Hello, welcome to the Wednesday, September 22nd, 2021 edition of the Sandsenet Stormontas Stormcast. My name is Johannes Ulrich,

and I'm recording from Jacksonville, Florida. Today, I took a little bit a closer look at the private relay feature

that Apple included in iOS 15.

This feature is supposed to provide privacy similar to VPN services, and in particular,

they're actually using one server to receive the data, then forwarded to a second server

that will then emit the request

back into the internet. By having this sort of split setup under different administrative

control, they state that even an insider essentially wouldn't be able to link a particular

outgoing request with a specific user.

Now in order to connect to this, you need to have an Apple Plus subscription, so you do have to authenticate to the service as well.

All the data is being transmitted over UDP port 443.

So they're using Quick or HTTP 3 here in order to transmit the data.

The endpoints appear to have IPV4 as well as IPV6 addresses.

So even if you are in an IPV4 only network, you may be able to connect to IPV6 resources using this service.

While not specifically being built to sort of hide your location, there are two different

options, how you can assign yourself a location. You can let Apple work it out or you can use the country and time zone

settings on your particular device. Apple does publish a list of all the ECRS IP addresses

that are used for this service. So in short, it's pretty close to a VPN, but not quite in particular. Some apps may not take

advantage of it. I experiment, for example, with the Ucla Speed Test application, and it did not

use the private really. To detect if someone on your network is using private really, look for

DNS requests for mask.iCloud.com or mask dash h2.ICloud.com. And by blocking these DNS requests,

you can also block the use of private relay. So overall, it's not bad, but

...