A flaw found in Apple’s new iCloud Private Relay negates the raison d’être of this feature, revealing the user’s IP address when certain conditions are met.
As researcher and developer Sergey Mostsevenko detailed in his blog this week, an error in WebRTC Private Relay processing can lead to a “leak” of the user’s real IP address. A proof of concept is available on the FingerprintJS website.
Announced at the Worldwide Developers Conference in June, Private Relay promises to prevent third-party tracking of IP addresses, user location and other details by routing Internet requests through two separate relays managed by two different organizations. Internet connections configured to go through Private Relay use anonymous IP addresses that match the user’s region but do not reveal their exact location or identity, Apple said.
In theory, websites should only see the outgoing proxy IP, but the user’s real IP, which is stored in certain WebRTC communication scenarios, could be blocked with some clever code.
As explained by Mostsevenko, the WebRTC API is
Read the article