If there’s one thing you can rely on Apple for, it’s an ongoing stream of new privacy features. One of the latest additions to Apple’s privacy toolkit is the iCloud Private Relay. If you have an iOS 15 phone or macOS 12 computer (or later versions), or recently signed up for an iCloud+ account, you might have seen it in your system settings already.
Apple Private Relay aims to protect your privacy by hiding your IP address and online activity from third parties on Safari. Almost sounds like a VPN, doesn’t it? It’s not though. So what is Apple private relay? How does it work? And how does it compare to a VPN? We’ll answer all those questions and more here.
Get More Privacy with a VPN in 3 Easy Steps
Want the best possible protection for all your web traffic and not just Safari? You can use CyberGhost VPN to protect your iOS and macOS devices from third-party snooping, cyber attacks, and censorship. Just connect in 3 quick steps:
- Become a Ghostie. It’s fast and easy!
- Download the iOS and macOS apps.
- Connect to a server of your choice and start browsing.
What Is Apple Private Relay?
Apple Private Relay (or iCloud Private Relay) is a privacy feature offered as part of Apple’s paid iCloud+ subscription. It boosts your privacy by masking your IP address and Safari activity to limit third parties from digitally profiling you.
Usually, your IP address and search queries are visible to websites and network providers when you browse the internet. This means anyone monitoring or tracking you can see which websites you’ve been on and what you’re looking for. Third parties can use this information to build a digital profile of you, including your approximate location information, so they can send you targeted ads and personalize your online experience.
Private Relay helps you avoid this digital profiling by encrypting your Safari traffic and directing it through multiple separate internet relays. Your IP address is switched with a generalized IP address from a nearby location. This makes it difficult for third parties to identify you because they can’t pinpoint who you are, where you are, or what you’re doing.
How Does Apple iCloud Private Relay Work?
Apple’s Private Relay uses a dual-hop method to redirect your Safari traffic through two servers. When you turn it on, it encrypts your traffic before it leaves your device, then sends it through your ISP and to the first server (known as the ingress proxy). This server is owned by Apple. Your IP address is still visible at this point, both to your ISP and the server. Since your traffic is encrypted, neither the first relay nor your ISP can see the data your connection is transporting.
Apple also removes identifying information from your IP address at the first relay, so that the second relay can’t pinpoint your location. It does this by using geo-IP lookup to determine which geographic location you’re browsing from. It then sends this information back to your device using a geo-hash. This encodes your exact IP address into a string of characters representing a broader location.
Your traffic then leaves the first relay and reaches another server (the egress proxy). This server is owned by a third-party provider, not Apple. The second relay can’t see your real IP address. It only receives the geo-hash information, which is enough to work out your approximate location.
The second server uses this general information to assign you a new relay IP address. For example, if your general location is identified as New York, the second server might assign you an IP address in Manhattan. The second relay also decrypts your internet request to complete your connection and direct your traffic to where you want to go. The website you’re visiting then only sees the temporary relay IP address, not your actual IP address.
Since the private relay removes information at each relay, no one can see both your IP address and search request at the same time. The first relay (and your ISP) sees your real IP address, but your traffic is encrypted so it’s hidden from view. The second relay sees your decrypted traffic to direct your request to the right place, but not your real IP address. This limits third parties from connecting your activity to your real location or IP address, and vice versa.
What Is the Apple Private Relay Email ID?
Ever created a new account with your Apple ID, then wondered why you’re not getting any emails? When Apple introduced Private Relay, it also introduced a setting that lets you hide your real email address from platforms when you create accounts. If you’ve opted to hide your email and use the sign in with Apple ID feature, it creates a new anonymous email address for you. This address typically looks something like this: <unique-alphanumeric-string>@privaterelay.appleid.com
Your iCloud account will create a unique private relay email ID for every platform with which you use the sign-in feature. You can find your Apple Private Relay IDs by going to Apple ID in your iCloud settings, selecting Password & Security, and tapping Apple ID Logins. These emails won’t be forwarded to your regular email address, so you’ll need to head there when you want to confirm your new account, get updates, or reset your password.
