Data Updates for Apple iCloud Private Relay

We have updated our data in a number of ways in preparation for the rollout of iCloud Private Relay. We have worked with Apple’s to ensure that our data accurately reflects how Private Relay works and delivers the best possible experience for your users.

  • Geolocation data across our products and services now incorporate the IP geolocation feeds published by Apple, which provides coarse city or region geolocation mappings for iCloud Private Relay IPs.
  • We identify iCloud Private Relay IPs in our ISP dataset (present in our GeoIP2 ISP and Enterprise databases, and our GeoIP2 Precision Insights and minFraud Insights and Factors web services) by tagging ranges as iCloud Private Relay.

Apple has shared the following assurances built into Private Relay:

  • Geolocation information for clients is validated by the relay servers using signed tokens, and visible to origins through the IP addresses selected by relay servers.
    • A user is not able to arbitrarily select their geolocation to evade geolocation controls.
  • Access to relay servers is rate-limited using device attestation to reduce fraud.
  • All traffic is secured using TLS 1.3.

Customers do not need to take any action to receive this data.

For web service customers, this data will be returned in the /traits/isp and /traits/organization outputs, and in geolocation outputs.

For database customers, this data has been included in the latest release of our databases. ISP data that includes Private Relay IPs is included in the latest GeoIP2 ISP or Enterprise database. Geolocation data for Private Relay IPs is included in the latest GeoIP2 City or Enterprise database.

For more information about Private Relay along with helpful technical information, visit Prepare Your Network or Web Server for Private Relay on Apple’s developer website.

We will continue to monitor these IPs and may change how we handle them in the future.