iOS 15.0.1 seemingly fixes iCloud Private Relay leak (WebRTC)

Soldato
Joined
18 Aug 2007
Posts
9,783
Location
Liverpool
I have just upgraded to iOS 15.0.1 and it seems that, under Safari's advanced settings (Settings > Safari > Advanced) you can now select to proxy WebRTC sockets. Selecting this toggle no longer allows your real IP to leak when you're using iCloud Private Relay, at least according to the fingerprintjs demo site. Someone please check this out and let me know if you can verify?
 
Is it a good idea to enable this iCloud private relay beta feature then? is there any negatives to enabling it?

It basically just attempts to hide your IP from trackers (or websites and trackers, depending on your setting). It's not as good as a full VPN but it is handy, well it will be when it works properly.
 
Is this explaining why the MAC address in my router and the public IP address given on websites is totally different from what the iPad is saying in Settings > About > Wi-fi Address?
 
Is this explaining why the MAC address in my router and the public IP address given on websites is totally different from what the iPad is saying in Settings > About > Wi-fi Address?

No. Two features at play here:
- "Private Relay" effectively proxies your traffic (incl. DNS records) through a couple of "relays" (servers). Your IP address is visible to your ISP and the first ("ingress", Apple-operated) relay. This ingress relay then proxies the request again, still encrypted, to an "egress" relay which proxies it to the requested web service. It's sort of a cross between traditional VPNs and TOR, with the benefit of no intermediate party being able to know who's browsing for what, and the con of the user not being able to select a proxy server in any arbitrary country (it'll default to a local one) to bypass local restrictions.

- OS network "Private Address" mode. When enabled for a WiFi network, "Private Address" generates a new network-specific ephemeral (24 hours iirc?) MAC address for your iPhone, iPad, or Apple Watch for each network it joins.

Your MAC address won't be publicly broadcast to websites, so it would never match your public IP address even without these two features enabled. "Private Relay" is designed to mask your IP address on the internet, and "Private Address" is designed to mask your MAC address on your LAN.


edit: amended, ty to @the-evaluator
 
Last edited:
- OS network "Private Address" mode. When enabled for a WiFi network, "Private Address" generates a new ephemeral (24 hours iirc?) MAC address for your iPhone, iPad, or Apple Watch for each network it joins.

For each network that the device joins with private address mode enabled it will use a different MAC address but that MAC address won't change after 24 hours. Each time you connect back to that network it'll present the same MAC address as it did the previous time.
 
For each network that the device joins with private address mode enabled it will use a different MAC address but that MAC address won't change after 24 hours. Each time you connect back to that network it'll present the same MAC address as it did the previous time.

Ahh, my bad! I think you might be right here! Amended my previous post, not sure where I heard the 24hrs thing and haven't been paying enough attention clearly
 
Back
Top Bottom