Reflections on Apple's iCloud Private Relay: Does it Really Improve Privacy?

Authors: Amir Houmansadr

Contact: Author's Homepage

On September 20, 2021, Apple released iCloud Private Relay (archive), a new capability embedded into iOS 15, iPadOS 15, and macOS Monterey. Its objective is to enhance the privacy and security of Apple users who surf the web in Apple’s Safari browser. This comes as an exciting news to privacy advocates, especially given Apple’s controversial plans for inspecting iCloud photos, a decision that has caused outrage in the privacy community.

In this report, we present an early analysis of iCloud Private Relay, aiming to validate the claims made by Apple on how this new feature can enhance user privacy. The report will get updated as we expand our findings.

How iCloud Private Relay Works: Apple’s Explanation

Apple has offered some high-level insights on the architecture of iCloud Private Relay (archive), but, unfortunately, many details are missing on its technical design. The following excerpts are the only technical details we could find officially from Apple (we have highlighted important pieces):

iCloud Private Relay is a new internet privacy service offered as a part of an iCloud+ subscription that allows users on iOS 15, iPadOS 15, and macOS Monterey to connect to and browse the web more privately and securely. Private Relay protects users’ web browsing in Safari, DNS resolution queries, and insecure http app traffic. Internet connections set up through Private Relay use anonymous IP addresses that map to the region a user is in, without divulging the user’s exact location or identity.

The iCloud Private Relay service uses an innovative multi-hop architecture in which users’ requests are sent through two separate internet relays operated by different entities. This way, no single party — including Apple — can view or collect the details of users’ browsing activity. Private Relay validates that the client connecting is an iPhone, iPad, or Mac, so you can be assured that connections are coming from an Apple device. Private Relay replaces the user’s original IP address with one assigned from the range of IP addresses used by the service. The assigned relay IP address may be shared among more than one Private Relay user in the same area. The relay IP address presented to networks and web servers accurately represents the client’s coarse city-level location by default, allowing your network to receive relevant location information when attempting to enforce geo-based restrictions based on IP address.

When Private Relay is enabled, your requests are sent through two separate, secure internet relays. Your IP address is visible to your network provider and to the first relay, which is operated by Apple. Your DNS records are encrypted, so neither party can see the address of the website you’re trying to visit. The second relay, which is operated by a third-party content provider, generates a temporary IP address, decrypts the name of the website you requested and connects you to the site. All of this is done using the latest internet standards to maintain a high-performance browsing experience while protecting your privacy.

Based on the above excerpts from Apple, and also through experiments in a lab setting using Apple devices, it appears that a Private Relay connection has the following format:

   |Safari (an apple user)| <==1==> |ingress relay (a proxy controlled by Apple)| <==2==> |egress relay (a third-party content provider, e.g., Akamai)| <==3==> |website|

Our Immediate Questions about Private Relays

Apple’s concise explanation of Private Relays leaves many questions lingering about the technical design of Private Relays, that can directly impact its privacy promises. In particular:

  1. The protocol is mostly unknown! What is the “innovative multi-hop architecture” that Apple claims to be using? Is it borrowing ideas from the classic onion routing protocol (which is used by Tor), or has Apple come up with another architecture?

  2. Does it really anonymize your IPs, as claimed by Apple? Apple claims that Private Relays anonymize the IP addresses of the users. How are they defining anonymity? By the metrics long-established in the privacy community, or perhaps based on their own definition of anonymity? Apple explains that “your requests are sent through two separate, secure internet relays.” So, if Apple’s “innovative multi-hop architecture” is just a 2-hop onion routing system, then by all means this is completely broken when it comes to anonymizing IP addresses. This is because, a 2-hop onion encryption can not provide by-design anonymity, as the two hops can decide to disclose your identity once needed. That is, at any time the third-party content provider (e.g., Akamai) can work with Apple to de-anonymize a misbehaving Safari client who is connecting through Private Relays. So, it appears that Apple is only promising you to not look into your connections.

  3. What about other non-IP means of identification? Seems like Private Relays aim to anonymize IP addresses only. Ask a first year graduate student working on privacy, and they will enumerate a plethora of techniques other than IP addresses that can give away your online identity, e.g., cookies, various forms of tracking, and side channels. So, one wonders, is Apple doing anything about those other features? Protecting just the IP address and ignoring other forms of identification will only give users an illusion of privacy! (Actually, seems like people have already found some vulnerability that leaks the IP addresses of Private Relay connections, using a known WebRTC side channel!)

Concluding Thoughts

  • Apple has only offered some very high-level information on the architecture of iCloud Private Relay, but critical technical details are left undisclosed, in particular, the crypto techniques used to authenticate relays, whether and how traffic is encrypted between the relays, how exactly are the ingress and egress relays selected for each connection, and so on. Apple seems to be ignoring the most fundamental principle of information assurance, Kerckhoffs’s principle, that states that security by obscurity is doomed to fail! We hope Apple will release extensive technical details of its iCloud Private Relay as well as open source its code so it can be analyzed and inspected by security and privacy researchers and practitionors.
  • Despite the missing details from Apple on the technical design of Private Relays, the provided description by Apple leads us to conclude that private relays do not provide privacy by-design, but privacy by-decision. That is, there’s nothing technical preventing Apple and the third-party content providers (like Akamai) to work together to de-anonymize a misbehaving “anonymized” connection, instead they have only decided to respect your privacy (perhaps only untill you start misbehaving).
  • It appears that Apple is only targetting a single aspect of anonymity, namely IP addresses. Your network traffic can leak your identity/privacy in many ways other than your IP address (e.g. cookies, various trackers, side channels), but it seems like all other facets are swept under the rug. In fact, this is the very reason that the Tor Browser exists: a specialized browser designed by Tor to complement its (3-hop) onion routing technique by taking care of the non-IP means of privacy leakage. Therefore, we are worried that Private Relays are likely to give average users only a falsified perception of privacy, leading them towards radical actions (like browsing unsafe websites) that they would not take if it was not for such privacy illusion.
  • Don’t get me wrong! I truly admire Apple for taking steps towards improving their users’ privacy. But, they might as well want to do it right!


We thank David Fifield and many other people for giving us feedback.