Residential proxies and decentralized physical infrastructure networks (DePINs) are technologies that enable end users to participate in semi-anonymous connections similar in function to virtual private networks (VPNs) by essentially sharing their broadband connection with anonymous external users. These types of networks are not new, but they are becoming more popular, easier to set up (sometimes inadvertently) and are advertised to subscribers to generate passive income, remove geo-blocking restrictions, and increase their privacy and security.
In this blog, we’ll look at how these networks work, why subscribers implement them on their home networks, and finally the security and privacy risks that these types of networks pose for both subscribers and Internet Service Providers (ISPs).
What are overlay networks?
In general, overlay networks are logical networks built on top of existing physical networks. Residential proxies and DePINs are examples of overlay networks consisting of software or hardware running on the subscriber’s home network or mobile device.
Many of these networks include a cryptocurrency token (Bitcoin, Ethereum, etc.) that allows the end user to earn a financial stake by sharing their bandwidth in the overlay network. These networks are marketed to subscribers to earn passive income, with catchy phrases like “Get paid for your unused Internet” or “Turn your unused Internet into cash,” and companies offering these services often have sign-up bonuses, special offers, and referral incentive programs. And hierarchical. Charts.
Harm to the subscriber
End users believe they will gain more security and privacy by participating in these types of networks. However, they often face a completely different reality.
To participate, users must place their trust in the proxy provider, which has strong incentives to monetize their access to end-user data and online activity by selling user information to data brokers or other third parties. For example, privacy violations can occur by leaking sensitive information, such as which sites a subscriber visits, to third parties for targeted advertising and profiling.
By sharing their broadband connection with these proxy networks, subscribers may unwittingly participate in botnets, distributed denial of service (DDoS) attacks and other illegal activities such as copyright violations, or worse, facilitate the transfer of Child sexual abuse material.
Broadband subscribers simply cannot know what unwanted or illegal traffic they are allowing through their broadband connection. This can damage the reputation of a subscriber’s IP address, potentially blocking the subscriber’s access to legitimate services. This may also lead to legal action against the subscriber as government authorities will track the subscriber often unwittingly through his or her IP address.
An additional way in which a broadband subscriber may be harmed is through the unintentional installation of malware or information-stealing software. For example, a cybercrime campaign run by a group called Void Arachne uses a malicious virtual private network (VPN) installer to embed deepfakes and artificial intelligence (AI) software to enhance its operations. End users may think they are installing software that will improve their privacy and security, but they are actually installing malware that tracks them and feeds sensitive data to bad actors.
Damage to the broadband network
Residential proxies consume bandwidth and produce traffic that is not directed to or originating from the broadband subscriber. This additional bandwidth consumption may negatively impact subscribers’ perceptions of their service and may increase costs to the network operator. There could be implications for peering agreements between operators as well. A residential proxy that facilitates the transmission of certain traffic may lead to a decrease in the reputation of the IP addresses used and possible blocking by external services.
ISPs face a much broader risk when it comes to intellectual property reputation. The reputation of a single IP address that is damaged due to the operation of an overlay network can affect not only a single subscriber but multiple subscribers as the IP address is reassigned through Dynamic Host Configuration Protocol (DHCP). If operators use Network Address Translation (NAT), all addresses behind the NAT can be affected. This not only disrupts service for subscribers, but can also cause damage to the ISP’s reputation and brand.
Some overlay networks require a static internal port forwarding setup to fully participate in the network. These ports are then easily scanned and recorded in databases such as Shodan, making it easier to discover which nodes are involved. DePIN devices will inevitably be neglected and will no longer receive firmware updates and security patches. This will increase the risk of devices being compromised and exploited for other purposes, such as participating in a botnet.
Improving capabilities to confront threats
In short, decentralized overlay networks such as residential proxies and DePINs pose real and significant security and privacy concerns for both subscribers and ISPs. These technologies enable near-anonymous communications but also increase the risks of reputational damage, disruption of service, and potential malicious use.
As these networks become more widespread and increasingly exploited by malicious actors, it is necessary to improve detection capabilities and develop effective mitigation strategies to address these risks.
To effectively mitigate these risks, a multi-stakeholder approach is necessary, including cooperation between civil society, ISPs, network providers, regulatory bodies and law enforcement agencies. This can include implementing robust network monitoring and security protocols and developing guidelines to educate subscribers on safe usage practices. By taking a proactive and coordinated approach, we can reduce the risks associated with overlay networks and promote a safer and more secure online environment for all users.
If you’re a CableLabs member or reseller and interested in collaborating with us to find solutions for safer and more secure online experiences, explore our working groups and contact us using the button below.
