Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple's Private Relay VPN feature appears to have a leak

Apple's Private Relay feature appears to have a flaw that can cause a system to ignore firewall rules and leak that a system is communicating with Apple servers, a new report claims.

According to VPN service Mullvad, Private Relay calls home to Apple servers without respecting a system's firewall rules. That causes a leak that isn't able to be mitigated without disabling Private Relay entirely.

More specifically, Mullvad detected QUIC traffic leaving a computer outside of the Private Relay VPN tunnel. Disabling the feature worked, indicating that Apple's VPN system is a trigger for the leak — even if it's not the source of the traffic.

"We believe they are just some heartbeat signal calling home to Apple," Mullvad wrote. "We do not know what information is transmitted to Apple, but since the destination is Apple servers, it is a strong signal to your local network and ISP that you might be a macOS user."

The VPN service points out that Private Relay mostly disables itself when any firewall rule is added to Apple's system firewall on macOS.

Private Relay, which is only available to iCloud+ members, works similarly to a VPN tunnel or a privacy system like Tor. It routes user network traffic in an encrypted format through relay servers before it reaches the internet.

Since the Private Relay feature is in beta, there's a chance that Apple could mitigate the leak before it launches in a final version. Until then, the only way to stop the leak is to disable the feature entirely.



4 Comments

MrBunside 3 Years · 62 comments

Interesting - just got a popup on my iPhone telling me PR wasn't compatible with my eero network. Had been running fine for weeks.

bonobob 13 Years · 395 comments

I suspect the use of Apple's relay servers would be just as strong an indication of Apple device usage as this data "leak" is.  Likely just much ado about nothing.

nicholfd 6 Years · 828 comments

MrBunside said:
Interesting - just got a popup on my iPhone telling me PR wasn't compatible with my eero network. Had been running fine for weeks.
That is normal for Apple. they even do not support their own after some time. Prepare to buy new stuff to satisfy Apple needs... or leave (I did latter).

If you left Apple, why are you still here & posting?  

tehgeo 12 Years · 9 comments

MrBunside said:
Interesting - just got a popup on my iPhone telling me PR wasn't compatible with my eero network. Had been running fine for weeks.
This happened to me right off the bat. All it took was white-listing the (current) servers, and it was fine. 

Until… servers changed/rotated. 

I hope eero would catch up and include all known servers being used. (Presume someone has an exhaustive list but haven’t bothered to check.)

That is normal for Apple. they even do not support their own after some time. Prepare to buy new stuff to satisfy Apple needs... or leave (I did latter).

Wrong. And wrong. This isn’t an Apple issue, but an issue with security settings on a third-party. 


Troll identified. 

No need to feed beyond this point…