![](\"https:\/\/media.wired.com\/photos\/61ddf650f355cd4b7989ff3d\/master\/pass\/Security-Apple-Private-Relay-1331041563.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Matt Burgess| Date: Tue, 11 Jan 2022 21:31:20 +0000<\/strong><\/p>\n Matt Burgess<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n When Apple pushed<\/span> iOS 15<\/a> out to more than a billion devices in September, the software update included the company\u2019s first VPN-like feature, iCloud Private Relay<\/a>. The subscription-only privacy tool makes it harder for anyone to snoop on what you are doing online, by routing traffic from your device through multiple servers. But the tool has faced pushback from mobile operators in Europe\u2014and more recently, by T-Mobile in the US.<\/p>\n As Private Relay has rolled out over the past few months, scores of people have started to complain that their mobile operators appear to be restricting access to it. For many, it\u2019s impossible to turn the option on if your plan includes content filtering, such as parental controls. Meanwhile in Europe, mobile operators Vodafone, Telefonica, Orange, and T-Mobile have griped about how Private Relay works. In August 2021, according to a report by the Telegraph<\/em><\/a>, the companies complained the feature would cut off their access to metadata and network information and suggested to regulators that it should be banned.<\/p>\n \u201cPrivate Relay will impair others to innovate and compete in downstream digital markets and may negatively impact operators\u2019 ability to efficiently manage telecommunication networks,\u201d bosses from the companies wrote in a letter to European lawmakers. However, Apple says that Private Relay doesn\u2019t stop companies from providing customers with fast internet connections, and security experts say there\u2019s been little evidence showing Private Relay will cause problems for network operators.<\/p>\n Apple\u2019s Private Relay isn\u2019t a VPN<\/a>\u2014which carriers freely allow\u2014but it has some similarities. The option, which is still in beta and is only available to people who pay for iCloud+<\/a>, aims to stop the network providers and the websites you visit from seeing your IP address and DNS records. That makes it harder for companies to build profiles about you that include your interests and location, in theory helping to reduce the ways you\u2019re targeted online.<\/p>\n To do this, Private Relay routes your web traffic through two relays, known as nodes, when it leaves your iPhone, iPad, or Mac. Your traffic passes from Safari into the first relay, known as the \u201cingress proxy,\u201d which is owned by Apple. There are multiple different ingress proxies around the world, and they\u2019re based in multiple locations, Apple says in a white paper<\/a>. This first relay is able to see your IP address and the Wi-Fi or mobile network you are connected to. However, Apple isn\u2019t able to see the name of the website that you\u2019re trying to visit.<\/p>\n The second relay your web traffic passes through, known as the \u201cegress proxy,\u201d is owned by a third-party partner rather than Apple itself. While it can see the name of the website you\u2019re visiting, It doesn\u2019t know the IP address you\u2019re browsing from. It instead assigns you another IP address that\u2019s near where you live or within the same country, depending on your Private Relay settings.<\/p>\n The result is, neither relay knows both your IP address and the details of what you\u2019re looking at online\u2014whereas a typical a VPN provider will process all your data<\/a>. Also unlike a VPN, Apple\u2019s system doesn\u2019t let you change your device\u2019s geographic location to avoid regional blocks on content from Netflix and others.<\/p>\n Private Relay\u2019s potential scale, relative to VPNs, may have prompted telecom concerns. \u201cIt is far more accessible than a VPN that you have to download and register for and set up separate payment for,\u201d says Nader Henein, a research vice president specializing in privacy and data protection at Gartner. Apple has made Private Relay opt-in while it is still in beta, although it\u2019s still potentially available to millions of subscribers<\/a>. (Apple has bent to some local laws and not made Private Relay available in China, Belarus, Kazakhstan, Saudi Arabia, and a handful of other countries.) \u201cThe concern is that a lot of people are just going to switch it on, and it's going to obscure a large part of the network from the network operators,\u201d Henein adds.<\/p>\n However, he says if telecoms companies do imagine they\u2019ll lose sight of how people are using their networks, they should present their evidence transparently by making their modeling public. Equally, Henein says, to address questions about European \u201cdata sovereignty,\u201d Apple should make clear what companies it has partnered with for the feature\u2014it says they are some of the largest content delivery networks\u2014and the locations of the relays.<\/p>\n \u201cWhile I agree that in certain custom ways this potentially might complicate some technology planning or management, in general we must stress that there is no issue here,\u201d says Lukasz Olejnik, an independent privacy researcher and consultant. He says that while network operators are likely to lose access to metadata that can describe where users connect to their services, this shouldn\u2019t be a barrier to them understanding what\u2019s happening more broadly across their networks. \u201cTelecom operators should already be comfortable with network neutrality, so simply managing the lower technical layers of the networks,\u201d Olejnik says. \u201cIt should not be their problem with what happens in the upper layers.\u201d<\/p>\n Multiple mobile network operators have not responded to questions about their plans for Private Relay at the time of writing. It is unclear whether the companies have changed their positions since complaining to European regulators last summer. In a statement to 9to5Mac<\/a>, T-Mobile US said any limits on Private Relay have happened across its network because accounts have parental controls enabled and content filtering isn\u2019t compatible with Apple\u2019s tool. The publication says some users have seen the block despite not having filtering enabled. Other reports say that Private Relay clashes with T-Mobile's existing content filtering<\/a>. Within Private Relay\u2019s settings, Apple says that networks that need to audit traffic or perform content filtering will block access to Private Relay. It says this may include companies, schools, or mobile network operators.<\/p>\n \u201cPrivate Relay makes it impossible to enable the potential security protections, like ones aimed at parental settings aimed at children,\u201d Olejnik says. \u201cBut this should be a conscious decision left to the user.\u201d A guide<\/a> from UK mobile network EE says that because it can\u2019t see what you\u2019re browsing, it isn\u2019t able to moderate content for those with parental control settings turned on\u2014it also says data plans with unlimited access to some games, music, and video will not operate properly. In evidence submitted to the UK\u2019s parliament, network operator BT Group, which owns EE, said<\/a> Private Relay would pose \u201csignificant challenges\u201d if it is needed to block websites or services under the UK\u2019s planned internet safety laws<\/a>. However, many of these concerns apply equally to traditional VPNs too.<\/p>\n \u201cFrom a state security perspective, it creates the same obfuscation as does any VPN,\u201d Henein says. If law enforcement wanted to ask for people\u2019s online activity, then there isn\u2019t much change. \u201cThe network operators will not be able to help you in the same way as if that person were using a VPN.\u201d<\/p>\n