One of the headline features announced by Apple at its WWDC developer event last week was Private Relay: a system-level setting for iCloud+ users that routes all Safari traffic and some other types of traffic through two separate relays, obfuscating the device’s IP address. This setting essentially renders iPhone users anonymous to the web: the initial, Apple-operated relay that traffic passes through assigns users an IP address that will be indistinguishable from those of other users in the same region. This article provides a good overview of the mechanics of Private Relay.
In the last episode of ATT, One Month In, I posited that Apple would launch a feature to mask device IP addresses, if only to prevent device fingerprinting. Private Relay accomplishes this, of course, but it also provides Apple with an incredible amount of control over how iOS device owners access the internet. Apple is essentially positioning itself between a user and the internet as a gatekeeper. Right now, Private Relay merely masks the IP address of a device. But ultimately, Private Relay could moderate a device’s access to the internet in any number of ways.
In its current incarnation, Private Relay applies to all Safari traffic, all DNS queries, and all unencrypted HTTP traffic (see this WWDC video for more details). Apple has indicated that only HTTP traffic within apps will pass through Private Relay, meaning its relevance to apps is limited — and it also means that app-to-app fingerprinting isn’t obstructed by Private Relay. This fact, and the fact that many non-fingerprinting, legitimate uses of the IP address for websites will break with Private Relay, puts a premium on app-based content delivery. Publishers are better served with apps than mobile websites as a result of Private Relay.
And Apple, surely, is happy to see publishers transition their content into apps from the web. The App Store accretes more content and its gravitational pull intensifies — and, with ATT diminishing the effectiveness of direct response marketing on mobile, Apple’s influence on the mobile ecosystem is amplified even further. Privacy policies by definition regulate how users interact with content. Private Relay allows Apple to determine which content is accessed.
It’s Apple’s internet now. It can’t be overstated how monumental of a change Private Relay represents. Apple introduced other privacy features at WWDC — Hide My Email, privacy dashboard, etc. — but these mostly progress Apple’s privacy positioning by inches. Private Relay is a foundational transformation. There is no real open web if access to the internet is gated through a relay owned by the device manufacturer, even if that relay is currently configured to not have visibility into web destinations (the two-hop design hides the web address from Apple’s relay: Apple only sees an encrypted web address, which is decrypted by the second, non-Apple relay).
In 2008, people said “there’s an app for that”: users could seek out an app to fulfill some function for which they’d otherwise rely on a website. Of course, native apps are more popular with users than mobile websites, and content on mobile is mostly consumed with apps. But now, Apple is saying: “you must build an app for that.” At launch, the App Store complemented the open web and provided a more convenient, more interactive way to engage with content on an iOS device than a website. Now, the App Store is usurping the open web and creating a hegemony for content.
Photo by NASA on Unsplash