Have you ever wondered how different things would be if we were all born without fingerprints? A different world where matching fingerprints from crime scenes and identifying culprits only makes sense in Sci-fi movies. Interesting, right? Though fingerprinting has made crime investigation a lot easier, browser fingerprinting has an entirely different story to tell!
Browser fingerprinting- what you should know
We are a data-dependent society. We rely on data for everything, from making calculated moves to creating a better business impact to improving product recommendations and personalization for customers; the list goes on. So, the fact that data brokerage firms are a multi-billion-dollar industry now makes perfect sense, isn’t it?
Customer data can be obtained in several ways. While some like cookies ask you for your permission, others, like browser fingerprinting, extract your data without even having a conversation with you!
Browser fingerprinting or device fingerprinting is one of the many techniques that websites use to extract user information. They involve scripts that function in the background, gather information about your device and browser, and combine them to form unique online fingerprints of users.
Digital fingerprints are created when the company makes a unique profile of you based on factors like:
- Operating system
- Computer hardware
- Add-ons and preferences
- Software installed on your device
- Your time zones
- Language
- Whether you use an ad blocker or not
- Your screen resolution
- Colour depth
- The screen you use
- Font installed on your computer
- Choice of web browser
Sometimes website developers use advanced APIs to fetch user information in the form of scripts. While scripts may seem like the culprits here, they are merely instructions telling your browser what to do. But the hard part is that there is no way to distinguish a browser fingerprinting script from the other scripts. They are becoming more and more critical in deciding how browsers function. They guide browsers to make decisions and extract the information they are interested in. That involves quite a broad spectrum of information. It can gather information about your operating system, browser, time zone, language to core aspects like the technical specifications about your graphics card, drivers etc.
While these hidden aspects in scripts demand our attention, you must be wondering why we use them in the first place. Scripts were actually designed for purposes like rendering videos or images. So, blocking these scripts is not an option at all, as that will technically cause the website to break!
Getting to know Apple iCloud private relay
Apple iCloud private relay, launched by Apple, allows users to connect to the internet and browse with Safari in a more secure and private way.
Requirements: Devices running iOS 15, iPadOS 15 or macOS Monterey with an iCloud+ subscription
Why was private relay built?
The private relay was designed with privacy as the focus. It’s based on the principle that the IP addresses that form the basis of user identification should not be linked to the websites the users visit. More clearly, it should not be easy for the ISP or any intruder on the network to access all the websites that a particular user visits based on users IP addresses.
With such segregation, practices like browser fingerprinting will no longer be valid. This can prove to be a boon as these scripts often hide in the website script and extract the required user information without even telling them that such an operation is being executed. By breaking this interlinking, you can prevent all practices that target users based on the websites they visit and the subsequent data collected by them. That means no more user identification based on over 70 attributes that are currently in use.
Private relay- before and after!
When we browse the web, basic information related to web traffic like the IP address and DNS records are visible to the network providers and the websites they visit. This information is then used to determine the user’s identity, and a profile is eventually created based on their location and browsing history over time.
By giving them all this information, we are indirectly letting ourselves become the targets of unwanted ads and marketing campaigns. With the Private relay in place, you no longer have to worry about this.
How Private relay works
Private relay uses Dual-hop Architecture that sends users’ requests through two separate internet relays, separating who can observe the websites from who can see the websites they visit. So, when a user accesses the internet, the request is first sent through two relays before it reaches the website.
Destination 1: Relay 1- The ingress proxy
This is the first internet relay that the user connects to when the Private relay is in use. It is operated by Apple. As they browse, their original IP address is visible to the first internet relay and the network it is connected to. But the requested websites are encrypted and hence not visible to either party.
Destination 2: Relay 2- The egress proxy
The second internet relay now needs to assign some IP address depending on the user’s location. It also decrypts the name of the website that the user has requested and completes the connection. The egress proxy has no knowledge of the user’s IP address and only receives enough location information to assign them a Relay IP address. It is operated by third-party partners belonging to some of the world’s largest content delivery networks (CDNs).
Turning private relay ON and OFF
Apple iCloud private relay can be easily enabled on any Apple device with iOS 15, iPadOS 15, or macOS Monterey or later. It is as follows:
- Navigate to Settings> [your name]> iCloud Private relay (for iPhone, iPad or iPod touch)
- Go to System Preferences > Apple ID> iCloud> Private Relay
Private relay or just another name for a VPN?
