How Apple iCloud Private Relay works

Posted:
in Mac Software edited June 10
In a WWDC developer video, Apple has further explained what protection its iCloud Private Relay will give users, plus how exactly it works to increase privacy.

The new iCloud Private Relay will protect users who have an iCloud+ subscription
The new iCloud Private Relay will protect users who have an iCloud+ subscription


Announced at the WWDC 2021 Keynote, iCloud Private Relay is a new feature for Apple users which will prevent third-party companies determining web-browsing habits. It's not going to be available in all countries, but for those that it is, Apple has produced a system that it claims will greatly protect users, yet not also slow down their internet.

"When someone accesses the internet, anyone on their local network can see the names of all of the websites they access based on inspecting DNS queries," says Tommy Pauly of Apple's Internet Technologies group, in a new video for developers.

"This information can be used to fingerprint a user and build a history of their activity over time," he continues. "No one should be able to silently collect all of this information, whether it's a public Wi-Fi operator, another user on the network, or an internet service provider."

Pauly also describes how servers can see a user's IP address when they access a site, and says that "even worse," those servers can "fingerprint user identity" across different sites.

"These are big problems for user privacy, and in order to fix them, we need a new approach that has privacy built in by design," he says. "iCloud Private Relay adds multiple secure proxies to help route user traffic and keep it private."

"The proxies are run by separate entities," continues Pauly. "One is Apple, and one is a content provider."

Apple does not say which firm, or firms, are the other entity. Delziel Fernandes, also from Apple's Internet Technologies group, refers instead solely to what he calls ingress servers, run by Apple, and egress servers, run by other firms.

"When a device tries to access a server, it first sets up a network connection to the ingress proxy," says Fernandes. "This connection is set up using an IP address assigned by the network provider... [and the] egress proxy then forwards these requests to the destination servers by choosing an IP address that maps to the device's city or region."

Apple's illustrative diagram of how iCloud Private Relay works
Apple's illustrative diagram of how iCloud Private Relay works


What this means for the user is that Apple doesn't track which websites they're accessing. And neither the egress server company nor the destination website can track their identities in any way.

What web and network traffic will be protected by iCloud Private Relay

It does not cover all internet traffic, however. Apple says that iCloud Private Relay will apply to:
  • All Safari web browsing

  • All DNS queries as users enter site names

  • All insecure HTTP traffic

What web and network traffic will not be protected by iCloud Private Relay

Apple says that it will also apply to "a small subset of traffic from apps." However, it also listed multiple categories of internet traffic that will not be protected by iCloud Private Relay:
  • Local network connections

  • Private domain name queries

  • Traffic using a regular VPN

  • Internet traffic using a proxy
This is similar to how a VPN works, but iCloud Private Relay is not intended to be an Apple-branded VPN. Apple says that the Private Relay guarantees that users can't use the system to pretend to be from a different region. This allows developers to enforce region-based access restrictions.

There are features developers can access within iCloud Private Relay that mean they can ask for a user's specific location -- if the user allows, and if the app requires it. But otherwise location data is set by the egress server. That third-party and presumably trusted company adds an IP address "that maps to the device's city or region."

So a site or a service gets some location data and it's broadly right, it's correct enough to be useful for, say, a store showing its prices in the right currency or content-gating by geography.

The new iCloud Private Relay is to be introduced alongside macOS Monterey, iOS 15, and iPadOS 15 when they launch later in the year. It will require an iCloud+ subscription, and users will have to choose to turn on Private Relay -- though it is likely to default to on.

"Private Relay is built into iOS and macOS, so you don't need to do anything to adopt it from your app," Pauly told developers. "It's also important to understand that it won't always be affecting your app. It will only apply when a user is an iCloud+ subscriber and has Private Relay enabled."

