Towards a Tectonic Traffic Shift? Investigating Apple's New Relay Network

Get access to the data used in the paper and our continuous scan results

Authors: Patrick Sattler, Juliane Aulbach, Johannes Zirngibl, Georg Carle

Paper available (open access) https://dl.acm.org/doi/10.1145/3517745.3561426

Data archive for results used in this paper: https://mediatum.ub.tum.de/1687050

Abstract

Apple recently published its first Beta of the iCloud Private Relay, a privacy protection service with promises resembling the ones of VPNs. The architecture consists of two layers (ingress and egress), operated by disjoint providers. The service is directly integrated into Apple’s operating systems and therefore provides a low entry level barrier for a large user base. It seems to be set up for major adoption with its relatively moderate entry-level price.

This paper analyzes the iCloud Private Relay from a network perspective and its effect on the Internet and future measurement-based research. We perform EDNS0 Client Subnet DNS queries to collect ingress relay addresses and find 1586 IPv4 addresses. Supplementary RIPE Atlas DNS measurements reveal 1575 IPv6 addresses. Knowledge about these addresses helps to passively detect clients communicating through the relay network. According to our scans, from January through April, ingress addresses grew by 20 %.

The analysis of our scans through the relay network verifies Apple’s claim of rotating egress addresses. Nevertheless, it reveals that ingress and egress relays can be located in the same autonomous system, thus sharing similar routes, potentially allowing traffic correlation.

Ingress ECS Scan Data

Ingress Scan Data: all
QUIC (mask.icloud.com) Ingress Addresses:
- January (raw data)
- February (raw data)
- March (raw data)
- April (raw data)
- weekly ingress IP addresses can be found in our archive
TCP (mask-h2.icloud.com) Ingress Addresses:
- January: no data
- February (raw data)
- March (raw data)
- April (raw data)
- weekly ingress IP addresses can be found in our archive

Egress Archive

Egress IP ranges are available for selected days. A daily archive is available starting in mid of May is available.

iCloud Private Relay Scans

Data now available: Link

Cite

Bib

@inproceedings{sattler2022tectonictrafficshift,
    author = {Sattler, Patrick and Aulbach, Juliane and Zirngibl, Johannes and Carle, Georg},
    title = {Towards a Tectonic Traffic Shift? Investigating Apple's New Relay Network},
    year = {2022},
    isbn = {9781450392594},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    url = {https://doi-org.eaccess.ub.tum.de/10.1145/3517745.3561426},
    doi = {10.1145/3517745.3561426},
    booktitle = {Proceedings of the 22nd ACM Internet Measurement Conference},
    pages = {449–457},
    numpages = {9},
    location = {Nice, France},
    series = {IMC '22}
}

Contact

Patrick Sattler: sattler [AT] net.in.tum.de