Year in Review 2023

Internet connectivity is more important than ever, enabling everyday communication, commerce, entertainment, and transportation. This increasing reliance on the Internet is reflected in continued global Internet traffic growth.

This trend line starts mid-January, allowing for Internet activity to normalize following the return to work and school after the New Year. 2022's trend line is shown for comparison purposes.

Generative AI took the Internet by storm in 2023, introducing several new breakout services, as formerly hot Cryptocurrency and Metaverse services cooled off. Our category-specific lists represent the zeitgeist of Internet activity throughout the year, and include both familiar and unexpected names. Overall, Google maintained its position from 2022's ranking and was once again the most popular Internet service.

The ranking methodology used here is based on aggregate data from 1.1.1.1.

Apple's iOS and Google's Android are the two most widely used mobile device operating systems. However, adoption can vary significantly around the world -- users in Denmark, Australia, and Japan clearly prefer iOS, while users in Bangladesh, India, and Venezuela are squarely in the Android camp.

Here we look at the distribution of iOS and Android across traffic seen by Cloudflare globally during 2023. Traffic from other mobile operating systems was negligible and is not included in this graph.

SpaceX Starlink promises satellite Internet connectivity in previously underserved or unserved locations. We analyzed aggregate Cloudflare traffic volumes associated with the service's autonomous system (AS14593) during 2023.

Starlink is not yet available globally, and as such, graphs will not be displayed for locations where Cloudflare has not observed meaningful Starlink-related traffic.

The trend line is scaled relative to the actual traffic data, where Max is the peak observed request volume and 0 means no traffic was observed. 2022's trend line is shown for comparison purposes, and is scaled to the Max value across 2022 and 2023.

Modern web sites are complex productions, relying on a mix of frameworks, platforms, services, and tools. Using Cloudflare Radar's URL Scanner, we analyzed web sites associated with the top 5000 domains to identify the most popular technologies in use across a number of categories.

Note that the data was collected across a subset of the top 5000 domains, as not all have active web sites at their apex.

HTTP (HyperText Transfer Protocol) is the core protocol that the web relies upon. HTTP/1.0 was first standardized in 1996, HTTP/1.1 in 1999, and HTTP/2 in 2015. The most recent version, HTTP/3, was completed in 2022, and runs on top of QUIC, a new transport protocol. Using QUIC allows it to mitigate the effects of packet loss, establish connections more quickly, and provide encryption by default.

Here we look at the distribution of HTTP versions across client traffic seen by Cloudflare globally during 2023.

More than half of the dynamic traffic seen by Cloudflare is API related, and it continues to grow over time. Much of that API traffic is automated — that is, determined to not be coming from a person using a browser or native mobile application. Based on their local environments, preferences, or requirements, developers use a variety of languages to develop these automated API clients.

We analyzed this automated API traffic to identify the top languages used to develop API clients, and the chart below shows their distribution during 2023. NodeJS tops the list with over 14% of automated API requests made by NodeJS clients.

A Hilbert curve is what is known as a "continuous space filling curve", and has properties that make it useful for visualizing the Internet's IPv4 address space.

While Cloudflare Radar allows you to see Internet traffic at a country/region or autonomous system level, using a Hilbert curve, we can get a holistic look at where traffic is coming from across the entire (IPv4) Internet. The visualization below shows traffic to Cloudflare from January 1 to November 26, 2023, with IP addresses aggregated at a /20 level. That means that at the highest zoom level, each cell represents traffic from 4096 IPv4 addresses.

Zoom and drag to explore areas of interest on the plot.

The Internet plays an increasingly significant role in people's lives, but not everyone has reliable Internet access. Outages can be inadvertently caused by events like natural disasters or can occur when a government deliberately shuts down connectivity.

The Cloudflare Radar Outage Center tracks these Internet disruptions, and uses Cloudflare traffic data for insights into their scope and duration.

Cloudflare has been a vocal advocate for IPv6 adoption for many years because it plays a critical role in the scalability of the Internet. Because of the limited availability of IPv4 address space, some cloud providers have chosen to levy what is effectively an IPv4 tax for the use of IPv4 addresses. (Spoiler: Cloudflare can help customers avoid having to pay it.)

We analyzed requests for dual stacked content that were made over IPv6 during 2023 to calculate aggregate IPv6 adoption rates.