I’m pretty sure that terms like encrypting outgoing traffic, proxy server, protecting your browsing history etc., must have brought a more familiar term to your mind. At some point, you believed that Private relay was some form of VPN developed by Apple, didn’t you? Well, I had such an impression at first! Even though looking at Private relay from some wild angles gives you a false impression that it is similar, let me tell you, they are indeed two distant entities.
A VPN (Virtual Private Network) creates a private network from a public internet connection. It ensures online privacy and anonymity by encrypting all network traffic and masking the internet protocol (IP) address of users so that all their online actions remain untraceable.
What makes Private relay different from a VPN?
Though Private relay looks similar to a VPN in many respects, there are a few major differences that you can never ignore. Some of these include:
- It is Safari- only and doesn’t extend support to any other app or browser that you use with some minor exceptions
- Unlike VPNs that disguise themselves to mimic regular non-proxy traffic, you can easily identify traffic from private relay as coming from ‘proxy servers’
- Private relay does not support location spoofing or circumventing regional content restrictions
- VPN encrypts all your outgoing data, but private relay encrypts only the traffic from Safari, other DNS related traffic, along with a small segment of the traffic from your apps
- While VPN enforces traffic obfuscation or camouflaging VPN traffic to seem like normal traffic, private relay lets server identify them as proxy server traffic without any modification
Private relay – an evaluation
Private relay offers a lot of benefits for the users. But like any new venture, it also has its flaws that need to be addressed.
Advantages of private relay
Some of the advantages of private relay include:
- Easy to enable or disable for specific networks
- Ensure privacy and security
- Resembles VPN in some respects
- Built-in fraud prevention methods
- Minimized logging to prevent user fingerprinting
- No need to pay extra as it comes with an iCloud+ plan
- Always-on and completely transparent without affecting user’s day-to-day experience
- Easy for enterprises to manage with device management solutions
Disadvantages of private relay
Some of the disadvantages of private relay include:
- Only work in supported countries
- It is still in beta, so things won’t always work as expected, and it may slow things down
- Not supported by browsers like chrome, it needs Safari to function
- Negative impact on the advertising business that relies on browsing data
- Built-in parental controls offered by your router will not work if kids browse with private relay enabled
- It may not support older websites
- It prevents bypassing geographical restrictions
- You might end up paying even for zero-rated services (services or sites that the ISP provides free access to) as private relay hides your browsing traffic
What if your enterprise does not want it? Is there a way out?
It’s not easy for enterprises to completely cut off access to employee data. Most enterprises enforce policies of internet monitoring to avoid instances of inappropriate or illegal corporate data usage and other security incidents.
Internet monitoring refers to the practice of gathering and analyzing the data of websites visited by the users, departments, or individual devices.
This reported data can come in handy for business owners, management, or human resources to draw conclusions on aspects like employee productivity, bandwidth usage or other critical ones like inappropriate workplace internet usage.
Internet monitoring plays a significant role in eliminating some enterprise concerns. Some of these include:
- Ensure that employees are not getting carried away by non-productive activities.
- Monitoring employee activities to ensure that they are not slacking off
- Prevent employees from sabotaging their business
- Shield your businesses from data breaches by monitoring activities like the websites they visit, the software they download, the Wi-Fi they use and what mail they open etc.
Apple’s private relay, released in the beta phase, is an optional feature, which the users can implement if they prefer to. However, with Apple still gathering feedback and improving website compatibility, it is going to take some time before it gets implemented full-fledged. And as long as Apple chooses not to force its users to browse with Private relay, enterprises don’t have much to worry about.
Well, don’t get me wrong, Apple iCloud private relay is in no way hostile to enterprises. In fact, enterprises can easily block access to private relay in required networks. According to Apple,
“The fastest and most reliable way to do this is to return a negative answer from the network’s DNS resolver, preventing DNS resolution for the mask.iCloud.comand mask-h2.icloud.com hostnames necessary for Private Relay traffic.”
We can also hope to find device management solutions implementing these configuration profiles remotely to enable or disable private relay in the future.
Enterprises have begun accommodating a wide range of devices from iOS to macOS and Apple TVs. Get insights on Hexnode’s device management solution to manage all your Apple devices under one roof!
Featured resource
Apple Device Management: For the robust security of the digital workspace
Conclusion
Private relay has completely changed how we look at data security and privacy. Now users are the decision-makers, deciding who should and should not have access to their data. By falsifying all actions that turn a blind eye to all data-stealing practices, Apple’s iCloud Private relay has again emphasized that ‘the user is indeed the king,’ who gets to decide where their data goes!
Still struggling without a UEM?
Sign up for a 14-day free trial and explore Hexnode UEM's device management capabilities.
SIGN UP NOW!
Share your thoughts