Analyzing Privacy and Usability Tradeoffs in Multi-Party Relay Systems

Author(s) Information

Jess Alencaster, California Polytechnic State University, San Luis ObispoFollow
Leticia Leon-Rodriguez, California Polytechnic State University, San Luis ObispoFollow

College - Author 1

College of Engineering

Department - Author 1

Computer Science Department

College - Author 2

College of Engineering

Department - Author 2

Computer Science Department

College - Author 3

College of Engineering

Department - Author 3

Computer Science Department

Advisor

Paul Schmitt, College of Engineering, Computer Science and Software Engineering Department

Funding Source

This research was funded by Barbara J. Van Ness and Larry Bergman.

Date

10-2025

Abstract/Summary

Nearly everything we do on the Internet leaves a trace, and in recent decades the value of user data has proven to be highly profitable and become a fundamental business strategy of the Internet. The only recourse users have in this situation is seeking increased privacy, yet privacy is uniquely challenging on the Internet because we inherently rely on others (e.g., ISPs, content providers, CDNs) to carry and serve our traffic. Recent systems have sought to enhance user privacy without sacrificing performance by adopting Multi-Party Relay (MPR) architectures, including Apple's iCloud Private Relay. These architectures mask user IP addresses by tunneling through cloud infrastructure, yet Private Relay attempts to maintain accurate location information for users by intentionally falsifying location metadata for cloud-hosted IP prefixes. This project proposes a comprehensive measurement study to analyze the inherent tradeoffs between privacy and usability in the Private Relay (PR) architecture. The study will gather geolocation data from multiple IP databases (e.g., MaxMind and IPInfo) across several countries, evaluating the accuracy of geolocation when using PR services. Specifically, the research will examine: (1) geolocation performance inequalities; (2) the relationship between geolocation errors and proximity to cloud infrastructure; (3) quantification of privacy benefits; and (4) correlation of these metrics with underlying population characteristics (e.g., average household income, etc.). This research aims to illuminate the fundamental tension between privacy preservation and accurate geolocation in PR systems, potentially revealing disparities affecting users based on geographic region, and provide a foundation for improved PR system design. Students with an interest in Internet measurement, privacy, GIS, and computing for social good would likely find this project most suited to them.

October 1, 2025.