Follow all the details of WWDC 2021 with the comprehensive AppleInsider coverage of the whole week-long event from June 7 through June 11, including details of all the new launches and updates.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
«1

Comments

  • Reply 1 of 34
    maestro64maestro64 Posts: 4,941member
    The only question why would you want your VPN traffic to run through Apple’s relay service as they suggest, it’s just another layer of latency you have to deal with,  

    I’m assuming it keeps your ISP from spying on you as well, since it has secure encryption connection between safari and the websites your visiting. The ISP should only see random data going to the Apple relay server.
  • Reply 2 of 34
    22july201322july2013 Posts: 2,400member
    Google won’t be copying this feature because Google’s raison d’être is to profit from your identity. Google might not even sell Android to hardware companies which copy this feature. This will be an Apple exclusive. However VPN companies may try to copy this. I wonder if Apple trademarked the phrase “private relay.”

    I wonder if Amazon or Google could own and operate the “egress servers.” Are they “trustable?” I suspect there could be different egress server companies in each country. The reason Private Relay may not be available in some countries is that Apple knows it can’t get trusted egress server companies in those countries. (I.e., not simply a legal prohibition.)

    Warrants issued to both the ingress and egress server companies might be able to get user identities. 

    I look forward to some character in a TV detective/cop show saying, “We can’t locate the user, because they are using Apple’s Private Relay.” That will sell a few Apple devices. 
    watto_cobra
  • Reply 3 of 34
    robabarobaba Posts: 124member
    Good.  Now do this with encryption keys.
    watto_cobra
  • Reply 4 of 34
    I love the direction Apple is going with this.

    I think they've realized they have an open lane to the finish line here, a set of features they can release with zero competition. Because they have the only business model that allows this type of innovation.

    But, still, I think Google and others will follow. Just more slowly and cautiously. And that's the reason I love it, it's going to make privacy more asked about, a more main stream and desirable feature. Companies will start competing on privacy, not wanting to be the most egregious offender. And I do think you'll see die hard Android geeks switching over, noticeable amounts.

    In the past, it almost seemed like companies were competing to have the most violations of privacy. Facebook is obviously a troll in this area, but what really upset me was how they bought Oculus and then recently required a FB login to even use your Oculus headset. They did this around the time they started banning FB users for sharing any Hunter Biden stories. And at the same time, they started saying that you have to have a FB login in 'good standing' to use your Oculus headsets. What's the worst thing that could happen, if my social media site has complete control over whether I use my entire OS or not?
    williamlondonMephisdogolesMplsPwatto_cobra
  • Reply 5 of 34
    rob53rob53 Posts: 2,562member
    I have to wonder if the US government will look at this feature as "yet another" anti-competitive attempt at locking in Apple users. I'm sure 99.99% of Apple users will enjoy this default capability but there will be companies, like @22july2013 mentioned, who won't like it and will go crying to their lobbyists to force the government to stop it. The interesting thing is this feature is something that would actually help secure Apple users web activity and therefore their information, which is something we've been trying to do for decades. Now that it's finally happening, along with the potential for encryption keys, thank you @robaba, our own government thinks Apple is getting too powerful. Of course they are and we love it! We want security whether we know it or not and that's what bothers our government as well as all others. This will make it even more difficult for the NSA, FBI and radical police agencies to sniff our absolutely valid computer use in an attempt to profile every US citizen. This is not a conspiracy theory, we've been seeing it in everyone's news articles. We want our constitutional rights to privacy, whether some people think we have them or not. Way to go Apple!
    williamlondonrobabawatto_cobrajony0
  • Reply 6 of 34
    DAalsethDAalseth Posts: 1,623member
    It’s interesting that you can’t stack this on top of a regular VPN. The article specifically says that traffic using a regular VPN will not be protected. I was hoping that using Safari, through a VPN would give double the security. 
    watto_cobra
  • Reply 7 of 34
    GeorgeBMacGeorgeBMac Posts: 9,828member
    rob53 said:
    I have to wonder if the US government will look at this feature as "yet another" anti-competitive attempt at locking in Apple users. I'm sure 99.99% of Apple users will enjoy this default capability but there will be companies, like @22july2013 mentioned, who won't like it and will go crying to their lobbyists to force the government to stop it. The interesting thing is this feature is something that would actually help secure Apple users web activity and therefore their information, which is something we've been trying to do for decades. Now that it's finally happening, along with the potential for encryption keys, thank you @robaba, our own government thinks Apple is getting too powerful. Of course they are and we love it! We want security whether we know it or not and that's what bothers our government as well as all others. This will make it even more difficult for the NSA, FBI and radical police agencies to sniff our absolutely valid computer use in an attempt to profile every US citizen. This is not a conspiracy theory, we've been seeing it in everyone's news articles. We want our constitutional rights to privacy, whether some people think we have them or not. Way to go Apple!

