[gjsman-1000]

Apple has sort of addressed this with only having it work with Safari and other apps that implement the API, rather than system-wide as something you can connect to. It’s probably going to take a lot of reverse engineering before hackers figure out the API and how to get third party devices to connect and authenticate, if at all. If you can’t get third party devices to connect, you are missing the first D in DDOS.

[mariojv]

There is also almost certainly an authentication mechanism in place, even if you were to reverse engineer the API. You'd need a bunch of paid iCloud accounts to have a DDoS be at all feasible with this service.

Additionally, Cloudflare themselves, one of Apple's third party partners, offer DDoS protection services. Because they see all the exit traffic, they'd be able to detect the DDoS and block it.

[Ensorceled]

That's why this concern seemed weird to me; the exit nodes ARE the DDoS protection services.

I can't see Cloudflare putting themselves in the position of needed to protect their clients from themselves ...

[gjsman-1000]

Otherwise, by the poster’s logic, why hasn’t CloudFlare been a DDoS vector?