One of the exciting things Apple announced at WWDC 2021 was Private Relay. This VPN-like service will help keep your browsing traffic private from trackers online. I say “VPN-like” because it isn’t technically a VPN, but you can use it in conjunction with a VPN.

How Does Private Relay Work Anyway?

The Basic View

Let’s start with the simple version. Apple get 2 tightly sealed packages, the website request and who needs it. It just passes the website request to their partner without being able to see it, while it opens the package that has who is requesting it. The partner opens the package from Apple, gets the website, re-secures that package and sends it back to Apple and only Apple. Apple gets the package and, without looking into it or being able to look into it, forwards the package back to you.

The Detailed View

Now let’s get a little more specific. First, let’s say you want to go to a website, such as this little site, easyosx.net. That request is encrypted from your machine and sent to Apple. This encrypted package is in 2 parts: the website being requested (easyosx.net) and the IP address (the you part) of the device requesting that website.

Once it reaches Apple’s server, Apple separates those 2 parts. They keep the IP address (you) and then forward off the web request (easyosx.net) to one of their partners. While Apple hasn’t officially said who their partners are, we know through some unofficial sources that they’re using 2 or 3 well known and secure services like Cloudflare and Akami. So at this point Apple knows that you requested a website, but they don’t know what website you requested. Apple is only acting as a relay for that website.

The partner receives the web request, where they have the ability to decrypt the package to get the website (easyosx.net). Because they got that encrypted web package from Apple, they know the website that is needed, but only know that the request came from an Apple server in a particular region (how specific depends on your settings, more on that below). They don’t know that you were the one requesting it.

The partner then re-encrypts that website data and sends it back to Apple. Apple still can not read the encrypted package, they only know that this package has to go to you. That encrypted package is then passed on to you, where it is decrypted on your device, and now you have this little website on your screen.

How to Set Up Private Relay

Before you begin, know that this requires and iCloud+ subscription. If you’ve been paying for iCloud storage, then you’re in iCloud+; this is just Apple’s new naming scheme for it and a starting point to have iCloud be more than just your storage space.

Once you have that setup, go to the Settings App on your iPhone or iPad, then click your iCloud account at the top of the screen. If you’re not signed in already, then you’ll need to do that first.

From here, click the “iCloud” button toward the center or bottom of your screen (it should be under “Subscriptions” but above “Media and Purchases”). You’ll be taken to the Enable Features Screen. Down the page, below “Keychain” and above “Hide My Email” and “iCloud Drive” will be the “Private Relay (Beta)”.

Clicking on this will take you to the Private Relay settings with 2 options. The first will be IP Address Location. You can allow it to have you general location, similar to the way when you grant location access to an app you can set a “general” location. Private Relay will provide you with an address that’s generally in that larger location, but nothing more specific. This is less private but may be more useful if you’re looking up info on the web about restaurants nearby. If you want more privacy, you can instead select “Use Country and Time Zone”, which will maintain your country and the timezone, but won’t get more specific than that.

The second “option” is just whether you want to enable it or not. So if you find a reason you have to turn it off or if things are really messed up, then you can disable this to troubleshoot. Or you can check the sections below for more troubleshooting tips.

Private Relay Limitations (and a few perks)

Let’s go over a few limitations real quick so we can be clear what Private Relay is and isn’t capable of doing. Like we mentioned, it’s similar to a VPN but isn’t actually one (Apple also has tried to make that distinction). Here are some things you should be aware of.

1. It’s a beta: It should go without saying, but I will anyway: this is a beta product. Things are likely to change, and some things may occasionally malfunction. This is part of the reason it’s disabled by default.
2. This only works in Safari (and a few low-level functions): Any other apps outside Safari are currently not able to take advantage of this. This means if you’re browsing in Firefox, Chrome, or another browser then you don’t get these benefits. Even some of Apple’s own apps like Maps aren’t currently using it. Some of these make sense given that you probably want to be as accurate as possible in your navigation app. Some lower level functions, such as some related to DNS, will be able to, but most of the big apps you use can not.
3. You’re still in your country: This is a twofold point. First, Apple doesn’t have this available in all countries, mostly ones where such privacy restrictions may run afoul of government laws or censors, such as China, Russia, Belarus, etc. The second point is…
4. You’ll be coming from your country: But even for those countries that do have access to the feature, you’ll still be seen by websites as coming from your country. So if you’re an American, you’ll still get American Netflix. And there’s no way to change what country you’re coming from at this point.
5. It doesn’t matter if you’re still logged in: This will help with a number of independent websites, but if you’re still logged into big services like Google and Facebook, anything you do on those sites while still logged in will be visible. Otherwise it would be like walking into a store fully masked but having your driver’s license pinned to your chest.

Even with those caveats, there are still some benefits, and the best security comes in layers. Case in point.

1. You can use this in conjunction with a VPN: If you do use a VPN to help protect your privacy, you can use this in conjunction because they operate separately. So you can have a VPN wrapper around your Private Relay session.
2. It is a good middle ground: If you or your family members are paying for iCloud storage, it means you now have access to more privacy features. They may not understand or care about VPN’s, but tell them they can toggle a switch that will give them a bit more privacy, and they’ll probably take it.

What Happens If It Breaks My Internet?

As great as Private Relay seems, there are going to be problems. More likely though, if you’re connected to a school or your employer’s WiFi, then you might find you can’t navigate anywhere. This is because Private Relay is seen as a proxy, which is blocked by most of school and corporate networks to prevent people from getting around their web guards.

While you can turn Private Relay off entirely OR you can disable Relay for specific WiFi networks. To do so, connect to that WiFi Network with your device. Then go to the Settings app, open “Wifi”, and hit the little information “i” next to the WiFi name. You’ll be taken to an information screen about the network your on and a few other settings. If you scroll down below “Low Data Mode” and above the IPV4 Address info will be a box and switch titled “iCloud Private Relay”. When the switch is enabled, Private Relay will run on this network. But if you disable it, Private Relay will be turned off on this network. Once you disconnect from that network, either to cellular or to a different WiFi network, Private Relay will re-enable itself automatically.