- Infoblox Threat Intel Finds 65%+ of Cloud Customers Made DNS Queries to Residential Proxy Domains by 2026
- Residential proxies can result in legal exposure or reputational damage if threat actors misuse them
- While not all home proxies are illegal, abusers take advantage of anonymity combined with cheap, unauthorized home proxies to perform tasks that can be unethical, if not outright illegal at times
Users who install free VPNs, streaming apps, and even productivity apps may be unaware that they are often inadvertently the product themselves.
The old adage that there is no free lunch rings true here with many of these ‘free’ services essentially renting out the identity of an unsuspecting victim’s network to strangers, many of whom use it for nefarious reasons.
The practice, which is considered fair game by many such applications, has security and privacy implications beyond flagging users for fraud or extra verification, as IP reputation systems in data centers account for requests that appear to originate from a victim’s network.
Blending in for a reason
The service used here is called a ‘residential proxy’ and while legitimate providers may exist, many of the sources are questionable to say the least. This is because the demand for ‘pure’ housing proxies is both huge and consistent.
Research from Infoblox Threat Intel indicates that the situation is more serious than previously thought, as nearly two-thirds (65%) of its Threat Defense Cloud customers made DNS queries to domains used to access or orchestrate residential proxy networks by 2026, totaling over 500 billion such queries per month.
This is different from anonymizers like Tor or commercial VPNs, which produce anonymized traffic via volunteer nodes for the former and data center IPs for the latter. It leverages existing hardware on one’s home network, such as home routers, phones, IoT gadgets, or anything else that can essentially run a proxy service.
The kicker is that most of these services never obtain permission from a ‘host’ or bury such clauses deep in their End User License Agreement (EULA), often leading to unsuspecting victims ‘helping’ with malicious activities such as fraud, unauthorized data scraping and even streaming services that bypass regional restrictions.
Victims suffer because such services are essentially freeloading on their existing connections, slowing down their internet, but can also result in their IP addresses or networks being flagged as untrustworthy or even fraudulent if the incidents remain regular. This could open them up to legal problems: it is difficult, time-consuming and sometimes downright impossible to prove that you were the conduit rather than the perpetrator of said activities.
Avoiding this is easier said than done, but there are ways to reduce susceptibility to this type of abuse. A software audit should be your first line of defense. Knowing what’s running on all your devices and whether it’s trustworthy or not is key to preventing exposure.
In particular, one should be aware of free VPNs, cheap IoT devices from questionable manufacturers, streaming software and even browser extensions, all of which can expose one to threat actors. Investing in a router or software service that blocks such requests would also go a long way, as would leveraging protective DNS to monitor your network.
To start with, users can also use services to monitor and check their IP’s risk profile, so they can determine if they are already exposed to abuse.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
