With iCloud Plus, Apple’s privacy promise comes with an upsell


Apple has spent a lot of time standing up for itself as a protector of users’ privacy. Its CEO, Tim Cook, has repeatedly stated that privacy is “a fundamental human right”. The company has run multiple ad campaigns based on its privacy promises, and it has had high-profile battles with authorities to keep its users’ devices private and secure.

The pitch is simple: our products protect your privacy. But this promise has shifted very subtly in the wake of this week’s iCloud Plus announcement, which bundled new security measures into a paid subscription service for the first time. The story is still “our products keep you safe,” but now one of those “products” is a monthly subscription that doesn’t come with the device in your box — even if those devices also get more built-in protections.

iCloud has always been one of Apple’s simplest services. You get 5 GB of free storage space to back up everything from images to messages and app data, and you pay a monthly subscription if you want more (or just want to be quiet) ransom note from apple when you inevitably run out of storage space). Apple isn’t making any changes to pricing or storage options as part of the move to iCloud Plus. Prices still range from $0.99 per month for 50 GB of storage to $9.99 for 2 TB. But what is change is the list of features you get, which expands by three.

The first change falls more within iCloud’s traditional cloud storage remit and is an extension of Apple’s existing HomeKit Secure Video offering. With iCloud Plus, you can now securely stream and record from a unlimited number of cameras, up from a previous up to five.

With the new features Private Relay and Hide My Mail, iCloud Plus expands its job from a storage-based service to a storage and privacy service. The privacy-focused additions are small in the grand scheme of the protections Apple offers in its ecosystem, and Apple isn’t using them as a justification for increasing the cost of iCloud. But they nonetheless open the door to so-called “premium” privacy features that will become part of Apple’s large and growing service empire.

The features appear as a confession from Apple about the limits of what privacy protections can do on the device. “What happens on your iPhone stays on your iPhone” was how the company made its promise in a 2019 ad, but when your iPhone needs to connect to the Internet to browse the web, receive email, and generally earning the “i” in “iPhone,” inevitably some of its privacy rests on the infrastructure that serves it.

The most interesting of these new features is Apple’s Private Relay, which aims to protect your web traffic from prying eyes in iOS 15 and macOS Monterey. It hides your data from both ISPs and advertisers who can build a detailed profile about you based on your browsing history. While it sounds a bit like a VPN, Apple claims that the Private Relay’s dual-hop design means that even Apple itself doesn’t have a complete picture of your browsing data. Regular VPNs, meanwhile, require a level of trust that means you have to be careful about which VPN you use.

Image: Apple

As Craig Federighi, Apple’s senior vice president of Software Engineering explains, VPNs can protect your data from outsiders, but “they keep a lot of trust in a single centralized entity: the VPN provider. And that’s a big responsibility for that middleman, and involves the user making a very difficult trust decision about exposing all that information to a single entity.

“We wanted to take that completely out of the equation by having a dual-hop architecture,” Federighi told Fast company.

This is how it works. When using Private Relay, your internet traffic is routed to its destination through two proxy servers. First, your traffic is encrypted before it leaves your device. Once it reaches the original Apple-operated server, it is assigned an anonymous IP address that hides your specific location. Then the second server, which is operated by a third party, decrypts the web address and forwards the traffic to its destination.

Apple cannot see which website you are requesting, only the IP address from which you are requesting it, and third parties cannot see that IP address, only the website you are requesting. (Apple says it also uses Oblivious DNS over HTTPS.) That’s different from most “double VPN” and “multi-hop” VPN services you can subscribe to today, where one provider can manage both servers. You might want to combine a VPN and a proxy server to do something similar. Apple says Private Relay doesn’t affect performance, which can be an issue with these other services.

While Private Relay is theoretically more private than a regular VPN, Apple’s offerings are also more limited. You can’t use it to trick websites into thinking you’re accessing them from another location, so you can’t use Private Relay to get around geo-restrictions on content blocked by a government or a service like Netflix. And it seems to only affect web browser data through Safari, not third-party browsers or native apps. In a WWDC Developer Session About the feature, Apple says Private Relay will also include DNS queries and a “small subset of traffic from apps,” most notably insecure HTTP traffic. But there was no mention of other browsers, and Apple clarified: The edge that it only handles app traffic when your app technically loads the web in a browser window.

Hide my Email provides a slick interface for creating burner email addresses.
Image: Apple

In addition to Private Relay, iCloud Plus also includes Hide My Email, a feature designed to protect the privacy of your email address. Instead of having to use your real email address for every site that asks for it (which increases the risk of a significant portion of your login credentials becoming public, not to mention being inundated with spam), you can Hide My Email lets you generate and share unique random addresses that then send all received messages back to your real email address. It’s another privacy-focused feature that’s outside of iCloud’s traditional focus and could prove useful even if similar options have been available for years.

For example, with Gmail, you can use a simple “+” symbol to add arbitrary extra characters to your email address. Even Apple’s own “Sign in with Apple” service does a similar trick, handing out random email addresses to every service you use it with. But the advantage of Apple’s new service is that it gives you an easily accessible shortcut to generate them directly in the Mail app and Safari, bringing the feature to the fore in a way that is likely to increase its overall appeal.

Apple may charge for Private Relay and Hide My Email by bundling them into iCloud plans, but these iCloud Plus additions still dwarf the suite of privacy protections already built into Apple’s hardware and software. There are no signs that any of these existing privacy features will be locked down with a monthly subscription anytime soon. Indeed, the list of built-in protections Apple offers continues to grow.

This includes a new Mail Privacy Protection feature in the Mail app in iOS 15, which relays your emails through a relay service to confuse any tracking pixels that might be hidden in them (read more about tracking pixels here). There’s also a new app privacy reporting feature coming to iOS 15 that shows how often apps access your location, camera, microphone, and other data.

The list of built-in privacy features of the iPhones is growing with iOS 15.
Image: Apple

But with iCloud Plus, Apple now offers two privacy protections that are different from the ones included for free with the purchase of a device, and the separation between the two seems arbitrary to some extent. Apple justifies charging features like Private Relay and Hide My Email because of the increasing cost of running those services, but Mail Privacy Protection also relies on a relay server, which presumably isn’t free to run.

Regardless of the rationale, choosing to charge for these services means Apple has opened the door to premium privacy features that will become part of its increasingly important services, beyond just its hardware business. Privacy compliance was already part of the company’s effort to lock you down on its devices; now it can become part of the effort to lock you into its services. All this time, that walls around Apple’s garden creep higher and higher.