Skip to main content

Apple’s Private Relay VPN seems to be leaking user data

When Apple unveiled iCloud+ at its Worldwide Developers Conference (WWDC) in June 2021, one of its key features was a secure VPN called Private Relay. Yet a fresh report claims the service has been leaking user data on MacOS, potentially meaning it’s not as secure as previously thought.

Private Relay works by obfuscating various identifying pieces of information when you browse the internet. It encrypts your data, separates your page requests from your IP address, then assigns you a spoof IP address. The idea is that it becomes impossible for anyone (including Apple) to see which websites you are visiting.

Apple products are seen in the store.
Jakub Porzycki/NurPhoto/Getty Images / .

However, it seems there are cracks in its defenses. Doubts were raised by VPN service Mullvad, which alleges that Private Relay can cause the system it’s installed on to ignore network firewall rules. When that happens, Private Relay can leak that the system is communicating to Apple servers.

Recommended Videos

That might not seem like much, but the upshot of this is that it signals to your local network and your ISP that you are likely using a Mac computer. It’s not the most damaging information out there, but if a bad actor is snooping on your network traffic, that could give them ideas for a line of attack.

Please enable Javascript to view this content

Calling home to Apple

New iCloud features on a Mac.
Image used with permission by copyright holder

Digging into the specifics, Mullvad spotted QUIC data (that is, data from a protocol designed to make web traffic faster and more secure) leaving its test computer outside of the Private Relay VPN tunnel. In other words, this data had somehow escaped Private Relay’s secure connection and was leaking to the outside world. Disabling Private Relay stopped the leak in its tracks.

While Mullvad couldn’t determine what data was leaked (it was encrypted, after all), the fact that any data at all was leaking was cause for concern. The report’s authors explain that, “We believe [the leaked information is] just some heartbeat signal calling home to Apple.” As previously noted, that could flag up the user’s system to other network users.

Mullvad’s report claims that, for now, the only way to prevent this data leak is to disable Private Relay entirely. Until Apple patches the flaw, that might be the best course of action if you are concerned.

In the meantime, if you are looking for a replacement for Private Relay, we’ve put together a list of the best VPN services that will keep your data safe and protected.

Alex Blake
Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…
Apple’s M4 iMac brings next-gen power to your desktop
People using the Apple iMac with M4 chip.

Apple has brought its M4 chip to the iMac, making it the first Mac to get Apple’s latest silicon chip. The update also brings new colors and a significant performance improvement for the all-in-one desktop computer, and it comes a year after it received the previous-generation M3 chip. As with the previous M1 and M3 iMacs, the M4 model is compatible with Apple Intelligence.

It comes at the beginning of a week of product releases from Apple, with the company previously teasing that it had much more to reveal in the coming days. The updates could see the entire Mac lineup receive some variant of the M4 chip (including more powerful M4 Pro, M4 Max and M4 Ultra editions) over the coming months.

Read more
Elon Musk tells Tim Cook he doesn’t want Apple’s ‘creepy spyware’
elon musk stylized image

Elon Musk has lashed out at Apple’s plan to partner with OpenAI to bring artificial intelligence features to the iPhone, telling Apple CEO Tim Cook directly to “stop this creepy spyware” and threatening to ban iPhones on the premises of his companies -- SpaceX, Tesla, and X (formerly Twitter).

Apple announced the partnership with the ChatGPT maker on the opening day of its Worldwide Developers Conference (WWDC) on Monday. But just a few hours later, Musk fired off a number of X posts expressing his annoyance at the plan, calling it “an unacceptable security violation.”

Read more
6 mice you should buy instead of Apple’s Magic Mouse
Magic Mouse next to a Mac keyboard on a desk.

Apple’s Magic Mouse has plenty of fans, but it’s definitely not for everyone. For every person who loves its gesture-control surface and sleek design, you’ll find another who’s fed up with its uncomfortable shape and upside-down charging. If that sounds familiar, you might be looking for an alternative mouse for your Mac.

To help, we’ve found six of the best options to replace the Magic Mouse. From productivity masters to gaming aces, these are some of the best mice you can pair with your Apple computer.
Logitech MX Master 3S for Mac

Read more