Apple recently created a new feature called iCloud Private Relay to keep private and personal data just that way—private and confidential. iCloud users when they’re using Safari or Mail.app, can protect their traffic from others. For some users, this is much awaited.
For others, it can create issues if you’re active on your company’s internal network.
iCloud Private Relay isn’t a VPN but works in similar ways. Below we go into more about what you should know about this feature and whether you should use it or disable it.
What Does Private Relay Do?
As mentioned, Private Relay has some similarities to a VPN because it obscures web browsing and sends your data through a pair of relays. By sending data through relays, it can hide your IP address or location, and it masks your browsing contents.
During any particular day, you might find you’re using different networks to browse the web. You could be using your home connection, or you might be in public using Wi-Fi.
Network providers and websites, as a result, can combine your browsing history and identity to create profiles about you, which is where Private Relay comes in.
You can browse through Safari in what Apple describes as being more secure and private.
Traffic leaving your devices is encrypted, and all your requests, as mentioned, go through two internet relays.
Using it doesn’t affect performance at least not according to Apple. If we want to sum it up, Private Relay is ultimately a VPN for Safari, but it’s built-in. This is the case even though Apple never refers to it as a VPN.
The reason Apple doesn’t call it a VPN is because it doesn’t have all the features that would characterize it as such.
However, even Apple is prevented from knowing who you are and where you’re connecting from.
What Can It Do?
With Private Relay, you can choose your IP address location and your general IP address so that you can still get some location data.
Another option is to select an IP address in your time zone and country which gives you more anonymity but less tailored content when you’re online.
Private Relays do use your approximate location so you can’t geo-hop. That means, unlike a VPN, you can’t use it to for example stream content on Netflix from another country.
While there are limitations compared to a VPN, Private Relay is in some ways more secure. Apple blocks your identifying IP address information. Then, that information is sent to a second server where it assigns a temporary address, so your information is masked twice. That double-masking of information means Apple, third-party relay companies, nor the website you visit can track you.
Private Relay is free to use, and it’s available as an add-on for iCloud+ subscribers. iCloud+ lets you access all the basic iCloud features like iCloud Drive and additional features including Private Relay. You can share an iCloud+ plan with everyone in your family.
What Are the Limitations?
There are some limitations on Private relays. For example, certain countries won’t have it available, including China, Belarus, Saudi Arabia, and South Africa. According to Apple, it won’t be available in these countries because of regulatory limitations.
Private Relay only works with Safari, which is the major limitation when comparing it to a VPN.
How Do You Turn the Feature On?
You have to use iOS 15, iPad OS 15, or macOS Monterey and be an Apple iCloud subscriber to use the feature. Then, once you turn it on you go to your iCloud settings where you should see Private Relay. You can toggle it on from there if you’re on an iPhone or iPad.
Are There Reasons to Restrict Private Relay?
If you’re a consumer of Apple products, Private Relay can be a pretty exciting offering. If you’re an IT admin and you’re using Apple products in a company setting, maybe not so much.
There are certain reasons, including compliance and disclosure, that mean you may need to restrict access to Private Relay.
For example, if you’re an IT admin for an educational institution, you may have to audit traffic or implement parental controls. Another scenario would be if you’re an admin of a company with very sensitive information on your network. You need a high level of visibility as a result.
You’re unable to protect or audit what you can’t see.
If you’re an admin, you can use MDM restrictions or DNS restrictions to limit Private Relay.
For corporate IT admins, they have to evaluate new technologies like this one when they’re released, so they can determine how they will affect them. Even existing technology, such as iCloud, needs to also be reviewed at particular intervals.
If you’re an admin and decide it’s best to limit Private Relay, you can edit your DNS resolver. If you don’t have an on-premises DNS resolver you might restrict private relay using a Mobile Device Management solution.
Pros and Cons of Private Relay
The number one reason to use Private Relay is to protect yourself when you’re browsing online. It can also safeguard traffic generated by apps you use. Private Relay can help ensure that apps aren’t leaking your private information or exposing you to cybersecurity risks.
However, the cons of Private Relay largely center around its limited uses. For example, if you’re using any browser aside from Safari, it has no benefit to you.
Some people have found using a Private Relay slows their internet speed significantly as well, even though it isn’t supposed to.
You may consume more data overall with Private Relay in place. Overall, Private Relay is pretty close to a VPN, even though Apple doesn’t want you to call it that. Apple is upgrading all paid iCloud accounts to iCloud+ with this feature, among others. iCloud Private Relay could be close enough to a VPN for many people who otherwise wouldn’t sign up for one.