With iOS 15 and macOS Monterey 12 last year, Apple added a new iCloud Private Relay feature that helps protect your internet privacy. The feature works by sending all of your internet requests through two separate and secure internet relays, including one operated by Apple and one operated by a third-party.
The web infrastructure company Cloudflare is one of those partners with which Apple is working, and it has published a new blog post detailing its role in the iCloud Private Relay process.
How iCloud Private Relay works
In the blog post published on Wednesday, Cloudflare explains how iCloud Private Relay works, its role in the process, and what network administrators can do to ensure a seamless experience for users. The background on iCloud Private Relay is as follows:
In this process, Cloudflare is one of the partners Apple is using for the “second relay.” The company explains that Cloudflare is “well suited” for this task because it “operates one of the largest, fastest networks in the world.”
The design of the iCloud Private Relay system ensures that no single party handling user data has complete information on both who the user is and what they are trying to access.
To do this, Private Relay uses modern encryption and transport mechanisms to relay traffic from user devices through Apple and partner infrastructure before sending traffic to the destination website.
Cloudflare also details that it’s crucial that iCloud Private Relay does not impact the user experience in terms of web browsing speed. In fact, its tests show that using iCloud Private Relay can “result in significant, measured decreases in page load time.” This means that “increased privacy does not come at the price of reduced performance.”
We’re also adept at building and working with modern encryption and transport protocols, including TLS 1.3 and QUIC. QUIC, and closely related MASQUE, are the technologies that enable Private Relay to efficiently move data between multiple relay hops without incurring performance penalties.
The same building blocks that power Cloudflare products were used to build support for Private Relay: our network, 1.1.1.1, Cloudflare Workers, and software like quiche, our open-source QUIC (and now MASQUE) protocol handling library, which now includes proxy support.
One of the more interesting parts of Cloudflare’s article is an in-depth explanation on ensuring geolocation accuracy when using iCloud Private Relay. The full article is well worth a read and can be found here.