dVPN routing
VPNs are not perfect privacy solutions given the way many centralize user data, leaving it vulnerable to data breaches or mass government surveillance. A dVPN, contrarily, is by design a privacy-enhanced VPN in light of these threats: its VPN routing procedure is decentralized through multiple-hops to prevent centralized traffic records (or logs). Keep in mind that a VPN is only genuinely decentralized if there is no central point where a full route of user traffic can be known or recorded. This requires independently operated and ideally unlinkable servers (or nodes) supporting the routing network.
Traditional VPNs are not decentralized because they own and operate their servers, or rent them from third-parties. In principle, they can keep logs of traffic that passes through their server(s), even if they provide something like a Double VPN option or commit to no-logs policies. A dVPN, to the contrary, must be multi-hop and cannot keep logs by design, since no server on the routing path can have access to the full route your traffic takes.
iCloud Private Relay
So what can we make of Apple’s more recently introduced iCloud Private Relay? Like both proxy servers and VPNs, it routes your traffic through intermediary servers and masks your IP address. Yet categorizing it is difficult.
Private Relay as proxy server? Since the iCloud Private Relay functions exclusively through Apple’s proprietary Safari browser, it is closer to a proxy server than a VPN, since proxies tend to be browser specific. But unlike a proxy, it is multi-hop and provides DNS encryption to protect against metadata tracking.
Private Relay as a VPN? One could say that iCloud Private Relay is like a VPN built into the Safari browser. But unlike a VPN, it doesn’t cover all the traffic coming from your device which, to be honest, could be a lot of traffic!
Private Relay as a dVPN? The iCloud Private Relay has an architectural similarity to a dVPN in the sense that it employs two independent servers with the intention of separating your IP address from your DNS request to counter metadata tracking efforts. But its decentralized nature is ultimately undermined by the use of a proprietary server, some committed logging practices, and with linkability with the second third-party server relay which is contracted by Apple.
But more important than these categorizations is how the iCloud Private Relay compares to VPNs designed specifically to protect user privacy. So let’s dig in to the heart of the matter.
Privacy protections: Private Relay vs. dVPNs
Like the marketing of almost all VPNs on the market, Apple notes how user data is the target of extensive data tracking, collection, and surveillance systems. All of this is no doubt true, and the situation is much worse than many people may realize. But does Apple provide a sufficient solution to the problem of online privacy?
Comparing a single service like the iCloud Private Relay against a huge market of VPNs isn’t easily meaningful. VPNs can be quite different from one another, and their privacy commitments might not always correspond with the reality of what they are doing with our data.
To meaningfully compare these products, Nym’s has the following assumptions:
- Given that a VPN is in principle a much more comprehensive privacy tool than a proxy server, let’s only compare how Apple’s Private Relay compares to a VPN in terms of privacy protections.
- Given that Apple’s feature is closer to a dVPN in terms of routing architecture, we will only compare the two models. In the end, a dVPN is a much stronger architecture in terms of privacy than a traditional 1-hop VPN.
- Given that dVPNs are different from one another, the following table thus represents Nym’s vision of what an ideal dVPN should minimally provide in terms of privacy features. Many VPNs and some dVPNs may well fall short of these requirements, so you should look for them all when shopping for one.
IP address obfuscation
Your IP address can be superficially masked for the recipient simply by routing or relaying your traffic through a proxy server. In this sense, Apple’s Private Relay and all reliable VPNs and proxy servers serve this basic privacy function.
However, keep in mind that any operators of a proxy connection (whether it’s Apple, a VPN, or a proxy server) will be able to see your true IP address as your traffic passes through their server. So on its own, this isn’t a full-proof protection for genuine anonymity, given that Big Tech companies like Apple and Google are the biggest data trackers.
