Anyone figured out if IPR relays all connections or just some? For example DuckDuckGo isn’t going through a relay.

[wkrp]

Do you mean DuckDuckGo accessed through Safari, or a DuckDuckGo app?

I haven't found a source that says what exactly iCloud Public Relay tunnels and what it does not. Apple's document "About iCloud Private Relay" says:

iCloud Private Relay—part of an iCloud+ subscription—helps protect your privacy when you browse the web in Safari.

and "Prepare Your Network or Web Server for iCloud Private Relay" says:

Private Relay protects users’ web browsing in Safari, DNS resolution queries, and insecure http app traffic.

So it seems clear that browsing in Safari goes through the relay. But does "insecure http app traffic" mean that HTTP requests by other apps use the relay, but HTTPS requests do not? What about other apps' DNS queries? I'm not sure.

An early report by Johannes B. Ullrich observes: "The Private Relay appears to be limited to HTTP(s) traffic. Application not using HTTP(s) do not appear to use Private Relay. I used as a test the 'Speedtest' application from Ookla, and it still displayed my actual ISP."

What did you do to discover that DuckDuckGo was not going through Private Relay? The test procedure may be helpful to others who are doing experiments.

[anon238]

I just checked my IP and DNS leaks with DuckDuckGo, but for me it’s clear it’s Safari only (weird though, because all browsers are based on WebKit). However I still can’t figure out for example the RSS app NetNewsWire is trafficking through Private Relay. It seems that In-App Safari always goes through a relay but it’s not clear whether an RSS feed is going through that either. For me it’s very confusing what’s exactly going through the relay and what not.

[anon238]

I found this: https://matduggan.com/how-does-apple-private-relay-work/