iCloud Private Relay Will Bring Dead-Simple Website Security to the Masses
Dan Moren, writing at Six Colors:
iCloud Private Relay helps combat both of these loopholes through the use of a dual-hop architecture. Essentially, any traffic from Safari on an Apple device, as well as DNS queries, and a subset of app traffic (specifically insecure web traffic), will be routed through two separate servers: an ingress proxy managed by Apple that hides your IP address (by essentially slapping its own IP address on the request), and an egress proxy, run by “a content provider,” which only sees the server you’re trying to access.
I typically use a VPN when I’m at an airport or on other public networks and otherwise rely on cellular service. But it’s hit or miss that I remember to turn it on at all. A built-in solution that requires no configuration or user input will be a welcome addition.
It’s good to see that Apple has thought through the implications of iCloud Private Relay, including a solution for schools and other managed networks to disable it. But, users will also be notified and given the option not to use that network.
I am looking forward to turning this on, leaving it on, and removing my existing VPN.