Skip to main content

Apple’s Private Relay VPN seems to be leaking user data

When Apple unveiled iCloud+ at its Worldwide Developers Conference (WWDC) in June 2021, one of its key features was a secure VPN called Private Relay. Yet a fresh report claims the service has been leaking user data on MacOS, potentially meaning it’s not as secure as previously thought.

Private Relay works by obfuscating various identifying pieces of information when you browse the internet. It encrypts your data, separates your page requests from your IP address, then assigns you a spoof IP address. The idea is that it becomes impossible for anyone (including Apple) to see which websites you are visiting.

Apple products are seen in the store.
Jakub Porzycki/NurPhoto/Getty Images

However, it seems there are cracks in its defenses. Doubts were raised by VPN service Mullvad, which alleges that Private Relay can cause the system it’s installed on to ignore network firewall rules. When that happens, Private Relay can leak that the system is communicating to Apple servers.

That might not seem like much, but the upshot of this is that it signals to your local network and your ISP that you are likely using a Mac computer. It’s not the most damaging information out there, but if a bad actor is snooping on your network traffic, that could give them ideas for a line of attack.

Calling home to Apple

New iCloud features on a Mac.
Image used with permission by copyright holder

Digging into the specifics, Mullvad spotted QUIC data (that is, data from a protocol designed to make web traffic faster and more secure) leaving its test computer outside of the Private Relay VPN tunnel. In other words, this data had somehow escaped Private Relay’s secure connection and was leaking to the outside world. Disabling Private Relay stopped the leak in its tracks.

While Mullvad couldn’t determine what data was leaked (it was encrypted, after all), the fact that any data at all was leaking was cause for concern. The report’s authors explain that, “We believe [the leaked information is] just some heartbeat signal calling home to Apple.” As previously noted, that could flag up the user’s system to other network users.

Mullvad’s report claims that, for now, the only way to prevent this data leak is to disable Private Relay entirely. Until Apple patches the flaw, that might be the best course of action if you are concerned.

In the meantime, if you are looking for a replacement for Private Relay, we’ve put together a list of the best VPN services that will keep your data safe and protected.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Apple’s 32-inch M3 iMac could be facing yet another delay
Man using a 24-inch M1 iMac.

If you’ve been holding out for an iMac loaded up with a new M3 chip, there’s bad news: it might be delayed until next year. It means an even longer wait for anyone who wants an all-in-one Apple computer with an upgraded chip -- right now, the M1 chip in the current 24-inch iMac is over two years old.

The news on the iMac postponement comes from the Power On newsletter published by journalist Mark Gurman, who has released accurate information about Apple’s upcoming products many times in the past.

Read more
There’s a bunch of bad news about Apple’s Vision Pro headset
A person tries on an Apple Vision Pro mixed reality headset in an Apple Store, with an Apple employee alongside them.

Apple’s Vision Pro headset is probably one of the most complex products the company has ever launched, but a new report has highlighted just how much Apple is struggling with the device. It suggests people are finding the headset uncomfortable and that it could take even longer to become widely available than we previously thought.

The news has come to light thanks to a new report from journalist Mark Gurman, a reporter who has an accurate track record when it comes to Apple leaks and rumors. According to Gurman, the Vision Pro “will be Apple’s most complex debut to date and will require sorting out tricky supply chain logistics, training salespeople how to set up the device and teaching customers how to use it.”

Read more
This $40K Vision Pro mod adds 18K gold to Apple’s headset
The Caviar 18-karat gold version of Apple's Vision Pro headset with its front plate in place, seen from the side.

You probably didn’t look at the $3,500 Vision Pro that Apple revealed at its Worldwide Developers Conference (WWDC) and think “you know what? I want to spend more than that.” But just in case you feel like throwing even more money at Tim Cook and friends, a company has made a custom $39,900 edition of Apple’s headset that will let you do just that.

The absurdly modified version is made by Caviar, a company known for its diamond-studded iPhones and other ridiculously ostentatious products. Instead of Apple’s silvery aesthetic, the modified “CVR Edition” features over 1.5kg of 18-karat gold, paired with black Connolly leather that is “supplied to the British Royal Court and Rolls-Royce.”

Read more