Have you ever wondered how iCloud Private Relay works? Cloudflare, a partner of Apple that operates portions of the Private Relay infrastructure, explains.
How iCloud Private Relay Works
Introduced in iOS 15, iPadOS 15, and macOS Monterey, Private Relay is part of the new iCloud+ subscription. This plan gives you iCloud storage along with a few additional features: iCloud Private Relay, Hide My Email, a custom email domain, and HomeKit Secure Video.
The network infrastructure sets up two relay servers for traffic, an Ingress Proxy and an Egress Proxy. When a user connects to a network, their traffic first passes through the Ingress Proxy controlled by Apple. The user’s IP address is visible to the network and the first relay, but the server or website name is encrypted. This means that Apple can’t see what website you’re accessing.
Then, the traffic passes this traffic to a second relay, such as one operated by Cloudflare. The second relay also doesn’t know the website and it doesn’t know the user IP address. The only data the second relay knows is that the traffic is coming from someone using iCloud Private Relay. The second relay then passes the traffic to the final destination server.
Clouflare says it uses modern encryption and transport protocols on its network. These include TLS 1.3, QUIC, and MASQUE. These help efficiently move data between multiple relay hops without incurring performance penalties.
You can find iCloud Private Relay on iOS and iPadOS through Settings > Your Profile > iCloud > Private Relay. On macOS Monterey you can find it through System Preferences > Apple ID > Private Relay.
It’s important to note that iCloud Private Relay is not a VPN. A VPN provider routes your traffic through one of its servers before passing it to the destination server. A VPN connection is a system-wide tool that encrypts traffic for all apps. iCloud Private Relay only works in Safari.