back

TrustMeRelay? Investigating Apple's iCloud Private Relay

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:45:14
Language
English
Abstract
Apple strongly emphasizes the security and privacy of its devices and services.
I analyze the dual-hop architecture, deployed protocols, and inner workings of their privacy-centric, VPN/Tor-alike service iCloud Private Relay. I will talk about my reverse engineering process and falsify Apple's privacy by design and access control claims.

Apple's iCloud Private Relay is a novel Internet privacy service allowing users to securely and privately browse the Internet. It is directly implemented into Apple's operating systems and included with all iCloud+ subscriptions. Compared to traditional VPN services, Private Relay's dual-hop architecture separates the knowledge of the user's IP address and their destination website between two different Relays. Apple operates the first Relay while the second one is by one of its four partners: Akamai, CloudFlare, or Fastly.

Apple claims its architecture enforces enhanced protection of users' privacy ("privacy by design") while still providing a high-performance browsing experience. Their president of software engineering, Craig Federighi, even mentions that Apple does not want users to have trust in them. Further, the company claims its service incorporates anti-abuse and fraud prevention mechanisms. As Private Relay validates any connection at the account and device level, website operators can trust them.

I reverse engineer Private Relay's macOS implementation, present its involved technical components and how they collaborate. With that gained knowledge, I analyze authentication and authorization mechanisms deployed by Private Relay regarding potential ways of abuse.
Furthermore, I review the privacy claims regarding the architecture and its deployment.

Talk ID
camp2023-57214
Event:
camp2023
Day
3
Room
Milliways
Start
10 p.m.
Duration
00:45:00
Track
Milliways
Type of
Talk
Speaker
Heiko Kiesel
Talk Slug & media link
camp2023-57214-trustmerelay_investigating_apple_s_icloud_private_relay
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 8 months, 4 weeks ago