[Cryptography] Apple's iCloud+ "VPN"

Bill Woodcock woody at pch.net
Tue Jun 29 22:39:03 EDT 2021 


> On Jun 30, 2021, at 3:39 AM, Jerry Leichter <leichter at lrw.com> wrote:
> 
> 
>>> An analysis back at the beginning of 2018 claimed there were 170 million paying customers… an estimate about 7 months back reported 585 million paid subscribers across all Apple services.
>> 
>> I appreciate your methodology, and that was my assumption, roughly, as well…  There are also 290 million users of Apple hardware, which I had taken to be a maximum bound.
> Apple itself said earlier this year that there were more than 1 billion active iPhones

Ok, I presume I had an old number stuck in my head.  My apologies.  Anyway...

>>  But this is all speculation, so I guess I’ll just wait and see.
> Agreed.

Yes.

> traceroute to apple.com (17.253.144.10), 64 hops max, 52 byte packets
>  1  10.0.1.1 (10.0.1.1)  2.714 ms  1.331 ms  1.340 ms
>  2  192.168.254.254 (192.168.254.254)  3.254 ms  4.721 ms  3.198 ms
>  3  32.213.36.2 (32.213.36.2)  13.344 ms  10.816 ms  11.832 ms
>  4  32.223.0.224 (32.223.0.224)  12.977 ms  22.479 ms  11.816 ms
>  5  32.222.231.21 (32.222.231.21)  10.479 ms  17.499 ms
>     32.223.104.33 (32.223.104.33)  13.047 ms
>  6  ae4---0.car01.wlfr.ct.frontiernet.net (74.40.71.93)  11.948 ms  11.360 ms  17.911 ms
>  7  ae2---0.scr01.sccs.nj.frontiernet.net (74.40.3.249)  23.041 ms  19.068 ms  25.055 ms
>  8  ae4---0.scr02.sccs.nj.frontiernet.net (74.40.3.85)  20.968 ms  20.406 ms  21.639 ms
>  9  ae1---0.scr01.asbn.va.frontiernet.net (74.40.4.110)  20.175 ms  20.010 ms  21.005 ms
> 10  ae18---0.cor01.asbn.va.frontiernet.net (74.40.4.109)  21.798 ms  24.125 ms  21.715 ms
> 11  ae0---0.cbr01.asbn.va.frontiernet.net (74.40.2.174)  21.769 ms  21.780 ms  21.101 ms
> 12  17.1.144.13 (17.1.144.13)  51.346 ms  23.238 ms  20.809 ms
> 13  world-any.aaplimg.com (17.253.144.10)  22.296 ms !Z  21.538 ms !Z  20.989 ms !Z
> 
> There's plenty of room for bypasses here

I disagree.  All of that is just up to here:

User / AS1 | Apple

You’re lucky in that Frontier is one of the 0.53% that Apple peers with, but there’s nothing to be compressed out of that.  Frontier is what Frontier is.  Nothing that happens beyond Frontier in the AS-path is going to change anything that happens inside Frontier, beyond the possibility of peering with Frontier in more locations, and if Apple’s already peering with Frontier, this isn’t going to change the number of points of overlap between their networks.

> with all the hops inside of Frontier, the only thing that would help would be Apple ingress nodes inside of Frontier's network.

Which isn’t how this works.  That’s how Akamai works, but not how Apple works.

And that puts us right back to what I said in the last email.  There’s no magic here.  Adding two new segments to a path cannot decrease the length of the path.  There’s no such thing as a negative-length segment.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210630/4bbbfdb1/attachment.sig>

More information about the cryptography mailing list