Mac Format

HOW IT WORKS

Virtual Private Networks vs Private Relay

- HOW IT WORKS

How private is your internet connection? The simple answer is not very: data is sent and received over the internet in so-called ‘packets’. First, those packets can be linked to your computer, because they’re tagged with the public IP address allocated to your modem router by your internet provider. This enables data to transmit between servers without getting lost, but obviously means your internet activity can be traced back to your door.

Second, unless the data contained within those packets has been encrypted by whatever service you’re using – your online banking app, for example, or a secure (https) website – then its contents can be clearly read by your internet provider or a hacker to reveal not only what you’re doing, but also expose potentiall­y sensitive informatio­n such as passwords or credit card numbers.

How a VPN works

Virtual Private Networks (VPNs) scramble the data you send to and from the internet to plug some of these security holes. They serve three specific functions: one, to encrypt data transmitte­d over Wi-Fi networks; two, to prevent your internet provider from seeing what you’re doing online; and three, to mask your precise location from any internet services you’re using.

First, data passed through Wi-Fi networks is particular­ly vulnerable. Any hacker connected to that network – even if it’s encrypted – can intercept your data with the right tools, which is why when you’re out and

To prevent your ISP being able to see what you’re doing, VPNs provide you with internet access through their own servers

about a VPN should be considered essential before connecting to any public Wi-Fi network, encrypted or not.

To combat this, VPNs create what’s known as a ‘secure tunnel’ to hide your data from hackers. This is done by encapsulat­ing every single packet of data within an outer layer that’s encrypted using one of several different protocols (see the Key Fact opposite). This also masks your internet activity from your ISP – it can see you’re transmitti­ng data, but it can’t tell what sort of data it is.

As things stand, however, your ISP could work out the nature of your internet usage by seeing what services you’re connecting to. To prevent it from being able to see what you’re doing, VPNs provide you with access to the internet through their own servers. The secure tunnel transmits your encapsulat­ed data to the VPN’s server – which is the only part of its journey your ISP can track. Here, the outer packet is decrypted, and the original data is then sent on its way to its destinatio­n. Any data sent back goes through the VPN server, where it’s encapsulat­ed again prior to being sent back to you.

The encryption-decryption process requires both client and server to possess the correct keys for encrypting and decrypting the data packets, which is why no one else can see

the data inside. It’s an intensive process that can result in a slower internet connection when a VPN is being used.

The re-routing of data via the VPN’s server also hides your true location from the service you’re connected to, because the VPN server is identified as the originator of the data rather than your own public IP address. It can also mask your location from other trackers, such as browser cookies.

Apple Private Relay

At first glance, you might think that Apple’s Private Relay technology, due to be rolled out with macOS Monterey and iOS 15 as part of the new iCloud+ service, is taking direct aim at VPNs, but don’t rush to cancel your VPN subscripti­on just yet. In fact, Private Relay is specifical­ly limited to hiding your activities in Safari, so will make no effort to obfuscate any other internet-based communicat­ion to or from your mobile or Mac.

On a superficia­l level, Private Relay works in a similar way to a VPN, but rather than scramble your data through a single server, it actually goes through two randomly selected servers. Your data is encrypted, then transferre­d to an Ingress Proxy, which is run by Apple. The proxy knows your location, but not the website you’re visiting (because it’s been encrypted) – its job is to replace your uniquely identifiab­le IP address with an approximat­e location. This can be either a regional area or simply your country and time zone, depending on how anonymous you want to be.

Next, the Ingress Proxy passes on your data through another encrypted location to an Egress Proxy, which is run by a content provider. This decrypts your data so it knows where to forward it on to, and – based on the geographic­al informatio­n given to it by the Ingress Proxy – allocates it a random IP address from that area or country. The data is then encrypted again and sent on to the website, which can identify that you’re from a specific region or country but can’t pinpoint your exact location. Any data sent back is encrypted, then passes through the Egress Proxy and Ingress Proxy before arriving on your device.

The key difference between a VPN and Private Relay is that a VPN scrambles all your web traffic, while Private Relay will only scramble traffic sent through Safari. Nick Peers

?? ?? VPNs use several different encryption protocols: OpenVPN, WireGuard and IKEv2 are among the best available.
VPNs use several different encryption protocols: OpenVPN, WireGuard and IKEv2 are among the best available.
?? ?? Apple’s upcoming Private Relay bears superficia­l resemblanc­e to a VPN, but only masks Safari web traffic.
Apple’s upcoming Private Relay bears superficia­l resemblanc­e to a VPN, but only masks Safari web traffic.
?? ??
?? ?? VPN providers offer dozens of servers across multiple countries – choose one for speed, location or services.
VPN providers offer dozens of servers across multiple countries – choose one for speed, location or services.

Newspapers in English

Newspapers from Australia