iCloud Private Relay flaw leaks users' IP addresses
A flaw discovered in Apple's new iCloud Private Relay defeats the feature's raison d'etre by exposing a user's IP address when certain conditions are met.
As detailed by researcher and developer Sergey Mostsevenko in a blog post this week, a flaw in Private Relay's handling of WebRTC can "leak" a user's real IP address. A proof on concept is available on the FingerprintJS website.Announced at the Worldwide Developers Conference in June, Private Relay promises to prevent third-party tracking of IP addresses, user location and other details by routing internet requests through two separate relays operated by two different entities. Internet connections configured to pass through Private Relay use anonymous IP addresses that map to a user's region but do not reveal their exact location or identity, Apple says.
Read more...