Residential proxies resell bandwidth from devices at physical locations instead of through datacenters. Customers of a residential proxy service are able to purchase metered data plans to send traffic out of those devices. What makes residential proxies different from other forms of proxies is the diversity of IP addresses they provide. For example, residential proxy services can resell bandwidth from coffee shops, office buildings, homes, or even 5G connected cell-phones. Any internet connection can contribute to a residential proxy network and mix traffic from legitimate and illegitimate users..
Residential proxies circumvent common protections such as country code blocking, datacenter detection, and rate-limiting. Spur’s IP threat intelligence helps fraud detection, account takeover protection (ATO), and session hijacking prevention by listing what IP addresses are actively contributing to residential proxy networks.
Residential proxy providers make money by exposing “clean” IPs to customers in order to hide their activity and circumvent content, security, or fraud protections. This is very similar to how botnets operated in the past. Many residential proxy providers ship software that pays contributors to their network based on the amount of traffic that passes through their IP. Some providers leverage malware or other more surreptitious means to add devices to their proxy pool.
In the best case, a residential proxy contributor is providing full consent as the owner of an IP address and also the network operator supplying the bandwidth. In reality, most internet service providers explicitly prohibit bandwidth sharing and reselling, and “consent” is nothing more than “I can install something on this network”. This has created financial incentives for malware operators and criminals to contribute to these proxy networks to create a “legitimate” revenue stream through their exploits.
There are many uses for residential proxy networks. Many security researchers or business intelligence teams will use residential proxies to scrape content from websites across the internet. The variety of IP Addresses available means that their activity will not be rate-limited or detected by a website. They can scrape using specific geographic regions to further avoid IP location restrictions.
Criminals and fraudsters leverage residential proxy services for their campaigns. In particular, successful account takeover and session hijacking is easier when you can mimic the profile of the legitimate user you are targeting. For example, if a malicious actor knows the banking password for a user in New York City, they can buy a residential proxy from a nearby IP address to log-in and defeat location based fraud detection. In some cases, criminals can use the same IP that the victim has!
Activity from residential proxies is often discussed interchangeably with bot activity. Many digital risk protection products will equate the two. Residential proxy networks do enable automated activity, however they also enable targeted fraud and crime. Fraudulent or criminal traffic can use residential proxies to hide in the noise of legitimate users and create any network profile they want. Spur uses our monocle product to provide digital risk protection against both kinds of attacks.
The residential proxy industry has created multiple companies valued in the billions of dollars. Their core value proposition is to evade the digital risk protection and defenses that companies have used for decades.
