iCloud Private Relay is Apple’s solution to the problem of privacy in the internet age. While the term “dual-hop” may sound intimidating, it’s actually pretty easy to understand. iCloud Private Relay deploys what Apple calls “dual-hop” architecture—there are two stops or relays between your device and the internet.
The first is your device, which is susceptible to hackers. The second stop is a relay server that has been set up by Apple and located in a trusted data center. This server acts as a middleman between you and the rest of the internet, but its sole purpose is to encrypt information before passing it along.
In a research paper published in the Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, researchers from the University of California, Berkeley and the International Computer Science Institute identified potential privacy risks in the implementation of some VPNs, but noted that Apple’s approach with iCloud Private Relay “may be a viable alternative that provides better privacy guarantees.”
Private Relay establishes a direct connection between your iPhone or iPad and the website you’re visiting via iCloud, so information contained in your web traffic — such as your IP address and DNS records — can’t be seen by any one party. This means that not even Apple can see both who you are and what sites you’re visiting.
Private Relay is available in Safari, so you can use it while browsing in incognito mode, private browsing mode, or regular browsing mode. It works with iPhone, iPad, or Mac running the latest version of macOS or iOS.
The Electronic Frontier Foundation (EFF), a leading nonprofit organization focused on digital rights, has praised iCloud Private Relay’s security features, stating that it “seems like a significant privacy improvement for users.”
The first person who can read that information is your recipient—Apple itself never sees what you’re sending or receiving, making it virtually impossible for them (or anyone else) to be able to access it or break into it.
These steps make it possible for you to share even sensitive information with someone else without fear of it being intercepted or falling into the wrong hands. It’s not an entirely new concept: other companies are doing something similar (such as Facebook with their messenger service) with varying levels of success, but this one has its own unique twists that make it so much better than any other offering.
To turn off iCloud Private Relay on an iPhone or iPad, follow these steps:
- Open the Settings app on your device
- Tap on your Apple ID profile at the top of the screen
- Select “iCloud”
- Scroll down and tap on “iCloud Private Relay.”
- Toggle the switch next to “Private Relay” to the off position
To turn off iCloud Private Relay on a Mac, follow these steps:
- Click on the Apple menu in the top left corner of the screen
- Select System Settings. For macOS Monterey and earlier, Select “System Preferences.”
- Click your name, and select iCloud. For macOS Monterey, Click on “Apple ID.”
- Select “iCloud”
- Uncheck the box next to “Private Relay.”
Note: If you turn off iCloud Private Relay, you cannot use this feature to browse the web securely and privately.
Turn off Private Relay temporarily for a specific website
To temporarily allow a website to see your IP address:
- iPhone or iPad: Tap the Page Settings button , then tap Show IP Address.
- Mac: In Safari, choose View > Reload and Show IP Address.
Turn off Private Relay for a specific Wi-Fi network
- Open Settings, then tap Wi-Fi.
- Tap the More Info button .
- Scroll down and tap Limit IP Address Tracking.
Or for cellular networks, Open Settings > Cellular > Cellular Data Options, and tap Limit IP Address Tracking.
Turn off Private Relay for a specific network on your Mac
In macOS Ventura or later:
- Click Apple menu > System Settings.
- Click Network in the sidebar, then click the Wi-Fi network you are using on the right.
- Click the button next to the name of the network.
- Disable “Limit IP address tracking.”
In macOS Monterey:
- Choose Apple menu > System Preferences.
- Click Network and select the network from the list to see more options.
- Click the checkmark next to Limit IP Address Tracking.
How Private Relay works?
When you use Safari to browse the web, your network provider and the websites you visit see your public IP address and various identifying information contained in your web traffic, such as your DNS records. This is all normal, but it means that a third party could use this information to determine your identity and build a profile of your location and browsing history over time.
Private Relay is designed to protect your privacy by ensuring that when you browse the web in Safari, no single party — not even Apple — can see both who you are and what sites you’re visiting. Private Relay accomplishes this by routing traffic through iCloud servers so that neither your network provider nor the websites you visit can see both pieces of information at the same time.
When you use iCloud Private Relay, DNS traffic is encrypted between your device and Apple’s servers, which means that it’s protected as it travels across the Internet. Once it reaches Apple’s servers, a temporary key is used to unlock only the portion of the traffic that indicates which websites you’ve visited and when.
This information is not associated with any device or account, and is used only within Apple to maintain quality of service for Safari requests. After six hours, all temporary keys are discarded, and all remaining data is encrypted again until the next request.
Even if your iCloud account were compromised, an attacker would still not be able to determine what websites you visited from your computer or what you searched for on those websites.
If a website or network doesn’t work with Private Relay
Since Private Relay is a new feature, not all sites or networks will be configured to work with it right away. Apple is working with the services you use the most to make sure they’re ready when you are. If you run into an issue while browsing, we recommend trying the site or network again after a few days. If it’s still not working, check with the service or network owner.
If you’ve tried to use Private Relay on a network that requires access to your browsing activity, instead of providing you with a high-performance experience, Private Relay may have logged you out or prevented you from accessing content. Network providers that require access to your browsing activity can include:
Private Relay was designed to protect your privacy and maintain a high-performance browsing experience for the majority of users. It is not recommended for everyone. You should disable Private Relay on networks that require access to your browsing activity without disabling Private Browsing entirely.