I would guess the pool of IP addressed used by Apple has been blocked from contributing since for any good faith editor, there is a vast amount of vandals taking advantage of the feature to deface articles en masse.
Back in the old days, we maintained a list of trustworthy http proxies for which we trusted the IP of their client. The community could then block the user behind the proxy. With everything behind https nowadays, that is no more possible (the intermediate proxy can not inject any header to carry the information). So the sole thing we see is the Apple relays IPs and if those are a source of vandalism for sure the community will block them from contributing.
Given the relay is only enforced by Safari (as I understand it), you can use the IOS Wikipedia application for editing: https://apps.apple.com/app/wikipedia/id324715238 , though that will not pass through the Apple relays and leak your IP.
> we trusted the IP of their client. The community could then block the user behind the proxy. With everything behind https nowadays, that is no more possible (the intermediate proxy can not inject any header to carry the information).
Not exactly true - the "Proxy Protocol" [1] was invented for that purpose. Wikipedia as an entity should be large enough to ask Apple if they can implement support for it - the question is if they want to.
If that protocol is a technical solution to the problem and match our requirements toward privacy, I don't see why it would not be adopted, then:
- The TCP header is not encrypted and thus publicly exposes the IP address of the client
- I don't see why the Apple Relays would emit that information since that would defeat its purpose of obscuring the original client IP
- It looks like it is a custom protocol between two HAProxy Enterprise instances
- It seems to be a feature of "HAProxy Enterprise" which sounds like it is not available under an open source license.
We do have direct point of contacts with engineers at Apple, Facebook, Google etc and do collaborate with them on a wide range of technical topics. The foundation has a dedicated team to vandalism, blocking etc https://www.mediawiki.org/wiki/Anti-Harassment_Tools . I forwarded your remark and maybe they can update the wiki page at https://meta.wikimedia.org/wiki/Apple_iCloud_Private_Relay (it is mostly from November 2021 and looks like it might use a refresh).
HAproxy is just an implementer of this protocol, there are others as well (nginx and AWS I know support this), and IIRC also the haproxy community edition.
https://meta.wikimedia.org/wiki/Apple_iCloud_Private_Relay has some context and list potential problems that might arise (and do in your case).
https://meta.wikimedia.org/wiki/Talk:Apple_iCloud_Private_Re... is the related discussion page if you want to ask more.
Back in the old days, we maintained a list of trustworthy http proxies for which we trusted the IP of their client. The community could then block the user behind the proxy. With everything behind https nowadays, that is no more possible (the intermediate proxy can not inject any header to carry the information). So the sole thing we see is the Apple relays IPs and if those are a source of vandalism for sure the community will block them from contributing.
There is a more or less similar issue with TOR exit node for which the issue is described at https://meta.wikimedia.org/wiki/Editing_with_Tor
Given the relay is only enforced by Safari (as I understand it), you can use the IOS Wikipedia application for editing: https://apps.apple.com/app/wikipedia/id324715238 , though that will not pass through the Apple relays and leak your IP.