Kids Can Use It to Bypass Parental Controls
If you have a router that offers built-in parental controls, you probably won’t want to let your kids use iCloud Private Relay on their devices, as they’ll be able to skirt right by them without any problems.
With Private Relay enabled, everything sent out from Safari on an iPad, iPhone, or Mac is encrypted in what’s effectively a sealed envelope addressed to Apple’s Private Relay servers. When this traffic hits your home router, it won’t be able to determine where it’s actually going.
In principle, this isn’t a bad thing. In fact, it’s the whole point of Private Relay in the first place. Just like your home router can’t intercept and analyze this traffic, neither can your school, employer, or ISP.
The problem, of course, is that the same feature that keeps all of your family’s traffic private from your ISP also keeps your kids’ traffic private from you. If you rely on the parental controls on your router to block your kids’ access to the darker corners of the internet, you’ll need to either make sure they can’t use Private Relay, or you’ll need to switch over to using Apple’s Screen Time, which enforces these controls directly on their iPhone, iPad, or Mac.
While Screen Time doesn’t currently offer a way to specifically prevent kids from turning on Private Relay by itself, you can block this by disallowing all “Account Changes” under Content & Privacy Restrictions.
Note that time-based parental controls on your router should still work fine — as long as kids’ devices aren’t using the Private Wi-Fi address feature. Your router will still know what devices traffic is coming from. It just won’t be able to determine where that traffic is actually going.
Keep in mind that, for the same reason, some organizations may choose to block Private Relay, since it not only prevents filtering of traffic but auditing of that traffic as well. There’s not much you’ll be able to do about this — after all, it’s their network, their rules.