iCloud Private Relay

New in iOS 15 - What is iCloud Private Relay?

Jamal Issouquaein
Jamal Issouquaein

Systems Engineer - DARE Technology

One of the latest privacy features released with iOS 15, and available to paid iCloud subscribers, is iCloud Private Relay.

This is a service designed by Apple to send your web traffic through two separate relays. It will hide your IP address, location, browsing history from your ISP, and the websites you visit.

This stops companies from tracking your data and creating targeted advertising based on your browsing habits. At present Private Relay is available in a handful of counties across the globe, with Apple expected to expand support to more regions in 2022.

Geo-Restricted Content

For supported locations turning on Private Relay is as simple as heading into your iCloud settings and enabling the feature there. By default, your location is hidden from any sites you visit. For services  that host geo-restricted content, e.g. Netflix, you’re able to select a country to spoof your location. This allows you to continue to use services that rely on your location, without sacrificing your new found privacy.

Encrypted Tunnel

Private Relay functions like a VPN, when enabled your iPhone establishes an encrypted tunnel between itself and one of Apple’s Private Relay Servers. Any internet traffic from Safari is sent down this tunnel before being forwarded onto the destination webserver. All responses follow the same route back through your encrypted tunnel to your iPhone. As the tunnel is encrypted this stops your ISP, or the local network you’re connected to, from viewing the traffic. If your Organisation has a policy in place that requires all network traffic be audited, and hence prevents VPNs, Apple has released information on the DNS records you’ll need in place to block Private Relay. When blocked correctly, end users are presented with an error explaining Private Relay isn’t supported on the network they’re connected to.

Configuration

To block Private Relay, configure your DNS server to return a negative result to the following hostnames:
mask.icloud.com
mask-h2.icloud.com

Jamf Support

Avoid causing DNS resolution timeouts or silently dropping IP packets sent to the Private Relay server, as this can lead to delays on client devices. Jamf have also announced support for split routing using iCloud Private Relay. With the correct MDM configuration Profiles in place users will have their personal traffic sent over iCloud Private Relay, while corporate traffic is routed normally through the network and still auditable.

Browse Other Articles

Why device management is needed more now than ever in FinTech

Figures released by a recent report shows worldwide FinTech investments topped $44bn totalling 3,052 deals in 2020, with the UK accounting for 408 deals and $4.1bn in funding. As investment grows, implementing a device management solution that keeps FinTech companies moving forward, as well as company and customer data secure,

Read More

Jamf Cloud security report 2021

Many organisations were forced to transition business practices in 2020 to a fully remote model while maintaining productivity levels. 52% of organisations experienced a malware incident on a remote device in 2020, up from 37% in 2019; a 41% increase.  Jamf features solutions that empower Apple users to stay connected without sacrificing

Read More