iCloud+ Private Relay or VPN?
Q Is iCloud+ Private Relay good enough to use instead of VPN on public Wi-Fi?
A The primary purpose of iCloud+ Private Relay is more limited than that of a full Virtual Private Network (VPN) service. It aims to anonymise your IP address within a given area. This prevents others from identifying you or your location without losing access to services that are geographically restricted.
Private Relay works through two relay servers, only the first knowing your IP address, but that doesn’t know the IP address of the server you’re trying to connect to. The second server only knows you through the proxy IP address assigned by the first relay server, which can be allocated from an area containing millions of IP addresses.
An eavesdropper can therefore readily see your Mac’s connections to the relay service, but shouldn’t be able to trace them beyond that. The two relays are provided by different corporations too; Apple’s servers work as the first, and a major internet service provides the second relay.
A VPN effectively extends your local network to the VPN provider’s servers, which make onward connections on your behalf. An eavesdropper can then only see your connections to the VPN service and can’t trace them beyond to their real destination. When all connections are encrypted by TLS, this should provide a robust way of making secure and untraceable connections.
The snag with a VPN is that you have to place your trust in the VPN service provider. If that turns out to be gathering information about your connections, then the benefits would be lost.