If you want to sign in to the same platform from other Apple devices, you’ll need to enter your unique private relay email ID for that platform with your password on those devices.
Apple Private Relay: The Pros and Cons
Is Apple Private Relay worth it? It provides a quick and easy way to conceal your identity and traffic, but it also has drawbacks. Let’s weigh up the pros and cons to help you decide – first with a quick table, then a deeper look at each side.
Pros | Cons |
👍🏻 Masks your IP address to a generalized region to avoid location tracking and IP-based digital profiling 👍🏻 Shares your assigned IP address between other users, minimizing trackers’ ability to link activity to one individual 👍🏻 Encrypts your Safari traffic before it leaves your device, hiding your activity from your ISP and third parties 👍🏻Lets you customize your private relay settings for specific networks and devices 👍🏻Pre-installed into your iOS and macOS devices | 👎🏻Only encrypts Safari traffic, leaving other web traffic and your IP address visible 👎🏻 Doesn’t let you select which region you want an IP address from 👎🏻Blocked by some sites and networks that detect proxy traffic or specific private relay IP addresses 👎🏻Not available in all countries 👎🏻Not available for devices with versions older than iOS 15 and macOS 12 |
Apple Private Relay: The Pros
Let’s start with the good stuff. Apple Private Relay helps you conceal your digital identity by removing the link between your activity and IP address. This makes monitoring your activity and tying your browsing history to your digital profile much trickier.
You get a random relay IP address that represents a broader location, so websites can only estimate your region, city, or country – not your specific zip code. Since you share this IP address with others, it also mixes your traffic, so anyone watching can’t identify who the traffic is coming from. This makes it harder to track you down, giving you more privacy from people monitoring your whereabouts and searches.
Apple Private Relay comes pre-installed on iOS devices with iOS 15 or later and Macs with macOS 12 or later, so it doesn’t require manual setup or extra apps. It’s a paid-for service, though, as you need a 50 GB or larger iCloud storage plan (iCloud+). You can customize your private relay settings, such as choosing how broad you want your IP address location to be or disabling private relay on certain networks and devices.
Apple Private Relay: The Cons
Apple Private Relay has some limitations. It only encrypts your Safari traffic, which means any other web traffic on your device is still exposed. Websites and third parties can still track you via other means, including on other browsers or within your apps. They can use this information to digitally profile you, regardless of whether you’re masking your traffic in Safari.
You don’t get any choice over your IP address location with Apple Private Relay either. It widens the geographical region of your IP address, but it’s still limited to your country, and you can’t change it. This means you should still be able to reliably access local content and accounts, so long as the sites don’t block proxy servers or relay IP addresses. Some website servers filter private relay IP addresses and hostnames to block traffic, so you could struggle to access them unless you use your actual IP address. Other sites might not work correctly, especially if they need your location to function.
If you choose the country or time zone relay option, you may struggle to access some localized content like blackout sports games. This is because some sites might detect that proxy traffic is coming from elsewhere in the country and block you. If you’re hoping to get an IP address from a different country or to get into your local accounts from overseas, private relay can’t help you.
Apple Private Relay also isn’t available everywhere. Some countries, including China, Colombia, Egypt, Kazakhstan, and Saudi Arabia don’t let you use this feature at all. Even network carriers have discussed disabling it. In 2022, mobile carriers Vodafone, T-Mobile, and EE opposed the feature and asked the EU Commission to block Private Relay because it undermines their control over their technology and services. Although no carriers have officially blocked the service, reports show people complaining about the feature being deactivated on their data plans.
Network administrators can choose to block Apple’s Private Relay too. This is common at work or school, where network administrators want to keep tabs on your activity. If you try to use Safari on these networks with it turned on, you’ll see a popup telling you to disable it or to try another network. This can make Private Relay somewhat unreliable on different networks, forcing you to expose your real IP address and Safari traffic.
The best way to get around network blocks and keep your activity concealed is with a VPN. CyberGhost VPN encrypts your traffic with strong algorithms and makes it look like the VPN server is your end destination instead of a middleman. This helps you get around annoying network restrictions so you can access the sites you need. You can choose server locations from anywhere in the world, which means you can freely access local sites when you want, from wherever you are.
