Hiding one’s own IP address from others is one of the classic disciplines of digital self-defense. Be it to circumvent censorship or to tell website operators as little as possible about themselves and to be able to conduct unrecognized research. Or, in order not to present your own Internet provider with a profile of your own interests on a silver platter. Two of the most popular tools for this are Virtual Private Networks (VPN) and the Tor browser. Apple has presented a mix of both at its developer conference WWDC: the feature is called Private Relay and is part of the paid offer iCloud+.
VPNs establish a digital tunnel from the user to the server of the VPN operator, thereby encrypting the data traffic. On the server, the IP address of the user is replaced by another one by the VPN operator and the request is forwarded from there to the destination address. This prevents the Internet provider from seeing which pages the user is accessing. The operator of the destination address can not see by whom his page is really called. However, the VPN provider itself knows the true IP address of the user and also the destination address, so users must trust it to protect their data and not pass it on.
The Tor browser, on the other hand, relies on a global network of computers, three of which are always randomly selected to establish a connection from the user to the target server. As a result, the Internet provider does not know which pages his customer calls up, and website operators do not see from whom a request really comes. The special architecture of the service – unlike VPNs-means that none of the intermediate stations knows both the output and the endpoint.
Federighi: “We didn’t want users to have to trust us«
Apple’s Private Relay combines some of these features into an anonymizer service with its own unique strengths and weaknesses. The data traffic, including the destination address, is first sent encrypted by the Safari browser to an iCloud server from Apple. The IP address is replaced with one from the same Region, but not from the same exact location. From this server, the request is routed to a second server operated by an Apple partner. This decrypts the destination address and forwards the request there.
The company has not yet revealed which providers Apple trusts. (Cloudflare could be one of them.) The effect: Apple only knows who the users are, but not where they want to go. The other intermediate station knows where the users want to go, but not what IP address they really have. The Internet provider also does not see where its customers want to go, and the operators of the destination addresses do not know where the calls really come from.
Apple’s software chief Craigh Federighi told “FastCompany”: “We hope that users see in Apple a trusted middleman. But we didn’t even want them to have to trust us – that’s why we don’t have the ability to see their IP addresses and their destination addresses at the same time, unlike VPN providers.” Apple wants to offer the benefits of a VPN without users having to answer the difficult question of whether they can trust their VPN provider.
Ultimately, you would probably still have to trust Apple. Because so far, the US company has not explained how its encryption and obfuscation works in detail.
Whether the latter works, could be checked quickly: You simply call a website like whatismyip.com both in Safari and in another browser. A different IP address should be visible in Safari than in the comparison browser.
The destination address, however, would have to be encrypted on the user’s device in such a way that Apple cannot decrypt it, but the second intermediary can. How the corresponding key management works, Apple has not explained so far.
advantage by Private Relay:
-
As Federighi says, users do not have to trust a VPN provider that is difficult to assess.
-
Since Apple allegedly uses some of the largest corresponding providers as a second stopover, the service should be fast and reliable, which is not always the case with Tor and VPN operators.
-
Anyone who is logged into the iCloud+account on his or her Mac, iPad or iPhone does not have to do anything else, Private Relay is then automatically active.
-
It makes it difficult for advertisers to follow users across the web.
disadvantage:
-
Private Relay only works in Safari, not in Chrome, Firefox, or other browsers.
-
Unlike Tor, the solution is also not open source, and it costs money. iCloud + costs 99 cents, 2.99 euros or 9.99 euros per month, depending on the tariff.
-
In addition, users can not choose which replacement IP address they get from Apple-so bypassing country barriers, which set up streaming services such as Netflix, for example, is not possible.
-
In China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda and the Philippines, Private Relay is not offered at all, so it is not suitable as an anti-censorship tool.
In other words, anyone who trusts or needs to trust the Tor browser so far and can cope with its limitations will not need Apple’s private relay. For people who are looking for a VPN provider and are willing to spend a little money on it-which is always advisable with normal VPN providers, because the free ones are not likely to be the most trustworthy – Apple’s new feature may be a useful alternative. If he or she also has an Apple device.
