iCloud Private Relay, which was announced at the WWDC 2021, is a new feature for Apple users which will prevent third-party companies determining web-browsing habits. This is in fact an evolution of the company’s existing paid iCloud service, which offers increased online storage plans across multiple tiers.
Tommy Pauly, Apple’s Internet Technologies group, in a video conference with developers said when someone accesses the internet, anyone on their local network can see the names of all of the websites they access based on inspecting DNS queries. “This information can be used to fingerprint a user and build a history of their activity over time,” he explained. “No one should be able to silently collect all of this information, whether it’s a public Wi-Fi operator, another user on the network, or an internet service provider.”
Pauly pointed out that servers can see a user’s IP address when they access a site, and even worse is that those servers can fingerprint user identity across different sites. “These are big problems for user privacy, and in order to fix them, we need a new approach that has privacy built in by design. iCloud Private Relay adds multiple secure proxies to help route user traffic and keep it private.” He said the proxies are run by separate entities – one is Apple and one is a content provider.
Delziel Fernandes, from Apple’s Internet Technologies, clarified that Apple does not say which firm, or firms are the other entity. He said it refers solely to what he calls ingress servers, run by Apple, and egress servers, run by other firms. “When a device tries to access a server, it first sets up a network connection to the ingress proxy,” Fernandes said. “This connection is set up using an IP address assigned by the network provider and the egress proxy then forwards these requests to the destination servers by choosing an IP address that maps to the device’s city or region.”
Analysts have described this feature as Apple’s best privacy innovation in years, and nothing short of a game-changer when it comes to shielding the users’ movements around the web. iCloud Private Relay uses a dual-hop architecture. When a user navigates to a website through Safari, iCloud Private Relay takes their IP address and the URL of that site. But it encrypts the URL so not even Apple can see what website the user is visiting.
Craig Federighi, Apple’s software chief, said incentives for innovation in the exploitation world are high, and so there is a lot of advancement in the art of tracking; a lot of advancements in the arts of security exploits. “In both areas, we think there’s going to continue to be a cat and mouse game. We think we bring a lot of tools to that fight, and we can largely stay ahead of it and protect our customers.”