Apple Private Relay vs. VPN: What’s the Difference?
Given that Apple private relay masks your IP address and encrypts your traffic, it’s easy to see why you’d think it’s an iOS VPN or macOS VPN in disguise. Although they’re similar in this regard, there are distinct differences. Let’s compare the two before we dig into more detail.
Apple Private Relay | VPN |
Encrypts Safari traffic only | Encrypts all web and app traffic |
Sends your traffic through two private proxy servers | Tunnels your traffic through a single VPN server |
Masks your IP address with one from the same city or country | Masks your IP address with one from the VPN’s list of available servers in any number of cities and countries |
Doesn’t let you switch to a different IP location | Provides server options to let you get an IP address from your preferred region or country |
Not reliable for bypassing network restrictions and unblocking websites | Reliable for bypassing network restrictions and unblocking websites |
Only supports devices with iOS 15 or later and macOS 12 or later | Works on a variety of devices, including most versions of iOS and macOS |
Preinstalled on supported Apple devices and tied to your iCloud account | Requires you to download an app or do manual setup via your device’s network settings |
Not marketed as a paid feature, but needs an iCloud+ subscription to work | Typically comes with a monthly or annual subscription fee |
Only encrypts and redirects your Safari traffic, with minimal settings options and no other features | VPN apps come with varied settings options and typically provide extra features that enhance your privacy and security |
Unreliable on some networks as administrators can easily block Relay traffic | Reliable on most networks as traffic is undetectable |
Encrypting Your Traffic
One of the biggest differences between Private Relay and a VPN is that Apple’s option only encrypts your Safari traffic. This means your IP address and activity through Safari are concealed from third parties, but both remain unchanged across other apps. Your traffic and location will still be exposed and available for tracking in a different browser, even with the iCloud Private Relay activated. So even if a third party couldn’t spy on you in Safari, they could still be watching you and logging your information via your Chrome traffic.
A VPN is different. Unlike Apple Private Relay, a VPN doesn’t limit your encryption. A VPN encrypts all your traffic, so it doesn’t matter if you’re using Safari, Chrome, Firefox, or even Microsoft Edge. Your traffic stays securely concealed from third parties, even if you close one browser and open another. This protects your digital identity and prevents third parties from tracking you across all the traffic traveling over your device’s connection, rather than purely on Safari.
To encrypt all your web activity, you can try CyberGhost VPN. Our VPN keeps your activity safely concealed with powerful encryption whether you’re using Safari or not. That way, outsiders can’t spy on your habits even if you close your Safari browser. You also get advanced features like DNS leak protection and dedicated IPs.
Redirecting Your Traffic
Private Relay uses a dual-hop feature, which sends your Safari traffic through two proxy servers before it connects you to the site you want to visit. These proxy servers act as middlemen to mask your IP address and stop websites from working out who you are. This relay system can only support a single application or site at a time – in this case, Safari. Since it only protects your Safari traffic, Apple Private Relay doesn’t stop third parties on other apps and sites from tracking your IP or identifying. Even if they can’t identify you Safari, they could be tracking your digital identity on other apps.
A VPN uses tunneling to redirect your traffic. It establishes a single, secure connection between your device and a VPN server, not a proxy server. This is known as the VPN tunnel. Unlike Private Relay, all web traffic leaving your device is redirected to the VPN server. Your traffic travels through this encrypted tunnel to the VPN server where it’s decrypted and sent to the end destination. VPNs can support multiple applications and sites simultaneously, so no matter which app you’re using, it travels through the VPN tunnel and stays protected by military-grade encryption. This stops third parties from tracking your IP address and digital habits on whichever site or app you’re using.
Assigning IP Addresses
Apple Private Relay automatically assigns you an IP address from a pool of relay IP addresses. These are localized, either to your region and city or your country. You’re not able to change your location to another region, so you can’t use Apple Private Relay to switch your IP address to one from a different country.
A VPN similarly assigns you a new IP address from a list of available IP addresses. It gives you more freedom over where this IP address is located, though. While you can let a VPN automatically assign you an IP address, usually from the server closest to you, you can also choose a server location in a different region or country. This means you can connect to a server overseas to get a UK IP address if you’re in the US, for example, depending on where the VPN provider has servers.
