large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

What is iCloud Private Relay?

Apple’s iCloud Private Relay is a service available to iCloud+ subscribers who use iOS 15, iPadOS 15 and macOS Monterey. It makes your web browsing and online activities more private by concealing your IP address from the websites you visit and hiding addresses of the websites you visit from your internet provider.

Launched a public beta in August 2021 and It’s the product of a partnership between Apple and web infrastructure, security and content delivery firms including Cloudflare and Akamai to create a multi-stage proxying service that conceals your IP address while still leaving you able to access local geolocated services.

When you enable Private Relay in your iCloud settings, internet traffic to and from your device, including DNS requests, is encrypted and sent through two internet relays, one run by Apple, the other by, for example, Cloudflare. At the other end of the connection, you have a new IP address that cannot be linked to the one assigned to your connection by your ISP.

Kaspersky VPN Secure Connection – 34% Off

Kaspersky VPN Secure Connection – 34% Off

The secure way to enjoy the web without compromising on speed is now 34% off at £34.12 a year, equivalent to £2.84 per month, with coverage for up to 5 devices.

Compatible with Android™ and iOS®

  • Kaspersky
  • Was £52.50
  • £34.12/year (£2.84 monthly equivalent)
View Offer

What does an iCloud Private Relay connection look like?

With Private Relay enabled, you connect to the internet via your ISP as usual. From there, your connection goes to an Ingress Proxy server run by Apple. This can see your originating IP address, but your connection is encrypted – including metadata such as the address of the website you’re going to, so it it has no idea where you’re going.

Apple’s Ingress Proxy uses your IP address to assign you an anonymised geohash that indicates the rough geographical region your connection need to be shown as coming from. It then hands the connection over to an Egress Proxy run by a company such as Cloudflare. The Egress Proxy can see the anonymised geohash and the URL you’re going to, but it can’t see your originating IP address.

The Egress Proxy assigns you a new IP address that’s a good match for your physical location. It’s this which can be see by the site at the other end, effectively concealing your real originating IP address.

By doing this, iCloud Private Relay is designed to make it significantly harder for you to be identified by your online activity, used for user behaviour analysis, or for your online activity to be snooped on. While many privacy solutions such as a VPNs and proxies mess up your ability to access geolocated services, Apple has gone one better with hash-based geolocation accuracy and a pool of location-registered IP addresses, as well as anti-fraud measures to help reassure content providers that are traditionally leery of customers using proxying services of any kind.

How does Private Relay perform?

Security and privacy are important, but there’s a limit to how much performance most people are prepared to trade off.

Some beta users of Private Relay report that streaming services including Neflix have shown them content for the wrong country and or just rejected their connection because Private Relay has tripped Netflix’s anti-VPN measures.

Using iCloud Private Relay might even improve your connection speeds. Cloudflare says that “using Private Relay to reach websites instead of going directly to the origin server can result in significant, measured decreases in page load time for clients using Private Relay vs those that are not.” Users report variable performance, with some complaining of slowdowns across the board, while others observing higher latency but faster load times, and some ISPs warn that their services may be adversely affected.

Researchers have found that early versions Private Relay could lead your originating IP address via the WebRTC communication protocol, but this has now been resolved.

Kaspersky VPN Secure Connection – 34% Off

Kaspersky VPN Secure Connection – 34% Off

The secure way to enjoy the web without compromising on speed is now 34% off at £34.12 a year, equivalent to £2.84 per month, with coverage for up to 5 devices.

Compatible with Android™ and iOS®

  • Kaspersky
  • Was £52.50
  • £34.12/year (£2.84 monthly equivalent)
View Offer

FAQs

Where can I find our more about how Private Relay works?

For more information on how all of this works, see Cloudflare’s iCloud Private Relay: information for Cloudflare customers, Akamai’s Powering and Protecting Online Privacy: iCloud Private Relay and Information for Akamai Customers, and Apple’s iCloud Private Relay white paper (PDF) and its Prepare Your Network or Web Server for iCloud Private Relay article.

Can the company operating the egress proxy see what I’m browsing?

The company operating the exit relay can see that a Private Relay user is receiving traffic, but cannot identify you or your IP address from the geohash identifying generated for your by the Ingress Relay.

Can the website I’m browsing see my originating IP address?

No, websites you connect to will see an address issued to you by the Cloudflare egress proxy. However, if you log into a site you’re a member of using your usual account, all your interactions with the site will be logged and associated with your account as usual, just with the Cloudflare-issued IP address logged alongside that.

Can I use Private Relay to view geo-locked foreign content?

No. You can choose between an IP address location that shows your general location within a country, or one that only shows what country and time zone you’re in, for a bit of extra privacy, but you can’t use Private Relay as a region-shifting proxy. If you need to see what the web looks like from another country, check out our Best VPNs list.

Does Private Relay keep identifying logs?

No. Per Apple’s white paper, the performance metrics, region information, resource usage are kept with no associated identifying information: Connection properties and performance metrics; network and region information derived from IP address; anonymous token validation success rate and performance, and private Relay system resource usage. For anti-fraud and anti-abuse purposes, Apple says that iCloud account, software version, and request timestamp are also logged, but “ but cannot be correlated with connection information”.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.