As you read this, there’s an army of bots pretending to be Apple users surfing the web and looking at ads, according to new research shared exclusively with Gizmodo. The ad fraud scheme is weaponizing a privacy feature called Private Relay, coopting a vast swath of traffic to show ads to robots and costing advertisers tens of millions of dollars in the process, researchers’ tests found. Apple has promised that the tool has “built-in fraud detection” and that advertising platforms can trust it, but the researchers say the fraud has only gotten worse in the months since they first reported it to the company.
The new report finds that criminals are exploiting Apple’s Private Relay tool, a feature available on on Apple devices for users who subscribe to iCloud+. Turn it on, and Private Relay will hide your web browsing and assign you a dummy IP address to help stop companies from tracking you. Pixalate, the ad tech firm that authored the study, released Wednesday, says the problem will cost US advertisers an estimated $65 million in 2022 alone. The study finds that 90% of web traffic that looks like it’s coming from Private Relay is actually fraudulent.
In general, the problem described in the report doesn’t have a direct effect on Apple users. Instead, ad fraudsters are pretending to be among them, researchers said. According to Pixalate, fraudsters are taking advantage of misplaced trust in Apple and the complexity of ad tech, slipping bad traffic right under publishers’ and tech companies’ noses.
“Apple says you can trust that connections through Private Relay are secure and free of fraud, so scammers are just presenting their traffic as coming from Apple,” said Amit Shetty, vice president of product at Pixalate. “It seems like they’re just hoping people are going to put the traffic on ‘allow lists’ because it’s considered to be safe.”
The ad fraud is widespread, but the study found that the bots tend to cluster around groups of domains, and nine websites that display ads are affected in particular, including the websites for E! Online, ESPN, Major League Baseball, NBC News, and Weather.com.
Pixalate first reported on this problem in August, but the firm says the amount of fraud is accelerating. The problem is so bad that Shetty advised ad tech companies and websites to consider blocking Private Relay traffic altogether until there’s a better solution.
The findings speak to wider problems within digital advertising.
“The programmatic advertising system is so complex that nobody really understands it,” said Bob Hoffman, a former ad agency executive and author of the best selling book ADSCAM. (Hoffman was not involved with Pixalate’s study.) “At least 15% of all the money just disappears and nobody knows where it goes.”
Apple did not respond to multiple requests for comment.
Every time you see an ad online, it’s usually the result of an app or a website partnering with numerous ad tech companies. For every ad view, the website or app developer gets paid, and so do all the tech vendors involved. That same long line of partnerships poses a problem, though: Every ad display usually involves a byzantine chain of companies and systems, which leaves a wide berth for misbehavior.
More ad views mean more money. So sometimes a website or an ad tech company pumps up their numbers with fake traffic. The other players in the chain think real people are seeing the ads, but the ads are actually being shown to robots. It can be hard to detect — and companies have a perverse incentive to look the other way because they still get paid. If no one gets caught, the only victim is the advertiser throwing money away. Voila, ad fraud.
“As an advertiser goes away from buying directly from a from a website or a publisher, the deeper into the long tail of the programmatic ecosystem the advertiser goes, the more likely they are to encounter a threat,” Hoffman said.
Now that you’re an ad fraud expert, you need to know about Apple’s iCloud Private Relay feature, or iCPR. It cloaks your web browsing so even your internet service provider and cell phone company can’t see what you’re doing online. Part of that process involves assigning you a new IP address from a list of potential IPs that’s supposed to be set aside for this purpose. Apple publishes that list online.
That, too, poses a problem. Websites and ad tech companies use IP addresses to identify fraudulent web traffic (among other techniques). iCPR means you can’t see a user’s real IP, so it’s harder to tell if they’re legitimate. But Apple reassures the ad tech industry that there’s nothing to worry about.
Apple promised in several public statements that apps, websites, and ad tech companies can trust that iCPR addresses represent real people. The company says Private Relay has “built-in fraud protection,” and it’s “designed to ensure only valid Apple devices and accounts in good standing are allowed to use the service.” Apple goes even further, proclaiming that “Websites that use IP addresses to enforce fraud prevention and anti-abuse measures can trust that connections through Private Relay have been validated at the account and device level by Apple.”
