This fall, Apple is upgrading all paid iCloud accounts to something it calls iCloud+. It includes several interesting new features on top of the existing iCloud storage, sync, and cloud features, but the most interesting might be something Apple calls iCloud Private Relay. At first, it sounds like a VPN: your web-browsing traffic is encrypted and sent through a relay to hide your exact location, IP, or the contents of your browsing traffic.
It’s not a VPN, though. Not quite. There are important differences, which we’ll describe here. But iCloud Private Relay may be enough for most people, giving the most obvious benefits of a VPN to millions of users who would never consider signing up for one. Here’s what this Private Relay feature is, how it works, and how it’s different from a traditional VPN.
Update 08/26/21: Apple will officially launch iCloud Private Relay as a “public beta” when iOS 15 releases this fall. There’s no change in functionality, it’s just a label to help users understand that they might experience occasional problems with sites not loading or displaying correctly as Apple works out the kinks.
What is iCloud Private Relay?
Once you upgrade to iOS 15, you’ll find a new setting in the iCloud Settings menu: Private Relay. Assuming you pay for any iCloud plan and therefore have the iCloud+ service, you can simply turn on this switch to enable iCloud Private Relay. That’s it—nothing to install or configure. There’s an IP Address Location setting that lets you preserve your approximate location or use a broader location, but most users can ignore that.
When this is enabled, all of your browsing activity in Safari will be routed through two internet “hops,” or relays. Your data is encrypted and then sent to Apple, so your ISP can’t see any of your web browsing requests. Once at Apple’s proxy server, the DNS request (the thing that points a domain name like “macworld.com” to a specific server IP address) and your iPhone or Mac’s IP address are separated. Your IP address is retained by Apple, while your DNS request is passed on, encrypted, to a “trusted partner” that has the decryption key, along with a fake intermediary IP address that is based on your approximate location. Apple didn’t name its partners, but some web sleuths have figured out that they are major internet backbone companies such as Akami, Cloudfare, and Fastly.
This means that Apple knows your IP address but not the name of the sites you’re visiting, and the trusted partner knows the site you’re visiting but not your IP (and therefore not who you are). Neither party can piece together a complete picture of both who you are and where you’re going.
The website you’re visiting typically gets your exact IP address and DNS request, so it can easily build a pretty detailed profile of exactly who you are, where you are, and where you’re going online. Combine that with a few cookies, even innocuous-seeming ones, and it’s pretty simple to have your entire online activity profiled, tracked, traced, and sold to advertisers (and others).
What iCloud Private Relay does is make the websites you’re visiting totally ignorant of this information, so it can’t build profiles of your activity.
The IP addresses Apple uses in place of your real one are still roughly approximate to your general area; it’s not enough to identify you personally, but it will allow sites that use your IP address to deliver local news, weather, sports, or other info to keep working fine. There’s an option to use an even broader IP address, but it might make some of those sites work incorrectly.
Note that Apple does not allow you to choose an IP address or even a region, and won’t ever make it seem like you’re coming from a totally different place. In other words, if you want to use it to access geographically locked content in Netflix or other online services, you’re out of luck.
How is iCloud Private Relay different from a VPN?
As cool as this Private Relay feature is, it’s definitely not a VPN. It will do a great job of preventing profiling of your web activity based on your basic connection data. But it has a lot of shortcomings compared to a real VPN. Some of these include:
It only works with Safari, not any of the other apps or web browsers you use. Technically, some other DNS info and a small subset of app-related web traffic will use it, but it’s best to think of it as a Safari-only thing.
It’s easily identifiable as a “proxy server,” which many large networks like those at schools or businesses will not work with. Most good VPNs disguise themselves to look like regular non-proxy traffic.
As mentioned, it can’t hide the region you’re connecting from, only your specific IP location, so you can’t access content locked out of your region or experience websites as if you’re connecting from another country.
If all you really want to do is stop websites from building a profile of you and selling it around to advertisers and data brokers, then using iCloud Private Relay on your iPhone, iPad, or Mac when it’s available in the fall of 2021 is a great option. It’s fast, easy, and if you already pay for any amount of iCloud storage, you’ll get it for free.
If you want real privacy and security for everything you do on the Internet, or want to access content that’s available in countries other than your own, you’ll still need a VPN. Fortunately, we have some VPN recommendations for you.