iCloud Private Relay feature leaking users’ original address through WebRTC

During the WWDC 21 keynote, Apple announced its updated iCloud+ subscription. The service includes a new feature called iCloud Private Relay which is aimed at making web browsing safer by hiding users’ IP addresses and sharing their approximate location, instead of the precise location. The privacy feature is expected to be safer than VPNs because, unlike VPN providers, the tech giant will not store users’ IP addresses and their online activity. However, according to a Reddit user, the Private Relay is not working as expected as it is leaking your original address through WebRTC.

iCloud Private Relay

iCloud Private Relay feature currently not working as expected

iCloud’s Private Relay feature first sends web traffic to a server maintained by Apple where it is stripped of a piece of information called an IP address. After that, the tech giant sends the traffic to a second server maintained by a third-party operator who assigns the user a temporary IP address and sends the traffic onward to its destination website. This process hides the user’s identity and the destination website from Apple. However, the feature is currently not working as Apple intends.

Since iCloud Private Relay is still in beta testing, users do not have to worry about it. However, it is important that beta testers are aware of this discrepancy and subsequently inform Apple. As explained by Reddit user WhatTheHomePod:

“If you perform a test with Private Relay turned on at step Reflexive connectivity you’ll see your address from your ISP. If you connect through a virtual private network or proxy and try the test again then nothing is leaked. I have reported this bug to Apple. Just to be aware, for the users under us.”

The user later added that a workaround is to enable “WebRTC Sockets Proxying under Experimental WebKit Features. However, In-App Safari will still show the leaked address even when this is enabled.” For users who are running the latest beta of Apple’s upcoming operating systems, make sure you are not relying on Private Relay for now as websites can discover your web address.

Read more:

About the Author

Asma is an editor at iThinkDifferent with a strong focus on social media, Apple news, streaming services, guides, mobile gaming, app reviews, and more. When not blogging, Asma loves to play with her cat, draw, and binge on Netflix shows.

1 comment

  1. Yes, even with ios 16 webrtc still leaks in safari with or without experimental webrtc features disabled or enabled.
    The other issue is it assigns you a ipv6 address which likely uniquely identifies you as well. And that brings in what are apple’s data accumulation, use, dissemination and retention policies.

Leave a comment