Questions about iCloud Private Relay

Hello everyone,

I wanted to ask some questions about iCloud Private Relay.

Do you recommend enabling this feature on iOS / macOS (while using Safari without a VPN)?

Does it leak some of the web traffic outside the encrypted tunnel? Or does it leak your IP in some situations?

If I install Mullvad DNS / NextDNS profile, is it ok to enable private relay ? Can it cause any leaks or problems ?

If you’re not using a VPN I don’t see any reason to not use it. Using it with a VPN provider though doesn’t work in my experience, it would notify me that it wasn’t useable when on a VPN. I’m not sure about DNS service compatibility though.

1 Like

You should get a warning if a website needs to bypass iCloud Private Relay.

From Apple’s overview document:

Private Relay helps protect users from this kind of unwanted tracking by
ensuring the traffic leaving their devices is encrypted, and by sending their
requests through two separate internet relays so that no single entity can
combine IP address, location, and browsing activity into detailed profile
information. It’s built directly into the networking framework of iOS, iPadOS, and
macOS, and protects traffic most susceptible to tracking: web browsing and
any connections that are unencrypted. As a result, Private Relay protects all
web browsing in Safari and unencrypted activity in apps, adding both privacy
and security benefits.

From Apples overview:

Custom DNS settings
If a user has configured custom-encrypted DNS settings using a profile or an
app, the DNS server specified will be used instead of ODoH. Safari connections
and all unencrypted HTTP connections will also resolve names using the
specified DNS server prior to routing through Private Relay.
An unencrypted DNS server provided by a local network or manually edited
in Settings (iOS) or System Preferences (macOS) will not be used for iCloud
Private Relay traffic.

Source: iCloud Private Relay security – Apple Support (AU)

1 Like

So, If I use Custom DNS with DoH Profile it will just replace the DNS server from Cloudflare to Mullvad for example but still hide my ip with a secondary server ?

Yes that is the way that I understand Apple’s documentation.

1 Like