Among this yearâ€™s collection of new privacy features in iOS 15 came iCloud Private Relay, Appleâ€™s answer to a privacy-protecting VPN service. Like most of the services that Apple builds into iOS 15, itâ€™s an approachable and easy solution for the average person to use. However, it also comes with a few drawbacks that you should be aware of.
In short, iCloud Private Relay works by routing all of your traffic through not one but two intermediate servers that exist at arms-length from each other. Itâ€™s a unique approach thatâ€™s never been taken before, as it creates a system where no single entity knows both who you are and where youâ€™re going.
This is done through multiple layers of encryption, whereby the first servers that process your outbound traffic canâ€™t read its destination. These servers strip out your personal information before passing your requests onto the tier of servers â€” ones that arenâ€™t controlled by Apple â€”Â which can then unencrypt the headers that show where that traffic is destined to end up, so they can pass it on.
As a result, the sites you visit only see traffic coming from a generic IP address that canâ€™t be traced back to you personally. This outbound address will always be located in your home country and time zone, but if you prefer, you can have iCloud Private Relay use an address in your general region.
This latter option is handy if you want websites to be able to provide more accuracy for things like local news and weather. Still, it's generic enough that sites will only know what city youâ€™re coming from, rather than your specific neighbourhood.
More importantly, since thousands of people will be using these IP addresses, thereâ€™s no way for tracking networks to use them as a form of persistent identity to follow your activity around the web.
In a nutshell, those are the positive points about iCloud Private Relay, but that doesnâ€™t mean there arenâ€™t a few downsides as well. Read on for seven reasons why you may want to avoid turning on iCloud Private Relay.
Itâ€™s Still in Beta
First and foremost, Private Relay is still in beta. That means that thereâ€™s a good chance things wonâ€™t work as expected.
Apple is also being quite candid about this, noting that â€œsome websites, networks, or services may need to make updates for Private Relay,â€ before it will work properly. Itâ€™s not just about other sites, however, since as with any beta product, there could be times when Apple is tweaking things that could result in Private Relay failing in various ways.
The bottom line is that if you have Private Relay turned on and youâ€™re having problems accessing certain websites, the first thing you should do is switch it off. On an iPhone or iPad, you can do this in the Settings app by tapping on your name at the top and then going into iCloud > Private Relay (Beta).
On macOS, the option can be found in your Apple ID settings in System Preferences, but donâ€™t just uncheck the box, as that doesnâ€™t always work properly. Instead, click the Options button and choose Turn Off Private Relay.
It Can Slow Things Down
While weâ€™re willing to chalk this one up to its â€œbetaâ€ status, weâ€™ve repeatedly encountered times when browsing becomes almost glacially slow when iCloud Private Relay is enabled.
This is understandable since your traffic is going through two other servers before it reaches its destination. Even though these should be scalable, high-performance servers, itâ€™s likely that Apple is still tweaking things to keep up with the demand. Weâ€™re optimistic that it will get better once iCloud Private Relay is out of beta. However, for now, until Appleâ€™s virtual road work is done, you should expect delays in your online traffic.
Note that even when iCloud Private Relay is working properly, you wonâ€™t necessarily be able to trust speed tests. These may appear lower when Private Relay is enabled since it limits their ability to open up multiple simultaneous connections in parallel.
It Only Works with Safari
Unlike a traditional VPN, Appleâ€™s Private Relay only works with Safari. While this does include most apps that provide an in-app browser, it doesnâ€™t do anything for other types of connections, whether those are from third-party apps or other browsers like Chrome or Firefox.
This means that if youâ€™re primarily a Chrome user, then itâ€™s basically pointless to enable Private Relay, as it wonâ€™t do anything for you at all.
On the upside, this does provide a simple way to check if Private Relay is behind any browsing problems you may be having. If you canâ€™t access a website in Safari, or everything seems to be dragging, try another browser like Chrome. If it works there, then Private Relay is the most likely culprit. If it doesnâ€™t, then you may have other problems with your network connection.
Kids Can Use It to Bypass Parental Controls
If you have a router that offers built-in parental controls, you probably wonâ€™t want to let your kids use iCloud Private Relay on their devices, as theyâ€™ll be able to skirt right by them without any problems.
With Private Relay enabled, everything sent out from Safari on an iPad, iPhone, or Mac is encrypted in whatâ€™s effectively a sealed envelope addressed to Appleâ€™s Private Relay servers. When this traffic hits your home router, it wonâ€™t be able to determine where itâ€™s actually going.
