The impact of Private Relay on network operators and ISPs

By on 26 Nov 2021

Category: Tech matters

Tags: , ,


Blog home

Several technologies are currently being developed that are intended to improve the privacy of the Internet by updating or extending some of the core standards that underpin its operation. These changes are being led within various working groups of the Internet Engineering Task Force (IETF), leveraging the expertise of developers drawn from across the industry.

In some cases, these industry initiatives are augmented by developments led by individual companies, such as Private Relay. The Private Relay service has been developed by Apple as an extension of its iCloud+ service for devices running the iOS 15, iPadOS 15, and macOS Monterey operating systems. Private Relay was announced at Apple’s annual developer conference in June 2021, with more technical detail made available during a discussion with one of the senior engineers a few weeks later.

This post is based on that knowledge, augmented with the output from a roundtable discussion on the subject and subsequent report, both of which are accessible.

Potential impacts

The key impacts of the Private Relay service can be separated into two main groups, both of which are summarized below.

Operational impacts

  1. Quality of service and network resilience — the routing of significant traffic volumes over Private Relay may cause issues for ISPs as they will not have full visibility of traffic being carried over their networks, affecting congestion management and peering optimization. More significantly, the quality of service (QoS) measurement methodologies developed under European regulations envisage measurement of functions such as DNS, access to audio/video services, web browsing and other capabilities. ISPs will not be able to comply with any QoS parameters where the traffic is being routed by the Private Relay Service.
  2. Network costs — when Private Relay is enabled and the egress IP address is not an ISP IP address, the edge content cache will be public rather than a CDN cache node embedded in the ISP network. This will bypass any financial and operational investment deploying CDN capacity deep within the network. Content served off-network instead will lead to increased latency and congestion and increased off-network costs. 
  3. Content blocking and filtering — may not function correctly if Private Relay is enabled. In terms of blocking access to illegal content, legislators and regulators may need to amend existing instruments if they wish to bring Private Relay into scope.
  4. Zero rating of content — is lost if the ISP has no visibility of the website that a user is accessing. Users with data caps may experience unexpected increases in their bills if they do not realize that content they were previously able to access freely is now impacting their data allowance.

Compliance impacts

Note: These are illustrative. Applicability will vary by market.

  1. Lawful Interception — network operators and/or ISPs may have obligations relating to lawful interception of activity undertaken by their users. Lawful interception abilities are not affected for voice calls over mobile networks or Wi-Fi, but the ISP will be unable to help with the lawful interception of access to content. Law enforcement agencies will need to contact Apple to undertake these obligations.
  2. Data retention and disclosure — as with lawful interception, operators can continue to meet any obligations relating to voice calls. However, where a user accesses content, the operator can only show a connection to Apple has been made and not what content was accessed, so law enforcement agencies will need assistance from Apple to map access to content to an operator.
  3. Copyright infringement — there may be issues in jurisdictions where ISPs are no longer able to meet the requirements of court-mandated blocking of access to copyright-infringing material and sites. This may require the scope of court orders and regulatory instruments be expanded to include Apple, to maintain their effectiveness.

Antitrust considerations

In reviewing the impact of Private Relay, it became apparent that there were some potential antitrust issues worthy of consideration.

  • Competitive advantage — the partners involved with Apple in the delivery of Private Relay may benefit from the knowledge of sites being accessed through the service. This could, in turn, yield extremely useful intelligence and analytics for their wider business operations. In addition, to optimize performance, content providers will have an incentive to host their content with the Content Delivery Network (CDN) providers that partner with Apple to deliver the Private Relay service, leading to further market distortions.
  • Centralization and control — the introduction of Private Relay represents a major change in the way the Internet works. From an architectural perspective, it turns the Internet into a hub-and-spoke rather than mesh network, placing Apple in the centre of a high percentage of global transactions. This may, in turn, have implications for peering arrangements, impacting both on which parties pay for interconnects and where they must interconnect. In addition, by having control over so much traffic, Apple may gain dominant power in many markets (or at least significant market power), giving it the ability to dictate terms to ISPs.
  • Stifling debate — the market dominance of Apple deters companies from going on-record with concerns, a problem that is compounded by the partnerships Apple has in place with organizations across the ecosystem.


The primary conclusions that can be drawn from the analysis of the implications of the deployment of Private Relay are as follows:

  1. Network operators and ISPs have concerns relating to QoS, resilience, and costs. They have also identified issues relating to both the filtering and zero-rating of content.
  2. Compliance issues have also been raised concerning lawful interception, data retention, and disclosure and stopping access to copyright-infringing sites.
  3. From an antitrust perspective, there are concerns about the possible competitive advantage that Apple’s partners in the Private Relay service may gain, as well as more fundamental concerns relating to the way the service changes the operation of the Internet and the control this gives to Apple.
  4. Finally, Apple’s dominant position in the market appears to deter other participants from publicly questioning its actions.

These points highlight the need for regulators and legislators to understand the Private Relay service in more detail to identify whether any changes in existing measures are required. For example, modifications to those measures may be needed to bring Apple and Private Relay into scope alongside network operators and ISPs.

As noted in the introduction, the above content is based on the output of a roundtable discussion and subsequent report focused on Private Relay, both of which are accessible.

Andrew Campling is Director of 419 Consulting, a public policy and public affairs consultancy focused on the tech and telecom sectors.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.


  1. Chris Box

    In Apple’s defence, I don’t (personally speaking) think it’s their intention to gain dominance of internet traffic routing. Tommy Pauly called for an open, interoperable relay network at the last-but-one IETF. This doesn’t eliminate many of your other concerns, but this one stood out to me as being not necessarily true in the long term.

  2. Vinny Parla

    The underlying technology of Private Relay, particularly MASQUE, has a lot of promise. Inevitably, end to end content delivery is a direct outcome of the IETF protocol work that has been going on for the past couple of years. Intermediaries will be locked out as a result.

  3. 0ID

    When Private Relay is on I get most of the time Akamai DNS servers, rarely Cloudflare. The problem is that those servers don’t have DNSSEC enabled. It is a server problem or a Private Relay “feature”?


Leave a Reply

Your email address will not be published. Required fields are marked *