|
|
|
|
|
|
by justsomeadvice0
1238 days ago
|
|
|
I read a bit more, here is how it works, from the white paper: https://www.apple.com/icloud/docs/iCloud_Private_Relay_Overv... > Authorization is performed by presenting a valid, anonymous token based
on RSA blind signatures. These signatures are sent as one-time-use tokens
to each proxy when establishing a connection, separating legitimate from illegitimate devices. The proxies can validate the tokens with a public key
to validate that the user is legitimate, without actually identifying the user. > The following fields related to anonymous token issuance are logged as a part of Private Relay’s fraud prevention and anti-abuse measures, but cannot be correlated with connection information:
> • iCloud account, software version, and request timestamp Sounds like both Apple and Cloudflare hops get the token. But Apple stashes a mapping of the token->iCloud account on its end, presumably to deal with fraud requests from Cloudflare. So my understanding then is if Apple gets a fraud/abuse request for someone's token from Cloudflare, it can and will banish your iCloud account from the service. Edit: on closer reading I think I was wrong... The stated logged data could just be to rate limit the tokens you can request. It doesn't say they log the token itself, and they do say "cannot be correlated with connection information". So it seems you are right! |
|
|