- Your device figures out if it can process the request itself.
- If it needs more computational power, it will get help from PCC.
- In doing so, the request is routed through an Oblivious HTTP (OHTTP) relay operated by an independent third party, which helps conceal the IP address from which the request came.
- It will only send data relevant to your task to the PCC servers.
- Your data is not stored at any point, including in server metrics or error logs; is not accessible; and is destroyed once the request is fulfilled.
- That also means no data retention (unlike any other cloud provider), no privileged access, and masked user identity.
Where Apple really seems to have made big steps is in how it protects its users against being targeted. Attackers cannot compromise data that belongs to a specific Private Cloud user without compromising the entire PCC system. That doesn’t just extend to remote attacks, but also to attempts made on site, such as when an attacker has gained access to the data center. This makes it impossible to grab database credentials to mount an attack.
What about the hardware?
Apple has also made the entire system open to independent security and privacy review — indeed, unless the server identifies itself as being open to such review, the information will not be transmitted — so no spoof PCC for you.
The company didn’t stop there. “We supplement the built-in protections of Apple Silicon with a hardened supply chain for PCC hardware, so that performing a hardware attack at scale would be both prohibitively expensive and likely to be discovered,” the company said. “Private Cloud Compute hardware security starts at manufacturing, where we inventory and perform high-resolution imaging of the components of the PCC node before each server is sealed and its tamper switch is activated.”
