Reflections on Apple's iCloud Private Relay: Does it Really Improve Privacy?
On September 20, 2021, Apple released iCloud Private Relay (archive), a new capability embedded into iOS 15, iPadOS 15, and macOS Monterey. Its objective is to enhance the privacy and security of Apple users who surf the web in Apple’s Safari browser. This comes as an exciting news to privacy advocates, especially given Apple’s controversial plans for inspecting iCloud photos, a decision that has caused outrage in the privacy community.
In this report, we present an early analysis of iCloud Private Relay, aiming to validate the claims made by Apple on how this new feature can enhance user privacy. The report will get updated as we expand our findings.
Apple has offered some high-level insights on the architecture of iCloud Private Relay (archive), but, unfortunately, many details are missing on its technical design. The following excerpts are the only technical details we could find officially from Apple (we have highlighted important pieces):
iCloud Private Relay is a new internet privacy service offered as a part of an iCloud+ subscription that allows users on iOS 15, iPadOS 15, and macOS Monterey to connect to and browse the web more privately and securely. Private Relay protects users’ web browsing in Safari, DNS resolution queries, and insecure http app traffic. Internet connections set up through Private Relay use anonymous IP addresses that map to the region a user is in, without divulging the user’s exact location or identity.
