This blog was co-authored by Ian Trider, VP of RTB Platform at Basis Technologies.
Apple’s iCloud Private Relay has been a topic of interest - and contention - for the advertising industry over the last year. Pixalate conducted a study covering over 70 Billion transactions analyzed by Pixalate over a 3-month period, and provides insights into the apparent impact of iCloud Private Relay so far.
Key Takeaways :
What is the iCloud Private Relay?
iCloud Private Relay (iPR) is a service from Apple intended to allow iPhone, iPad and Mac users to connect to the internet in a secure and private manner. This is one of Apple’s recent privacy initiatives. It was announced in 2021, is currently in beta, and is expected to be expanded this year via iOS 16. More information is available at this white paper from Apple and also from this excellent presentation by Will Law from Akamai for deeper technical details.
Why does it matter for advertising?
Apple’s iCloud Private Relay announcement has been met with some consternation in the media / advertising industry. In some ways it is considered the 4th wave of privacy technology solutions from Apple (Removal of 3rd party cookies on Safari, App Tracking Transparency/ATT updates & limiting of the IDFA, email obfuscation using “hide my email,” and now, hiding IP addresses).
The concerns around iCloud Private Relay are driven by the fear of losing accurate user IP Address information, which could have impacts in the following areas.
Methodology of this study
This study covered relevant traffic analyzed by Pixalate over a 3-month period (5/15 - 8/15) for the topline numbers. We checked over 70 Billion transactions to conduct this research. In addition, we gathered some key metrics over a longer (6-month) period in order to gather a time chart to view the trends over time. We only covered US traffic at this time because iCloud Private Relay is in limited beta.
Apple publishes all the IP Address Ranges associated with iCloud Private Relay (i.e, any “egress IP” seen on an iCloud Private Relay connection will be included in the list). Pixalate uses this published information to identify traffic that appears to be related to iCloud Private Relay.
We looked at overall Mobile and Desktop traffic, before zeroing in on the most relevant (per Apple’s beta description) device types & traffic - Safari on iOS & macOS. This allows readers to evaluate the data in either context.
Definitions used in the charts below:
These are the percentages of iCloud Private Relay traffic compared to ALL mobile and desktop traffic (not just iOS/MacOS) seen by Pixalate in the 3-month snapshot analysis. This is intended to give an understanding of the scale of iCloud Private Relay traffic.
This is the Breakdown of iCloud Private Relay related traffic across Mobile and Desktop Safari traffic (which are the 2 areas where iCloud Private Relay traffic is expected to be present).
This section presents the trendlines for iCloud Private Relay traffic on Mobile and Desktop Safari, across a 6-month period.
Ad Tech Implications:
The high percentage of ad requests claiming to be coming from iCloud Private Relay on Safari traffic suggests that all the ad tech platforms (DSPs, Exchanges, SSPs) may need to pay heightened attention to purported iCloud Private Relay traffic. In particular, they may need to think about implications to targeting, frequency capping, geotargeting, pre-bid fraud filtering (by IP), etc. Based on our research, it appears that iCloud Private Relay does not have immunity to fraud.
Blindly adding these IP addresses to allow-lists may let in large amounts of IVT, as we see above. This IVT could come from bad actors falsely claiming an iCloud Private Relay IP in bid requests. In addition, traffic originating from published iCloud Private Relay IPs cannot be assumed to be per se fraud free.
Pixalate is working on a follow up investigation to dive deeper into the sources of IVT related to this traffic.
If you have any questions or feedback regarding this report, please contact us at firstname.lastname@example.org.
Disclaimer: The content of this page reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.
Per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC, “‘Invalid Traffic’ is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”