Forums » Help & Troubleshooting

iCloud private relay and geolocation

As of yesterday, most Apple devices with the iCloud Private Relay option enabled for trackers, are being mis-geolocated, primarily in Portland, Oregon.

It would be interesting to know if anything has been changed here, or Apple has made any changes.

Posted Sun Apr 9 2023 9:05a by quartzn***

Seeing and wondering the same. Also bounce rates have gone way up starting the same time frame. That possibly related?

Posted Sun Apr 9 2023 10:31a by solracp***

In light of the DDoS attack last week, we have moved everything behind Cloudflare. All visitors should still be tracked, but yes the IPs are wrong for some of them. There are some issues, we're working through them... the priority was getting service stable.

Posted Sun Apr 9 2023 7:02p by Your Friendly Clicky Admin

I think we figured out the bounce rate problem (some sessions were being fragmented when coming through CF because of multiple IPs) and just pushed a fix. Hopefully tomorrow's number looks better.

Posted Sun Apr 9 2023 8:27p by Your Friendly Clicky Admin

Also I think I just figured out the bad locations. I checked a few sites I know were seeing huge changes before and they seem much closer to normal for the last hour or so. Not retroactive, unfortunately, and they still say "Cloudflare", but the actual location should be better now, at the very least on a country level.

I believe that the cause of so many organizations being "Cloudflare" is because our network is pure IPv4. But when a visitor is connecting to CF via IPv6, they don't have a v4 number to pass along to us, so we're falling back on CF's v4 address. CF has several options for forwarding a person's real IP in each request, but at the moment this is my best guess. It's going to take time to figure out the best of options, during which some things will break. I'm sorry it had to be rushed.

Posted Mon Apr 10 2023 12:20a by Your Friendly Clicky Admin

When using Cloudflare, there can be problems with the real IP. You will fix it when you can, I imagine that right now there are more important things, and it is not something too important.

Posted Mon Apr 10 2023 5:55a by quartzn***

My theory above about IPv6... I'm sure CF is forwarding us the IPv6 address in their headers, but since we don't support it, we're falling back on the connecting IPv4 address from CF. Hence all the CF organizations.

But good news, our geo software *does* support IPv6. So what I'm going to try to get done today is storing that value temporarily, just for the location and org name look up. So we'd still end logging the IP as the CF IPv4 value, but the location and org would at least be accurate.

There are a ton of headaches with supporting full IPv6 in Clicky, which is why we've never added it. This may force us too though in the near future. We'll see what happens.

Posted Mon Apr 10 2023 10:46a by Your Friendly Clicky Admin

If IPv6 is giving you so many problems, it is possible to disable it through the Cloudflare API. This is a possibility.

Thanks for the support.

Posted Mon Apr 10 2023 11:28a by quartzn***

Brilliant! Forgot about that setting. Thankfully we're on an enterprise plan with CF because this option is only available at that level. I just changed it to "off" about 10 minutes ago and CF orgs are plummeting fast. So that confirms my theory for the most part. Good enough for now.

Posted Mon Apr 10 2023 12:20p by Your Friendly Clicky Admin

You must be logged in to your account to post!