iCloud Private Relay vs a VPN | What Are The Differences?

Vpn 2019 Credit: Ksenia Zvezdina / Shutterstock
Text Size
- +

Toggle Dark Mode

Apple’s iCloud Private Relay has been in the news this week due to an ongoing outage that began on Thursday afternoon and is still impacting some folks 48 hours later. Nevertheless, iCloud Private Relay is a very handy feature when it’s working properly — which is most of the time, to be fair — but it’s also so integrated into your iPhone and other Apple devices that you may not even be fully aware of what it is and what it does.

iCloud Private Relay is technically a type of Virtual Private Network (VPN) in that it encrypts and anonymizes your traffic for security and privacy. However, it also differs substantially from traditional VPNs in some significant ways that you should know about before deciding whether Apple’s solution is right for you or if you should seek out one of the best VPNs instead.

What is a Virtual Private Network?

vpn on iPhone, mac, and PC benefits

Before we compare iCloud Private Relay and traditional VPNs, it’s helpful to understand what a Virtual Private Network (VPN) actually does.

As the name suggests, a VPN is a private network that runs along your normal internet connection to secure your traffic and help protect your privacy. VPN apps accomplish this by encrypting your traffic and routing it through a VPN provider’s servers.

The term “tunnel” is often used to describe a VPN, as that’s one of the best analogies for how it works. A VPN app on your iPhone, iPad, or computer encrypts everything before it leaves your device and sends it through a virtual tunnel that’s effectively hidden from your internet service provider (ISP) or any other routers along the way.

Technically, your ISP still sees a stream of data (the “outside” of the VPN tunnel), but since it’s all encrypted, they have no idea what’s inside the tunnel. In other words, your ISP and any other upstream routers will know you’re using a VPN, but they won’t have any idea what you’re doing with it.

On the other end of the tunnel is an “exit point” — a server run by the VPN provider. This is where your traffic gets decrypted, leaving the tunnel and traveling to its destination. Return traffic comes back to that same exit point, re-enters the tunnel, and finds its way back to your device.

Since VPN traffic eventually has to leave the VPN to reach its final destination, it’s never entirely secure against interception. The primary advantage is that the exit point is well away from your actual location and ISP, so it’s not easily associated with you. Further, since these exit points can be in entirely different countries, this makes a VPN useful for bypassing geo-blocking restrictions so you can watch content from other countries on your favorite streaming services like Netflix.

It’s important to keep in mind that a VPN isn’t strictly necessary for securing your personal data, although it certainly helps add an extra layer. Most websites these days — and certainly any used for important things like banking and e-commerce — use SSL/TLS, also known as HTTPS connections, which ensure that everything you do with them is fully encrypted. The difference is that when you’re not using a VPN, your ISP and others in the path can find out where you’re going (what sites you’re visiting), but they won’t be able to figure out what you’re doing once you get there as they’ll only see encrypted data. With a VPN, they won’t even know what sites you’re visiting.

Lastly, there’s a lot of misleading marketing about VPNs. Some companies suggest that a VPN can protect you against viruses and malware or prevent hackers from getting into your devices. None of this is accurate.

From a security standpoint, a VPN is solely about privacy and protecting your data from snoopers while it’s in transit on the internet. It’s not a firewall, so it does nothing to protect the devices in your home, nor does it replace anti-malware or anti-virus software. Many security software packages include VPNs as part of a comprehensive solution, but VPNs, firewalls, and antivirus tools are as distinct from each other as Word, Excel, and PowerPoint are in Microsoft’s Office suite.

iCloud Private Relay

The most significant advantage of iCloud Private Relay is that it’s built into nearly all Apple devices. If you’re running at least iOS 15, iPadOS 15, or macOS 12 Monterey, you already have everything you need to use it. The only other requirement is to be an iCloud+ subscriber, but that’s a relatively low bar; if you’re paying for any amount of iCloud storage — even the base $0.99/month 50GB plan — you’re included. Ditto for Apple One bundles, all of which include iCloud storage.

The second key selling point of iCloud Private Relay is its extreme privacy. Apple has cleverly created a “zero knowledge” design that ensures nobody — not even Apple — ever knows where you’re going.

While traditional VPNs will prevent your ISP from knowing where you’re going and the destination servers from knowing where you’re coming from, the VPN provider still knows both. That’s because they’re the ones running the tunnel, so they’re on the inside, too. This is why it’s crucial to choose a reputable VPN provider.

However, with iCloud Private Relay, Apple has taken this one step further by creating a two-step solution with multiple layers so no single entity knows who you are and where you’re going.

When iCloud Private Relay is enabled, your traffic is encrypted before it leaves your iPhone, iPad, or Mac, just like a traditional VPN. However, it then passes through two servers controlled by separate organizations. The first, an “ingress server” run by Apple, receives the encrypted traffic without decrypting or inspecting it. It simply hands everything off to an “egress server” run by a third party — in North America, that’s typically Cloudflare — without any information on where the data came from. That server is the one that opens up the packets, figures out where to send them, and routes them to their destination.

