This offers multiple opportunities for bad actors, including:

• Copyright infringements
• Ad fraud and click fraud
• Bypassing antifraud systems
• Password and credential spraying attacks
• Spreading social media misinformation

While there are legitimate use cases for residential proxy networks, such as online anonymity for increased individual protection or multi-location SEO monitoring for companies, these networks are often managed by companies that don’t ask questions about what users are doing or why. 

Google vs. IPIDEA: disrupting residential proxy operations

One of the world’s largest residential proxy networks was IPIDEA. Operated by a company based in China, the network hijacked millions of end-user devices without their consent. These devices included computers, smartphones and smart TVs. Using what are known as software development kits (SDKs), IPIDEA was able to install its proxy program onto these devices. 

In some cases, the company paid developers to include these SDKs in their applications, which in turn infected devices. IPIDEA also offered “free” VPNs that installed the proxy software when used and embedded its SDKs in free applications and games. While IPIDEA and similar networks often claim publicly that their residential proxies are obtained legitimately and with consent, analysis of IPIDEA SDKs showed they were designed to be embedded within other applications and without any mechanism for consent.

To help reduce the residential proxy risk and impede IPIDEA operations, the Google Threat Intelligence Group (GTIG) carried out three actions:

1. Took down domains used to control devices and proxy traffic.
2. Shared intelligence on IPIDEA software development kits and proxy software tools with law enforcement and research firms to improve awareness and enforcement.
3. Ensured that Google Play Protect for Android devices automatically warned users about IPIDEA applications, removed these applications if installed, and blocked any future install attempts. 

According to Google, these combined efforts have “caused significant degradation of IPIDEA’s proxy network and business operations, reducing the available pool of devices for the proxy operators by millions.” Although this doesn’t eliminate the threat posed by IPIDEA and similar proxy networks, Google’s actions have made it more difficult for malicious actors to install and operate proxy servers without user consent. 

Protecting yourself from residential proxies

If your device is compromised by a residential proxy that is then used by a malicious actor, you could find yourself in the crosshairs of law enforcement or fraud investigations. In addition, these proxies may carry malware and other payloads that impact the function of your device.

To protect yourself from residential proxies, the FBI recommends: 

• Avoiding TV streaming services that claim to provide free content, such as movies or sports
• Being cautious when using any VPN service, especially those that are free
• Only using trusted application stores and applications from well-known publishers
• Ensuring all operating systems, applications, and security tools are up-to-date

It’s also a good idea to regularly run antivirus and antimalware scans on your device.

Reducing proxy risk: It’s a team effort

Bottom line? While residential proxies remain problematic, global organizations such as Google are now taking steps to limit their impact. But companies can’t solve this problem alone. To reduce the risk of unauthorized installation and IP hijacking, avoid streaming services that are too good to be true, take a pass on free VPNs, and always use trusted application stores when downloading new software.