NEWS & EVENTS

iCloud Private Relay

New in iOS 15 - What is iCloud Private Relay?

Jamal Issouquaein
Jamal Issouquaein

Systems Engineer - DARE Technology

One of the latest privacy features released with iOS 15, and available to paid iCloud subscribers, is iCloud Private Relay.

This is a service designed by Apple to send your web traffic through two separate relays. It will hide your IP address, location, browsing history from your ISP, and the websites you visit.

This stops companies from tracking your data and creating targeted advertising based on your browsing habits. At present Private Relay is available in a handful of counties across the globe, with Apple expected to expand support to more regions in 2022.

Geo-Restricted Content

For supported locations turning on Private Relay is as simple as heading into your iCloud settings and enabling the feature there. By default, your location is hidden from any sites you visit. For services  that host geo-restricted content, e.g. Netflix, you’re able to select a country to spoof your location. This allows you to continue to use services that rely on your location, without sacrificing your new found privacy.

Encrypted Tunnel

Private Relay functions like a VPN, when enabled your iPhone establishes an encrypted tunnel between itself and one of Apple’s Private Relay Servers. Any internet traffic from Safari is sent down this tunnel before being forwarded onto the destination webserver. All responses follow the same route back through your encrypted tunnel to your iPhone. As the tunnel is encrypted this stops your ISP, or the local network you’re connected to, from viewing the traffic. If your Organisation has a policy in place that requires all network traffic be audited, and hence prevents VPNs, Apple has released information on the DNS records you’ll need in place to block Private Relay. When blocked correctly, end users are presented with an error explaining Private Relay isn’t supported on the network they’re connected to.

Configuration

To block Private Relay, configure your DNS server to return a negative result to the following hostnames:
mask.icloud.com
mask-h2.icloud.com

Jamf Support

Avoid causing DNS resolution timeouts or silently dropping IP packets sent to the Private Relay server, as this can lead to delays on client devices. Jamf have also announced support for split routing using iCloud Private Relay. With the correct MDM configuration Profiles in place users will have their personal traffic sent over iCloud Private Relay, while corporate traffic is routed normally through the network and still auditable.

BROWSE OTHER ARTICLES

Five Remote Working Predictions in 2021

With remote working set to continue for the foreseeable future, we came up with some predictions for the year ahead. Businesses will improve their technology further Many businesses were unprepared when the first lockdown came into force. ‘Unprecedented’ became the buzz word of 2020. It was true – none of

Read More

CYOD is the new BYOD: Keep Your Devices Safe and Secure

Everyone has heard of BYOD (Bring Your Own Device) and it’s an approach that many companies were happy to take before the pandemic. BYOD devices were and still are popular choices with employees who worked part-time, freelance, or in the physical office for just one or two days a week.

Read More