> After config fetch, the SDK opens a persistent WebSocket to:
wss://proxyjs.brdtnet.com:443
This hostname resolves to AWS Global Accelerator IPs
There is some irony that both the scrapers and the websites being scraped are probably hosted on AWS, while playing an elaborate cat-and-mouse game pretending that they weren't.
Kind how the American government needs commercial businesses which they poorly regulate so those businesses provide privacy invasions as a legal means to wash their hands.
Are there any defenses I can put in front of my websites that are good for stopping these things? The amount of traffic I see from residential proxies is just killing me. In particular defense against residential proxies.
I never connect any “smart” device to wifi. If it doesn’t work without connectivity, I don’t want it. I use my TVs as display devices. They have HDMI-in and that’s it.
If it has an Ethernet port I would use that then unplug it. It still gets to phone home once but you don't have to worry about it maliciously saving your Wi-Fi password for later
> The SDK’s config ships a flag “use_netifs”: true. That flag triggers code in the SDK binary that constructs its NWConnection with a specific required interface: en0 (WiFi) or pdp_ip0 (cellular), rather than using the system default route.
> On iOS, this bypasses any configured VPN’s tun0 interface entirely. The peer tunnel does not cross a user-configured VPN, even when the rest of the app’s HTTPS traffic does.
What's a legitimate use case for this API? When/why should an app be allowed to bypass a user-configured VPN?
When you're the application providing the VPN or when you're any app built to communicate with something on a local-ish network, not something actually reachable globally.
It has been a while since I personally did such traces, but Wireshark was very simple to use and once the network is exposed, it has lots of information available online if you need more.
I found bypassing your VPN particularly appalling, as is the whole thing. Personally, it would be amazing if there were a limit on how much can be in Terms of Service, as no one wants to read that much anymore.
One of the problems I can see here is the problem that running a Tor exit node has: badly behaved users are going to be using it to hide their location.
Imaging having the police show up at your door because they've figured out that you're trafficking child porn, when the actual culprit is someone that is using your TV as a proxy to trade child porn.
I genuinely dislike how user hostile everything has become. I effectively have to become an expert in near everything and track all news on the off-change something major upends previous assumptions. And if I miss it somehow and complain about it, defenders will come out of the woodwork to defend, deflect or derail the conversation.
If there is any good news about this, it is that the fatigue seems to be hitting normal people. Buddy from work complained to me how he now is now forced to be a full blown wifi/internet admin so that his kids' restrictions/limits are appropriately enforced.
I am just venting, because I am not entirely certain what an appropriate solution here is.
If the kind of proxying isn't illegal, in my opinion it should be -- saying it's bordering on circumvention of fundamental assumptions about Internet routing and IP address leasing (and ownership), would be a sorry understatement compared to what Bright Data has managed to package into a product payment:
> you are allowing Bright Data to occasionally use your device’s free resources and _IP address to download public web data from the internet_. (emphasis mine)
I think the misleading part -- to the end-user -- is the "download public web data" part. If the data is public why can't Bright Data download it themselves? Well, because the other end doesn't want them to, apparently. The product is make you help Bright Data circumvent the undesired properties of the "public" data providers, on behalf of someone who happens to have the cash but as of yet is at the short end of the Internet stick (for all the right reasons, I'd say).
This is absolutely deplorable, but knowing the directions this is heading, I am neither surprised nor concerned, frankly. People have long voted with their wallet -- it's not the privacy-conscious Joe the Hacker that is being proxied through here, it's our parents and millions of people who just want entertainment at the end of the working day, including _parents_ of small children.
Day by day the dark Internet theory sounds more plausible, and frankly I am all there for it. The Internet will collapse into a feudal internetwork where any routing will need hop-by-hop key, so real people (and agents, frankly) can maintain a measure of trust that right now is being actively circumvented.
Both are causing a dynamic that will lock down the internet evermore for everything straying slightly from the corporate-approved line.
If the divide was data center vs residential IPs, fine, but thanks to Bright Data and friends, residential IPs are getting suspicious as well, so I guess the next step is full-on client verification then...
I wish federal or state laws could force providing transparency because asking for privacy is a dead end at this point. Just force products and providers that run in my home where they phone in. Then, I can decide what to do with that whether I send them to a black hole or let them pass.
So wait a second then, it connects out using a websocket to its bot C&C server, right?
Which presumably passes it a URL to scrape and waits for it to return the data.
What happens if I write my own tool that connects to that C&C server, waits for a URL to scrape, and returns gigabytes of freshly brewed hot horseshit?
> After config fetch, the SDK opens a persistent WebSocket to:
wss://proxyjs.brdtnet.com:443
This hostname resolves to AWS Global Accelerator IPs
There is some irony that both the scrapers and the websites being scraped are probably hosted on AWS, while playing an elaborate cat-and-mouse game pretending that they weren't.
Kind how the American government needs commercial businesses which they poorly regulate so those businesses provide privacy invasions as a legal means to wash their hands.
Are there any defenses I can put in front of my websites that are good for stopping these things? The amount of traffic I see from residential proxies is just killing me. In particular defense against residential proxies.
