Residential proxies and decentralized physical infrastructure networks (DePINs) are technologies that enable end users to participate in semi-anonymous communications similar in function to virtual private networks (VPNs) by essentially sharing their broadband connection with anonymous third-party users. These types of networks are not new, but they have become more popular, easier to set up (sometimes even inadvertently) and are advertised to subscribers to make passive income, remove geo-blocking restrictions, and increase their privacy and security.
In this blog, we’ll look at how these networks function, why subscribers are implementing them on their home networks, and finally the security and privacy risks presented by these types of networks to both subscribers and internet service providers (ISPs).
What Are Overlay Networks?
Generally speaking, overlay networks are logical networks built on top of existing physical networks. Residential proxies and DePINs are examples of overlay networks that consist of software or hardware that runs on the subscriber’s home network or mobile device.
Many of these networks include a crypto token (bitcoin, Ethereum, etc.) that allows the end user to earn a financial stake by sharing their bandwidth in the overlay network. These networks are marketed to subscribers to earn passive income, with catchphrases like, “Get paid for your unused internet” or “Turn your unused internet into cash,” and companies offering these services often have signup bonuses, specials, referral incentive programs and pyramid schemes.
Harms to the Subscriber
End users believe that they will get extra security and privacy by participating in these types of networks. However, they often face a very different reality.
To participate, users must put their trust in the proxy provider, which has strong incentives to monetize their access to end-user data and online activity by selling user information to data brokers or other third parties. For example, privacy violations can occur by leaking sensitive information, such as what sites the subscriber is visiting, to third parties for targeted ads and profiling.
By sharing their broadband connection with these proxy networks, subscribers may unwittingly participate in botnets, distributed denial-of-service (DDoS) attacks and other illegal activities such as copyright violations or, even worse, facilitating the transfer of child sexual abuse material.
The broadband subscriber simply cannot know what undesirable or illegal traffic they are allowing to transit their broadband connection. This can harm the reputation of the subscriber’s IP address, which could result in the subscriber’s access to legitimate services being blocked. It could even result in legal actions against the subscriber as government authorities will track down the often-unwitting subscriber by their IP address.
Additional ways that a broadband subscriber may suffer harm is through the unintentional installation of malware or info-stealing software. For example, a cybercrime campaign by a group named Void Arachne uses a malicious installer for virtual private networks (VPNs) to embed deepfake and artificial intelligence (AI) software to enhance its operations. End users may believe they are installing software that will enhance their privacy and security but are actually installing malware that tracks them and feeds sensitive data to bad actors.
Harms to the Broadband Network
Residential proxies consume bandwidth and produce traffic that is not directed to or originates from the broadband subscriber. This extra bandwidth consumption could adversely affect the subscribers’ perceptions of their service and may increase costs for the network operator. There can be implications to peering agreements between operators as well. A residential proxy that facilitates the transfer of certain traffic may lead to lowered reputations of the IP addresses in use and potential blocking by external services.
ISPs face a much broader risk when it comes to IP reputation. The reputation of one IP that has been damaged due to running an overlay network can affect not just one subscriber but multiple subscribers as the IP address is reassigned through Dynamic Host Configuration Protocol (DHCP). If operators use network address translation (NAT), all addresses behind the NAT can be affected. This not only causes disruption in service for the subscribers but can also cause reputational harm to the ISP and its brand.
Some overlay networks require that static inbound port forwarding be set up to fully participate in the network. These ports are then easily scanned and recorded in databases such as Shodan, making participating nodes easy to discover. DePIN hardware will inevitably be deprecated and no longer receive firmware updates and security patches. This will lead to a higher risk of the devices being compromised and exploited for other purposes, such as participating in a botnet.
Improving Capabilities to Counter Threats
In summary, decentralized overlay networks such as residential proxies and DePINs pose real and significant security and privacy concerns for both subscribers and their ISPs. These technologies enable semi-anonymous communications but also increase the risk of reputational harm, disruption in service and potential malicious use.
As these networks become more widespread and are increasingly exploited by malicious actors, it is essential to improve detection capabilities and develop effective mitigation strategies to address these risks.
To effectively mitigate these risks, a multi-stakeholder approach is necessary, involving collaboration between civil society, ISPs, overlay network providers, regulatory bodies and law enforcement agencies. This can include implementing robust network monitoring and security protocols and developing guidelines for educating subscribers on safe usage practices. By taking a proactive and coordinated approach, we can minimize the risks associated with overlay networks and promote a safer and more secure online environment for all users.
If you are a CableLabs member or a vendor and are interested in collaborating with us on solutions for safer, more secure online experiences, explore our working groups and contact us using the button below.