Apple has introduced some new privacy features that will be introduced with the upcoming operating system versions (prerequisite is an iCloud+ subscription for at least 99 cents per month). We explain here how Private Relay works.
Apple Private Relay as a truly anonymous VPN
A conventional VPN service serves to disguise your actual IP on the network. You get an IP from your provider and when you visit a website then your IP shows up there. The website now knows that it was you who visited it. If you want to prevent this, you can use a VPN service: this takes your traffic and then forwards it to the Internet – under its own IP. This way the visited website knows only the IP of the VPN service, not yours. This is the old trick of sending someone ahead to buy beer at the kiosk: The kiosk owner only sees the friend you sent ahead, but not you.
The problem is that your friend knows who you are and can use that against you. It’s the same with the VPN provider: your IP doesn’t show up on the Internet anymore. But the VPN service provider knows it of course. And even worse: he can also record all your traffic. This is of course suboptimal – even if there are reputable providers.
Apple’s solution is now as follows: the traffic is simply routed through two servers, Apple works with a trusted provider. The concept works like this: before the request for a website leaves your computer or iPhone, the URL is encrypted. Then the request is sent to Apple. So Apple now knows your IP (there is no other way) but not the destination on the Internet – that is encrypted. Apple itself now changes your IP (like a conventional VPN service) and forwards this now anonymous IP and the encrypted URL to the next service. This service decrypts the URL and calls the website and sends it to Apple under the new IP. Apple then forwards it to you.
Double forwarding: simple and effective
The construction is as simple as it is effective: Apple does not know your IP, but the destinations you are going to in the network. The service provider who brings you into the network knows the destination, but not who you are – for him you are just a completely randomly generated IP by Apple. So neither party has the possibility to match URL and IP – and that’s what it’s all about. So this solution is superior to conventional VPNs.
But there are still a few limitations: this only disguises the IP. There are other tracking methods, a complete anonymity should not be given even with Private Relay. In addition, this function only works in Safari. So Apple does not offer itself at the operating system level on macOS, but requires Safari as the browser used.
Privacy as a basic human right – for some
Also, the service is not available in all countries, most notably China. Although Apple advertises that privacy is a human right, it does not offer the feature in Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines.
As a reminder, here is the brief definition from Wikipedia of what human rights are in the first place:
Human rights are moral principles or norms for certain standards of human behaviour and are regularly protected in municipal and international law. They are commonly understood as inalienable, fundamental rights “to which a person is inherently entitled simply because she or he is a human being” and which are “inherent in all human beings”, regardless of their age, ethnic origin, location, language, religion, ethnicity, or any other status. They are applicable everywhere and at every time in the sense of being universal, and they are egalitarian in the sense of being the same for everyone. They are regarded as requiring empathy and the rule of law and imposing an obligation on persons to respect the human rights of others, and it is generally considered that they should not be taken away except as a result of due process based on specific circumstances.
We see that privacy is a fundamental human right that people have. We are going to do everything that we can to help maintain that trust. …
Our view on this comes from a values point of view, not from a commercial interest point of view. Our values are that we do think that people have a right to privacy.
The fact that the private relay function is not offered in China and other countries is probably due to commercial reasons. China is a big market for Apple and they cannot afford not to be represented there. So, human rights should not be that fundamental, at least for Chinese people. On the other hand, Apple simply abides by local laws. And who wants to mess with the country in whose geographical area their own products are manufactured?
However, Apple’s attitude is not really surprising: Apple is simply a global corporation that wants to sell things – and that’s normal, you don’t necessarily have to make the world a better place. We just wanted to let some air out of Apple’s noble statements here, because Apple’s human rights advertising hangs its moral claim very high while at the same time excluding those who need it most.