Apple strongly emphasizes the security and privacy of its devices and services.
I analyze the dual-hop architecture, deployed protocols, and inner workings of their privacy-centric, VPN/Tor-alike service iCloud Private Relay. I will talk about my reverse engineering process and falsify Apple's privacy by design and access control claims.
Apple's iCloud Private Relay is a novel Internet privacy service allowing users to securely and privately browse the Internet. It is directly implemented into Apple's operating systems and included with all iCloud+ subscriptions. Compared to traditional VPN services, Private Relay's dual-hop architecture separates the knowledge of the user's IP address and their destination website between two different Relays. Apple operates the first Relay while the second one is by one of its four partners: Akamai, CloudFlare, or Fastly.
Apple claims its architecture enforces enhanced protection of users' privacy ("privacy by design") while still providing a high-performance browsing experience. Their president of software engineering, Craig Federighi, even mentions that Apple does not want users to have trust in them. Further, the company claims its service incorporates anti-abuse and fraud prevention mechanisms. As Private Relay validates any connection at the account and device level, website operators can trust them.
I reverse engineer Private Relay's macOS implementation, present its involved technical components and how they collaborate. With that gained knowledge, I analyze authentication and authorization mechanisms deployed by Private Relay regarding potential ways of abuse.
Furthermore, I review the privacy claims regarding the architecture and its deployment.