Post AtDki6NYPRbCyn1p8y by ellington@lab.nyanide.com
 (DIR) More posts by ellington@lab.nyanide.com
 (DIR) Post #AtDjt7s56Ko6q604My by jwildeboer@social.wildeboer.net
       2025-04-18T12:30:43Z
       
       9 likes, 10 repeats
       
       The web is broken, IMHOSo there is a (IMHO) shady market out there that gives app developers on iOS, Android, MacOS and Windows money for including a library that sells users network bandwidth. Infatica [1] is just one example, there are many more.I am 99% sure that these companies cause what effectively are DDoS attacks that many webmasters have to deal with since months. This business model should simply not exist. Apple, Microsoft and Google should act.1/5[1] https://infatica.io/sdk-monetization/
       
 (DIR) Post #AtDjtFUGmkVuSYvAMi by jwildeboer@social.wildeboer.net
       2025-04-18T12:40:26Z
       
       1 likes, 1 repeats
       
       What these companies then sell to *their* customers is network access through the devices/PCs that have an app with this SDK installed. They are proud to tell you how you can funnel your (AI) web scraping etc through millions of rotating, residential and mobile IP addresses. Exactly the pattern we see hitting our servers.https://infatica.io/pricing/2/5
       
 (DIR) Post #AtDjtNaaf8K5aTwKKO by jwildeboer@social.wildeboer.net
       2025-04-18T12:42:20Z
       
       1 likes, 1 repeats
       
       Now, again, this company is just one of many selling similar services. And they all promise that they carefully check what commands their customers send to the (IMHO) infected apps on your phone and PC. Yeah, I am sure they "do no evil". And when they do, they can claim it's not their problem because they are merely the proxy. Again, IMHO, a shady business model.3/5
       
 (DIR) Post #AtDjtVzhPfA3efkUZk by jwildeboer@social.wildeboer.net
       2025-04-18T12:49:37Z
       
       1 likes, 1 repeats
       
       But this explains the explosion of bot traffic that really cripples a lot of smaller services (like my forgejo instance, that I had to make non-public).So if you include such an SDK in your app to make some money — I'm sorry, but you are part of the problem and I think you should be punished for that. You are delivering malware to your users. Unfortunately it is next to impossible for normal users to detect the inclusion of such shady SDKs and the network traffic they cause.4/5
       
 (DIR) Post #AtDjtdzdflrmSnmYam by jwildeboer@social.wildeboer.net
       2025-04-18T12:53:47Z
       
       1 likes, 1 repeats
       
       I already blogged about this at https://jan.wildeboer.net/2025/02/Blocking-Stealthy-Botnets/I might rewrite that blog post to make the problem clearer. And to explain why I am now of the opinion that *every* form of web-scraping should be considered abusive. If you think your web-scraping has always been acceptable behaviour, you can thank these shady companies and the "AI" hype for moving you to the bad corner.The web is broken, IMHO.5/5
       
 (DIR) Post #AtDki6NYPRbCyn1p8y by ellington@lab.nyanide.com
       2025-04-18T16:22:58.027347Z
       
       1 likes, 1 repeats
       
       @jwildeboer Third worlders get to have some pocket money, I get a pool of IPs to pester jannies from. Seems like a fair deal to me.>2/5Get a better character limit, nerd.
       
 (DIR) Post #AtE9R3lBOIO4mw3DkW by jwildeboer@social.wildeboer.net
       2025-04-18T17:50:02Z
       
       0 likes, 1 repeats
       
       Addendum: Trend Micro did some research on these companies back in 2023 and it confirms my suspicions. And I guess with AI scraping this kind of business is booming. For the paranoid:„There are malicious actors who repacked freeware and shareware written by other people to conduct drive-by downloads of the Infatica peer-to-business (P2B) service“https://www.trendmicro.com/vinfo/ae/security/news/vulnerabilities-and-exploits/a-closer-exploration-of-residential-proxies-and-captcha-breaking-services6/8
       
 (DIR) Post #AtE9RC4ySayKadN8i0 by jwildeboer@social.wildeboer.net
       2025-04-18T18:44:43Z
       
       0 likes, 1 repeats
       
       Addendum 2: If you want to feel really dirty, go to https://proxyway.com/reviews?e-filter-da2a7bc-reviews_categories=proxy-providers for a collection of reviews on these services. It's a huge market and I am 100% convinced that "AI" web scraping is currently the biggest "growth" driver for these companies.And when I see that quite some of them rely on injecting SDKs into 3rd party apps to "extend" their "Reach", I would call these "residential proxy providers" malware/botnets. But that's just my personal opinion. I am sure they are all legit.7/8
       
 (DIR) Post #AtE9RJWslESHhDU1gG by jwildeboer@social.wildeboer.net
       2025-04-18T18:55:45Z
       
       0 likes, 1 repeats
       
       If you've made it to this final post of this thread — thank you for your time and interest! I hope it helps you understand why web crawlers have become a real problem and how this is more and more an attack on the foundation of the Web as it was intended to be. This "residential proxy" business is just one part of this. And we webmasters/admins can only try to block. It is getting more and more difficult to keep up with these waves. Thanks "AI"!I will convert this thread to a blog post.8/8
       
 (DIR) Post #AtFTdINL4MNPpjyCIa by WandererUber@poa.st
       2025-04-19T12:21:00.920495Z
       
       2 likes, 1 repeats
       
       @ellington @jwildeboer >Third worlders get to have some pocket moneyThis is good how?