For each VPN server location, you can also select different servers varying by region to give you more freedom over the IP address. For instance, in the US, you could select a New York, Chicago, or Texas server. This gives you much more flexibility over the IP address you’re assigned and lets you access local content. Apple Private Relay doesn’t let you choose any servers, even from the same country or region, so your only option is to use the one it gives you.
For a wider choice of IP address locations, you can download CyberGhost VPN. You’re not tied to an IP address in your country or region. Choose from secure VPN servers all over the world to change your IP address to anywhere you like.
Is Apple Private Relay Safe?
Apple’s private relay is safe, though some questions are circling about the egress relay. Given it’s not hosted by Apple, you’d be right to question who’s managing the second relay and what they’re doing with your information once it’s decrypted. Thankfully, Apple is well-known for prioritizing security and privacy, so it’s unlikely the company would use an untrustworthy provider.
Apple hasn’t provided details about who the third parties are, but we do know they’re located around the world. This is a potential issue as some countries have laws requiring companies to log user data and hand it over to authorities if they request it. That could mean your data is being logged elsewhere.
Apple also states the private relay has a minimal logging policy. Apple assures us it doesn’t log any identifiable information, but this still undermines the relay’s purpose of improving your privacy. Anything you do outside of Safari can easily be logged too, so your information is at risk elsewhere. If you don’t want anyone logging your online activity, it’d be better to choose a no-logs option. That’s where a VPN can help. Even though it’s also a third party, a VPN that prioritizes its transparency and your privacy is a better bet than the obscure third parties managing the egress relays.
CyberGhost VPN has a strict no-logs policy, so we don’t keep, track, or share any of your data, on or outside of Safari. Our RAM-based servers are incapable of storing any data, which means any remaining traces of your VPN usage are wiped with every reboot. We’re not required by law to retain any user data either, so we have nothing to hand over even if anyone asked us. This is all confirmed by a Deloitte audit and our Transparency Report.
How to Find and Set Up Apple Private Relay
Private Relay is already installed on your Apple devices, so it doesn’t require much configuration to set it up. You can find it within your iCloud settings on iOS and macOS.
Remember, you’ll need to pay for an iCloud+ subscription to use the private relay feature. To upgrade, press Manage My Account Storage within your iCloud settings in the settings app. Press Change Storage Plan and select from the available upgrade options.
Follow our instructions to get started:
- Open Settings and click on your Apple ID.
- Press iCloud
- Scroll down to Private Relay and tap it.
- Turn the toggle switch on.
How to Adjust Apple Private Relay Settings
You can adjust your Private Relay settings to decide whether to set your location as general, which is more localized to your city area. You can also use your country and timezone for a broader relay IP address location. To do this, follow these steps:
- Follow steps 1–4 in the How to Find and Set up Apple Private Relay section above, or skip this step if it’s already toggled on.
- Press IP Address Location
- Choose between Maintain general location or Use country and time zone depending on how broad you want your IP location to be.
How to Turn Off Apple Private Relay
You can choose whether to turn Private Relay off indefinitely or temporarily, which is useful if you’re struggling to access a website with your private relay IP address. We’ll show you how to disable private relay on your OS devices, and how to turn it off for certain networks or websites.
Turn Off Apple Private Relay on iPhone/iPad/Mac
- Open Settings and find private relay within your iCloud settings.
- Turn the toggle for Private Relay off. You’ll see a popup asking you to select how to disable Private Relay.
- Choose between turning it off indefinitely or disabling it until the next day.
Don’t forget that turning off Apple Private Relay means your real IP address will be exposed in Safari. Websites and trackers will see your real IP address and a more accurate approximate location, and your ISP and third parties will track your browser activity.
Turn Off Private Relay for Specific Networks
Some networks don’t work with Apple Private Relay, especially if you’re at work or school. Network administrators can configure these networks to block Apple’s private relay, usually because they want to see your activity.
Although you can’t use the private relay on these networks, you can limit IP address tracking within your settings. This will mask your IP address from known web trackers in Safari, while also disabling Private Relay. Note that it doesn’t mask your activity or prevent websites from seeing your real IP address.
