iCloud Private Relay

New in iOS 15 - What is iCloud Private Relay?

Jamal Issouquaein
Jamal Issouquaein

Systems Engineer - DARE Technology

One of the latest privacy features released with iOS 15, and available to paid iCloud subscribers, is iCloud Private Relay.

This is a service designed by Apple to send your web traffic through two separate relays. It will hide your IP address, location, browsing history from your ISP, and the websites you visit.

This stops companies from tracking your data and creating targeted advertising based on your browsing habits. At present Private Relay is available in a handful of counties across the globe, with Apple expected to expand support to more regions in 2022.

Geo-Restricted Content

For supported locations turning on Private Relay is as simple as heading into your iCloud settings and enabling the feature there. By default, your location is hidden from any sites you visit. For services  that host geo-restricted content, e.g. Netflix, you’re able to select a country to spoof your location. This allows you to continue to use services that rely on your location, without sacrificing your new found privacy.

Encrypted Tunnel

Private Relay functions like a VPN, when enabled your iPhone establishes an encrypted tunnel between itself and one of Apple’s Private Relay Servers. Any internet traffic from Safari is sent down this tunnel before being forwarded onto the destination webserver. All responses follow the same route back through your encrypted tunnel to your iPhone. As the tunnel is encrypted this stops your ISP, or the local network you’re connected to, from viewing the traffic. If your Organisation has a policy in place that requires all network traffic be audited, and hence prevents VPNs, Apple has released information on the DNS records you’ll need in place to block Private Relay. When blocked correctly, end users are presented with an error explaining Private Relay isn’t supported on the network they’re connected to.

Configuration

To block Private Relay, configure your DNS server to return a negative result to the following hostnames:
mask.icloud.com
mask-h2.icloud.com

Jamf Support

Avoid causing DNS resolution timeouts or silently dropping IP packets sent to the Private Relay server, as this can lead to delays on client devices. Jamf have also announced support for split routing using iCloud Private Relay. With the correct MDM configuration Profiles in place users will have their personal traffic sent over iCloud Private Relay, while corporate traffic is routed normally through the network and still auditable.

Contact Us

Browse Other Articles

Mac Active Directory – time for a new solution

Why now is the time to cut ties with macOS Active Directory binding. At DARE we work with many organisations who have a blend of Windows and macOS devices within their fleet. In most cases we see, organisations who have a Microsoft infrastructure at their core naturally opt for binding

Read More

Social Engineering, it’s all Greek to us

Can You Protect Against Social Engineering? One of the earliest examples of social engineering was during the legendary Trojan War, when theGreek army were able to sneak into the city and win the war by hiding in a wooden horse that was initially presented as a signal of peace – thus

Read More
DARE
CALL: 0330 124 7615
[email protected]
Linkedin

Linkedin

Edinburgh + Newcastle
Cyberessentials Certified

Privacy and Cookie Policy | Terms and Conditions