You already know that for me privacy and security are really important. For him I’ve been using a VPN on my iPhone, iPad and Mac for just over six years now. I used it, actually, because it was left to me before. A VPN that was with me 24/7 and has now been replaced by iCloud Private Relay.
Yeah, I know they’re not the same, but in my particular case they pretty much perform the same function. Change such an ingrained habit and I didn’t take such an important part of my device ecosystem’s security configuration lightly. I thought about the idea for months, weeks testing it, and finally made up my mind.
Mistakes that make me wonder
For most of those six years of using a VPN, my VPN of choice has been NordVPN. Both in terms of security guarantees – super important – and in terms of performance, price, speed and other variables I consider it one of the best VPNs on the market and yet… There hasn’t been a day that I haven’t had to plug it back in more than 5 times.
If I had used the VPN intermittently, the problem would have been very different, I know, but I used the VPN 24 hours a day. On Mac, the connection was more stable, because when using it, the communication with the network was constant. But on the iPhone and iPad, which years ago incorporated systems to avoid investing so much energy in always being connected to the network the subject has changed a lot.
I must say that a few years ago I had not detected so many failures, but for some time, especially several weeks ago, the situation was becoming untenable. I noticed it every day, it interfered with simple tasks and made using my devices less enjoyable than it should be.
iCloud Private Relay seems to have the answer
iCloud Private Relay was introduced with iOS 15, and while little changed with iOS 16 – I expected it to cover all connections, not just Safari – it’s moved out of beta and has become much more stable . At the time, I didn’t consider iCloud Private Relay as an alternative to my VPN.but today my habits have changed, so yes.
I have been thinking about Apple’s browsing protection service for a long time and always aware of the changes in habits that I would have to make, I was attracted by the simplicity of Apple’s proposal.
iCloud Private Relay is not a VPN, for better or for worse
To be clear. iCloud Private Relay is not a VPN. In some things it is much better, in others it is less. How is it better? When we choose a VPN service, we must make sure that it does not keep records of our connections or monitor them. It has to be what we call zero logs and, although there are many external audits involved, it’s a matter of trust.
By using iCloud Private Relay, we don’t have to trust Apple. The system is designed with a double relay that makes Apple know who we are, but not where we are going, and its partners (Cloudflare, Akamay and Fastly, mainly) know where we are going, but not who we are. The net result is that browsing is truly private. An architecture zero trust more interesting.
Meanwhile, the options to switch servers, to switch countries, which the vast majority of commercial VPNs offer are not included in iCloud Private Relay. It’s just not for that. It’s not to access streaming services as if you were in a certain country, it’s to protect browsing.
Similarly, and the difference is very important, iCloud Private Relay only covers Safari browsing and Mail connectivity. Nothing more. This means that third-party applications continue to see our IP address and can identify and geolocate us.
Speed and reliability as the most important argument
Average download speed: 510 Mbps in Private Relay versus 367 in NordVPN. Average download speed: 284 Mbps in Private Relay versus 138 in NordVPN.
When the situation with NordVPN became untenable for me, I started testing iCloud Private Relay. I admit that the only ones I had done before these were shortly after its release. What I discovered on this occasion is that the Connection speed was much faster with iCloud Private Relay than with any commercial VPN I’ve tried.
I checked ClearVPN by MacPaw and also ExpressVPN with the aforementioned NordVPN. In the picture above these lines you can see the number of measurements I made over several days where, time and time again, iCloud Private Relay has far exceeded the speed of other alternatives.
The holes that lead me to a lower level of commitment
A VPN as a privacy and security measure is good as long as there are no leaks. Leaks refer to when some of our traffic leaves the VPN tunnel. And it happens. I know perfectly well.
The way I set it up, when the NordVPN is confused all connections should be cut, but sometimes when the reconnect time is long something slips out. At that point, it’s done. The service you are accessing already has your IP and therefore your location.
In addition, Several Apple services, due to their importance and their need for reliability, escape the tunnel of any VPN and connect directly to the servers. We’ll talk about that later, because it doesn’t seem like too much of a big deal to me, but it’s something to consider.