No-logs policy
In order to relay or reroute your traffic and mask your IP, a VPN no less than Apple must first handle the data of your traffic. Many VPN providers thus claim to offer “no-logs” or “zero-logs” policies to assure users that they do not keep records of your data. Assuming your web connection is already encrypted, information that can be logged will include, among other things: your IP address when making a connection – at a given time, location, and duration – with the IP of a web service or contact. All of this metadata is a huge resource for online trackers.
Apple offers what they call a “minimal logs” policy for its iCloud Privacy Relay service, specifically for network operations purposes. This is a common practice even if undisclosed by many VPNs, and so it’s an honest admission on Apple’s part in specifying (though they do not do so on their website promotions for the service). What this means is that when your Safari traffic passes through their own Relay 1, Apple will see and log your IP address, among other data deemed “operational” from a network perspective. However, they make no stated commitments to the logging practices of the second third-party server (on Relay 2, which remains obscure).
Comparatively, this is more or less the case with dVPNs in which individual nodes can potentially log whatever they like passing through their servers. The dVPN safeguard is that no single node can have access to the full traffic route. This is also the design of the iCloud Privacy Relay. However, its privacy downside compared to dVPNs is that Apple operates and logs on Relay 1 while also employing Relay 2, making them ultimately linkable.
DNS encryption
Apple’s iCloud Private Relay provides encryption for the Domain Name System (DNS) requests of your traffic. DNS essentially translates human-readable domains or addresses (e.g., www.nymvpn.com into a computer-legible format (a numerical IP address). Making sure that the DNS request is encrypted, and preventing DNS leaks, is a crucial privacy feature: without it, the IPs of who and what you’re connecting with online can be visible to external tracking efforts.
Many modern VPNs also encrypt DNS requests in their tunneling protocols and claim to prevent DNS leakage. A DNS leak happens when a request is automatically sent to a DNS server rather than the VPN or proxy server that is supposed to obscure your traffic, thus “leaking” from the VPN encrypted tunnel. To guard against DNS leaks, VPNs often run their own designated DNS servers. However, some VPNs do not reliably offer, or even claim to offer, this protection, most notably many free VPN services which could even fail to encrypt data altogether.
An important question is whether Apple’s Private Relay can perform better at preventing DNS leaks than other VPNs, which has been a well-established security issue for traditional VPN services.
Full data encryption
The iCloud Privacy Relay encrypts your DNS records, but does it encrypt the full content of your traffic? Apple’s website for the Privacy Relay only claims to encrypt DNS data, and the service’s whitepaper does not specify any further encryption added by the Privacy Relay itself beyond DNS requests. The Privacy Relay uses a form of public key encryption called Oblivious DNS over HTTPS (ODoH), which essentially ensures end-to-end encryption for DNS data through the intermediary servers.
This is a different encryption procedure than modern VPNs. VPNs should encrypt all of your traffic on your device before it is securely tunneled to the VPN server, including all DNS headers. Keep in mind that the content of user traffic online should nowadays be encrypted by default through HTTPS and SSL/TLS encryption protocols. So assuming your connections are HTTPS encrypted, this might not make much of a difference. But a quality VPN tunnel encryption, especially one designed to prevent DNS leaks, is no doubt an added security layer over that which is provided by the iCloud Privacy Relay.
Multi-hop and unlinkability
The iCloud Private Relay is 2-hop, using two servers so that each only has a part of your full traffic record. But the servers themselves are not necessarily unlinkable. The first server is owned and operated by Apple, and the second is under some form of contract with Apple. The extent to which the data passing through these servers can be subject to surveillance, corroborate metadata tracking, or government requests for records is unclear. A dVPN or mixnet clearly excels in using servers which are architecturally unlinkable in terms of the user traffic that passes through them, because they are not controlled or operated by any single enterprise.
Geolocation selection and blocking
Apple’s iCloud Private Relay does not permit users to select a proxy server in another country, nor to hide the country of origin for their traffic from their own Relay 1. Apple requires that users reveal their IP address and thus proximate location to their own first server in the routing system, the data of which they do log.
