Apple’s Private Relay Service Creates Challenges for UK ISPs
Technology giant Apple recently released their iOS 15 software for iPad (15.5) and iPhones, which introduced a new feature called ‘iCloud Private Relay’ that “hides your IP address and browsing activity [when using Safari] so that no one – including Apple – can see [it].” Naturally, the UK Government and broadband ISPs have concerns.
Apple states that their Private Relay feature is “designed to protect your internet privacy” and should “have no impact on your browsing experience” (albeit with a few caveats), which is something that many in the wider internet community will generally praise. The feature has been in development for quite a while, but the key difference now is that consumers can start using it more widely.
However, much like the previous debate over another privacy enhancing feature – DNS over HTTPS (DoH), not everybody is a fan. By that, we of course mean the UK government, which enjoys the ability to snoop on your online activity. Not to mention any ISPs that like to know where your traffic is going so that they can optimise (e.g. ensure video traffic goes to a faster local cache), log (e.g. internet snooping) and sometimes also filter it (e.g. website blocking), for good or ill.
The good news for both parties is that Apple’s new feature is currently only a beta, with limited availability, and in order to access it you’d first have to pay for an iCloud+ account (although you can buy an iCloud account from just £0.79/mo for 50GB and these can be upgraded to ‘Plus’ at no extra cost). On top of that it only works with traffic that goes through the Safari browser. All of these factors will limit take-up, at least for now.
What Makes Private Relay Different?
In order to understand why politicians and ISPs are concerned, you first have to understand what makes Private Relay different. On the surface, the new feature sounds a lot like an encrypted Virtual Private Network (VPN) or TOR, although it probably has more in common with the latter of those two.
Essentially, it works by separating the web requests for the content you want from the place that request goes, which is done by using two proxy servers. Apple explains it as follows.
Apple’s Description of Private Relay
Normally when you browse the web, information contained in your web traffic, such as your DNS records and IP address, can be seen by your network provider and the websites you visit. This information could be used to determine your identity and build a profile of your location and browsing history over time. iCloud Private Relay is designed to protect your privacy by ensuring that when you browse the web in Safari, no single party – not even Apple – can see both who you are and what sites you’re visiting.
When Private Relay is enabled, your requests are sent through two separate, secure internet relays. Your IP address is visible to your network provider and to the first relay, which is operated by Apple. Your DNS records are encrypted, so neither party can see the address of the website you’re trying to visit. The second relay, which is operated by a third-party content provider, generates a temporary IP address, decrypts the name of the website you requested and connects you to the site. All of this is done using the latest internet standards to maintain a high-performance browsing experience while protecting your privacy.
What’s The Problem?
Firstly, on Apple’s claim of having “no impact on your browsing experience“… well, we have our doubts. Some people have reported worse performance when using the relay (e.g. slower latency and connection speeds) and indeed Apple themselves immediately contradict themselves by stated that “some websites, networks or services that rely on viewing your IP address or browsing activity may need to make updates for Private Relay” (i.e. a very roundabout way of saying that it can mess up a fair few things) – some of those you won’t care about, but others you might.
Apple notes that using Private Relay may result in problems signing-in to some services and difficulties when accessing region-restricted content (many VPN users will already know all about this). Likewise, they warn that ISPs, such as those with Parental Controls or other Network-Level Filtering systems, “may not be compatible” with the service. Private Relay will also turn off automatically when you roam into a country where it isn’t available, which is kind of silly for an internet service, but then Apple might have problems if they allowed this (e.g. China).
The Director of Public Consultancy firm 419 Consulting, Andrew Campling, recently published quite a good explainer on the impact that Private Relay could have on broadband ISPs and mobile network operators (here). As well as warning that it could affect the congestion management and peering optimisation activities that ISPs undertake, Andrew also notes that it may become harder for ISPs to comply with certain Quality of Service (QoS) related measurements that can be required by regulators (e.g. Ofcom).
