Private Relay: Apple’s IP obfuscation service not available everywhere

Apple’s new data protection service “iCloud Private Relay” will not be introduced worldwide: The function planned for autumn as part of iCloud + will not be offered in China, Belarus, Colombia, Egypt, Saudi Arabia, South Africa, Turkmenistan, Uganda, Kazakhstan and the Philippines how the company told the news agency Reuters confirmed. Apple referred to “regulatory reasons” in this regard.

The function, which is apparently activated by default for paying iCloud subscribers in iOS 15 and macOS 12, is intended to increase data protection when surfing with Apple’s Safari browser: the outgoing data traffic of the browser is always encrypted, as Apple explained, this should prevent for example, the network provider – or Apple itself – can view this data.

The inquiries are forwarded via two independent Internet relays: one server is under Apple’s control, the second is operated by a third-party provider. In the first step, the user receives an anonymous IP address, which is not assigned to the region but not the “actual location”, according to Apple. In the next step, the second server decrypts the requested URL and forwards it there. The division between two relays from different providers should prevent Apple or the third-party provider from being able to link IP addresses and URLs. Apple will provide details of the third-party providers used for this at a later date, how Reuters reported.

The decision was made consciously against the provision of a VPN service because the user here has to completely trust the provider, explained Apple’s software boss in one Interview with Fast Company. With the two relays, the user does not need to trust Apple or the third-party provider.

More from Mac & i

More from Mac & i

The data protection function thus obscures the actual IP address and makes fingerprinting and the creation of user profiles, for example by advertising networks, based on this information more difficult. In addition, it should only be possible to roughly determine the location of the user, the IP address often enables localization at least at city level. Apple allows the service to choose between an “approximate” and an “imprecise” location for the IP address.

The choice of a specific regional IP address, as offered by many VPN services for bypassing geo-locks, is not provided for with Apple’s service. “Private Relay” seems to work at the network level and would therefore have to route the entire network traffic of the devices via the relays, i.e. in addition to Safari also data connections from other apps. In the description text, however, Apple sometimes only speaks of connections to the in-house browser.

The private relay function is also likely to make it more difficult for the state to monitor surfing activities. The decision not to bring the service to market in China is the latest in a series of data protection compromises that Apple is making there, notes the news agency. In response to pressure from shareholders, the iPhone group committed itself to freedom of expression and respect for human rights last year – but always points out that local laws must be followed.


To home page