Virtualization Technology News and Information
Is Your Device Someone Else's Proxy? The Moral Boundaries of Proxy Sourcing

By Vaidotas Sedys, Head of Risk Management at Oxylabs

Being digitally connected has many benefits. Our devices empower us to access diverse networks, share data worldwide, and remotely control various hardware. However, this interconnectedness has its share of threats. The Internet opens ways for your personal device to be used by others as a proxy without your knowledge.

On its way to maturity, the premium proxy industry must weed out all unethical proxy sourcing practices that lead to people's devices becoming less personal. Shedding light on such practices and asking proxy providers how exactly they have come to control large pools of residential proxies can help achieve this goal.

What are residential proxies?

Proxies are intermediaries between a client device and the end server it tries to access. Some business processes depend on using extensive proxy infrastructures. For example, business intelligence tasks such as price monitoring require having many location-specific IP addresses on rotation to collect pricing data effectively.

A residential proxy is a real device associated with a residential address rather than a data center that is used as an intermediary server. Thus, your laptop can also be a residential proxy if someone directs their traffic through it when connecting to the Internet. It is possible that it already is without you even knowing.

How do providers acquire large proxy pools?

Considering that residential proxies are real devices belonging to everyday internet users, one might be astonished that residential proxy providers have millions of IPs at their disposal. Where and how do providers get so many residential proxies?

There are both ethical and unethical ways to build a residential proxy pool. The provider's moral compass determines which methods are preferred.

Sourcing through specialized applications

The only unproblematic way to source residential proxies is by getting the explicit consent of device owners. In 2020, Oxylabs introduced a tier framework to categorize proxies by how they are sourced. The top tiers, tier A and tier A+, are both proxies sourced with device owner knowledge and consent, with tier A+ also providing financial rewards to the owners.

This system of knowingly entering a proxy pool is set up via a downloadable application. Users download the app on their device, create an account, and decide how much bandwidth they wish to share. Oxylabs' residential proxy infrastructure consists only of ethically sourced tier A and tier A+ proxies.

The lower tiers are for proxies sourced in less than ethical ways, including illegal practices. A handful of methods allow paid and free proxy providers to acquire residential IPs without the end user's consent or even while inflicting additional harm. We created our tier framework in part to shed light on the unethical proxy sourcing practice that dominated the industry at the time.

SDK integration

Software development kits (SDKs) are sets of platform-specific tools for developers. However, regular users can download SDKs as code integrated into some applications. For example, a free game app you download from a legitimate app store can contain an SDK that performs a specific task. Some SDKs are written to transform the user's device into an access point, which makes it usable as a proxy.

This practice can be ethical or not, depending on its transparency. The unethical way is integrating the SDK into an app while failing to inform the user adequately. If the information about the SDK is withheld or deliberately made hard to notice, one cannot say that user consent was acquired honestly.

The ethical approach involves clearly informing the user about the additional code in the app and what it does and providing options. For instance, the user could choose between a paid game without the SDK or its free version with an integrated SDK.

Installed with browser extensions

Similarly to malicious applications, software that turns devices into proxies can be spread through browser extensions. Extension developers are sometimes bombarded with offers to include a code that drags the device into a proxy pool in their extensions. Since developers often have difficulty monetizing their extensions, such offers might be tempting. Thus, it is advisable to be very careful with the permissions you grant when installing an app or a browser extension.


Finally, the most immoral way to source residential proxies is by infecting devices with malware. This method turns the device into a proxy without the owner's knowledge and might also inflict other harm. For example, hackers can use the same malware to steal the user's personal data, including financial credentials.

Threats posed to businesses by unethical providers

Using a residential proxy infrastructure without being sure how the provider managed to source so many IPs, along with moral pitfalls, involves substantial business risks.

Many of the risks associated with using proxies of suspicious providers have been around long enough to be discussed years ago. The potential reputational and legal issues are even more likely now as society and policy-makers pay more attention to cybersecurity and the big data industry.

Along with these issues and the financial and operational damage that can be incurred, clients of morally unreliable providers can also be exploited by the very same methods of proxy sourcing. After infecting a single device, malware might spread through the company's internal network, drawing all the devices into what is known as a botnet. Botnets are networks of infected computers controlled by third parties without the owners' knowledge. Often, they are utilized for cybercrime.

In 2022, an international investigation revealed that a well-known proxy provider was a botnet. Any company using such a service might be doubly victimized by the perpetrators, both as a customer and as the end user of hijacked devices. Stopping such botnets should also come from both directions-refusing to work with suspicious proxy providers and making cybersecurity one of the top priorities to invest in.

In conclusion: it doesn't hurt to ask

To sum up, it is impossible to completely protect ourselves from unethical proxy sourcing practices used by unscrupulous providers and cybercriminals. However, due diligence helps mitigate the risks when coming into partnerships.

You might not always get an honest answer, but asking your provider how they source their residential proxies is still a good idea. Showing interest will promote more transparency throughout the industry, leaving less room for providers to hope that shady practices will slide. Only the collaborative vigilance of ethical proxy infrastructure providers, their client base, and the general public will help keep proxy sourcing within moral boundaries in the future.



Vaidotas Sedys 

Vaidotas Šedys is the head of the Risk Management department at Oxylabs, a market-leading web intelligence solutions provider. Having extensive experience in payment and digital risk management, Šedys established himself as an influential force in the online web data gathering industry, employing innovative methods to ensure the most ethical and secure software-as-a-service business processes.

Published Tuesday, May 07, 2024 7:36 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2024>