    With domestic terrorists -- such those who invaded our capitol -- becoming the nation's #1 Threat, maybe that surveillance needs to be increased to insure our national security.

    It is those domestic terrorists, insurrectionists and other criminals who need to fear government surveillance.  Those loyal to the country and obeying its laws have only fear the domestic terrorists, insurrectionists and criminals - not our government who is charged with protecting us from such low lifes
    dewmeDogperson
  • Reply 8 of 34
    DAalsethDAalseth Posts: 1,623member
    rob53 said:
    We want our constitutional rights to privacy, whether some people think we have them or not.
    When Judge Robert Bork was nominated for the Supreme Court he was asked about a right to privacy. He said that there was no constitutionally guaranteed right to privacy. He didn’t say in relation to this or that issue. There was none at all, period. When questioned further on this point he doubled down on that assertion. Now Bork did not make it to the Court, but several of his law clerks and students have made it into Federal courts and I think at least one has made the high court as well. 

    Yes Virginia, there IS a deliberate and coordinated war on the right to privacy. 
    williamlondonwatto_cobra
  • Reply 9 of 34
    WgkruegerWgkrueger Posts: 323member
    DAalseth said:
    rob53 said:
    We want our constitutional rights to privacy, whether some people think we have them or not.
    When Judge Robert Bork was nominated for the Supreme Court he was asked about a right to privacy. He said that there was no constitutionally guaranteed right to privacy. He didn’t say in relation to this or that issue. There was none at all, period. When questioned further on this point he doubled down on that assertion. Now Bork did not make it to the Court, but several of his law clerks and students have made it into Federal courts and I think at least one has made the high court as well. 

    Yes Virginia, there IS a deliberate and coordinated war on the right to privacy. 
    Santa has the most advanced surveillance operation on the planet. He knows everything about you. 
    dewmeGeorgeBMac
  • Reply 10 of 34
    sunman42sunman42 Posts: 127member
    maestro64 said:
    The only question why would you want your VPN traffic to run through Apple’s relay service as they suggest, it’s just another layer of latency you have to deal with,  

    I’m assuming it keeps your ISP from spying on you as well, since it has secure encryption connection between safari and the websites your visiting. The ISP should only see random data going to the Apple relay server.
    Yes, this is to keep the Verizons and other big telecom ISPs from selling your browsing habits to advertisers.... and whatever other uses they may make of your data.
    watto_cobra
  • Reply 11 of 34
    MacProMacPro Posts: 19,337member
    Now, if only Apple could prevent people falling for phishing and giving away their credentials.  I suppose the double step verification helps greatly.
    edited June 10 williamlondonwatto_cobra
  • Reply 12 of 34
    eriamjheriamjh Posts: 1,320member
    Does it say that data from the iPhone is encrypted to the ingress server?   I don’t see the word encrypted anywhere in the article. 
    chris-netwatto_cobra
  • Reply 13 of 34
    gatorguygatorguy Posts: 23,001member
    Google won’t be copying this feature because Google’s raison d’être is to profit from your identity.
    Google already offers much of the same. See Google One VPN.

