[bhaavan]

Does this mean that all DDoS mitigation techniques need to exist before the exit node of this traffic? Which in turn mean, that everyone needs to outsource their DDoS mitigation to Apple.

Also the corollary would be, that anyone who is able to bypass the protection mechanisms Apple has in place to control DDoS, can use it to DDoS a service like Google, Microsoft and get the entire service banned for all iCloud+ users. Right?

[gjsman-1000]

Apple has sort of addressed this with only having it work with Safari and other apps that implement the API, rather than system-wide as something you can connect to. It’s probably going to take a lot of reverse engineering before hackers figure out the API and how to get third party devices to connect and authenticate, if at all. If you can’t get third party devices to connect, you are missing the first D in DDOS.

[mariojv]

There is also almost certainly an authentication mechanism in place, even if you were to reverse engineer the API. You'd need a bunch of paid iCloud accounts to have a DDoS be at all feasible with this service.

Additionally, Cloudflare themselves, one of Apple's third party partners, offer DDoS protection services. Because they see all the exit traffic, they'd be able to detect the DDoS and block it.

[Ensorceled]

That's why this concern seemed weird to me; the exit nodes ARE the DDoS protection services.

I can't see Cloudflare putting themselves in the position of needed to protect their clients from themselves ...

[gjsman-1000]

Otherwise, by the poster’s logic, why hasn’t CloudFlare been a DDoS vector?

[Ensorceled]

Why are you assuming this can, and will, be readily used as a DDoS vector?