In response to a growing appetite for privacy and security on the internet,major tech companies including Google, Apple, Microsoft, and Cloudflare nowoffer a new class of anonymizing networks administered by them and tied to aspecific user account.
Wefirst began identifying this class of IPs in 2022and we refer to them as consumer privacy networks, or CPNs, to distinguish themfrom traditional proxies and VPNs.
The consumer privacy networks most in play right now are Apple’s iCloud PrivateRelay and Google’s variety of VPN-like offerings associated with Google One,Google Fi, and shortly the Chrome browser.
How consumer privacy networks differ from traditional VPNs
Traditional VPNs typically anonymize all connections at the level of theoperating system.
Consumer privacy networks protect traffic in a limited way: on special devicesor browsers, and sometimes even specific websites. They have features built-inthat control who can access the network, and how the network is used. Thesefeatures include token-based authentication and session-stable IP addresses.
One thing to remember, however, is that IP addresses are not people.
A single IP address can be used by multiple people, sometimes over a very shortperiod of time, as in the case of mobile networks. A user joins a mobile networkfor a brief period, ends their session, and the IP address is then passed off tosomeone else.
Prefer watching instead of reading?
Access our on-demand webinar on consumer privacy networks.
The opposite is also true. People use multiple IP addresses, even in a singleday. Take an employee who works remotely at a data company. He signs into hiscompany’s secure servers using a business VPN and uses a company credit card tomake authorized purchases. At lunch, he uses his personal Google Fi connection,which is secured with the Google VPN, to shop online and avoid getting targetedads. In the evening, he signs into a shady VPN service he bought usinguntraceable cryptocurrency and participates in subversive discourse.
These three profiles are the same person—but to anyone in IP intelligence, hemight as well be three different people, or rather, three different profiles.What we’ve described are profiles of networks and how they’re used, rather thanprofiles of individuals themselves.
Profiling networks is, of course, an imperfect practice and one that alwayscomes with various tradeoffs. On a topic as complex as IP intelligence,exceptions are the rule and there are always nuances to consider.
Adoption rates of consumer privacy networks
We see the growing appetite for data privacy reflected in the adoption rate ofconsumer privacy networks.
For much of 2023, consumer privacy networks accounted for less than 1% of alltraffic when compared to traditional anonymizers (which accounted for 4% of alltraffic). Towards the end of 2023, however, we saw the percentage increase tonearly 1.5%—a fairly significant growth.
Apple’s iCloud Private Relay currently accounts for 94% of CPN traffic. Thisratio is likely to change as Google rolls out CPN for the Chrome browser, whichhas a user base of billions.
Geolocating traditional anonymizer traffic
Business VPNs provide a secure connection between an organization’s data and itsemployees. Typically, a business VPN user’s location is associated with theheadquarters of the company or with one or more of its brick-and-mortars. Theend user of a business VPN can be anywhere in the world, but their geolocationwould still appear to be coming from a place associated with the company.
Now, even though the end-user might be nowhere near where the network islocated, it’s still appropriate for many use cases to treat the geolocation aslegitimate.
Traditional proxies allow the user to arbitrarily select the location of thenetwork they’re using in order to bypass location-based limitations. This is themain draw for some users of anonymizers, that they can present as being anywherein the world.
A common example is the user of a residential proxy who lives in Canada andwants to stream content from the United States. The user can simply route theirconnection through a server or a compromised desktop computer in the UnitedStates to access the content in question.
Geolocating consumer privacy networks
Geolocating consumer privacy networks is a bit different than geolocatingbusiness VPNs or traditional proxies.
Unlike traditional anonymizers, consumer privacy networks do not allow forarbitrary geolocation selection by the end-user. CPN providers will blur thegeolocation of the end-user, but the end-user won’t appear as if they weresomewhere they’re not.
Take, for example, a user located in Roxboro, North Carolina, United States.With a consumer privacy network, this user might have their geolocation groupedwith a large population of other internet users in a wider area of NorthCarolina. If the user wanted additional privacy, they could be geolocatedinstead to a cluster of states on the East Coast. One level of privacy up, thelocation blurring could geolocate them to the United States, in the East Coasttime zone.
What a CPN user could not do, however, is choose to appear from the West Coastin the United States, or in Canada, or anywhere else. This means that whileyou’ll see a reduction in the geolocation precision for consumer privacynetworks users, you won’t see a deliberately false location.
Apple and Google both begin by geolocating the IP address of the user and thenrouting that user’s connection to a network associated with an appropriatelyblurred geolocation. However, they each take a slightly different approach togeolocation blurring.
iCloud Private Relay blurs based on a limited resolution geohash. What thismeans is that the precision of the area that they blur to is about 800 squarekilometers. The CPN user’s actual location will be somewhere within this 800square kilometer radius.
Private relay users also have an additional option for blurring if they wantmore anonymity, geolocating to only time zone and country level.
Google’s consumer privacy networks geolocation is based on population density.Google approximates internet usage based on their search traffic and uses thatdata to create regions that contain about 1 million users each. They center eachregion around large population areas, allowing them to have regions of varioussizes while still preserving a large enough pool of internet users in thatregion to ensure a level of anonymity.
From conversations with Google, we know these regions will attempt to respectstate provincial boundaries. However, in areas with smaller, less populatedstates, it may be necessary to expand the region to preserve anonymity.Country-level boundaries, however, will always be respected.
Given Apple and Google’s routing procedures, we employ a trust-but-verifyapproach for geolocating consumer privacy networks. Both Apple and Googlepublish the geolocation of their networks under a publicly available geofeedwhich MaxMind consumes.
We use the published location of these networks as a strong signal, but we weighthis signal against proprietary signals of our own regarding the end user’slocation.
For the most part, we see that these networks are in use where Apple and Googleattest that they are. Occasionally, we do have strong signals that they arebeing used in other locations. In those circ*mstances, we make our owndetermination as to the best location for the network.
Use ourGeoIP web services demoto preview how we identify consumer privacy networks. Enter the below IPs,associated with iCloud Private Relay and Google One VPN in our services at thetime of publication:
- 104.28.16.47
- 162.120.128.0
Consumer privacy networks are identified as such under the ISP/Org column. Wealso mark consumer privacy networks as such in our user type data, which doesnot appear in our demo, but is available in theGeoIP Insights web serviceand theGeoIP Enterprise database.
One way to think about the geolocation challenge for consumer privacy networksis that geolocation is reliable but less precise. How you handle these networkswill depend on your specific use case, i.e. what level of precision is relevantto your use case, and if you get it wrong, how big of an impact to your businessis that?
Dig further into consumer privacy networks.Download our white paper analyzing the riskiness of CPNs
