Could you give me some advice? I am struggling to choose between using iCloud Private Relay or a VPN service like Mullvad.
A little background: I am in the Apple ecosystem. I use macOS and iOS. These devices fit my threat model. Since I was already paying for iCloud+, I figured I could just use iCloud Private Relay. I’m not sure if it’s the right choice anymore after doing some reading on VPNs. My goal is to prevent IP-based tracking and hide browsing activities from ISPs.
The way I see it:
iCloud Private Relay
Dual-hop architecture with data separation (one only knows who you are, one only knows where you want to go).
Aside from some other uses, mainly limited to only Safari (can be a good thing in my eyes, since you don’t use the same IP-address that’s seen by apps in which you may be signed in with personally identifiable information which could link the two together)
Doesn’t cost me extra money.
But…
Closed-source, so requires trust in Apple (which is already a requirement when using their devices and/or services I suppose).
Only limited to the browser Safari. On iOS this isn’t as much as an issue for me due to the WebKit-rules, but on macOS this prevents me from using open-source privacy-friendly browsers since these currently don’t have IP-address protection.
VPN like Mullvad:
Open-source with transparent logging policies.
Not limited to Safari: systemwide IP-based protection.
Broadens my browser options on macOS due to systemwide IP-protection (maybe a Mullvad VPN & Mullvad Browser combo?).
Paying for their service contributes to the privacy cause.
But…
Costs extra money on top of iCloud+ costs.
The trust thing. In my case the VPN provider could technically know who I am and what I’m doing since I’m unable to pay anonymously. This connection shouldn’t be as easy with iCloud Private Relay, if it is functioning as advertised.
Private Relay’s design, combined with a minimal logging policy, ensures that proxy logs do not contain enough information to connect a user’s IP address or account information with their browsing activity.
The information logged by Private Relay contains no unique identifiers and is limited to the following, for the sole purpose of operating and improving the service:
• Connection properties and performance metrics
• Network and region information derived from IP address
• Anonymous token validation success rate and performance • Private Relay system resource usage
The following fields related to anonymous token issuance are logged as a part of Private Relay’s fraud prevention and anti-abuse measures, but cannot be correlated with connection information:
• iCloud account, software version, and request timestamp
One option you could consider is using Proton VPN’s free plan on MacOS and on iOS, continuing to use Private Relay. This way, you could pick a more private and open-source browser for Mac and wouldn’t have to pay any more money. However, if you’re willing to spend money, then I can definitely recommend Mullvad, and in my opinion, the cost isn’t even that bad, and you would have the added flexibility to pay monthly, which is often the most expensive option with other VPN providers.
I believe that Apple’s iCloud Private Relay uses Cloudflare and Akamai servers to run the service this is also something to consider. IP addresses are only one data point that advertisers use to track people, I personally believe that using a free vpn (like Proton VPN) and using a privacy conscious browser like Brave, Firefox or Mullvad Browser will offer better web tracking protection than using Safari with Apples Private Relay on macOS. Advertisers are moving further and further away from tracking users using IP address.
I think your best (and most cost effective) option if you don’t want your ISP to collect your website history is to use iCloud Private Relay on your iPhone and use free Proton VPN on your macOS computer along with a privacy conscious browser.
Might be a bit irrelevant to you, but for sensitive information I wouldn’t use iCloud (Google Drive for me since I’m an Android user). I have free unlimited photo storage with Amazon since I’m subscribed to prime, and I have auto backups disabled, and only use it for nonsensitive photos and videos.
Anything I wish to keep private, I store it offline on encrypted external SSDs. When I wanna share it with someone, I use Signal or in some cases Samsung private share.
Another trade off could be Private Relay being able to play nice with outside services. For instance I found ProtonVPN to cause issues with banking apps/websites and also with my Tesla app. Both work fine with private relay. It is also seamless to use private relay with custom encrypted DNS like NextDNS (as long as you use a profile instead of an App).
The main downside of private relay is the inability to choose a custom location to defeat geo blocks.
After going back and forth on this issue myself I’ve come to use Private Relay for every day use to protect my traffic from ISP snooping and use ProtonVPN for when I want additional VPN capabilities….like watching something available on foreign Netflix but not US Netflix.