We have updated our data in a number of ways in preparation for the rollout of iCloud Private Relay. We have worked with Apple’s to ensure that our data accurately reflects how Private Relay works and delivers the best possible experience for your users.
- Geolocation data across our products and services now incorporate the IP geolocation feeds published by Apple, which provides coarse city or region geolocation mappings for iCloud Private Relay IPs.
- We identify iCloud Private Relay IPs in our ISP dataset (present in our
GeoIP ISP and
Enterprise databases,
and our
GeoIP Insights web service
and
minFraud Insights and Factors web services)
by tagging ranges as
iCloud Private Relay.
Apple has shared the following assurances built into Private Relay:
- Geolocation information for clients is validated by the relay servers using
signed tokens, and visible to origins through the IP addresses selected by
relay servers.
- A user is not able to arbitrarily select their geolocation to evade geolocation controls.
- Access to relay servers is rate-limited using device attestation to reduce fraud.
- All traffic is secured using TLS 1.3.
Customers do not need to take any action to receive this data.
For web service customers, this data will be returned in the
/traits/isp and
/traits/organization
outputs, and in geolocation outputs.
For database customers, this data has been included in the latest release of our databases. ISP data that includes Private Relay IPs is included in the latest GeoIP ISP or Enterprise database. Geolocation data for Private Relay IPs is included in the latest GeoIP City or Enterprise database.
For more information about Private Relay along with helpful technical information, visit Prepare Your Network or Web Server for Private Relay on Apple’s developer website.
We will continue to monitor these IPs and may change how we handle them in the future.