Likewise, Private Relay may disrupt sophisticated edge content caching. For example, a lot of video content (e.g. Netflix) can be cached much more locally to the ISP to save performance and money, but if this can’t function then the content will be served off-net (i.e. risk of higher latency, congestion and higher costs etc.). And there’s more..
Extract from the 419 Consulting Report
Content Blocking and Filtering
Content blocking and filtering are used by network operators and ISPs for several reasons including:
• In response to court orders blocking access to illegal content such as child sexual abuse material (CSAM)
• To block access to malicious content
• To provide optional filtering capabilities that enable users to block access to certain categories of content, for example in the form of parental controls.These facilities may not function correctly if Private Relay is enabled. In terms of blocking access to illegal content, legislators and regulators may need to amend existing instruments if they wish to bring Private Relay into scope.
“Zero-Rating” of Content
In consumer markets, both fixed and mobile networks may offer light users packages with data caps at reduced cost, the trade-off being that any data that is consumed over the cap can be relatively expensive. An ISP may opt to allow the customers of these packages access to certain content without it counting towards the data cap.
Zero-rated content may include:
• So-called “public good” material (for example, content related to public health or education)
• Certain premium content (for example sports, films or other entertainment-related material)The ability to zero-rate content is lost if the ISP has no visibility of the website that a user is accessing. Users may experience unexpected increases in their bills if they do not realise that content that they were previously able to access freely is now impacting their data allowance.
Lawful Interception
In some markets, network operators and/or ISPs will have obligations relating to lawful interception of activity undertaken by their users. In terms of voice calls, whether over a mobile network or wi-fi, lawful interception abilities are not affected. However, any access to content, for example by the Safari web browser, is encrypted under Private Relay and so the ISP is unable to help with lawful interception; law enforcement agencies will need to contact Apple to undertake these obligations.
Data Retention and Disclosure
Network operators and/or ISPs may also have obligations concerning data retention and disclosure. As with lawful interception, the ability of network operators or ISPs to fulfil data retention or disclosure obligations is mixed. Voice calls over mobile networks or wi-fi are not impacted by Private Relay and so operators can continue to meet any obligations. However, where a user accesses content, the operator can only show a connection to Apple has been made and not the content that was accessed so law enforcement agencies will need assistance from Apple in order to map access to content to an operator.
Copyright Infringement
There may be issues in jurisdictions where ISPs are no longer able to meet the requirements of court-mandated blocking of access to copyright-infringing material and sites. This may require the scope of court orders and regulatory instruments to be expanded to include Apple to maintain their effectiveness.
As we said earlier, some of these issues may not bother you and could even be welcomed (i.e. a small price to pay for the extra privacy afforded), but others are more of a pain. We suspect that some problems may be resolvable by internet sites and services moving to work more closely with Apple, but others will be harder to resolve. But there are potential caveats to doing that too.
The report warns that the partners involved with Apple in the delivery of Private Relay, currently believed to include Akamai, Fastly and Cloudflare, may also find some benefit from the knowledge of sites being accessed through the service, which could conceivably deliver a market advantage. The service may also incentivise content providers to work more closely with Apple friendly CDNs, which might result in market distortions.
In addition, should Private Relay be rolled out more generally in the future, and away from the current subscription model, then it would place Apple at the centre of a high percentage of web transactions. Now that’s a lot of power to be handing one company, even if it does claim that the traffic would all be super private.
As Andrew’s report highlights, “the market dominance of Apple [already] deters companies from going on-record with concerns.” Governments and regulators will no doubt be keeping a close eye on all this. As for consumers, if you have access then it’s probably worth a try, but keep in mind that there are caveats and some things may not work. Beta.
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and Linkedin.
