Apple’s Private Relay can cause the system to ignore firewall rules

Apple’s Private Relay feature calls home to Apple servers without respecting the firewall rules of the system, creating a leak that neither we, nor you, can stop without disabling the entire Private Relay feature, according to a report from Mullvad VPN.

According to Apple, iCloud Private Relay — announced with iOS 15 — is a service that lets you connect to virtually any network and browse with Safari in an even more secure and private way. The tech giant says it ensures that the traffic leaving your device is encrypted and uses two separate internet relays so no one can use your IP address, location, and browsing activity to create a detailed profile about you.

From the Mullvad VPN report: When we at Mullvad monitored our network connections while doing development on our app, we saw something that should not be there: QUIC traffic leaving the computer outside the VPN tunnel! This is a leak! We tracked the sending down to the Private Relay feature, and disabling the Private Relay made the leaks stop. We do not know for sure that the traffic belongs to Private Relay, but it sure does trigger it.

It is worth noting that Private Relay (mostly) disables itself as soon as any firewall rule is added to PF (the system firewall on macOS devices). The Mullvad VPN app does add firewall rules. Once you connect the Mullvad app, Private Relay announces that it has disabled itself. We see no correlation between user traffic and the leaking packets. We believe they are just some heartbeat signal calling home to Apple. We do not know what information is transmitted to Apple, but since the destination is Apple servers, it is a strong signal to your local network and ISP that you might be a macOS user.

There seems to be no way to prevent Private Relay from leaking this traffic, other than disabling the feature altogether. This is done in the same place where it is turned on. See Apple’s instructions.