Back to blog
Privacy on iOS·10 min read

What Apple's iCloud Private Relay actually covers — and what it doesn't

Apple ships a privacy feature that looks like a VPN, walks like a VPN, and is sometimes pitched like a VPN — but isn't one. iCloud Private Relay is a narrower, more specific protection than most users assume. Here's exactly what it does, what it doesn't, and where the gap lives.

By Casper's Cloak Security Team

The short version: iCloud Private Relay is a Safari-only, double-hop encrypted proxy available to iCloud+ subscribers. It hides your IP address from the websites you visit in Safari and from your ISP. It does not cover Chrome, Firefox, Brave, Edge, or any other browser. It does not cover any non-browser app — Instagram, TikTok, the YouTube app, news apps, smart-TV apps, games, your email client. It does not block ads or trackers, does not detect phishing, and does not protect you on hostile public WiFi against TLS man-in-the-middle. It is a meaningful protection within its narrow scope, and it is much narrower than its name suggests.

How Private Relay actually works

The mechanism is the cleverest piece — and worth understanding because it explains both the strengths and the limits.

When you visit a site in Safari with Private Relay enabled, the request goes through two separate relays:

  1. The first relay (Apple-operated) sees your IP address and the encrypted destination. It knows who you are (because of the IP) but not where you're going (the destination is encrypted to the second relay's key).
  2. The second relay (operated by a third party — Cloudflare, Fastly, or Akamai under contract with Apple) sees the destination and decrypts it, but only knows the connection came from "an Apple Private Relay user" — not which specific user.
  3. The destination site sees a generic IP address from a regional pool (matching your approximate location for content localization, but not your specific home address).

This split-knowledge architecture is genuinely elegant — neither relay alone can correlate your identity with your destinations. It's a meaningful improvement over a traditional VPN, where the VPN provider sees both ends and has to be trusted not to log.

But the entire architecture is bolted to Safari's networking stack. Other apps don't use it.

What Private Relay actually covers

Specifically:

  • Safari's web browsing. Every site you load in Safari, on any iCloud+ device (iPhone, iPad, Mac), routes through the relay.
  • iCloud Mail in the Mail app. Email tracker requests fired by promotional emails route through the relay (this is in addition to Mail Privacy Protection, which is a separate Apple feature).
  • Unencrypted (HTTP, not HTTPS) traffic from other apps. Most modern apps use HTTPS, so this category is small in practice. But if an app makes an HTTP request, that traffic does route through the relay.
  • DNS queries from Safari. Hostname lookups go through the relay so your ISP can't see what sites you're visiting.

That's the entire list. Everything below is not covered.

What Private Relay does NOT cover

Other browsers

Chrome, Firefox, Brave, Edge, Arc, Vivaldi, DuckDuckGo Browser, Opera — every browser other than Safari runs through your normal network connection, ISP-visible and IP-visible. The Private Relay architecture is built into Safari's WebKit networking layer and isn't exposed to other apps. If your default browser is Chrome (default on most non-Safari users), you're not getting Private Relay's protection there.

Non-browser apps (the big one)

This is the gap most users don't realize exists. Every app on your phone outside Safari runs through your normal network connection. Instagram, TikTok, Twitter/X, the YouTube app, news apps, weather widgets, games, your email client, banking apps, smart-TV companion apps, Slack, Discord, Signal — none of them get Private Relay's protection.

Why this matters: most consumer privacy threats today aren't in the browser. They're embedded SDKs in non-browser apps (Facebook SDK, Mixpanel, Amplitude, Segment, AppsFlyer) sending behavioral telemetry home. Apps reading device fingerprints. Apps phoning to ad networks. Private Relay covers none of this because none of it happens in Safari. Our deeper breakdown of what iOS App Tracking Transparency doesn't stop covers the SDK-tracking layer specifically.

Threat protection

Private Relay does not block ads, anywhere. Safari has separate content-blocker extensions (1Blocker, AdGuard for Safari, others) that block ads in Safari. Private Relay's role is anonymizing your IP and DNS — not filtering content. Even in Safari, ads still load (just from an anonymized vantage point).

Tracker blocking

Same answer. Private Relay doesn't refuse to resolve tracker hostnames or block tracker connections — it just routes them through the relay anonymously. The tracker still gets to fire and collect data; it just can't tie that data to your specific IP address. Safari's built-in Intelligent Tracking Prevention (ITP) does some cookie-level tracker blocking, but it's separate from Private Relay, and it doesn't apply outside Safari either.

Phishing detection

Private Relay doesn't score destinations for phishing or malware risk. Safari has separate "Fraudulent Website Warning" (built on Google Safe Browsing) but only inside Safari, and only for known-bad sites — zero-day phishing domains pass through. Phishing links opened from Messages, Mail, third-party email apps, or any messaging app open in a web view that may or may not get Safe Browsing checks, and definitely doesn't get any Private-Relay-related protection. Our phishing-campaign breakdown covers the SMS phishing reality.

Hostile public WiFi protection (sort of)

On a hostile coffee-shop or hotel WiFi network, Private Relay does encrypt Safari traffic against the local network operator — they can't see what sites you're visiting in Safari. But:

  • Other apps on your phone (still using the local WiFi without the relay) are fully exposed.
  • The local network operator can still see that you're using Private Relay (they see traffic going to Apple's relay endpoints, just not the destinations behind it).
  • Captive portal flows still expose your real IP before Private Relay kicks in.
  • Some hostile networks block Private Relay endpoints and force traffic through their own logging proxies — Private Relay then degrades to unencrypted mode unless the user notices.

