

That sounds reasonable in theory, but there's a problem.

These are all run by volunteers, too, greatly reducing the chance that any one person can track what you're doing, and we've seen arguments that this makes Tor safer than Private Relay. But while Apple stops at two, Tor defaults to three, and there can be many more. Private Relay's design looks good to us, but is it good enough? Tor also uses a system where your connections are routed through multiple relays. That’s one or two orders of magnitude higher than any VPN provider out there. These are CDN giants - Akamai alone has 300,000+ servers in more than 130 countries - and adding Cloudflare and Fastly to the mix should ensure you're never far from a Private Relay server. It's a brand new technology developed by Apple, Cloudflare and Fastly, another big CDN provider who would make a lot of sense as a Private Relay partner.Ī recently published report speculates that Akamai is Apple's third provider, and suggests the Private Relay link is behind a rally in the share prices for all three companies. There's another clue in an Apple developer video, which explains that Private Relay uses 'Oblivious DoH' (ODoH.) This is a new DNS standard which encrypts requests to ensure that when you connect to Private Relay, the first server (the Ingress Proxy) can't see the website you're trying to access. This is the separation of knowledge which preserves your privacy: the Ingress Proxy knows a little about who you are (your IP address), but not what you're doing the Egress Proxy knows what you're doing, but nothing about who you are.Īlthough Apple didn't name the providers it's working with, there were some clues in its WWDC presentation (Image credit: Apple) The Egress Proxy then decrypts your request, to find out which website you're visiting. This second server is run by an independent content provider, not Apple and likely to be a partnering CDN provider, ensuring it has no way to figure out who makes any particular request.

The Ingress Proxy now makes an encrypted connection to the Egress Proxy, passing it your request. (You can alternatively tell Private Relay to choose an IP from your country and time zone, giving it a much wider pool of IPs to choose from.) If you've a Staten Island IP address, for instance, it might simply use 'New York. You could still be identified by your IP address, so the Ingress Proxy replaces it with an approximate geographical location. This is how Private Relay uses multiple proxies to conceal your true IP address (Image credit: Apple)
