Apple recently published its first Beta of the iCloud Private Relay, a privacy protection service with promises resembling the ones of VPNs. The architecture consists of two layers (ingress and egress), operated by disjoint providers. The service is directly integrated into Apple's operating systems and therefore provides a low entry level barrier for a large user base. It seems to be set up for major adoption with its relatively moderate entry-level price. This paper analyzes the iCloud Private Relay from a network perspective and its effect on the Internet and future measurement-based research. We perform EDNS0 Client Subnet DNS queries to collect ingress relay addresses and find 1586 IPv4 addresses. Supplementary RIPE Atlas DNS measurements reveal 1575 IPv6 addresses. Knowledge about these addresses helps to passively detect clients communicating through the relay network. According to our scans, from January through April, ingress addresses grew by 20%. The analysis of our scans through the relay network verifies Apple's claim of rotating egress addresses. Nevertheless, it reveals that ingress and egress relays can be located in the same autonomous system, thus sharing similar routes, potentially allowing traffic correlation.
翻译:苹果公司最近公布了它的首个iCloud Private Relay的Beta, 这是一种隐私保护服务, 其承诺类似于 VPNs 的承诺。 结构由两层( ress and egress) 组成, 由互不连接的供应商经营。 服务直接融入苹果公司的操作系统, 因此为大型用户基地提供了一个低端的入门屏障。 它似乎被设置为主要采用, 其起步价格相对中。 本文从网络角度分析了iCloud Private Relay, 及其对互联网和未来测量研究的影响。 我们进行了 EDNS0 客户 Subnet DNS 查询, 以收集内向中继地址, 并找到 1586 IPv4 地址。 补充 RIPE Atlas DNS 的测量显示 1575 IPv6 地址 。 有关这些地址的知识有助于被动地检测客户通过中继网络通信。 根据我们的扫描, 1月至 4月, 入侵地址增长了 20 % 。 通过中继网络对我们的扫描分析证实了苹果公司旋转的地址要求。 尽管如此, 显示, 向内向和反向中继中继中继器中继器的中继器可以定位位于同一的连接系统,, 。 因此共享路径。
相关内容
微信扫码咨询专知VIP会员