That’s not even remotely true, according to the study.
Pixalate says that ad fraudsters are spoofing Private Relay IP addresses by inserting them into the complicated chain of companies and technology in advertising systems. The study says 90% of the web traffic that looks like it’s coming from Private Relay is actually fake, which could mean there are well over 100 million robots cruising around the web, seeing a lot of fake ads. Safari reportedly has a billion users. According to Pixalate, 21% of the traffic online presenting itself as coming from the Safari browser purports to be using iCPR, and that number is on the rise.
Pixalate used several techniques to identify the fraud, including analyzing where the traffic originated from. Private Relay is only available with the Safari browser, but they observed iCPR IP addresses attached to Firefox, or to non-Apple devices, which can’t run Safari. That should be impossible. Pixalate also saw the IP addresses originating from data centers, which ad fraudsters often route their traffic through to hide their activity. (For all the ad fraud experts out there, Pixalate says it accounted for other features that could interfere with the analysis, including an Apple feature called Hide My IP.)
Supposed iCPR addresses coming from data centers or the wrong browsers have bear all the major markers of fraud, said Rocky Moss, CEO of Deepsee, an ad fraud detection firm who was not involved with the study.
“It’s hard to think of another reason why it could be presenting a Private Relay IP address,” Moss said. Ad tech companies “might be treating this array of Apple IP addresses as trusted, even though header values are easily spoofed.”
Pixalate also detected iCPR addresses involved in what’s known as a “bot ring,” where clusters of users exclusively visit a few websites or apps and don’t go anywhere else, which is a red flag of inauthentic behavior.
Apple says that iCPR IP addresses are supposed to remain consistent throughout a browsing session. In other words, your IP address stays the same at least until you close the browser and go do something else. But during more than half the browsing sessions Pixalate researchers observed, iCPR IP addresses changed multiple times. In ad fraud operations, IP addresses are often set to change automatically, which makes it harder to track the inauthentic users.
Researchers said Apple’s trusted brand of security and privacy allows allows criminals to fly under the radar. They believe fraudsters operate “with the expectation that iCPR IP ranges are automatically marked as safe by ad tech companies, stemming from trust in Apple’s brand and its repeated assertions of iCPR security.”
While there’s no indication that Apple is involved with the scheme, Pixalate researchers did say that its statements hawking Private Relay are completely free of any cautionary language. The iPhone maker is encouraging blind trust in Private Relay, which suggests that Tim Cook and company didn’t consider the labyrinthine and fraud-prone architecture of digital advertising when rolling out descriptions of the system, researchers said.
The problem is due, in part, to the nature of ad tech. “One in 10,000 individuals can actually get into the forensic analysis of what’s going on under the hood of the online advertising industry,” Hoffman said. “That’s why trust is essential.”
Traffic hops from company to company in a single ad bid before an ad gets served, and most of the players involved never interact with the user’s actual device, which makes validating traffic a difficult, often time-consuming process.
“It makes a great deal of sense that spoofing those values would be a way to get inventory into ad tech platforms that would otherwise be thrown away for looking suspicious,” said Ian Trider, vice president of real-time bidding operations at Basis Technologies, who collaborated on the research with Pixalate.
Gizmodo reached out to several of the websites the researchers said were most affected by the Private Relay fraud. ESPN declined to comment. NBC, Major League Baseball, and E! didn’t answer Gizmodo’s questions.
Melissa Medori, a spokesperson for IBM, which owns Weather.com, said, “Fraudulent traffic continues to be an industry-wide problem. The weather.com team monitors invalid traffic (IVT) closely and continues to work diligently with our tech partners to help block or mitigate fraudulent traffic within our own programmatic advertising, as well as to help find solutions to prevent it.”
Ad fraud is an enormous problem, but no one knows exactly how big it is. Talk to 10 ad tech people, and you’ll get 10 different answers. Over the course of this story I heard fraud accounts for anywhere from 5% to 40% of all the money spent on online advertising. (One particularly zealous ad fraud expert told me the number is more like 90%.) That’s a lot of money. Advertisers will spend over $602 billion on digital advertising this year, according to Statista.