VPNs & Privacy

VPNs can be set up to control the routing of certain network traffic.


A virtual private network (VPN) is a service that can encrypt and route certain network traffic from your device in a way that may hide your IP address from the websites and services you visit and interact with. Even when a VPN is active, some traffic that is necessary for essential system services will take place outside the VPN so that your device can function properly.

You can download your preferred VPN configuration from the App Store and install it on your device. Institutions, such as your employer or school, can also set up VPN configurations on devices they manage, including Apple Watch or Apple TV. You can also manually add a VPN on iOS, iPadOS or visionOS devices by going to Settings > General > VPN & Device Management > VPN, then tapping Add VPN Configuration and entering relevant information. On Mac, go to System Settings > Network, click the More button, then select Add VPN Configuration and enter relevant information.

It is important that you only use a VPN service you trust. When a VPN configuration is installed and active, your VPN provider may be able to see, intercept and modify your online activity. You should review your VPN provider’s privacy practices to learn more about their service and how they handle your data. When you are using a third-party app or browsing websites not operated by Apple, Apple does not collect information about your use of a VPN service on your device in a way that identifies you.

VPN providers control how your VPN configuration operates, including how traffic is routed when it leaves your device, whether it is encrypted and what data is available to websites you are connected to.

If a VPN configuration is installed and active on a device where iCloud Private Relay is enabled, the VPN configuration will determine the routing of internet connections that would otherwise be protected by Private Relay.

Not all of your device’s network traffic will be routed through an active VPN. If an app developer specifies a required type of connection for their app, such as mobile only, network traffic from that app is excluded in active VPN configurations. On iOS, iPadOS and visionOS devices, your VPN provider can choose to override this choice and prevent most apps, services and system functions from routing network traffic outside of an active VPN configuration.

Some traffic that is necessary for essential system services will not be routed through an active VPN configuration, such as direct connections with your local network’s routers (which are necessary to establish and maintain a network connection), and certain mobile services that work only on mobile networks (which may include Visual Voicemail, where available).

Published Date: September 20, 2024