« Zzoomm’s UK Gigabit Fibre Rollout Boosted by GBP100m Investment
Latest UK ISP News
- FTTP (5535)
- BT (3518)
- Politics (2542)
- Openreach (2299)
- Business (2267)
- Building Digital UK (2247)
- FTTC (2045)
- Mobile Broadband (1978)
- Statistics (1790)
- 4G (1669)
- Virgin Media (1624)
- Ofcom Regulation (1466)
- Fibre Optic (1396)
- Wireless Internet (1392)
- FTTH (1382)
So Apple farm your entire habits rather than you isp.
Meanwhike the likes of the beeb blokx the proxy IPs assuming they’re a vpn service so you can’t watch iplayer.
And performance is rubbish, as already reported by some of our students logging WiFi faults which turn out to be slow Apple proxies.
Support dept already dread an Apple user calling..
I find the statement self-serving and disingenuous. Network operators dislike the use of privacy services like Private Relay for one reason and one reason only: because it cuts them out of the loop and prevents them from monitoring and monetizing user data. And the use of serious criminal activity as a pretext for wide-scale surveillance is as contemptible on the internet as it is in daily life.
It’s great for bypassing Sky’s super aggressive transparent DNS proxies but performance is very hit & miss. It also causes login issues with constant captcha challenges for websites such as Sky.
Jury is out on if Apple and their partners should be trusted with our data
If the system is as Apple decscribe, neither they nor the third party can see both user IP and destination IP.
The third party sees the destination url and IP address but only sees the Apple IP address as the user. Apple sees the user IP address but can’t see any destination information.
Apple own your device and browser though, so they have plenty of other ways of collecting information.
Yes because Apple have always described their products exactly as how they work.
I look back through the years of Apple controversies… there’s 1 every year!
Agreed, they have an awful lot of health data about their customers, apparently they wanted to start up medical services even, but scrapped the idea. You’ll see an Apple doctor, Apple operating on you etc.. be interesting. But yes you wonder what they do with all the data.
Even if Apple could see your web traffic with Private Relay, there would then be no difference to what they see if you had it on or off. The only issue would be that OTHERS cannot snoop on your traffic. For example, I just found out that a well-respected research hospital had third party trackers on its public (international) site (not its patient portal). Thus every time I searched for my doctor’s name, looked at their research, read about a condition, my data was being sold.
Under private relay, my data would still be sold but as long as I wasn’t logged in, it couldn’t be traced back to me, and thus the user unique identifier/fingerprint is greatly diminished.
Think I’d trust a VPN provider more than Apple and it doesn’t get turned off at the whim.
So, apparently, Apple it’s using Cloudflare network to provide the Apple Private Relay. And it seems that Private Relay it’s using WARP+.
So, the ISP’s have an option: peer more with Cloudflare, amd other costumers that are using Cloudflare gonna get a boost too.
And if you lucky enough you can get an IP address from Private Relay on 1.1.1.1 app.
I believe that Apple currently shares Private Relay traffic between Cloudflare, Akamai and Fastly. Presumably all three companies believe that their CDN operations will benefit competitively in some way by supporting this service.
I’ve been using private relay For months in the iPadOS/iOS/macOS betas.
I’ve never seen a performance impact, latency is fine over vm & three.
It only works for pages visited using safari so chrome or Firefox users are not impacted.
Apple state they never see the pages requested so they can’t harvest that data.
The first connection is to an apple cdn address with egress out of one of their cdn partners. ISP’s just need to ensure they have hi speed connectivity to the cdn’s apple use for the service, all final egress IP’s can be user defined to be in country or in local region typically within a county or 2 so dns needing you approximate location isn’t too hampered I.e when you go to Netflix you’ll get uk Netflix but likely not the Netflix cache in your isp.
The pihole update over the last 2 weeks by default blocks private relay from working and users get a warning it’s not compatible on that network.
It’s hard to understand why apple will launch private relay while also announcing there snooping if all your photos.
