Apple has spent considerable time championing itself as a protector of user privacy. Its CEO Tim Cook has repeatedly stated that privacy is “a fundamental human right,” the company has based multiple ad campaigns around its privacy promises, and it’s had high profile battles with authorities to keep its users’ devices private and secure.
The pitch is simple: our products protect your privacy. But this promise has shifted very subtly in the wake of this week’s iCloud Plus announcement, which for the first time bundled new security protections into a paid subscription service. The pitch is still “our products keep you safe,” but now one of those “products” is a monthly subscription that doesn’t come with the device in your box — even if those devices are getting more built-in protections as well.
iCloud has always been one of Apple’s simplest services. You get 5GB of free storage to backup everything from images, to messages and app data, and you pay a monthly subscription if you want more (or just want to silence Apple’s ransom note when you inevitably run out of storage). Apple isn’t changing anything about the pricing or storage options as part of the shift to iCloud Plus. Prices will still range from $0.99 a month for 50GB of storage up to $9.99 for 2TB. But what is changing is the list of features you’re getting, which is expanding by three.
Private Relay and Hide my Email are privacy features included with iCloud Plus
The first change sits more within iCloud’s traditional cloud storage remit, and is an expansion of Apple’s existing HomeKit Secure Video offering. iCloud Plus now lets you securely stream and record from an unlimited number of cameras, up from a previous maximum of five.
With the new Private Relay and Hide My Mail features, however, iCloud Plus is expanding its remit from a storage-based service into a storage and privacy service. The privacy-focused additions are minor in the grand scheme of the protections Apple offers across its ecosystem, and Apple isn’t using them as justification for increasing the cost of iCloud. But they nevertheless open the door to so-called “premium” privacy features becoming a part of Apple’s large and growing services empire.
The features appear as an admission from Apple about the limits of what privacy protections can do on-device. “What happens on your iPhone stays on your iPhone” was how the company put its promise in a 2019 ad, but when your iPhone needs to connect to the internet to browse the web, receive email, and generally earn the “i” in “iPhone,” inevitably some of its privacy rests on the infrastructure serving it.
The most interesting of these new features is Apple’s Private Relay, which aims to shield your web traffic from prying eyes in iOS 15 and macOS Monterey. It hides your data from both internet service providers as well as advertisers that might build a detailed profile on you based on your browsing history. While it sounds a bit like a VPN, Apple claims the Private Relay’s dual-hop design means even Apple itself doesn’t have a complete picture of your browsing data. Regular VPNs, meanwhile, require a level of trust that means you need to be careful about which VPN you use.
As Craig Federighi, Apple’s senior vice president of software engineering explains, VPNs can protect your data from outsiders, but they “involve putting a lot of trust in a single centralized entity: the VPN provider. And that’s a lot of responsibility for that intermediary, and involves the user making a really difficult trust decision about exposing all of that information to a single entity.”
“We wanted to take that completely out of the equation by having a dual-hop architecture,” Federighi told Fast Company.
Here’s how it works. When using Private Relay your internet traffic is being sent via two proxy servers on its way to its destination. First, your traffic gets encrypted before it leaves your device. Then, once it hits the initial, Apple-operated server, it gets assigned an anonymous IP that hides your specific location. Next up, the second server, which is controlled by a third-party, decrypts the web address and forwards the traffic to its destination.
Apple thinks today’s VPNs pose “a really difficult trust decision”
Apple can’t see which website you’re requesting, only the IP address you’re requesting it from, and third-parties can’t see that IP address, only the website you’re requesting. (Apple says it also uses Oblivious DNS over HTTPS.) That’s different from most “double VPN” and “multi-hop” VPN services you can subscribe to today, where a provider may control both servers. You could perhaps combine a VPN and a proxy server to do something similar, though. Apple says Private Relay won’t impact performance, which can be a concern with these other services.
While Private Relay is theoretically more private than a regular VPN, Apple’s offering is also more limited. You can’t use it to trick websites into thinking you’re accessing them from a different location, so you’re not going to be able to use Private Relay to get around geographical limitations on content blocked by a government or a service like Netflix. And it only seems to cover web browsing data through Safari, not third-party browsers or native apps. In a WWDC developer session about the feature, Apple says that Private Relay will also include DNS queries and a “small subset of traffic from apps,” specifically insecure HTTP traffic. But there was no mention of other browsers, and Apple clarified to The Verge that it’s only handling app traffic when your app technically happens to be loading the web inside a browser window.
In addition to Private Relay, iCloud Plus also includes Hide my Email, a feature designed to protect the privacy of your email address. Instead of needing to use your real email address for every site that requests it (increasing the risk of an important part of your login credentials becoming public, not to mention getting inundated with spam), Hide My Email lets you generate and share unique random addresses which will then forward any messages they receive back to your true email address. It’s another privacy-focused feature that sits outside of iCloud’s traditional area of focus, and could be useful even if similar options have been available for years.
Gmail, for example, lets you use a simple “+” symbol to add random extra characters to your email address. Even Apple’s own “Sign In with Apple” service pulls a similar trick, handing out random email addresses to each service you use it with. But the advantage of Apple’s new service is that it gives you an easily-accessible shortcut to generate them right in its Mail app and Safari, putting the feature front and center in a way that seems likely to boost its mainstream appeal.
Plenty of privacy still included with standard purchase
Apple might be charging for Private Relay and Hide My Email by bundling them into iCloud subscriptions, but these iCloud Plus additions are still dwarfed by the array of privacy protections already built into Apple’s hardware and software. There’s no sign that any of these existing privacy features will be locked behind a monthly subscription fee anytime soon. Indeed, the list of built-in protections Apple offers continues to grow.
This includes a new Mail Privacy Protection feature in the Mail app in iOS 15, which sends your emails through a relay service to confuse any tracking pixels that might be hiding in them (read more about tracking pixels here). There’s also a new App Privacy Report feature coming to iOS 15 that will show how often apps are accessing your location, camera, microphone, and other data.
But with iCloud Plus, Apple now offers two privacy protections that are distinct from those that are included for free with the purchase of a device, and the division between the two seems arbitrary to some extent. Apple justifies charging for features like Private Relay and Hide My Email because of the incremental costs of running those services, but Mail Privacy Protection also relies on a relay server, which presumably isn’t free to run.
Regardless of its rationale, choosing to charge for these services means that Apple has opened the door to premium privacy features becoming part of its increasingly important services business, beyond just its hardware business. Adherence to privacy was already part of the company’s attempt to lock you into its devices; now it could become part of the attempt to lock you into its services. All the while, those walls around Apple’s garden creep higher and higher.