With a dVPN, to the contrary, users can select an entry server in many different countries which can permit access to foreign-based content or bypassing censorship restrictions in a home-country.
Kill switch
A kill switch is a security protection unique to VPN technology. It essentially disconnects you from the internet if your connection with the VPN drops. This prevents data leakages if there is even a momentary interruption with the VPN server. Not all VPNs have a kill switch. iCloud Private Relay does not have one.
Split tunneling
One big advantage of quality VPNs is that they can be customizable through what’s called split tunneling. Users can decide what traffic, apps, and even web services use the VPN and which bypass it. Given that some VPN connections might cause latency, this is important for having maximal connection speeds when needed (like when gaming) while keeping privacy protections in place for all other incoming and outgoing traffic.
iCloud Privacy Relay does not offer anything resembling split tunneling customization. In fact, its “Manage iCloud Private Relay for specific websites, networks, or system settings” tutorial page simply instructs users on how to temporarily turn off the Privacy Relay. Note that this either: (1) disables the proxy connection for all traffic through the browser, or (2) temporarily allows a certain website to see your IP address. This requires users to manually toggle the service on/off on a case-by-case basis. In Nym’s opinion, this is a far inferior tool to a VPN split tunnel configuration.
Pros and cons of using Apple iCloud Private Relay
What iCloud Private Relay is good for
- IP address obfuscation with Safari: Like most traditional VPNs, Apple’s Private Relay is likely an adequate tool for masking your IP address while using the Safari browser for non-sensitive traffic. It will hide your IP address from services and contacts on the public web, as well as passive, external surveillance attempts.
- Metadata protection with Safari: With a 2-hop routing protocol and DNS encryption, the Private Relay may be an effective tool in protecting against metadata leakage and tracking.
What iCloud Private Relay is not good for
- IP address obfuscation outside of Safari: Apple’s Private Relay will only obscure your IP for web traffic through the Safari browser. All other web connections coming from other apps will not be protected in the same way: email clients, messaging apps, torrent or downloading programs, etc. Some of these apps (like email clients) can use DNS requests, which Apple’s stated “DNS encryption” won’t cover.
- System-wide data encryption: Any encryption provided by iCloud Private Relay will only apply through the Safari app while browsing the web. All other connections will not be encrypted unless protected by other services like a VPN.
- Zero-logs policy: Apple does not claim a no-logs policy, making clear that they do keep “minimal logs” which include user IP addresses on their Relay 1. However, DNS requests should not be included in this log data by design. Unfortunately, no information is provided on the logging policies of Relay 2, which is a third-party service provider, nor who runs them and how.
Verdict: dVPNs excel over Private Relay for privacy
Choosing Apple’s Privacy Relay ultimately comes down to a simple question: why pay a premium subscription fee for a privacy feature that only works through a single browser? Let alone when it doesn’t provide now industry-standard privacy protections that new dVPNs do: system-wide coverage, tunneled encryption, split tunneling, a kill switch, and truly decentralized networks. Granted, Apple’s Private Relay feature comes with other iCloud+ premium features that Nym is not considering here.
In terms of privacy, the iCloud Privacy Relay is still a move in the right direction: decentralized routing is crucial to protect metadata. But Apple’s service is not truly decentralized, and its browser-specific privacy is ultimately too limited. If you’re genuinely looking to be anonymous and private online, it’s best to get comprehensive protection through the best kind of VPN for privacy. This means a truly decentralized VPN service like NymVPN.
Not only does Nym not own and operate any of its servers, but it also offers an unparalleled 5-hop mixnet VPN that can protect your metadata against tracking in a virtually impenetrable way. The Nym mixnet also uses an additional set of privacy protections which Nym calls network noise: data mixing, delays, and dummy packets to provide cover traffic in the network. With this kind of noise provided for your traffic, data tracking efforts can be curtailed to the point of futility.
