TY - GEN
T1 - Towards a Tectonic Traffic Shift? Investigating Apple’s New Relay Network
AU - Sattler, Patrick
AU - Aulbach, Juliane
AU - Zirngibl, Johannes
AU - Carle, Georg
N1 - Publisher Copyright:
© 2022 Copyright held by the owner/author(s).
PY - 2022/10/25
Y1 - 2022/10/25
N2 - Apple recently published its first Beta of the iCloud Private Relay, a privacy protection service with promises resembling the ones of VPNs. The architecture consists of two layers (ingress and egress), operated by disjoint providers. The service is directly integrated into Apple’s operating systems, providing a low entry-level barrier for a large user base. It seems to be set up for significant adoption with its relatively moderate entry-level price. This paper analyzes the iCloud Private Relay from a network perspective, its effect on the Internet, and future measurement-based research. We perform EDNS0 Client Subnet DNS queries to collect ingress relay addresses and find 1586 IPv4 addresses. Supplementary RIPE Atlas DNS measurements reveal 1575 IPv6 addresses. Knowing these addresses helps to detect clients communicating through the relay network passively. According to our scans, ingress addresses grew by 20 % from January through April. Moreover, according to our RIPE Atlas DNS measurements, 5.3 % of all probes use a resolver that blocks access to iCloud Private Relay. The analysis of our scans through the relay network verifies Apple’s claim of rotating egress addresses. Nevertheless, it reveals that ingress and egress relays can be located in the same autonomous system, thus sharing similar routes, potentially allowing traffic correlation.
AB - Apple recently published its first Beta of the iCloud Private Relay, a privacy protection service with promises resembling the ones of VPNs. The architecture consists of two layers (ingress and egress), operated by disjoint providers. The service is directly integrated into Apple’s operating systems, providing a low entry-level barrier for a large user base. It seems to be set up for significant adoption with its relatively moderate entry-level price. This paper analyzes the iCloud Private Relay from a network perspective, its effect on the Internet, and future measurement-based research. We perform EDNS0 Client Subnet DNS queries to collect ingress relay addresses and find 1586 IPv4 addresses. Supplementary RIPE Atlas DNS measurements reveal 1575 IPv6 addresses. Knowing these addresses helps to detect clients communicating through the relay network passively. According to our scans, ingress addresses grew by 20 % from January through April. Moreover, according to our RIPE Atlas DNS measurements, 5.3 % of all probes use a resolver that blocks access to iCloud Private Relay. The analysis of our scans through the relay network verifies Apple’s claim of rotating egress addresses. Nevertheless, it reveals that ingress and egress relays can be located in the same autonomous system, thus sharing similar routes, potentially allowing traffic correlation.
KW - DNS ECS enumeration
KW - Overlay Networks
KW - Relay Networks
UR - http://www.scopus.com/inward/record.url?scp=85141441446&partnerID=8YFLogxK
U2 - 10.1145/3517745.3561426
DO - 10.1145/3517745.3561426
M3 - Conference contribution
AN - SCOPUS:85141441446
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 449
EP - 457
BT - IMC 2022 - Proceedings of the 2022 ACM Internet Measurement Conference
PB - Association for Computing Machinery
T2 - 22nd ACM Internet Measurement Conference, IMC 2022
Y2 - 25 October 2022 through 27 October 2022
ER -