In principle, this isnâ€™t a bad thing. In fact, itâ€™s the whole point of Private Relay in the first place. Just like your home router canâ€™t intercept and analyze this traffic, neither can your school, employer, or ISP.
The problem, of course, is that the same feature that keeps all of your familyâ€™s traffic private from your ISP also keeps your kidsâ€™ traffic private from you. If you rely on the parental controls on your router to block your kidsâ€™ access to the darker corners of the internet, youâ€™ll need to either make sure they canâ€™t use Private Relay, or youâ€™ll need to switch over to using Appleâ€™s Screen Time, which enforces these controls directly on their iPhone, iPad, or Mac.
While Screen Time doesnâ€™t currently offer a way to specifically prevent kids from turning on Private Relay by itself, you can block this by disallowing all â€œAccount Changesâ€ under Content & Privacy Restrictions.
Note that time-based parental controls on your router should still work fine â€” as long as kidsâ€™ devices arenâ€™t using the Private Wi-Fi address feature. Your router will still know what devices traffic is coming from. It just wonâ€™t be able to determine where that traffic is actually going.
Keep in mind that, for the same reason, some organizations may choose to block Private Relay, since it not only prevents filtering of traffic but auditing of that traffic as well. Thereâ€™s not much youâ€™ll be able to do about this â€” after all, itâ€™s their network, their rules.
You May Have Problems Using Some Sites
Private Relay uses the latest security protocols that some smaller and older sites may not yet properly support. In this case, youâ€™ll have problems making connections to those sites.
To be clear, every site on the internet should be up to speed, and if theyâ€™re not, you should be wary about visiting these sites in the first place, as theyâ€™re potentially insecure. Further, even smaller sites are generally served by hosting providers who take care of ensuring that everything is up to the latest standards. This isnâ€™t a matter of web design, but rather the underlying communication protocols used between servers.
The other problem, however, is that youâ€™re using a block of IP addresses that are shared by thousands of others. Some sites may distrust these IP addresses on sheer principle, while others may end up blacklisting them due to misbehaviour by others.
For instance, at this point, itâ€™s impossible to edit or contribute to a Wikipedia entry when using Private Relay, since it blocks all proxy and VPN servers.
Apple recommends that hosts and service providers update their systems to recognize and trust Private Relay connections, adding that these are actually more trustworthy since they â€œvalidate that the client is an iPhone, iPad, or Mac and that the customer has a valid iCloud+ subscription,â€ and Apple â€œenforces several anti-abuse and anti-fraud techniquesâ€ before the traffic even leaves its servers.
Ultimately, however, nobody is obligated to trust these connections, and traditional fraud detection systems that rely on IP addresses could end up blocking many legitimate users due to the actions of a few.
It Doesnâ€™t Bypass Geographic Restrictions
If youâ€™re hoping to use Private Relay to watch stuff thatâ€™s only available on Netflix in another country, youâ€™ll be disappointed.
Private Relay will always assign you an IP address thatâ€™s located in your home country and time zone. You can choose to use a more precise address that reflects your general location â€” usually whatever major city or metropolitan area youâ€™re closest to â€” but you canâ€™t get less precise than your home country.
Basically, Apple isnâ€™t about to help you break these rules, and in fact, itâ€™s made it clear to developers that their servers can trust the region assigned to the IP address that they see. If you want to bypass geographic restrictions, youâ€™ll need to turn to a traditional VPN provider instead.
You Might Pay More for Certain Types of Data
If your ISP or cellular carrier offers certain â€œzero-ratedâ€ services, youâ€™ll definitely want to avoid using Private Relay for these, as theyâ€™ll end up counting against your data allotment.
For example, if a carrier offers free access to stream music from Spotify, it can only do this by analyzing the traffic that passes through its servers. When it recognizes Spotify traffic, it excludes that from normal data charges.
In this scenario, however, since Private Relay hides all your browsing traffic from your ISP or carrier, it canâ€™t exempt Spotify traffic, so this will encounter data charges in the same way as any other traffic.
The good news is that since Private Relay only works with Safari, zero-rated services that work through dedicated apps should still be fine â€” this traffic wonâ€™t be hidden from your ISP or carrier â€” but youâ€™ll definitely want to avoid using these services in Safari when Private Relay is enabled.
Itâ€™s also worth noting that Private Relay can be disabled on a per-connection basis, so you could switch it off for your Cellular Data connection while still leaving it active on your home Wi-Fi network.