Fast Company’s Michael Grothaus interviewed Craig Federighi this week regarding the suite of new privacy features which Apple unveiled at WWDC. The article includes some notable technical details on how iCloud Private Relay works under the hood. One of the most interesting — and somewhat unfortunate — revelations is that iCloud Private Relay will only work from Safari. Users of other browsers are out of luck here.
The reason for this restriction has to do with Apple’s commitment to unassailable privacy, which happens by ensuring that no party can ever access both your IP address and your destination URL. From what I can gauge, this is actually a three-step process which looks something like this:
- From Safari, you navigate to a particular URL. Safari encrypts this destination URL locally and then forwards your request to Apple’s iCloud Private Relay servers.
- Apple’s servers anonymize your IP address so that it can’t be traced back to you, then forward the request to a trusted third-party’s servers.
- The third-party decrypts the destination URL, then forwards the final request (decrypted URL plus anonymized IP address) to the destination.
These steps result in a more private communication chain because no party ever has all of your information at once. Apple’s servers don’t have the destination URL (because it is encrypted when they handle it), and the third-party doesn’t have your actual IP address. Safari is required in the exchange because it needs to encrypt the URL locally before sending the request, something that other browsers aren’t designed to do (perhaps in the future Apple would work with them to set this up, but that seems doubtful to me).
Regarding the third parties involved here, Fast Company got some vague details:
Apple would not name these trusted partners, but says the company is working with some of the largest content providers out there. Before getting to this relay station, however, your IP address is anonymized and randomized, so the relay partner can’t identify you or your device.
Federighi has thoughts on why this exchange is valuable to users:
Federighi notes most internet users aren’t in a position to gauge the trustworthiness of any particular VPN. “We wanted to take that [trust evaluation] completely out of the equation by having a dual-hop architecture,” he says. “We hope users believe in Apple as a trustworthy intermediary, but we didn’t even want you to have to trust us [because] we don’t have this ability to simultaneously source your IP and the destination where you’re going to–and that’s unlike VPNs. And so we wanted to provide many of the benefits that people are seeking when in the past they’ve decided to use a VPN, but not force that difficult and conceivably perilous privacy trade-off in terms of trusting in a single intermediary.”
Beyond the Safari-only restriction, Apple’s Private Relay also won’t allow users to manually change their source location. This is a common feature from other VPN providers which allows users to get around the geo-restrictions of streaming services and other websites. In fact, while iCloud Private Relay obscures your exact IP address, it will always maintain your relative regional location so that you can still receive localized content.