The Mac Security Blog

Intego

Is Apple’s iCloud Private Relay a VPN? Not Even Close—Here’s Why

Posted on by

At Apple’s Worldwide Developer Conference in June 2021, the company announced a new iCloud+ service, available to Mac, iPhone, iPad, and iPod touch users who have paid iCloud subscription plans. One of the new features of iCloud+ is “iCloud Private Relay,” which offers added security in the Safari web browser, by encrypting traffic and masking IP addresses.

If you’ve used a VPN (virtual private network) before, you might assume that this is what Apple is offering, and even some news reports have made that assumption. However, iCloud Private Relay is nothing like a VPN in a number of important ways. In this article, we’ll take a look at the key differences, and why VPN users won’t be canceling their service any time soon.

We’ll specifically compare iCloud Private Relay with Intego Privacy Protection, a full-featured VPN that works on your Mac (or Windows PC) to protect all your traffic, with every app you use.

While iCloud Private Relay is a step in the right direction for Apple, it is far from offering the complete protection that a trusted VPN service offers. Here’s why.

What is iCloud Private Relay?

On June 7, 2021, Apple announced that paid subscribers to its iCloud service (i.e. those paying for extra iCloud storage) would get iCloud+, which includes some new features. One of the most notable features is called “iCloud Private Relay,” which Apple describes as follows:

iCloud Private Relay is a service that lets you connect to virtually any network and browse with Safari in an even more secure and private way. It ensures that the traffic leaving your device is encrypted so no one can intercept and read it. Then all your requests are sent through two separate internet relays. It’s designed so that no one — including Apple — can use your IP address, location, and browsing activity to create a detailed profile about you.

At first reading, it may sound like Apple is offering a VPN service of sorts—and some in the media have mistakenly referred to iCloud Private Relay as a VPN. However, note that Apple specifies that you’re only protected if you “browse with Safari,” Apple’s browser. There are a lot of other differences between Apple’s “private relay” and a VPN, as outlined in the next section of this article.

First, though, let’s summarize what Apple is offering with iCloud Private Relay.

Although Apple’s service is new, in some ways it’s similar to what a few other browsers (like Opera, for example) have been providing to their users for years now. It’s a browser-specific service, meaning that all other network traffic on your device is unprotected.

Apple’s iCloud Private Relay provides very narrow and limited coverage, and is more like a multi-hop Web proxying service. It only works within Apple’s Safari browser on iOS, iPadOS, and macOS. When using it, Apple routes your Internet requests through one of the company’s own servers, then through a partner network, and then to the intended destination. More specifically, the first “hop” (the first server to which you connect when browsing in Safari with iCloud Private Relay) is under Apple’s control, and the second hop is operated by one of the third parties with which Apple has partnered (so far, Apple has been observed using Akamai, Cloudflare, and Fastly as partners).

At least, that’s how it’s supposed to work. Academic researchers found that Apple sometimes used the same partner for both hops, rather than going through an Apple server first. This defeats much of the service’s purpose of protecting your browsing privacy, because the partner network knows both your IP address and the site you’re accessing. (We discussed this on episode 257 of the Intego Mac Podcast.)

But when the service works as intended, Apple always knows the IP address of the user making the request. It also means that both Apple and its partners may have access to the actual content of Web pages you access, whenever pages load over HTTP rather than HTTPS.

What is a VPN?

A virtual private network (VPN) consists of software you install on your device that connects to a back-end service with private servers across the globe, which combined give you an encrypted connection to the Internet. VPNs offer a number of distinct advantages, including the following:

