Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

New Apple iCloud Private Relay guide details what it doesn't cover

Apple's iCloud Private Relay remains in beta

Apple's new iCloud Private Relay privacy feature remains in beta on iOS 15, but the company has now published a primer about how it works, how to use it — and what it won't do.

Originally announced as part of iOS 15, the feature has instead been in public beta, and problems have been found. Now Apple has published the "iCloud Private Relay Overview," which describes how the feature "protects users' privacy on the internet."

"Normally when a user browses the web, basic information related to their web traffic, such as their IP address and DNS records, can be seen by network providers and the websites they visit," says the document. "A user can then be targeted with unwanted ads and marketing campaigns, or have their data combined with additional data and sold to other companies."

The guide then details how iCloud Private Relay sends a user's browsing "requests through two separate internet relays so no single entity can combine... browsing activity into detailed profile information."

Apple's document chiefly reiterates the same detail that it announced at WWDC 2021, and expanded on in a developer video. What this new publication adds is detail of when iCloud Private Relay will not work.

Users who have moved between Wi-Fi and cellular hotspots may already have seen repeated notifications about iCloud Private Relay switching off, and then back on again. Apple's guide now explains why.

"Cellular services, such as Multimedia Messaging Service (MMS), telephony services (XCAP), Entitlement Server access, tethering traffic, and Visual Voicemail," it says, "do not use Private Relay. These services are always accessed directly."

There are also intentional exceptions for when a user is in an enterprise company. "Most managed network settings that are used by enterprises take precedence over Private Relay," notes Apple.

Similarly, if any user has a VPN, or certain proxy configurations, internet traffic will not go through Private Relay.

Apple also says that company networks can block access to Private Relay. If that happens, "users will be alerted that they need to either disable Private Relay for the network or choose another network."

One issue the overview does not address is how Apple's new privacy feature will not be available in all countries, notably including Russia.



2 Comments

chris-net 4 Years · 24 comments

I didn’t expect tethering to not work with private relay. 

Nice of them to let us know before hand!!

are other browsers or applications like chrome, Firefox, games able to use private relay?

zimmie 9 Years · 651 comments

chris-net said:
are other browsers or applications like chrome, Firefox, games able to use private relay?

That depends. Browsers on iOS and iPadOS all have to use the whole system-level browser engine (I seem to remember Opera renders sites on an Opera-controlled server, then sends them to the phone to display, so maybe not that one), so they should all get private relay for both DNS and HTTP sites.

Browsers on macOS are another story. If they use the system's DNS resolver stub, then they get private relay for DNS. If they use their own DNS resolution (like Chrome), they do not get private relay for DNS. That said, the biggest reason some browsers do their own DNS resolution, though, is to use DNS-over-HTTPS, which provides protection from snooping on the local network (but not from snooping by the DNS provider).

If they go through the system APIs for web requests (like URLSession), they should also get private relay for HTTP sites. Most Mac browsers have their own network engines, so they would not get private relay for HTTP sites.