Trusted services for a privacy-preserving internet: iCloud Private Relay and what it means for customers

When the internet and the web were conceived, the interwoven ideas of security and privacy of internet communications were barely defined, let alone understood. We have come a long way from those days, and at Fastly, we have always believed that security and privacy are critical to the future of a trusted internet infrastructure.

In line with our beliefs, we’re excited and proud to be a part of Apple’s new iCloud Private Relay service, that’s designed to protect users’ privacy on the internet. In this post, I’ll explain the service itself and what our customers and website owners in general should expect with iCloud Private Relay.

What is iCloud Private Relay?

iCloud Private Relay is a new internet privacy service from Apple. With iCloud Private Relay, users with an iPhone, iPad, or Mac and an iCloud+ subscription can connect to and browse the internet and in a more secure and private way using Safari. You can enable Private Relay in iCloud Settings on devices running iOS 15, iPadOS 15, or macOS Monterey.

Private Relay blog picture

As shown above, iCloud Private Relay uses a novel dual-hop architecture through which users access websites. We support the system by serving as one of several second internet relay operators. This architecture separates the two critical pieces of information associated with users accessing websites: the user’s IP address, which is commonly used as a user identifier, from websites that the user visits.

  • The user’s IP address is visible to the user’s network provider and the first internet relay, but neither entity can see the website that the user is visiting.

  • The first internet relay forwards traffic to the second internet relay, which can only view the destination website but not the original IP address of the user.

  • The second internet relay assigns a ‘Relay IP address’ that maps to the location preference set by the user. This ‘Relay IP address’ is visible to the destination website.

iCloud Private Relay ensures that no single relay or website — and therefore no single organization — has visibility into which websites and content is accessed by a particular user. That means only the user knows both their IP address and the websites they visit.

Further details on iCloud Private Relay are available from Apple in the following articles: iCloud Private Relay Overview, Set up iCloud Private Relay on all your devices, and Prepare Your Network or Web Server for iCloud Private Relay.

Fastly and iCloud Private Relay

In iCloud Private Relay’s dual-hop architecture, Apple has built and deployed the set of first internet relays. We have worked with Apple to leverage our Private Gateway service, which we will describe in detail in a separate post, as a set of second internet relays.

We have been deeply engaged in or have led the development of several of the latest technology standards, such as QUIC, HTTP/3, MASQUE, and ODOH. Many of these are used by the Private Relay system in order to deliver a highly reliable and performant experience to end users.

Impact to websites

The design and deployment of iCloud Private Relay ensures minimal impact on websites and their ability to serve content. Website owners might observe changes in user traffic profiles and performance through this service however, and we discuss these changes below.

Collapsed source IP addresses: Since we operate a second internet relay in this architecture, website owners will see connections originating from IP addresses hosted by Fastly hitting their servers. The Relay IPs visible to the web servers will not serve as user identifiers, since they will be used for a large number of actual users and will not remain statically mapped to any single user. Any fraud or anti-abuse that is solely reliant on IP address will need to be updated.

Note: Users of this service are authenticated by Apple and are rate-limited, so traffic coming via iCloud Private Relay will have abuse prevention built in.

Geolocation accuracy: iCloud Private Relay has been designed to carefully reflect users’ approximate location in the Relay IP addresses that are visible to servers. These will indicate a user’s country and time zone and by default will also indicate the user’s city. Importantly, the service is designed so that the geolocated country associated with the source IP address is always available and reliable, assuming that the geolocation database is up to date. If you are a Fastly customer, we have ensured that our geolocation information carries this information accurately.

Performance: We have spent considerable time and effort to ensure that user traffic through iCloud Private Relay does not see performance degradation. In fact, using the relay can improve performance because of the rich connectivity between Apple and Fastly, and because of the predominant use of QUIC for users’ connections to Apple.

More to come

iCloud Private Relay is an exciting project for us and a significant step for internet privacy in general. We continue to invest, engage, and create technology and products that exemplify our belief that security and privacy are critical to a more trusted internet. Stay tuned for more on our technology and product work in this space.

Jana Iyengar
Product Lead, Infrastructure Services
Published
Want to continue the conversation?
Schedule time with an expert
Share this post
Jana Iyengar
Product Lead, Infrastructure Services

Jana Iyengar is a Product Lead, Infrastructure Services at Fastly, with a focus on transport and networking performance, including building and deploying QUIC and HTTP/3. He is an editor in the IETF’s QUIC working group and he chairs the IRTF’s Internet Congestion Control Research Group (ICCRG). Prior to Fastly, he worked on QUIC and other networking projects at Google, before which he was an Associate Professor of Computer Science at Franklin & Marshall College.