  • Privacy: Because the connection between your device and the VPN server is encrypted, nobody can see what data passes along that “tunnel.” A good VPN provider, like Intego, keeps no logs, uses publicly shared IP addresses so individual users cannot be identified, and use other measures to protect your privacy. (Apple has not yet made any clear public statement about whether it keeps logs of iCloud Private Relay traffic. However, it seems telling that Apple is specifically avoiding offering its service in at least 10 regions where governments are not supportive of privacy-enhancing technologies like VPNs and relays.)
  • Hiding your IP address: With a full-fledged VPN service, all of your Internet traffic appears to originate from the IP address of the VPN server rather than your own, so no one can tell where you are connecting from, and advertisers cannot build profiles based on your activities. (By contrast, with Apple’s iCloud Private Relay, your IP address is only hidden when you use the Safari browser, but not when you use other browsers or apps.) In some cases, your public IP address can reveal your precise location—all the way down to the neighborhood where you live, or the exact location where you work; you may not necessarily want anyone on the Internet to know these things about you.
  • Safe access to public Wi-Fi hotspots: All data between your device and the VPN server is encrypted, so even if you connect to a fake or a hacked public Wi-Fi hotspot, your data is safe. (Apple’s iCloud Private Relay only attempts to protect your Safari browser traffic, which may leave you vulnerable to man-in-the-middle attacks from a malicious or unprotected Wi-Fi hotspot.)
  • Location spoofing: Because your IP address appears to be that of the VPN server you are connected to, and because most VPN providers offer servers in numerous different countries, it is easier to access global information and content using a VPN. Watch sports, TV shows, and movies without geographic restrictions. (Apple’s iCloud Private Relay does not allow users to specify their location, but will instead just choose the closest relay servers.)
  • Save money: Some websites tailor prices to you, based on your Internet activity and profiles built up by advertisers using trackers, as well as your perceived geolocation. With a VPN, both your IP address and geolocation are masked, and you can often get better prices by strategically using VPN servers in other states or countries when accessing certain retail or travel sites. (Apple’s iCloud Private Relay, however, does not offer users any way to mask their geographic location.)
  • Protection while gaming: In the gaming world, people will do anything for a competitive advantage, including targeting your IP address with DDoS (distributed denial of service) attacks to slow you down or freeze you out of a game. With a VPN, your IP address is protected so you can game fairly and uninterrupted. (Apple provides no such protection, outside of Web-based games you can play within the Safari browser.)
  • Data privacy: Many people want their data to remain private, and don’t want advertisers or the government to know what they’re doing. Your ISP may also keep logs of your activity, and sell that data to advertisers. A VPN ensures that your Web and other Internet activity is private, regardless of what browser you use. Since all your traffic is encrypted, no one can know which Web sites you visit or which apps you use, and none of the data you send or receive can be decrypted by a third party. (Apple’s iCloud Private Relay only protects Web traffic in the Safari browser.)
  • Security when working remotely: With so many people working from home these days, many employers want their employees to use a VPN to ensure that confidential business intelligence cannot be intercepted by anyone. An always-on VPN protects you when you’re at home (e.g. from spying at the ISP level) and when you’re away from home (e.g. while using an open Wi-Fi network at a hotel or restaurant). (Again, Apple’s iCloud Private Relay only protects Web traffic in Safari, and does not protect any data transmitted with other browsers or apps.)

Intego Privacy Protection

Intego Privacy Protection is Intego’s VPN for Mac. Designed for Mac users by the experts in Mac security and privacy, Intego Privacy Protection lets you use the Web—and the rest of the Internet—safely and securely. Unlike Apple’s iCloud Private Relay, which only protects traffic to and from the Safari web browser, Intego Privacy Protection encrypts and protects all the data entering and leaving your Mac.

With Intego Privacy Protection, you get access to more than 35,000 servers in over 80 countries and all 50 states, so you can choose where your protected traffic accesses the Internet.

Intego Privacy Protection also offers features including ad blocking and protection from known tracking and malware sites. And for total privacy, Intego does not store logs of your activity.

Which provides the best protection, iCloud+ or a VPN?

Here’s a simple comparison chart showing what’s included with Apple’s iCloud Private Relay vs. Intego Privacy Protection VPN when using your Mac.

iCloud Private Relay Intego Privacy Protection
Hides your IP address when using Safari browser
Protects Safari browser while on public Wi-Fi
Hides your IP address when using any browser
Protects all browsers while on public Wi-Fi
Hides your IP address when using all apps
Protects all Internet traffic when using all apps
Protects all Internet traffic when on public Wi-Fi
Protects you from DDoS attacks when gaming
Lets you mask your current country or state
Hides all your DNS lookups from your ISP
Has a strict no-logs policy for protected traffic
Blocks known malware sites

Get a true VPN to maximize your security and privacy: Intego Privacy Protection

Using a trusted VPN provides important layers of security and privacy protection that just aren’t offered by a single-browser Web proxy server or relay service.

You can get the Intego Privacy Protection VPN for your Mac today at a low price, with a 30-day money-back guarantee, by visiting this link. We hope you’ll check it out and experience all the amazing benefits that a true VPN can offer.

And, if you’re not protecting your Mac from malware yet, you should be; read about why Macs need antivirus software.

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

We discussed iCloud Private Relay in depth on episode 199 of the podcast:

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →