Apple’s Private Relay Roils Telecoms Around the World | #macos | #macsecurity | #education | #technology | #infosec

The second relay your web traffic passes through, known as the “egress proxy,” is owned by a third-party partner rather than Apple itself. While it can see the name of the website you’re visiting, It doesn’t know the IP address you’re browsing from. It instead assigns you another IP address that’s near where you live or within the same country, depending on your Private Relay settings.

The result is, neither relay knows both your IP address and the details of what you’re looking at online—whereas a typical a VPN provider will process all your data. Also unlike a VPN, Apple’s system doesn’t let you change your device’s geographic location to avoid regional blocks on content from Netflix and others.

Private Relay’s potential scale, relative to VPNs, may have prompted telecom concerns. “It is far more accessible than a VPN that you have to download and register for and set up separate payment for,” says Nader Henein, a research vice president specializing in privacy and data protection at Gartner. Apple has made Private Relay opt-in while it is still in beta, although it’s still potentially available to millions of subscribers. (Apple has bent to some local laws and not made Private Relay available in China, Belarus, Kazakhstan, Saudi Arabia, and a handful of other countries.) “The concern is that a lot of people are just going to switch it on, and it’s going to obscure a large part of the network from the network operators,” Henein adds.

However, he says if telecoms companies do imagine they’ll lose sight of how people are using their networks, they should present their evidence transparently by making their modeling public. Equally, Henein says, to address questions about European “data sovereignty,” Apple should make clear what companies it has partnered with for the feature—it says they are some of the largest content delivery networks—and the locations of the relays.

“While I agree that in certain custom ways this potentially might complicate some technology planning or management, in general we must stress that there is no issue here,” says Lukasz Olejnik, an independent privacy researcher and consultant. He says that while network operators are likely to lose access to metadata that can describe where users connect to their services, this shouldn’t be a barrier to them understanding what’s happening more broadly across their networks. “Telecom operators should already be comfortable with network neutrality, so simply managing the lower technical layers of the networks,” Olejnik says. “It should not be their problem with what happens in the upper layers.”