Another aspect, the connections made from the Apple Watch (if it is connected to Wi-Fi and not exclusively to the iPhone) do not go through any VPN. Neither do Apple TV connections., where it is not possible to install a VPN. Yes, I have tried routers with built-in VPN, but the speed is 30 times slower than what I normally have. And we are talking about routers with a price of almost 1000 dollars.
Service encryption leaves little information visible
The issue of privacy comes to me long before I use a VPN. I have always cared, for example, use reliable DNS servers, never those of the operator. Personally, I switched to OpenNIC years ago, but there are many others. Therefore, I know the kind of exposure you can have if you don’t use a VPN.
An exhibition is one that results from it the operator and various network nodes, see the connection itself. The other is to intercept the DNS request (something that can be prevented by using encryption) or responding to it. System services use Apple’s DNS to reach company servers, and most everything ends up on the same server.
Said in other words. The operator does not know which Apple service we are asking for, while it does not matter if we use the Photos, Maps or iMessage application, everything goes to .icloud.com, .iCloud-content.com, mzstatic.com or, directly to .apple .com, to name a few examples. For what Going through the connection reveals little information.
This is the reason why, Personally, I have never found it alarming that certain Apple services come out on the open network.. That now, by switching to iCloud Private Relay, everyone is doing it, it wasn’t something that would make me give up on making the switch.
Safari is the holy grail of our data
What yes what Seeing we use a certain application or a certain other, you can get a profile our tastes or preferences. There are apps that are clearer than others, yes. Dating apps, for example, really reveal something very personal about ourselves, but let’s remember that I almost only use Apple apps.
And since I was preparing to switch to iCloud Private Relay, I’ve reduced third-party apps even more. Five on the iPhone and six on the iPad, in particular. Apps that do not connect to the network in any way (verified with App Privacy Report) or I cut this connection with my firewall.
Thus, having the most important thing protected. Have the navigation completely out of sight, I have no more arguments to continue using my VPN. Many services, call it Twitter, banking, or whatever have web apps, so I can access almost anything from Safari. Another day I’ll tell you about my RSS client hosted on my own servers, for example.
Hiding the IP is really so important
I was almost convinced that I wanted to switch to iCloud Private Relay when I had to coldly analyze the question of IP and location. Me My main concern was those apps and services that knew who I was (not my random id). These are the ones that cost me the most to see that they could access my location by locating the IP address.
In the meantime, the fact that someone like CNN saw a visit from Barcelona worried me little enough. Obviously, you will see many more. Minimizing the list, the only app that was going to know who I was and where I was going would be Slack. i could live with. More if I take into account that my real IP address has slipped out more than once due to VPN failures.
All that can be seen I can say and have said
So I wasn’t too worried about individual apps gaining access to my IP address. Less taking into account that a restart of the iPhone or the router changed it, but yes, Telefónica, my operator, has seen too much. Here I had to find a compromise.
That Telefónica knows that I have Slack open all day and that it sees my open connections with Apple’s servers is not something I have to hide. Another very specific application is not a secret either and usage patterns are blurred with background refresh, among others. I have already told you that my privacy is very important to me and what are the applications that have passed my filter and that I use. It’s public information, so to speak.
Yes. The operator is the weakest point in my whole argumentbut I had to move on. The stability and speed benefits of iCloud Private Relay were too great to consider otherwise.
Getting used to a new system
I confess. I look at the Wi-Fi connection on the iPad, I don’t see the VPN signal and it looks strange. Before it was the indicator that something was wrong with the connection. Of course, I didn’t have to remember anything. Sync has improved and the overall experience with my devices is much better.
I realize that at some point I might want to reconsider the decision to switch from a VPN to an iCloud Private Relay, but for now I’m really thrilled. Commitments ? Yes, I have already mentioned them. But finally, a change that for me, with my mode of use and my needs, has been for the better. Much better.
Table of Contents
