Reflections on Apple's iCloud Private Relay: Does it Really Improve Privacy?

gfw.report
6 min read
standard
Article URL: https://gfw.report/blog/private_relay_privacy/en/ Comments URL: https://news.ycombinator.com/item?id=28655042 Points: 1 # Comments: 0
On September 20, 2021, Apple released iCloud Private Relay (archive), a new capability embedded into iOS 15, iPadOS 15, and macOS Monterey. Its objective is to enhance the privacy and security of Apple users who surf the web in Apple's Safari browser. This comes as an exciting news to privacy advocates, especially given Apple's controversial plans for inspecting iCloud photos, a decision that has caused outrage in the privacy community.

In this report, we present an early analysis of iCloud Private Relay, aiming to validate the claims made by Apple on how this new feature can enhance user privacy. The report will get updated as we expand our findings.

How iCloud Private Relay Works: Apple's Explanation

Apple has offered some high-level insights on the architecture of iCloud Private Relay (archive), but, unfortunately, many details are missing on its technical design. The following excerpts are the only technical details we could find officially from Apple (we have highlighted important pieces):

iCloud Private Relay is a new internet privacy service offered as a part of an iCloud+ subscription that allows users on iOS 15, iPadOS 15, and macOS Monterey to connect to and browse the web more privately and securely. Private Relay protects users' web browsing in Safari, DNS resolution queries, and insecure http app traffic. Internet connections set up through Private Relay use anonymous IP addresses that map to the region a user is in, without divulging the user's exact location or identity.

The iCloud Private Relay service uses an innovative multi-hop architecture in which users' requests are sent through two separate internet relays operated by different entities. This way, no single party — including Apple — can view or collect the details of users' browsing activity. Private Relay validates that the client connecting is an iPhone, iPad, or Mac, so you can be assured that connections are coming from an Apple device. Private Relay replaces the user's original IP…
Read full article