The photos stuff is all AI and it looks for known child abuse photos in a database, I assume there will of course be some false positives that require manual review however I actually do agree with the step taken for it to be automated first. There’s way too many people out there comfortable keeping those types of photos on their phones and putting them on Cloud services to retain/hide from authorities and so.
I’ve been using Private Relay in beta and then in general release on iPadOS and iOS. I recently upgraded my MacOS to Monterey, which includes the feature. I’ve had no issues with performance or sites, perhaps a few more captchas, but nothing like when I use TOR. The biggest issue I had was I’ve been blocked by Wikipedia from editing, and had to use another browser. Hopefully they’ll look at the issue soon given it’s going to just grow from here.
I will note that when I turned it on for my Mac, I was prompted if I wanted to stay in my general region (e.g. Western US) or just US. I wasn’t given the option like with VPN or TOR to redirect to another country.
The only ISPs who will have a problem with this are those who want to optimise or monetise their user’s traffic flows. ISPs content to be “dumb pipes” will be fine, and probably quite happy for any kind of abusive or illegal activities carried out over the misnamed “private relay” service to become Somebody Else’s Problem.
Really this is about targeted advertising.
Apple are shutting Google out of it. And Apple have the most valuable customer demographics.
What are Apple going to do with the data?
Just as Google are making their series increasingly black box.
*’series’ should have been ‘services’.
Wow. How did you jump to Google from this article?
Google are proposing a Chrome ‘privacy sandbox’ ostensibly to improve browsing security.
This would help to protect users from third party data collection by everyone except Google.
Can you see the similarity?
@Winston Smith
Anyone who provides you a service or an application will have your data which is needed to provide the service and any other collateral data which you store in the app/service or which they collect.
When you use a VPN, all you’re doing is saying you’d rather your ISP didn’t know. Your VPN provider would. Apple is attempting to build a VPN where the provider doesn’t know.
If you don’t trust Google, choose a different browser or service. Apple’s VPN is optional too. It’s interesting that there are as yet no browsers which make their money directly from taking payments from their users.
The only thing that can really protect your privacy is regulation.
Any supposedly encrypted connection isn’t secure unless the DNS lookup process is encrypted as it leaves the connection open to man-in the-middle attacks via DNS interception.
It was foolish of ISPs and government to rely on a historical protocol security flaw to implement content filtering and QoS implementation.
If ISPs were to implement their own encrypted DNS service then this wouldn’t be a problem.
I note that a number of comments suggest concern about the possible monetisation of their DNS data in some way by their chosen resolver operator. Bear in mind that this is not addressed through the use of encrypted DNS as the resolver operator can still view the DNS data (it does however obscure that data from third parties).
The approach taken by Apple can provide a solution for some people in some circumstances but does have drawbacks which Mark summarises in the article. I always recommend people consider whether their resolver operator is a European or US company – the latter is covered by the US CLOUD Act and FISA 702, meaning that any US law enforcement agency can access your personal data without a warrant (assuming that you’re not a US citizen and are not currently residing in the US).
One of the reasons that we introduced the European Resolver Policy (see http://www.EuropeanResolverPolicy.com) was to provide a clear and consistent approach to the transparency and privacy policies used by resolver operators. If you decide to change your resolver, I’d suggest moving to an operator that has adopted this policy.
What ISPs/resolvers have signed up yet?
I work for a company that does a solution for mobile telcos, and uses their internal secure protocols for acquisition of user ID (the ID stays inside the network, behind their firewall, and is hashed to a non-addressable version so we don’t know what the actual ID is and is unusable by anyone else, i.e. the user ID is fully secure), but it does rely on the assigned client IP being the source IP of web requests. APR will, to excuse the phrase, really bugger this up. The mobile telcos we’ve talked to understand this and the likelihood of impacting their own revenue, so expect to see some pushback from them or at least a requirement for a whitelist of domains (for their services) that APR leaves untouched.
Tried this on iPhone 8 & 12. Both experiences were awful. It was painfully slow and videos wouldn’t load at all