What is iCloud Private Relay?

Apple’s iCloud Private Relay is a service available to iCloud+ subscribers who use iOS 15, iPadOS 15 and macOS Monterey. It makes your web browsing and online activities more private by concealing your IP address from the websites you visit and hiding addresses of the websites you visit from your internet provider.

Launched a public beta in August 2021 and It’s the product of a partnership between Apple and web infrastructure, security and content delivery firms including Cloudflare and Akamai to create a multi-stage proxying service that conceals your IP address while still leaving you able to access local geolocated services.

When you enable Private Relay in your iCloud settings, internet traffic to and from your device, including DNS requests, is encrypted and sent through two internet relays, one run by Apple, the other by, for example, Cloudflare. At the other end of the connection, you have a new IP address that cannot be linked to the one assigned to your connection by your ISP.

What does an iCloud Private Relay connection look like?

With Private Relay enabled, you connect to the internet via your ISP as usual. From there, your connection goes to an Ingress Proxy server run by Apple. This can see your originating IP address, but your connection is encrypted – including metadata such as the address of the website you’re going to, so it it has no idea where you’re going.

Apple’s Ingress Proxy uses your IP address to assign you an anonymised geohash that indicates the rough geographical region your connection need to be shown as coming from. It then hands the connection over to an Egress Proxy run by a company such as Cloudflare. The Egress Proxy can see the anonymised geohash and the URL you’re going to, but it can’t see your originating IP address.

The Egress Proxy assigns you a new IP address that’s a good match for your physical location. It’s this which can be see by the site at the other end, effectively concealing your real originating IP address.

By doing this, iCloud Private Relay is designed to make it significantly harder for you to be identified by your online activity, used for user behaviour analysis, or for your online activity to be snooped on. While many privacy solutions such as a VPNs and proxies mess up your ability to access geolocated services, Apple has gone one better with hash-based geolocation accuracy and a pool of location-registered IP addresses, as well as anti-fraud measures to help reassure content providers that are traditionally leery of customers using proxying services of any kind.

How does Private Relay perform?

Security and privacy are important, but there’s a limit to how much performance most people are prepared to trade off.

Some beta users of Private Relay report that streaming services including Neflix have shown them content for the wrong country and or just rejected their connection because Private Relay has tripped Netflix’s anti-VPN measures.

Using iCloud Private Relay might even improve your connection speeds. Cloudflare says that “using Private Relay to reach websites instead of going directly to the origin server can result in significant, measured decreases in page load time for clients using Private Relay vs those that are not.” Users report variable performance, with some complaining of slowdowns across the board, while others observing higher latency but faster load times, and some ISPs warn that their services may be adversely affected.

Researchers have found that early versions Private Relay could lead your originating IP address via the WebRTC communication protocol, but this has now been resolved.