackers, malware, and ads to block. Relay blocks these sites on the device itself. This means that the apps and browsers on the phone are prevented from even making a request to those Internet hostnames. This feature is experimental and may end up blocking too many sites, some of which you want to be able to access, so you can choose whether to enable or disable the Privacy Filter in Settings.
Some apps may not work right with Relay enabled, but they may be essential to your phone usage. You can use the Exempt Apps feature in Settings to select individual apps or Android system services that you would like to be exempt from Relay – that means that apps you select in the Exempt Apps setting will not go through Relay and instead will be able to communicate on the network as if Relay were off. This means that the apps you exempt will not get the privacy protection of Relay. This may be useful to some users when an important app makes certain kinds of network connections that are not allowed by Relay, or if it makes network connections on the local network (which Relay can’t connect to).
Relay always uses Private DNS when Relay is enabled, currently Cloudflare’s 18.104.22.168/22.214.171.124 Private DNS service. In fact, more than just ordinary Private DNS, Relay is performing a type of Oblivious DNS: your DNS requests are made over Relay itself, so even Cloudflare’s DNS service does not know your IP address when you are using their DNS service on Relay. However, as a result of this, you may run into problems if you have manually configured a specific Private DNS server to use on your device. If you instead select “Automatic” for Private DNS, Relay will work normally. We plan to enable support for configuring which Private DNS service you use on Relay in a future version.
Many sites on the Internet use IP address geolocalization (geoIP) to provide region-specific content. They typically accomplish this by using third-party geoIP databases, each of which has its own inaccuracies. More than just providing region-specific content, some sites also use geoIP to find a nearby, fast server to direct network traffic to. There are perhaps a dozen major geoIP companies, each of which makes its own geoIP decisions.
Relay ensures that you do not reveal your IP address coupled with your Internet traffic to anyone. If you are going through the nearest Relay site and Fastly egress, though, you probably still want good performance while preserving your privacy, and we have engineered Relay to ensure this. However, in a few cases, geoIP companies have not yet updated where in the world they believe Fastly’s IPs to be, and as a result they will mistakenly send you to a far away server (such as a speed test server, yielding less than accurate results).
Relay Traffic Restrictions
Relay currently has a few restrictions to ensure performance and security of the system, and will evolve over time. Currently Relay does not allow TCP traffic on select port numbers or UDP traffic except for HTTP/3. Applications that attempt to create such traffic will find their traffic blocked on the device itself. Eventually Relay will allow UDP traffic to additional destination port numbers.
Interference by VPN apps
Previously-used / previously-installed VPN apps can interfere with Relay depending on their settings. In particular, if you are having trouble turning on Relay, it is good to check VPN settings in your Android settings. Ensure that no VPN app has “always on” or “block…” enabled, as this will prevent Relay from turning on. Once Relay is working, you can use the same VPN Android settings to enable “always on” and/or “block…” for to ensure stricter traffic policies on the phone.
Blocked network ports
For security and anti-spam reasons, Fastly blocks certain network ports, including the ports used by SMTP and IMAP email clients, and SSH. (This does not, however, affect apps that are Web-based or Web-style, as these use HTTPS.) Since neither Fastly nor INVISV have visibility into actual network traffic, this type of blanket port blocking is the only current option for these measures. We are exploring whether to unblock certain ports based upon need.