Turn Off Private Relay for a Network on iPhone/iPad
- Open the settings app and press Wi-Fi.
- Tap the information button next to your chosen network.
- Scroll down and look for Limit IP Address Tracking.
- Turn the toggle on to mask your IP address from trackers in Safari.
Turn Off Private Relay for a Network on Mac
- Click on the Apple icon to open System Settings.
- Press Wi-Fi and find your chosen network.
- Press Details… next to your chosen network.
- Press the toggle next to Limit IP address tracking to turn it on.
- Tap OK to save your changes.
Turn Off Private Relay for Certain Websites
Like networks, some websites don’t work with Apple Private Relay. Websites using IP address filtering or monitoring might block traffic sent through the feature. If this is the case, you can temporarily turn off the private relay for that specific website to let it see your real IP address. Follow these instructions:
Turn Off Private Relay for a Website on iPhone/iPad
- Open a website page within Safari.
- Press the Aa button in the address bar at the bottom of the page.
- On the popup, press Show IP Address.
- Tap Continue to temporarily disable private relay and use your real IP address.
Turn Off Private Relay for a Website on Mac
- Open a website page in Safari.
- Click View and then Reload.
- Click Show IP Address, then Continue to save your changes.
Apple Private Relay: Is It Worth It?
Apple’s iCloud Private Relay is a step in the right direction to protect your privacy. It does what it says it does. It masks your IP address with another and encrypts your Safari traffic to stop others seeing what you’re up to. This helps you visit the web with more anonymity. Private Relay has a catch though – in fact, it has a few.
The biggest downfall is that Apple Private Relay only protects your Safari traffic, leaving information outside of the browser exposed. Anything else you do online without Safari uses your real IP address and isn’t encrypted. It’s still easy for someone to trace your activity to your real IP address. It’s also not reliable with all networks or websites, as many web servers and routers block private relay to stop you from hiding your location or traffic.
Although it’s nice to have the built-in functionality, Apple Private Relay is still a paid-for service. It can’t compete with a VPN’s protection either. For a similar price, you can get much better protection with CyberGhost VPN.
Our VPN masks all your web traffic and conceals your IP address no matter which browser you’re using. It also lets you choose between server locations all over the world, so you’re not tied to an IP address in your country or region. If you want to boost your online privacy, why not try CyberGhost VPN risk-free with a 45-day money-back guarantee instead?
FAQs
Apple’s private relay helps you avoid digital profiling by encrypting your Safari traffic and directing it through multiple separate internet relays. It switches your IP address with a generalized IP address from a nearby location. This makes it difficult for third parties to pinpoint who you are, where you are, or what you’re doing, because they can’t see your traffic or real location.
Apple private relay is a built-in feature that’s useful for protecting your traffic and IP address in Safari. If you already have an iCloud+ subscription, you can use it whenever you like. For even more protection, use a VPN. CyberGhost VPN encrypts all web traffic on iOS and macOS, rather than just your browser activity. It also masks your IP address with one from a server location of your choice, not just an approximate nearby location. This stops third parties from logging your activity and seeing your real IP address.
Turning Apple private relay off will expose your real IP address and Safari activity to anyone watching your traffic. This means they can see what you’re doing and use it to help digitally profile you. That said, third parties can still do this even with the private relay turned on, because it only protects your traffic in Safari. To conceal all your web and app traffic, download CyberGhost VPN. Our VPN sends all your online activity through a secure, encrypted tunnel to a server that replaces your IP address so outsiders can’t eavesdrop on your activity.
No. It encrypts your Safari traffic and masks your IP address, but it isn’t a VPN. A VPN offers much more protection, encrypting all web traffic, even outside of Safari. A VPN also lets you choose an IP location from worldwide server locations, while Apple’s private relay assigns you a more generalized IP address from your region or country. Private relay doesn’t help you get around network restrictions or unblock websites like a VPN does either.
Yes. Apple’s private relay is available as part of an iCloud+ subscription. You can choose different iCloud+ plans depending on the storage you need. All plans come with the private relay and email hiding feature, which you can use across all devices linked to your iCloud account.
Leave a comment