[avastel]

Interesting article. I’ve been curious for a while about how residential proxy IPs are collected too. Many come from shady browser extensions or mobile apps, especially free VPNs (wink wink Hola VPN). People often don’t realize they are turning their device into an exit node.

Some time ago I started to track this as a side project (I work in bot detection and was always surprised by how many residential proxies show up in attacks). It started just out of curiosity. Now I collect proxy IPs, which provider they belong to, and how often they are seen. I also publish stats here: https://deviceandbrowserinfo.com/proxy-api/stats/proxy-db-30...

For example, in the last 30 days I saw more than 120K IPs from Comcast and nearly 100K from AT&T.

I also maintain an open IP (ranges) blocklist, mostly effective against data center and ISP proxies. Residential IPs are harder since they are often shared with legit users: https://github.com/antoinevastel/avastel-bot-ips-lists

Even if you can’t block all of them, tracking volume and reuse gives useful signal.

[chatmasta]

Hola/Luminati rebranded as “Bright Data” and now pays mobile developers to embed their proxy SDK into mobile apps. Apple and Google should put a stop to this practice.

[garbthetill]

they have been paying devs for a good bit now

[garbthetill]

hola vpn is such an interesting case of a money printer, host a simple vpn and present it as free, give the users datacenter ips that are easy to detect. meanwhile you get their precious residential ip's and print millions a month

[ignoramous]

The recent feud between founders is bound to reveal more interesting aspects of their business: https://www.haaretz.com/israel-news/tech-news/2021-07-01/ty-... / https://archive.vn/o5ujG

[garbthetill]

Thanks for the great read, so much to unpack from that article the click fraud stuff is to be expected, keeping track of everything that goes through their proxy is also expected, but copying files is crazy and this could unravel to a class action

but with that being said, if you are doing something shady/grey area to get ahead you best give everyone a cut of the pie, especially your blood brother

[arewethereyeta]

I would add that your chances of having a proxy node increase by 1% with each free app you install these days. We catch them easily at visitorquery.com but the residential proxy business in rampant and probably half are infected devices, android TVs, routers and, ofc, mobile apps.

[antonvs]

> I work in bot detection and was always surprised by how many residential proxies show up in attacks

Why is that surprising? It seems like it'd be one of the major vectors.