Digging Into Apple’s iCloud Private Relay

Good overview of one of this week’s biggest announcements from Dave Hamilton for The Mac Observer:

Apple’s iCloud Private Relay works similar to a VPN in that it routes your traffic through other servers, hiding your IP address from the websites you visit, and hiding your traffic from whomever manages your local network. Where it differs is that a VPN is generally just one server between you and the website you’re visiting. With a VPN, your traffic takes the route of You ↔︎ VPN Server ↔︎ Website. Private Relay adds another server to the mix, which ensures that no one in the chain — not even Apple — can see the whole picture: You ↔︎ Apple’s Ingress Server ↔︎ Content Provider’s Egress Server ↔︎ Website.

This is, as Apple calls it in their “Get Ready for iCloud Private Relay” WWDC Session on the topic, “Privacy by Design.”

Apple made specific mention that while the “Ingress Proxy” servers are run by Apple, the “Egress Proxy” (aka the server which communicates with the websites you visit) is not controlled by Apple and is under the control of “a (trusted) content provider”. This means that Apple doesn’t know what site(s) you’re visiting, and the third-party content provider doesn’t know who you are.

I’m using this on both an iPhone and iPad running the new OS betas, and it doesn’t seem to slow anything down. I did run into a problem where initially, both devices were saying I needed to upgrade to a paid iCloud account to enable the feature in Safari (also for Mail’s new tracker privacy protection), even though I’ve got an Apple One family account. I “fixed” that by restarting both devices after poking around the iCloud section in Settings. Not a bad bug for a developer beta 1 — just figured I’d mention it here in case anyone else runs into it.

Thursday, 10 June 2021