Although Internet connections are most often marketed and sold with a focus on download speed, upload speed is increasingly important as we spend more time using videoconferencing and livestreaming tools. Latency is also a critical component of Internet quality, as high latency can significantly impact Internet connection quality and the user experience.

Based on speed.cloudflare.com tests taken by users from around the world throughout 2023, we can highlight those locations where service providers delivery Internet connectivity with the highest download and upload speeds, as well as the lowest idle and loaded latencies.

Mobile devices are ubiquitous, and in many countries, they are the primary way that people access the Internet, whether at work, at home, or on the go.

In 2023, we found that over 80 countries/regions had a majority of traffic from mobile devices.

Here we look at the distribution of mobile and desktop device usage across traffic seen by Cloudflare globally during 2023.

Customers may choose to mitigate (block) traffic for a variety of reasons, even if the traffic isn't suspected to be malicious. However, for malicious traffic, DDoS mitigation techniques and Web Application Firewall (WAF) Managed Rules are two of the most effective defences against Application Layer (Layer 7) attacks. These attacks can take an unprotected web site down for hours or steal customer data.

Here we show the percentage of global traffic mitigated by Cloudflare on a daily basis during 2023, as well as the percentage of traffic mitigated as a DDoS attack or by WAF Managed Rules.

Bot traffic describes any non-human Internet traffic, and monitoring bot levels can help spot potential malicious activities. Of course, bots can be helpful too, and Cloudflare maintains a list of verified bots to help keep the Internet healthy.

Looking at bot traffic observed by Cloudflare in 2023, we found that 0% came from the top 10 countries, and that a significant amount of it comes from networks associated with cloud platform providers.

While we can't predict which industry attackers will target the most, we do know all industries get attacked. No matter the industry, your best bet is to keep your guard up.

The bars represent the percentage of mitigated traffic aggregated globally that is targeting each category, calculated on a weekly basis.

In August 2023, we published a blog post that explored traffic seen by Cloudflare for the most commonly exploited vulnerabilities of 2022. Although these are older vulnerabilities, attackers continued to actively target and exploit them throughout 2023.

Attacks targeted flaws in popular Java-based logging package Log4j more than 10x as much as those targeting the other top vulnerabilities, with a significant increase in attack activity observed in late October.

Post-quantum refers to a new set of cryptographic techniques that can protect data from adversaries with the ability to capture and store today's data for decryption by sufficiently powerful quantum computers in the future. The Cloudflare Research team has been exploring post-quantum cryptography since 2017.

In October 2022, we enabled post-quantum key agreement our edge by default, but use of it requires that the browser support it as well. Google's Chrome browser started to slowly enable support in August 2023, and we expect its support will continue to grow in 2024, and that other browsers will add support over time as well. In September 2023, we announced general availability of post-quantum cryptography for both inbound and outbound connections and for many internal services, and expect to finish upgrading all internal services by the end of 2024.

Malicious emails include those that would cause harm, including the loss of credentials, data or monies. Cloudflare Area 1 Email Security protects customers from phishing attacks, including those carried out through targeted malicious email messages.

Below, we show the global percentage of emails analyzed by Cloudflare that were found to be malicious, aggregated at a weekly level.

When carrying out attacks using malicious email messages, attackers use a variety of techniques, which we refer to as threat categories. These categories are defined and explored in detail in Cloudflare's 2023 phishing threats report. The report summarized the top threat categories identified in the analysis of billions of emails between May 2022 and May 2023.

Below, we show how threat activity across these categories trended throughout 2023, aggregated weekly. The percentages in the graph will not sum to 100% because a malicious email message may have several threat categories associated with it.

One important step towards improving Internet routing security has been the adoption of Resource Public Key Infrastructure (RPKI), a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number. This enables network providers to validate BGP announcements and reject invalid routes.

Over the course of 2023, the global share of RPKI valid routes grew to 45%, up six percentage points from 2022.

Countries including Saudi Arabia, Turkmenistan, Laos, and Vietnam saw the largest increases in RPKI valid route percentages, growing as much as 81% isince the start of the year.

We use RIPE NCC's RPKI daily archive to reconstruct RPKI data snapshots, and use RIPE RIS rrc00 RIB dumps as the source of BGP routes.