I never connect any “smart” device to wifi. If it doesn’t work without connectivity, I don’t want it. I use my TVs as display devices. They have HDMI-in and that’s it.
On my TCL TV, you have to connect it to read the Google policies you are agreeing to. If you don't, you agree to policies unread.
Thankfully, the blast radius of this is nothing without connectivity.
If it has an Ethernet port I would use that then unplug it. It still gets to phone home once but you don't have to worry about it maliciously saving your Wi-Fi password for later
But it lets you continue without reading them? There's a lot of questionable terms of service rules but this one has to be unenforcable.
> The SDK’s config ships a flag “use_netifs”: true. That flag triggers code in the SDK binary that constructs its NWConnection with a specific required interface: en0 (WiFi) or pdp_ip0 (cellular), rather than using the system default route.
> On iOS, this bypasses any configured VPN’s tun0 interface entirely. The peer tunnel does not cross a user-configured VPN, even when the rest of the app’s HTTPS traffic does.
What's a legitimate use case for this API? When/why should an app be allowed to bypass a user-configured VPN?
> What's a legitimate use case for this API?
When you're the application providing the VPN or when you're any app built to communicate with something on a local-ish network, not something actually reachable globally.
> When/why should an app be allowed to bypass a user-configured VPN?
temporarily if full tunnelling isn't working, one can split tunnel to route around issues due to VPN
But imo an app should never bypass something like a network boundary.
Naive question: what would I search for to find a tutorial on how to detect this on my devices, which are mostly iOS, or in my home network?
I'd love to find and remove any apps from my devices that have this SDk active.
There could be better, but this looked reasonable at first glance if you also have a Mac.
https://www.thequantizer.com/tutorials/wireshark-iphone-traf...
It has been a while since I personally did such traces, but Wireshark was very simple to use and once the network is exposed, it has lots of information available online if you need more.
I found bypassing your VPN particularly appalling, as is the whole thing. Personally, it would be amazing if there were a limit on how much can be in Terms of Service, as no one wants to read that much anymore.
One of the problems I can see here is the problem that running a Tor exit node has: badly behaved users are going to be using it to hide their location.
Imaging having the police show up at your door because they've figured out that you're trafficking child porn, when the actual culprit is someone that is using your TV as a proxy to trade child porn.
I genuinely dislike how user hostile everything has become. I effectively have to become an expert in near everything and track all news on the off-change something major upends previous assumptions. And if I miss it somehow and complain about it, defenders will come out of the woodwork to defend, deflect or derail the conversation.
If there is any good news about this, it is that the fatigue seems to be hitting normal people. Buddy from work complained to me how he now is now forced to be a full blown wifi/internet admin so that his kids' restrictions/limits are appropriately enforced.
I am just venting, because I am not entirely certain what an appropriate solution here is.
Solution is more regulation, stronger consumer organizations, and privacy watchdogs with actual teeth.
Not if my firewall blocks it from accessing the outside world. (But allows HomeAssistant to control it)
If the kind of proxying isn't illegal, in my opinion it should be -- saying it's bordering on circumvention of fundamental assumptions about Internet routing and IP address leasing (and ownership), would be a sorry understatement compared to what Bright Data has managed to package into a product payment:
> you are allowing Bright Data to occasionally use your device’s free resources and _IP address to download public web data from the internet_. (emphasis mine)
I think the misleading part -- to the end-user -- is the "download public web data" part. If the data is public why can't Bright Data download it themselves? Well, because the other end doesn't want them to, apparently. The product is make you help Bright Data circumvent the undesired properties of the "public" data providers, on behalf of someone who happens to have the cash but as of yet is at the short end of the Internet stick (for all the right reasons, I'd say).
This is absolutely deplorable, but knowing the directions this is heading, I am neither surprised nor concerned, frankly. People have long voted with their wallet -- it's not the privacy-conscious Joe the Hacker that is being proxied through here, it's our parents and millions of people who just want entertainment at the end of the working day, including _parents_ of small children.
Day by day the dark Internet theory sounds more plausible, and frankly I am all there for it. The Internet will collapse into a feudal internetwork where any routing will need hop-by-hop key, so real people (and agents, frankly) can maintain a measure of trust that right now is being actively circumvented.
I find Cloudflare to be more unethical than Bright Data.
Both are causing a dynamic that will lock down the internet evermore for everything straying slightly from the corporate-approved line.
If the divide was data center vs residential IPs, fine, but thanks to Bright Data and friends, residential IPs are getting suspicious as well, so I guess the next step is full-on client verification then...
These are legitimate client devices. Good luck with that.
I wish federal or state laws could force providing transparency because asking for privacy is a dead end at this point. Just force products and providers that run in my home where they phone in. Then, I can decide what to do with that whether I send them to a black hole or let them pass.
Not the one in my living room.
So wait a second then, it connects out using a websocket to its bot C&C server, right?
Which presumably passes it a URL to scrape and waits for it to return the data.
What happens if I write my own tool that connects to that C&C server, waits for a URL to scrape, and returns gigabytes of freshly brewed hot horseshit?
Most scrapped websites have https, so you need to perform a MITM attack. Scrapers will probably notice that.