One of the biggest surprises of WWDC 2021 was Apple’s introduction of iCloud+, an upgraded version of its existing service available at no additional charge that provides secure emailing and VPN-style security for users.
iCloud just became a useful business tool
The introduction of these features will transform iCloud into a very useful remote business tool, though it will be interesting to see whether all these features will be available to enterprise folks making use of Managed Apple IDs for their business tools. For the present let’s assume they will, given the deep value they promise to those in that sector.
These new tools mean iCloud-using employees:
- Won’t see email opening activity tracked by invisible pixels as explained here with Mail Privacy Protection.
- Will be able to sign-up for mailing lists using fake email addresses.
- Gain access to a built-in VPN with iCloud Private Relay.
- Can create domain-based email addresses.
A game of cat and mouse
Apple will continue to invest in these protections. Apple’s Crag Federighi, vice president of software engineering, confirmed that Apple sees cybersecurity as an ongoing challenge, telling Fast Company:
“The incentives for ‘innovation’ in the exploitation world are high, and so there is a lot of advancement in the art of tracking; a lot of advancement in the arts of security exploits. And so, in both areas, we think there’s going to continue to be a cat and mouse game. We think we bring a lot of tools to that fight, and we can largely stay ahead of it and protect our customers. But it’s something we recognize as a battle we will be fighting for years to come.”
In a sense, Apple’s decision to secure its platforms reflects the reality that it is becoming a more viable target as its place in the enterprise grows.
“As a result of its growth in the enterprise, Apple devices are now a bigger security threat target,” Jamf Senior Manager Garrett Denney writes.
“This, coupled with remote work and schools accessing sensitive cloud resources, enhanced the demand for even greater Apple platform security. And with enhanced security comes the need to balance data privacy protections and the end-user experience across a number of contexts. New privacy-centric features like Hide My Email and Private Relay put user privacy at the forefront, enabling privacy protection regardless of where devices are being used.”
Star of the show: iCloud Private Relay
Private Relay is a built-in internet privacy service that exists inside iCloud. It is designed so that you can connect to and browse the web using Safari in a highly secure way, protecting both the site requests you make and the places you visit from being identified.
This encrypts traffic (such as web destinations) leaving your device, making the requests unreadable, even by Apple or the network provider.
It works like this:
- When you make a request, it is encrypted and then sent through two separate internet relays;
- The first Apple-operated relay provides you with an anonymous IP address that maps to your region, but not your actual location.
- The second relay, owned by a third-party, decrypts the web address and forwards you to that destination.
- The magic here is that by splitting the information up in this way, no one can see both who a user is and which sites they choose to visit. Apple can only see the IP address you request from, while third-parties can only see the website you request.
The system raises the bar for personal security by hiding who is browsing and where the data is coming from; it effectively means you now have a free VPN in Safari.
In a WWDC presentation, Apple explained that Private Relay will also include DNS queries and some traffic from apps.
What will work with iCloud Private Relay?
Apple says iCloud Private Relay will work with:
- All Safari web browsing;
- All DNS queries as users enter site names;
- All insecure HTTP traffic.
What won’t work with iCloud Private Relay?
Apple also said iCloud Private Relay will not work with:
- Local network connections;
- Private domain name queries;
- VPN traffic;
- Internet traffic via proxy;
- Anyone pretending to be in a different region.
Federighi says that classic VPN protection means you must put trust in your provider.
“And that’s a lot of responsibility for that intermediary, and involves the user making a really difficult trust decision about exposing all of that information to a single entity.”
In other words, Apple’s system may be better than a VPN, as while VPN providers know who you are and what you see, Apple doesn’t have that information. Such protection seems a necessary step, given the number of unsavory and untrustworthy VPN services that seem to exist.
At its simplest, it makes targeting an Apple user much harder, which also makes doing so far more costly. This should reduce the overall risk environment, though one should never take security for granted.
You’ll use Hide My Email
Loosely built around Sign in with Apple, Hide My Email lets you share unique, random email addresses that forward messages to your personal inbox, rather than sharing your actual email address. This tool, which is built-in to Safari, iCloud Settings and Mail, is far better than the ad hoc alias system we’ve used until now that’s controlled in iCloud online. It also lets users create and delete as many addresses as required.
Put simply, it means you and your Apple-device-wielding employees now have an unlimited supply of burner email addresses you can use when security matters.
iCloud+ also lets you use a custom domain name. Apple is positioning this as a family-focused service. That means a family that owns a domain such as SmithFamily should be able to create a string of email addresses such as email@example.com that will work and be recognized by iCloud.
We don’t have much detail on this yet, but it will be interesting to see whether this extends (or can subsequently be extended) to managed Apple IDs for use in business.
The Digital Legacy tool
Do you remember the old day when in the event a senior employee passed away it might have been impossible to get the strategy document they were working on off their device — even with help from their grieving family?
This shouldn’t be a problem anymore with Digital Legacy. This lets users appoint relatives or friends as people permitted to access digital data such as photographs and other personal data left in a person’s iCloud account after they pass away.
To set the feature up, a person must specify who can access the account in the event of their death. These Legacy Contacts will then be able to access that account, though they will have to go through a verification process of some kind, details of which are not currently clear.
We think there will be a lot more to learn concerning iCloud+. After all, the notion of a “plus” service means there will still be a basic service, and I can’t help but wonder whether that might see the free 5GB service maintained but slightly enhanced.
There are also some useful changes in the recovery feature, which will now permit you to assign friends or family members who you can trust to receive security codes on your behalf if you lose your device.
The prices remain the same: 50GB storge with one HomeKit Secure Video camera (99 cents per month), 200GB with up to five HomeKit Secure Video cameras ($2.99 per month), and 2TB with an unlimited number of HomeKit Secure Video cameras ($9.99 per month).
The number of cameras used to max out at five, and the storage for those cameras no longer counts against your iCloud limit. Existing iCloud users (presumably those on paid tiers) will be upgraded to iCloud+ this fall when iOS 15, iPadOS 15 and macOS Monterey ship.
Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
Copyright © 2021 IDG Communications, Inc.