Apple Mail Privacy Provides Location(ish)

In a recent email-industry video conversation, a well-known analyst commented that he was glad to see location data eliminated by Apple’s MPP. Nice sentiment, but — surprisingly — not accurate

Email pixels & images fetched through Apple’s MPP infrastructure do provide location data. Ish.

This is not accidental, and it’s not a result of any ‘workaround.’ In fact, Apple has gone to considerable effort to provide ‘nearby’ location for requests. Their published iCloud Private Relay documentation includes a published list of >351,000 IP subnets. Each of these subnets is tagged to a specific location.

How Accurate Is MPP Location?

I spent my childhood in a town of 500 — Saguache, Colorado. It’s 50 miles from anywhere and nearly 8,000’ above sea level. Apple assigned an IPv6 subnet to Saguache.

2606:54c0:7680:76c0::/64,US,US-CO,Saguache

That /64 subnet is big enough to give every hair on every dog in Saguache a unique IP.

A search through @30 million recent Open Genius pixel requests turned up 2 from Saguache. The hashed subnet prefix matched the hashed subnet prefix from Apple’s published data. (We’re not sure whether it was a dog, because on the Internet nobody knows.)

Nearby Bonanza, CO also gets an IPv6 subnet.

2606:54c0:7680:76c8::/64,US,US-CO,Bonanza

The 2020 Census population of Bonanza: 17 people.

Location is definitely not dead.

Location from Apple MPP, but not from Google or Yahoo Proxy

It’s a truly odd puzzle for email marketers right now. The biggest 3 inbox providers — Apple, Google and Yahoo — provide strangely incoherent data. Apple’s approach makes “who opened?” unreliable because sooner or later Apple auto-requests all pixels. By contrast, Google and Yahoo don’t ask for a pixel unless the recipient opens the message.

Apple’s approach also puts a cloud over “when was this opened” — it could be time-of-open, or it could be time-of-auto-open. Google and Yahoo open times appear to be driven by user behavior. Apple doesn’t allow for re-opens; Google and Yahoo (with some careful engineering) will reload image content again. (So countdown timers won’t work in Apple-land, but will work in Google-land, at least for now.)

On the other hand…Google and Yahoo do not provide location data. Apple provides “nearby” location data — to the level of the town, even when the population is 17.

How Accurate Is Apple Location Data?

In short, we don’t really know yet. Thorough testing of known-user-location against MPP-indicated-location won’t be trivial. But observation of current samples, plus a bit of reason, suggests that it’s probably accurate to that “nearby town” level. Open-request “hits” appear to correlate, at least roughly, to town populations. There are many open requests from San Francisco, fewer from Sacramento, and only 2 from Saguache. If Apple were randomizing egress IPs, that correlation wouldn’t make sense.

And why would someone go to the trouble of assigning 351,000 subnets if they weren’t actually going to use them?

How Does This Help Marketers?

Location can be a useful thing to companies and consumers. I’d argue that Apple engineered a really good compromise with the town-level egress IPs — more useful than than the Google “everyone lives in a data center” approach. With a town-level location, we can deliver local information without putting individual privacy into the data. Telling me the weather “in town” is useful; telling me the weather at my front door is creepy. Marking the nearest store — useful; roadmap from my current location to that store — creepy.

The odd mix-and-match of factors available from the different proxies — time, location, etc — are challenging to handle, but they do provide statistically-significant samples for a decent-size campaign. If a marketer wants to know if a given campaign has better traction for urban markets, we’ve got location data from Apple. If they want to get a grip on open-time behavior, we’ve got time-based data from Google.

Treating all of these factors as statistics and “indicator” data mitigates concerns about creepy individual-level stalking without leaving marketers completely blind. It’s not perfect, and it’s not simple, but if the alternative is to send into an empty echo chamber, I’d argue that it’s better.

—Matthew Dunn, Campaign Genius