    One important note: While your internet and cell provider and any third parties will no longer be able to track you, Google themselves will continue to receive account data unless you turn off syncing for their services. Definitely extra steps to take if your privacy from everyone is important. AFAICT they offer the same level of privacy but don't make it clear and easy to do so.

    Apple apparently turns syncing off automatically with theirs?
    EDIT: Perhaps not entirely?

    I've used Google's VPN on my smartphones and Pixelbooks for some time now, and one minor plus is quickly toggling the VPN off if it interferes with a particular service I want to connect to, and it does happen. I also use Google Fi on one smartphone which offers major privacy protection over a typical cell provider and defaults to Google's VPN.
    edited June 10
  • Reply 14 of 34
    dewmedewme Posts: 3,694member
    DAalseth said:
    It’s interesting that you can’t stack this on top of a regular VPN. The article specifically says that traffic using a regular VPN will not be protected. I was hoping that using Safari, through a VPN would give double the security. 

    Keep in mind that Apple is primarily promoting this a privacy feature, not as a security feature even though it does add some notion of security versus doing nothing at all. 

    Apple's Private Relay (APR) preserves enough locale information to allow you to continue to receive (course grained) regional based feeds and to allow developers/publishers to enforce region based blocking. One of the reasons people use traditional VPNs is to obscure their true location, which Apple is intentionally not doing.

    Off the top of my head I'm thinking that adding APR in front of a traditional VPN would simply obscure the APR generated location information. A traditional VPN already does this, so you'd just be adding another routing table from APR to the connection. You may as well just use a traditional VPN by itself because it's already doing everything you need without adding another lookup/hop to the connection routing.

    Reliability is also a concern. Chaining together two processes, each of which can independently fail, but where both are necessary for operation, by definition, always reduces reliability. 
    MplsPwatto_cobra
  • Reply 15 of 34
    22july201322july2013 Posts: 2,400member
    gatorguy said:
    Google won’t be copying this feature because Google’s raison d’être is to profit from your identity.
    Google already offers much of the same. See Google One VPN.

    One important note: While your internet and cell provider or any third parties will no longer be able to track you, Google themselves will continue to receive account data unless you turn off syncing for their services. Definitely extra steps to take if your privacy from everyone is important. AFAICT they offer the same level of privacy but don't make it clear and easy to do so.
    I appreciate your politeness here today. I was unaware of that service. I will look into it. I'm doubtful that it divides the traffic into two separate kinds of servers run by two different companies. And from what I've read its available to only 4% of the world's population at this point (the USA.)

    There's very little to read about it on Wikipedia here: https://en.wikipedia.org/wiki/Google_One#Google_One_VPN
  • Reply 16 of 34
    22july201322july2013 Posts: 2,400member
    rob53 said:
    I have to wonder if the US government will look at this feature as "yet another" anti-competitive attempt at locking in Apple users. I'm sure 99.99% of Apple users will enjoy this default capability but there will be companies, like @22july2013 mentioned, who won't like it and will go crying to their lobbyists to force the government to stop it. The interesting thing is this feature is something that would actually help secure Apple users web activity and therefore their information, which is something we've been trying to do for decades. Now that it's finally happening, along with the potential for encryption keys, thank you @robaba, our own government thinks Apple is getting too powerful. Of course they are and we love it! We want security whether we know it or not and that's what bothers our government as well as all others. This will make it even more difficult for the NSA, FBI and radical police agencies to sniff our absolutely valid computer use in an attempt to profile every US citizen. This is not a conspiracy theory, we've been seeing it in everyone's news articles. We want our constitutional rights to privacy, whether some people think we have them or not. Way to go Apple!

    With domestic terrorists -- such those who invaded our capitol -- becoming the nation's #1 Threat, maybe that surveillance needs to be increased to insure our national security.