Geographic IP switching for streaming

Private Relay gives you an IP from a regional pool that approximately matches your real location — by design, to preserve regional content compatibility. It is not a streaming-bypass tool. If you want to watch UK Netflix from the US, Private Relay is the wrong product; NordVPN or ExpressVPN or similar is the right one. Private Relay's design explicitly avoids the streaming-evasion arms race.

When Private Relay matters and is worth keeping on

None of the above is criticism — it's just scope clarification. Private Relay does what it says it does, and within that scope it's quite good. Cases where it's the right protection:

  • Your Safari browsing should be unobservable by your ISP. Private Relay achieves this elegantly.
  • You don't want websites to fingerprint your specific home IP. The regional-pool IP is much harder to use for cross-session linkage than a static residential one.
  • You want a privacy improvement without choosing a VPN vendor to trust. The split-relay architecture means even Apple can't see both ends of your browsing. This is a real trust improvement over picking a VPN.
  • You want it to "just work" with zero configuration. Private Relay is on by default for iCloud+ subscribers; you don't have to remember to enable it or pay attention to it.

For these cases, leave it on. There's no downside to running it.

What you need beyond Private Relay

For the rest of the consumer privacy threat surface — non-Safari apps, ad blocking, tracker blocking, phishing detection, full-device hostile-network protection — you need something at the network layer rather than the browser layer. The clean approach is a DNS-filtering VPN that covers every app on the device, alongside Private Relay for Safari.

Importantly, both coexist fine on iOS. iOS allows one active VPN profile at a time (Casper or another) and Private Relay simultaneously — Private Relay continues to handle Safari's traffic via Apple's relays while the VPN profile handles everything else. This is the same pattern that worked for years with corporate VPNs: Safari-on-Private-Relay sits cleanly alongside other-apps-on-VPN.

What this means in concrete terms: Private Relay covers Safari, and our threat protection, tracker blocking, and AI threat protection cover every app outside Safari. The pair gets you ~95% of the consumer threat surface; either alone leaves significant gaps. Our iOS platform page walks through what each layer catches that the other doesn't.

A note on Apple's broader privacy stack

Apple has shipped several discrete privacy features that often get conflated:

  • iCloud Private Relay — Safari-only IP/DNS anonymization (the subject of this post)
  • App Tracking Transparency (ATT) — the "Ask App Not to Track" prompt, which blocks one specific identifier (IDFA) but leaves fingerprinting and SDK-level tracking open. Detailed breakdown here.
  • Mail Privacy Protection (MPP) — fetches email tracking pixels via Apple proxies regardless of whether you opened the email, defeating most email open-rate tracking. Applies only to Apple Mail, not Gmail/Outlook/Spark.
  • Hide My Email — generates per-service email aliases. Available to iCloud+ subscribers.
  • App Privacy labels — self-reported on the App Store, useful as a signal but not enforced.
  • Intelligent Tracking Prevention (ITP) — Safari's cookie-level tracker blocking. Separate from Private Relay.
  • App sandboxing — apps can't read each other's data without permission. This is platform-level architecture, not a feature.

Each does something specific and narrowly-scoped. None of them is a network-level filter that covers every app on the device. That's the gap Casper fills.

How to check if Private Relay is even on

Many users have iCloud+ but never actually enabled Private Relay. To verify:

  • iOS / iPadOS: Settings → [Your Name] → iCloud → Private Relay. Toggle on if not already.
  • macOS: System Settings → [Your Name] → iCloud → Private Relay.
  • If you're not on iCloud+, the option isn't visible. iCloud+ starts at the same price as the 50GB iCloud storage tier.

One subtle gotcha: some carrier and corporate networks request that Apple disable Private Relay for users on their networks. iOS notifies you when this happens via a banner in Settings. If you see that banner, your carrier or workplace has opted you out — Private Relay is effectively off on those networks.

Bottom line

iCloud Private Relay is a well-designed, narrowly-scoped privacy feature — Safari-only IP and DNS anonymization with a clever split-knowledge architecture. It's worth keeping on. It is also much narrower than its name suggests: it doesn't cover other browsers, doesn't cover any non-browser app, doesn't block ads or trackers, doesn't detect phishing, and doesn't fully protect against hostile WiFi. The gap between "what Private Relay covers" and "what consumer privacy in 2026 actually requires" is the gap our network-level filter is built for.

If you want both the Safari-specific Private Relay benefit and full-device coverage for every other app on your iPhone or Mac, run them together — they coexist cleanly on iOS and macOS.

Related reading

The best way to protect iPhone privacyHow to stop online trackingWhat iOS App Tracking Transparency doesn't stopDNS-over-HTTPS — when it helps and when it hurts DNS-over-HTTPS vs DNS-over-TLSWhat is a DNS leak

Cover what Private Relay doesn't

Casper's Cloak is the network-level filter that runs alongside Private Relay — covering every non-Safari app on your iPhone, Mac, and Android. Ad blocking, tracker blocking, AI threat detection, public-WiFi encryption.

See the iOS pageTracker blockingPricing