Fast Company talks to Apple’s software chief Craig Federighi about iCloud Private Relay and other upcoming protections — and why regulation alone won’t help consumers defend their data.
Cloud Private Relay is a service that lets you connect to virtually any network and browse with Safari in an even more secure and private way. It ensures that the traffic leaving your device is encrypted and uses two separate internet relays so no one can use your IP address, location, and browsing activity to create a detailed profile about you.
iCloud Private Relay first sends web traffic to a server maintained by Apple, where the IP address is stripped. Next, Apple sends the traffic to a second server maintained by a third-party operator who assigns the user a temporary IP address and sends the traffic onward to its destination website.
The use of an outside party in the second hop of the relay system is designed to prevent even Apple from knowing both the user’s identity and what website the user is visiting. Apple will disclose which outside partners it will use in the system in the future, likely when the service comes online this fall.
The problem is, you can never be sure what a VPN is doing with your browsing data. Of course, some VPN providers are reputable and hold no logs of your internet activity. But the world is filled with free and low-cost VPN providers that you simply have to trust are not misusing your data.
Because of this dual-hop architecture, neither Apple nor the relay station knows both who you are and where you are going. Apple knows who you are (because you are using iCloud Private Relay), but it doesn’t know where you’re browsing. Its third-party partner knows where you are browsing–but not who you are.
Why did Apple develop this technology rather than build a more conventional VPN into its operating systems? “Core to the nature of the internet is that the IP address is traditionally exposed between the requester and the host – and that has some privacy knock on effects that aren’t always understandable to users and certainly aren’t always desirable to users. And so that’s a problem we wanted to solve,” says Federighi. He notes an unprotected IP has led to vectors for abuse by bad actors. “VPNs are a technology that has sought to provide some of those protections, but they do involve putting a lot of trust in a single centralized entity: the VPN provider. And that’s a lot of responsibility for that intermediary, and involves the user making a really difficult trust decision about exposing all of that information to a single entity.”
Federighi notes most internet users aren’t in a position to gauge the trustworthiness of any particular VPN. “We wanted to take that [trust evaluation] completely out of the equation by having a dual-hop architecture,” he says. “We hope users believe in Apple as a trustworthy intermediary, but we didn’t even want you to have to trust us [because] we don’t have this ability to simultaneously source your IP and the destination where you’re going to–and that’s unlike VPNs. And so we wanted to provide many of the benefits that people are seeking when in the past they’ve decided to use a VPN, but not force that difficult and conceivably perilous privacy trade-off in terms of trusting it a single intermediary.”
MacDailyNews Take: Note that iCloud Private Relay is automatically enabled on your Mac, iPhone, and iPad when using Safari – no other browser – and when logged into your iCloud Plus account.
There is much more in the highly recommended full article.