    It is those domestic terrorists, insurrectionists and other criminals who need to fear government surveillance.  Those loyal to the country and obeying its laws have only fear the domestic terrorists, insurrectionists and criminals - not our government who is charged with protecting us from such low lifes
    Just yesterday Biden disagreed with you, saying to his military that the environment was the USA nation's #1 threat. I guess this is the foundation Biden will use to defund the military along with the police.

    When you say "domestic terrorists", I presume you are alluding to Antifa and BLM who assault innocent people and violently invade police stations and burn down entire city blocks. Cause I can't think of any other active domestic terrorists. And for me those are foreign terrorists since I'm not American.
    watto_cobra
  • Reply 17 of 34
    In iOS safari how do I see the certificate details of the site I’ve visited?

    apple states proxies, either I’m being ssl bridged across both relay proxies or the proxies are serving their own certs to safari.

    inspecting the cert served to safari would be a good clue. 
    watto_cobra
  • Reply 18 of 34
    flydogflydog Posts: 968member
    maestro64 said:
    The only question why would you want your VPN traffic to run through Apple’s relay service as they suggest, it’s just another layer of latency you have to deal with,  

    I’m assuming it keeps your ISP from spying on you as well, since it has secure encryption connection between safari and the websites your visiting. The ISP should only see random data going to the Apple relay server.
    As is clearly stated in the article, Private Relay does not apply to VPN traffic. 
    coolfactorwatto_cobra
  • Reply 19 of 34
    zimmiezimmie Posts: 536member
    Google won’t be copying this feature because Google’s raison d’être is to profit from your identity. Google might not even sell Android to hardware companies which copy this feature. This will be an Apple exclusive. However VPN companies may try to copy this. I wonder if Apple trademarked the phrase “private relay.”

    I wonder if Amazon or Google could own and operate the “egress servers.” Are they “trustable?” I suspect there could be different egress server companies in each country. The reason Private Relay may not be available in some countries is that Apple knows it can’t get trusted egress server companies in those countries. (I.e., not simply a legal prohibition.)

    Warrants issued to both the ingress and egress server companies might be able to get user identities. 

    I look forward to some character in a TV detective/cop show saying, “We can’t locate the user, because they are using Apple’s Private Relay.” That will sell a few Apple devices. 
    Google already offers something similar to this with their Fi virtual telco. Websites can still set a cookie on the client, otherwise you wouldn't be able to log in to any site through this service. This mostly affects telcos' ability to snoop on their customers' traffic. It potentially reduces the quality of their competitors advertising data without reducing the quality of Google's. They're all about that.

    The third-party companies are clearly operating as proxies which don't require authentication. The point of the service is Apple authenticates the user for billing purposes, then they hide the identity of the traffic's source. The third-party can see where you're going, but as long as you're using TLS to the destination, that's all they can see.

    Yes, a warrant to both companies could correlate user identities with the sites they are visiting, assuming the information is logged, and assuming the logging has enough specificity. Since they're operated by separate companies, they are unlikely to have their clocks synchronized well enough for timestamp-based correlation.
    watto_cobra
  • Reply 20 of 34
    flydogflydog Posts: 968member
    DAalseth said:
    rob53 said:
    We want our constitutional rights to privacy, whether some people think we have them or not.
    When Judge Robert Bork was nominated for the Supreme Court he was asked about a right to privacy. He said that there was no constitutionally guaranteed right to privacy. He didn’t say in relation to this or that issue. There was none at all, period. When questioned further on this point he doubled down on that assertion. Now Bork did not make it to the Court, but several of his law clerks and students have made it into Federal courts and I think at least one has made the high court as well. 

    Yes Virginia, there IS a deliberate and coordinated war on the right to privacy. 
    Mr. Bork must not be familiar with the First, Third, Fourth, Fifth, Ninth, and Fourteenth Amendments.  
    darkvaderwilliamlondonfirelockwatto_cobra
Sign In or Register to comment.