About iCloud Private Relay

When Private Relay is enabled, all of your browsing activity in Safari will be routed through two internet “hops,” or relays. Your data is encrypted and then sent to Apple, so your ISP can’t see any of your web browsing requests. Once at Apple’s proxy server, the DNS request (the thing that points a domain name like “thecloudconsultancy.co” to a specific server IP address) and your iPhone, iPad, or Mac’s IP address are separated. Your IP address is retained by Apple, while your DNS request is passed on, encrypted, to a “trusted partner” that has the decryption key, along with a fake intermediary IP address that is based on your approximate location.

Apple have not as yet named its partners, but some web sleuths have figured out that they are major internet backbone companies such as Akami, Cloudfare and Fastly.

This means that Apple knows your IP address but not the name of the sites you’re visiting, and the trusted partner knows the site you’re visiting but not your IP (and therefore not who or where you are). Neither party can piece together a complete picture of both who you are and where you’re going.

The website you’re visiting typically gets your exact IP address and DNS request, so it can easily build a pretty detailed profile of exactly who you are, where you are, and where you’re going online. Combine that with a few cookies, even innocuous-seeming ones, and it’s pretty simple to have your entire online activity profiled, tracked, traced, and sold to advertisers (and others).

What iCloud Private Relay does is make the websites you’re visiting totally ignorant of this information, so the sites can’t build profiles of your activity.

The IP addresses Apple uses in place of your real one are still roughly approximate to your general area; it’s not enough to identify you personally, but it will allow sites that use your IP address to deliver local news, weather, sports, or other info to keep working fine. There’s an option to use an even broader IP address, but it might make some of those sites work incorrectly.

Note that Apple does not allow you to choose an IP address or even a region, and won’t ever make it seem like you’re coming from a totally different place. In other words, if you want to use it to access geographically locked content in Netflix or other online services, you’re out of luck.

How Private Relay works

Normally when you browse the web, information contained in your web traffic, such as your DNS records and IP address, can be seen by your network provider and the websites you visit. This information could be used to determine your identity and build a profile of your location and browsing history over time. iCloud Private Relay is designed to protect your privacy by ensuring that when you browse the web in Safari, no single party—not even Apple—can see both who you are and what sites you’re visiting.

When Private Relay is enabled, your requests are sent through two separate, secure internet relays. Your IP address is visible to your network provider and to the first relay, which is operated by Apple. Your DNS records are encrypted, so neither party can see the address of the website you’re trying to visit. The second relay, which is operated by a third-party content provider, generates a temporary IP address, decrypts the name of the website you requested and connects you to the site. All of this is done using the latest internet standards to maintain a high-performance browsing experience while protecting your privacy.

How is iCloud Private Relay different from a VPN?

As good as this Private Relay feature is, it’s definitely not a VPN. It will do a great job of preventing profiling of your web activity based on your basic connection data however it has a lot of shortcomings compared to a real VPN. Some of these include:

  • It only works with Safari, not any of the other apps or web browsers you use. Technically, some other DNS info and a small subset of app-related web traffic will use it, but it’s best to think of it as a Safari-only thing.
  • It’s easily identifiable as a “proxy server,” which many large networks like those at schools or businesses will not work with. Most good VPNs disguise themselves to look like regular non-proxy traffic.
  • As mentioned, it can’t hide the region you’re connecting from, only your specific IP location, so you can’t access content locked out of your region or experience websites as if you’re connecting from another country.

If all you really want to do is stop websites from building a profile of you and selling it around to advertisers and data brokers, then using iCloud Private Relay on your iPhone, iPad, or Mac is a great option. It’s fast, easy, and if you already pay for any amount of iCloud storage, you’ll get it for free.

You should know that, as of iOS 15.1 and watchOS 8.1, iCloud Private Relay and Mail Privacy Protection do not work on Apple Watch. If you use the Mail app on your Apple Watch or open a web link (say, sent to you via Messages), the watch will use your real IP address.

If you want real privacy and security for everything you do on the Internet, or want to access content that’s available in countries other than your own, you’ll still need a VPN.

Turn on Private Relay

Turn on Private Relay to protect your IP address and browsing activity in Safari:

  • On your iPhone, iPad, or iPod touch, go to Settings > [your name] > iCloud > Private Relay.
  • On your Mac, choose Apple menu  > System Preferences, then click Apple ID. Select iCloud > Private Relay.
  • You can tap IP Address Location to choose a setting for your IP address.
    • Maintain General Location allows sites to show you localized content in Safari, while your IP address stays hidden
    • Use Country and Time Zone uses a broader location for your IP address, still within your country and time zone

    If a website or network doesn’t work with Private Relay

    Private Relay is designed to protect your internet privacy and maintain a high-performance browsing experience. Some websites, networks, or services may need to make updates for Private Relay, including networks that require the ability to audit traffic or perform network-based filtering—such as business or education networks—or services that rely on viewing your browsing activity, like parental controls or some “zero rated” services that don’t count against your data usage.

    In addition, if you travel somewhere Private Relay isn’t available, it will automatically turn off and will turn on again when you re-enter a country or region that supports it. Private Relay will notify you when it’s unavailable and when it’s active again.

    If a website, network, or service you’re using doesn’t appear to be compatible with Private Relay, you can temporarily turn off Private Relay in iCloud settings. You can also turn off Private Relay just for a specific network. If you turn off Private Relay, network providers and websites can monitor your internet activity in Safari.

    • On your iPhone, iPad, or iPod touch, you can turn off iCloud Private Relay in Settings > [your name] > iCloud > Private Relay.
    • On your Mac, choose Apple menu  > System Preferences, then click Apple ID. Select iCloud > Private Relay.

    Private Relay can be turned on or off just for a specific network using the Limit IP Address Tracking preference.*

    • On your iPhone, iPad, or iPod touch, go to Settings > Wi-Fi, then tap the More Info button  next to the Wi-Fi network. Or for cellular networks, go to Settings > Cellular > Cellular Data Options.
    • On your Mac, choose Apple menu  > System Preferences, then click Network and select the network from the list to see more options.

    If Private Relay has been turned off for a specific network, you can try turning it back on in Wi-Fi, Cellular Data Options, or Network settings. If you regularly switch between multiple network configurations, such as dual-SIM or Wi-Fi and Ethernet, make sure that this preference is set for each network independently.

    If you turn off Private Relay for a specific network, the setting for that network applies to all your devices for which Private Relay is turned on.

    * In earlier versions of iOS, iPadOS, and macOS, this preference is called iCloud Private Relay.

    Private Relay and network speed tests

    Private Relay uses a single, secure connection to maintain privacy and performance. This design may impact how throughput is reflected in network speed tests that typically open several simultaneous connections to deliver the highest possible result. While some speed test measurements may appear lower when Private Relay is enabled, your actual browsing experience remains fast and private.

    Note: iCloud Private Relay is not available in all countries or regions and is currently in beta in iOS 15, iPadOS 15, and macOS Monterey.