iCloud Private Relay White Paper ⇥ mjtsai.com

Apple (PDF), via Michael Tsai:

iCloud Private Relay is a new internet privacy service from Apple that allows users with iOS 15, iPadOS 15, or macOS Monterey on their devices and an iCloud+ subscription to connect to the internet and browse with Safari in a more secure and private way.

[…]

Private Relay is built on the principle that IP addresses that identify users need to be separated from the names of websites that users access. To achieve this separation, Apple has engineered an innovative dual-hop architecture in which users’ requests are sent through two separate internet relays operated by different entities. Private Relay’s dual-hop architecture protects the privacy of users by separating who can observe their IP addresses from who can see the websites they visit.

Compared to some of Apple’s more detailed technical documentation, this white paper has noticeable omissions. For example, it does not name the providers of the second hop “egress” proxy, only stating that they are “some of the largest content delivery networks (CDNs) in the world”.

Thankfully, it does shed some light on the protocols and technologies Apple is using:

DNS is the system that translates server names into IP addresses when using the internet. The ability to observe DNS lookups allows potential trackers to monitor user activity. To protect the privacy of DNS name resolution for all queries sent by the device and prevent such tracking, Private Relay uses Oblivious DNS over HTTPS (ODoH).

Check.

Apple also lists circumstances where Private Relay may be unavailable, saying that it is “designed to provide clear status information and control to the user”. Among the reasons it may not be available include local network settings, devices under certain management profiles, and DNS settings. Not listed are countries where it is unavailable for regulatory reasons.