If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
Apple's iCloud Private Relay is a novel Internet privacy service allowing users to securely and privately browse the Internet. It is directly implemented into Apple's operating systems and included with all iCloud+ subscriptions. Compared to traditional VPN services, Private Relay's dual-hop architecture separates the knowledge of the user's IP address and their destination website between two different Relays. Apple operates the first Relay while the second one is by one of its four partners: Akamai, CloudFlare, or Fastly.
Apple claims its architecture enforces enhanced protection of users' privacy ("privacy by design") while still providing a high-performance browsing experience. Their president of software engineering, Craig Federighi, even mentions that Apple does not want users to have trust in them. Further, the company claims its service incorporates anti-abuse and fraud prevention mechanisms. As Private Relay validates any connection at the account and device level, website operators can trust them.
I reverse engineer Private Relay's macOS implementation, present its involved technical components and how they collaborate. With that gained knowledge, I analyze authentication and authorization mechanisms deployed by Private Relay regarding potential ways of abuse.
Furthermore, I review the privacy claims regarding the architecture and its deployment.