How Apple iCloud Private Relay Protects Your Privacy

In recent years, Apple’s worked hard to gain a reputation for protecting your privacy. The company’s forthcoming feature, Private Relay, which will be released for iOS 15 and macOS Monterey, is the latest attempt to secure your personal data. For the most part, Private Relay seems like a positive addition to iOS/macOS devices and adds another layer of security.

Nothing is perfect, however, and neither is Apple Private Relay. Although the feature has been compared to a virtual private network (VPN), it’s not quite the same. There also may be situations in which you’d want to turn off Private Relay — but we’ll get into that later.

This guide to Apple Private Relay will help you understand what it is, what it does, how it’s not like a VPN, when you want to turn it off, and the pros and cons of the feature.

What is Private Relay?

Private Relay is a feature Apple is introducing that, according to Apple, “hides your IP address and Safari browsing activity from network providers and websites so that no one — including Apple — can see both who you are and what websites you’re visiting.”

It sure sounds like a VPN, but does it function the same way? Not quite.

Is Private Relay on iOS a VPN?

Apple’s Private Relay is not a VPN, although they do work similarly. Here are the main differences between VPNs and Private Relay:

Private Relay only encrypts certain data: When you use a VPN, it encrypts all the data you send from the device you’re using it on. Private Relay only covers Safari, any DNS-related traffic on your device, and a few other apps. If you don’t use Safari as your default browser on your iPhone, then your Internet activity on your device won’t be covered by Private Relay.
Private Relay does not allow geo-blocking: With a VPN, you can choose an IP address from any country the VPN provides. If you’re in the UK, you can access US Netflix with a VPN for example. Because Apple doesn’t want to alienate vendors and service providers that use geo-tracking, Private Relay doesn’t allow you to spoof your location so you can access geo-blocked content. Instead, you’re assigned a random IP address from your city or region.
Encrypted web traffic is identifiable: VPNs use obfuscation to trick websites into thinking that encrypted traffic looks the same as regular traffic. If you really want to appear as if you’re in another location to access geo-blocked content or services, your data has to look like it’s normal web traffic, and obfuscation takes care of that. Data sent from your device under Private Relay is not obfuscated, so websites can identify any proxy server traffic coming through.
VPN is a plug-in or app: To use a VPN you typically must install a browser plug-in or app on your mobile device. Private Relay is built into iOS and macOS, so you don’t have to worry about logging in or launching anything when you want to use it. You may have to configure your Private Relay settings, however, depending on how you want to use it.

Note that Private Relay isn’t automatically available to all iOS and macOS users. It will be part of Apple’s new iCloud+ account, which is also rolling out soon. To benefit from Private Relay, you need to subscribe to a paid iCloud account, the cheapest of which is $0.99 per month. Similarly, Apple Lockdown Mode, another advanced security feature, is also aimed at providing enhanced protection for users against targeted attacks. While Lockdown Mode is designed for individuals at high risk of cyber threats, Private Relay focuses more on maintaining online privacy during regular browsing.

So how does Private Relay work? And is it more or less secure than a VPN?

How Private Relay works

Instead of “tunneling” your data like a VPN, Private Relay uses two different proxy servers to hide your information.

When you access Safari on your iPhone and go to a website, your device connects to the first server, which is run by Apple. The first proxy server does not know which website you’re visiting and Apple cannot see what you’re doing. It also replaces your exact location with an approximate one. You can configure the Private Relay settings to widen the scope of the random IP address that gets assigned to you, to your country and time zone.

Once the first server has done its job, it sends your data to the second server, via an encrypted connection. This server is not run by Apple, but by a third-party provider. The second server’s job is to decrypt the info so it can send you to the right website. However, the second server doesn’t know your IP address, only the information you are trying to access. So it picks a random IP address from your approximate location, assigns it to you, and connects to the website.

Why does Private Relay use two servers? The first server knows your IP address but doesn’t see the content you’re trying to access. The second server knows the content you want to access but doesn’t know your IP address.

Mike Williams of TechRadar explains the Private Relay two-server approach best, saying it “allows websites to have enough of an idea of your location to display relevant content, but not to identify you. The IP address they see changes every time you visit and your real IP is never revealed.”

Is Apple Private Relay secure?

Opinions are divided as to whether Apple Relay will adequately protect your privacy, although most think it will. There are concerns over who’s running the two proxy servers, however. Apple owns the first and another, likely large, corporation runs the second. Everyone using Private Relay will be under US jurisdiction as well, and US data privacy laws are not considered the most airtight.

But Apple isn’t just promising not to log your info. It claims that seeing and saving your data isn’t even possible with the Private Relay technology. If you use Private Relay how it’s intended, you’ll probably be able to surf the web relatively securely.

Can you run Private Relay and a VPN at the same time?

One issue you might have with Private Relay is if you try to run it at the same time as a VPN. Technically, if you turn on a VPN, Private Relay should recognize that you’ve switched on a Network Extension and not activate. However, as AppleInsider reported, some beta users of Private Relay noticed that their VPNs didn’t work because Private Relay was already running.

Why it makes sense to temporarily switch off Private Relay

Since you can use a VPN in some situations that Private Relay doesn’t cover — such as geo-blocking — you may have to turn off Private Relay if you want to use your VPN. To turn off Private Relay on iOS, go to: Settings > your name > iCloud > Private Relay > turn off Private Relay > confirm > OK.

On macOS, go to: System Preferences > Apple ID > iCloud > tick to turn off Private Relay.

To change your IP address location from an approximate of your actual location to a country and time zone location on iOS, go to: Settings > Apple ID > iCloud > Private Relay > IP Address Location > select Use Country and Time Zone.

The pros and cons of Apple Private Relay

After reading this guide, you might still be considering whether to use Apple Private Relay or not. It’s relatively secure, but it does have pros and cons to keep in mind. One pro is that it’s built into the device, so there’s no need for another app to secure your web traffic. Another advantage is that Apple purportedly cannot see your data at all.

Some of the cons of Private Relay are that it’s not available in some countries (Belarus, China, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines). It also doesn’t bypass parental control services.

Using Private Relay

Private Relay is being heralded as a big step forward for personal data privacy, but there could still be some glitches when it comes to using a VPN at the same time. If you choose to use Private Relay on your iOS or macOS device, understand how it works and what information is actually being hidden.