An iCloud Privacy Relay (opens new tab), could allow Apple’s VPN to ignore firewall rules and send some data back the iPhone maker’s servers.
This leak was discovered first by the VPN company Müller (opens in new window), which was monitoring network connections while it was working on its own application.
Private Relay works in the same way as a VPN tunnel (opens in a new tab), or how To (opens in a new tab). It routes a user’s encrypted network via relay servers before it reaches internet. Although the service is still in beta, it is not available in all regions. It also requires a paid or iCloud+ subscription (opens in new tab).
TechRadar PRO reached out at Apple about the potential leak in iCloud Personal Relay, but we have yet to hear back from them. This issue may be fixed as the service is still in beta. Apple could release iOS16 in September, as iCloud Private Relay’s beta launch coincided with iOS 15.
Fail to comply with firewall rules
A new blog entry from Mullvad states that a VPN company was monitoring network connections and noticed that QUIC (opens in a new tab) traffic was leaving one its computers without a VPN tunnel.
Read More: privacyenbescherming
The leaks stopped after Apple disabled its Private Relay feature. Apple also provided instructions for other users to reproduce the leak. Mullvad pointed out that Private Relay (mostly), disables itself when any firewall rule is added on to the Packet filter (PF) system firewall.
According to the company, the leak is a signal from Apple’s heartbeat calling it home. It’s impossible for Apple to determine what information was transmitted to its servers. However, the leak sends a clear message both to your local network ISP and to Apple that you may be a macOS user.
Private Relay is currently not available to prevent Apple users from sending traffic back to Mullvad. However, the company suggests that users temporarily disable the feature if they have a threat model that prohibits local networks or ISPs from knowing which devices they are using.