When Apple pushed iOS 15 out to more than a billion devices in September, the software update included the company’s first VPN-like feature, iCloud Private Relay. The subscription-only privacy tool makes it harder for anyone to snoop on what you are doing online, by routing traffic from your device through multiple servers. But the tool has faced pushback from mobile operators in Europe—and more recently, by T-Mobile in the US.

As Private Relay has rolled out over the past few months, scores of people have started to complain that their mobile operators appear to be restricting access to it. For many, it’s impossible to turn the option on if your plan includes content filtering, such as parental controls. Meanwhile in Europe, mobile operators Vodafone, Telefonica, Orange, and T-Mobile have griped about how Private Relay works. In August 2021, according to a report by the Telegraph, the companies complained the feature would cut off their access to metadata and network information and suggested to regulators that it should be banned.

“Private Relay will impair others to innovate and compete in downstream digital markets and may negatively impact operators’ ability to efficiently manage telecommunication networks,” bosses from the companies wrote in a letter to European lawmakers. However, Apple says that Private Relay doesn’t stop companies from providing customers with fast internet connections, and security experts say there’s been little evidence showing Private Relay will cause problems for network operators.

Apple’s Private Relay isn’t a VPN—which carriers freely allow—but it has some similarities. The option, which is still in beta and is only available to people who pay for iCloud+, aims to stop the network providers and the websites you visit from seeing your IP address and DNS records. That makes it harder for companies to build profiles about you that include your interests and location, in theory helping to reduce the ways you’re targeted online.

To do this, Private Relay routes your web traffic through two relays, known as nodes, when it leaves your iPhone, iPad, or Mac. Your traffic passes from Safari into the first relay, known as the “ingress proxy,” which is owned by Apple. There are multiple different ingress proxies around the world, and they’re based in multiple locations, Apple says in a white paper. This first relay is able to see your IP address and the Wi-Fi or mobile network you are connected to. However, Apple isn’t able to see the name of the website that you’re trying to visit.

The second relay your web traffic passes through, known as the “egress proxy,” is owned by a third-party partner rather than Apple itself. While it can see the name of the website you’re visiting, It doesn’t know the IP address you’re browsing from. It instead assigns you another IP address that’s near where you live or within the same country, depending on your Private Relay settings.

The result is, neither relay knows both your IP address and the details of what you’re looking at online—whereas a typical a VPN provider will process all your data. Also unlike a VPN, Apple’s system doesn’t let you change your device’s geographic location to avoid regional blocks on content from Netflix and others.