[dataviz1000]

They provide an SDK for mobile developers. Here is a video of how it works. [0]

[0] https://www.youtube.com/watch?v=1a9HLrwvUO4&t=15s

[TYPE_FASTER]

Also see https://www.youtube.com/watch?v=AGaiVApKfmc - "Avoid restrictions and blocks using the fastest and most stable proxy network"...they're pretty upfront with this, aren't they?

Oh, and they will sell you the datasets they've already scraped using mobile devices: https://brightdata.com/lp/web-data/datasets

This actually explains a phishing attack where I received a text from somebody purporting to be a co-worker asking for an Apple gift card. The name was indeed an employee from a different part of the large company I worked for at the time, but LinkedIn was the only possible link I could figure out that was at least somewhat publicly available information.

This should probably be required in all CS curriculum: https://ocw.mit.edu/courses/res-tll-008-social-and-ethical-r...

[nerdponx]

It should be illegal, but this stuff is propping up the appearance of a healthy economy so nobody will touch it.

[VladVladikoff]

That scam definitely uses linked in as the source. We get a lot of those BEC emails and it’s always the people who are on LinkedIn. Also keep in mind LinkedIn has had big database leaks in the past, you might not even need to scrape them, just download a huge database from a leaks site.

[cuu508]

IMO Google Play should check apps for presence of this SDK and other similar SDKs, and, upon detection, treat these apps as malware.

[VladVladikoff]

I was wondering if they already do but maybe it’s a cat and mouse game where those companies obfuscate their code to avoid automated detection.

[VladVladikoff]

WOW that video! Ain’t no way anyone has EVER read those terms. This feels so insidious that it really should be illegal. Wonder if this exists in the EU or if they have shut it down already?

[arethuza]

That video has the app asking the user to confirm the use of their device to run a proxy within the app - but is there any hard requirement for this, could apps use this SDK and silently run as a proxy?

[alamortsubite]

My take is it's mostly irrelevant, but read the lobsters post mentioned elsewhere.

[alamortsubite]

Yes, and it doesn't matter if they do read the terms- to the average user they sound totally innocuous, especially placed next to a big shiny "GET 500 FREE COINS" button.

[seemaze]

That's sleazy. It's slipping drugs into a kids lunchbox and letting smuggle it across the border..

[arethuza]

I suspect most people, even when told exactly what the app using that SDK would be doing, wouldn't actually see the potential problems...

[kijin]

Until one day, they get swatted for accessing child porn.

Actually, that might be one way to draw attention to the problem. Sign up to some of these shady "residential proxy" services, and access all sorts of nasty stuff through their IPs until your favorite three-letter agency takes notice.