Last year was the IDFA. This year, it’s the IP address.
Apple will start redirecting web traffic through two separate servers in order to obfuscate a user’s IP address, the company said at its Worldwide Developers Conference on Monday.
The feature, called Private Relay, will act as a VPN of sorts, although VPNs generally only reroute traffic through a single hop. And, despite blocking internet service providers from seeing a user’s traffic, VPNs can still access browsing data themselves. (It’s a common misconception that VPNs inherently protect privacy, when all they do is mask your identity from others.)
Private Relay will be part of a new service called iCloud Plus and will likely be available sometime this autumn. While it appears that for now the feature only applies to the web and a small percentage of app traffic (specifically, unencrypted HTTP app traffic), there’s no reason it can’t eventually also be rolled out for apps – and it could be one way to curtail fingerprinting, a banned identification method Apple has yet to begin serious enforcement against on iOS.
Although IP addresses aren’t the only ingredient used in fingerprinting, they are one of the key signals.
Apple claims that the Private Relay feature will ensure that all traffic leaving one of its devices is encrypted so that no one can read or intercept it.
“It’s designed so that no one, including Apple, can see both who you are and what sites you’re visiting,” said Mike Abbott, VP of Apple Cloud Services.
The news comes one year after Apple upended the mobile privacy landscape at its last WWDC, when it announced plans for the AppTrackingTransparency framework and kicked off a protracted confrontation with many mobile apps and advertising companies.
Private Relay, along with a smattering of other privacy-related announcements, demonstrate Apple’s focus on this issue is likely to continue into the future.
A few more things
In addition to Private Rely, Apple also has new privacy system controls on deck that will hide a user’s IP address from third-party trackers within Safari and on the Mail app.
With Mail Privacy Protection, a person’s IP address will be hidden so that email senders can't connect the account to other online activity or to someone’s location. Senders will also be prevented from seeing whether the receiver has opened an email.
Apple will also obscure IP address on Safari, which already blocks third-party cookies by default with Intelligent Tracking Prevention.
And then there’s a new feature called the Safari Privacy Report, whereby people will be able to see which trackers are prevented from profiling them.
Not to be left out, apps will also get a privacy report of their own called, naturally, the App Privacy Report that provides an overview of how apps “treat your privacy,” said Katie Skinner, an Apple privacy engineering manager.
The report, which will be accessible in the settings of devices running iOS 15, will show how often apps have used the permissions they’ve been granted to access someone’s location, photos, camera, microphone and contacts over the past seven days, as well as what data is being shared and all of the third-party domains an app is contacting.
And here’s a potentially not-so-sweet treat for the Unified ID 2.0 initiative and any email-based identity solution.
Apple is planning to roll out a default feature for Mail, Safari and iCloud called Hide My Mail that allows people to create unique random email addresses that forward to their personal inbox.
Users can set up as many email addresses as they want and delete them at any time.
Now that’s a burn … as in burner email address.