Here’s an analogy to conceptualize how this works:

  1. Frank puts something in a sealed envelope addressed to Susan.
  2. Frank then seals the first envelope for Susan in a blank envelope and hands it to Bob.
  3. Bob doesn’t open the blank outer envelope.
  4. Instead, Bob hands the unopened package to Jane. He doesn’t tell her that it came from Frank.
  5. Jane only knows she received an envelope from Bob. She opens the blank outer envelope and sees that what’s inside is addressed to Susan.
  6. Jane gives the inner envelope to Susan.
  7. Susan only knows that the package came from Jane.

That’s a big win for privacy. However, iCloud Private Relay has a few other limitations that might make you choose a traditional VPN instead. For one, it only works with Safari and Apple devices; for another, it’s useless for bypassing geographic restrictions.

Traditional VPNs

Most traditional VPNs don’t provide the same degree of anonymity as iCloud Private Relay. At best, a good and reputable VPN provider will have privacy policies guaranteeing they don’t log traffic, which means nobody can see what you were doing after the fact. However, the systems aren’t inherently “zero knowledge” like iCloud Private Relay.

The biggest difference between iCloud Private Relay and a traditional VPN is that Apple’s solution works primarily with browsing traffic from Safari. If your browser of choice is something else, like Chrome, you’ll be left out of the party.

If you have iCloud Private Relay turned on, you can quickly check this out for yourself by visiting a website like WhatIsMyIP.com in Safari and your other browser of choice. You’ll see that Safari shows an iCloud Private Relay address, while Chrome and Firefox will reveal your real IP address assigned by your ISP.

Further, you won’t be able to use iCloud Private Relay with most third-party apps; Apple does route unencrypted traffic from iPhone and iPad apps through iCloud Private Relay, but that’s an exception and not a rule since most developers should be encrypting their traffic anyway.

Vpn Explained

On the other hand, a traditional VPN protects nearly everything that leaves your device. It doesn’t matter what browser you use; third-party apps are fully covered. As a rule, if it’s destined for the internet, it’s encrypted and tunneled through the VPN.

The exception is local traffic — stuff that moves around on your home, school, or work network. It’s impossible for a VPN to handle this traffic because it has no way of getting it back into your network. So, if you’re using a VPN at school or work, anything you access locally, like email or campus servers, may still be unencrypted and reveal the actual IP address you’re connecting from.

However, the most significant advantage of a traditional VPN is that most of them can be used to bypass content restrictions that are often enforced based on your geographic location. A VPN’s exit servers can be anywhere in the world, and most VPN providers have deployed them strategically to help their customers pretend they’re in other countries. When you connect to something like Netflix through a VPN, it only sees the exit point and assumes that you’re physically located in the same region.

In theory, iCloud Private Relay could do the same thing — it’s just that Apple has deliberately decided not to. When you use iCloud Private Relay, your exit server will always be in your home country. You can choose whether it should be in the same city or region you’re in so that local content like news and weather still works, or select a more generic location, but it will always be in the same country you’re connecting from.

infinityvpn

Note that even though traditional VPNs can help you pretend to be located in another country, they won’t always work for bypassing content restrictions. That’s because big streaming providers like Netflix have long been wise to this trick and have mapped all the common tunnel exits. These companies can’t see inside the tunnel, so they’ll never be able to figure out where you’re coming from, but they know that the tunnel is part of a VPN, so they simply block everything that’s coming out on the far end.

This has resulted in a cat-and-mouse game between streamers and VPN companies. The best VPN providers generally manage to stay one step ahead by changing their exit points often enough that Netflix and the gang can’t keep up. Still, your mileage may vary, so if this is your reason for using a VPN, it’s best to research and read the reviews before spending any money.

Lastly, it’s important to note that some iPhone apps don’t rely solely on your IP address to determine your location. For example, MLB at Bat also checks your GPS location to enforce its blackout restrictions. In that case, you’ll need a VPN and an app that helps you fake your GPS location.

iCloud Private Relay or a Traditional VPN: Which is Best for You?

If you do all your browsing in Safari and you’re primarily concerned about keeping your surfing private, secure, and anonymous, then iCloud Private Relay is a solid choice that will get the job done with a minimum of fuss. Leaving aside this week’s limited outage, iCloud Private Relay has proven itself solid and reliable over the past three years, and if you’re an iCloud+ subscriber, it’s there and ready for you to use.

However, if you prefer to browse in Chrome or Firefox, want to protect traffic from non-browser apps, or want to stream content from another country, then a traditional VPN will be your only real option. Thankfully, there are plenty to choose from, and many will let you get started for free, requiring that you pay only if you want more traffic or a wider range of exit points in different countries.

Lastly, there’s also no reason you can’t use both iCloud Private Relay and a traditional VPN together, as they’re not mutually exclusive. iCloud Private Relay can be on all the time to protect your Safari browsing, but you can have a VPN installed for those times when you want to change your geographic location or encrypt more than just Safari. Connecting a VPN app on your iPhone, iPad, or Mac takes priority over iCloud Private Relay, automatically routing all of your traffic through the VPN. When you disconnect the VPN, iCloud Private Relay will automatically kick back in to protect your Safari traffic, giving you the best of both worlds.

Sponsored
Social Sharing