[dspillett]

> The application … makes a lot of connections to [site], a website that sells tickets to live music events

This is a common use for residential proxies. Ticket touts buy use of the infected users to make requests to try beat restrictions on access from data-centre hosts or high-volume access from and other hosts, to increase their charge of getting valuable tickets for later resale.

A number of backdoored (by the creator, by someone cracking into their source repositories, or in this case by buy-out) free browser extensions, VPN apps, and such, turn the user's machines into a proxy like this.

[hoofhearted]

NordVPN does this as well. Google and Amazon own large blocks of IP ranges for their cloud services, so it’s fairly easy to detect bots built on AWS and Google cloud.

On the other hand, Verizon also owns a large block of IP addresses that they give out to their residential customers.

NordVPN takes advantage of the fact that people like Netflix and Amazon don’t want to block out Verizon’s ip ranges, and disguise network traffic as residential traffic.

[knodi123]

> NordVPN does this as well.

Do they? Last time I looked into this drama, it seems like the botnet accusations were just scurrilous slander.

https://www.comparitech.com/blog/vpn-privacy/nord-vpn-botnet...

[reaperducer]

The last time someone made this claim on HN, someone from NordVPN responded saying it is false.

[chimen]

Almost certain. NordVPN owns Oxylabs if I'm not mistaken

[archon810]

Seems like it https://news.ycombinator.com/item?id=29285988

[junon]

How does that "seem like it"? I don't see anything there that is proof of anything...

[AmINotARobot]

In an interview with TechRadar Pro, Tom Okman, the co-founder of both Tesonet and Nord Security, answered some questions regarding the relationship between Tesonet, NordVPN, and the plethora of associated online services the companies offer.

The founder of the guilty party is also the founder of the company behind NordVPN. From the article it also seems like the operational practices are similar. Additionally, it is stated by the CEO of the guilty party that operational activities will resume as normal since the suit is only for damages. Assuming that NordVPN operates in a similar way, then a residential proxy service is still on the menu.

[Philip-J-Fry]

I can't see anything suggesting they proxy VPN traffic through their users. Would certainly be a scandal worth talking about if true.

[hoofhearted]

I believe users can opt in to let proxy traffic through.

[noduerme]

I use NordVPN (and their client software), and I don't see any such option. I'd be pretty furious if that were happening. I have not seen evidence of it... apart from some small requests to a few of their own weirdly-named domains (which I assume are to sync their proxy list), it doesn't look like there's any traffic going from my box to anything other than whichever of their servers I'm tunneling to.

[otterley]

Do you have a link to more information somewhere? I'd like to know more about what NordVPN is doing, if true. It's certainly not what their customers expect.

[dingosity]

I agree with you if you're talking about tech savvy users. But I think NordVPN has enough users who don't know what's going on under the hood that they might not understand the implications of forwarding potentially copyright-hostile packets.

[hoofhearted]

https://nordvpn.com/blog/residential-proxies/

[otterley]

That blog post does not say that NordVPN uses customer VPN endpoints as proxy servers without the customer's consent. It talks about the possibility of setting them up, but the implementation is left to the customer.