[dirheist]

IIRC the mylobot botnet is responsible for providing the vast majority of residential (home) IP addresses for residential VPN providers (who are then sold to expressvpn/nordvpn). The whole business is incredibly shady and nefarious and nordvpn/expressvpn must know from whom they contract their residential vpn services from.

BHProxies is the largest residential proxy provider on the internet and almost all of their proxies are acquired through the botnet above.

https://www.bitsight.com/blog/mylobot-investigating-proxy-bo...

[myself248]

Whaaaaaaaaaat.

This needs to be on the front page of.... something.

[seanw444]

Seconded. I refer to them as shady because I have no way of knowing what they do with your data. I didn't even consider that they'd have a whole botnet market going on too. This definitely needs to be more public.

[wyclif]

I totally agree. Somebody knowledgeable about how this works needs to write an expose about it.

[jamesfinlayson]

Agreed - I assumed they had some way of getting IP addresses that don't come from an AWS/Azure/Google/whatever datacentre block but I just assumed they bought residential blocks from ISPs or something like that.

[Spinnaker_]

Is there a source for expressvpn actually using BHProxies? I had no clue it was that sketchy. It is owned by a public company, so that's pretty substantial news if true.

[Stagnant]

I would be very skeptical of the claim, quite worrying to see multiple people accepting that as a fact without any kind of evidence to support the claim.

I'd be shocked if any of the major VPN providers were involved with illegal residential proxies. It just doesn't make sense, can you imagine just how unstable and slow those connections would be? Why would they risk being legally liable when there exists legal residential proxy providers that get their IP's from people that voluntarily share their connection (honeygain etc.)? I've never heard of any of the big VPN providers offering residential connections. As I understand the VPN providers that promise support for netflix and similar streaming services just acquire newer IP's from time to time but the connection still goes through a regular datacenter, definitely not from some random dude's home.

The proxy market is more so targeted towards developers who scrape data and criminals that do credential stuffing/other criminal activity.

[Dah00n]

I'm not saying I trust the above claim (I have no idea) but this

>can you imagine just how unstable and slow those connections would be

Yes, yes I can and they are. I tried them some time ago before I found out how shady they are and encrypted connections were like 2 Mbit while Mullvad gave me many many times faster bandwidth with higher encryption. Their support was completely useless.

[tempest_]

Cool, I did not know about this one.