SecurityTrails Blog · Feb 04 · by Gianni Perez

Residential Proxies: Types, Usage and Dangers in Cybersecurity

Reading time: 11 minutes
Listen to this article

Privacy concerns over a flurry of egregious corporate breach scenarios continue to upend just about any other 'hot' technology-related topic out there—a direct reflection of the turbulent digital landscape we find ourselves in and a constant influx of hedonic platforms (e.g., social media) making indiscriminate use of personal data, albeit the dire consequences.

To compete in this fast-evolving grand scheme of things, companies have capitalized on a number of practices to clinch users to the idea that their online security is all but neglected.

New privacy laws, and similar regulatory literature, are quickly enacted as more and more people depart from normie behavior to embrace a security-first online culture scaffolded by the latest in identity protection. However casuistic the interpretations may get, the reality is that there is a sense of solace to be found in approaches such as encrypting email, or limiting the use of cookies to attempt to reduce digital footprints and keep malicious entities at bay.

Surprisingly enough, few understand the criticality and role attached to consumer IP addresses—think of the public address all your home and mobile devices share when connecting to the Internet at large, and how they monumentally expose any online user presence. For example, Location-based Social Network Systems (LBSNSs) are notoriously known for leveraging geolocation-capable applications in cell phones to pinpoint the whereabouts of users in a variety of ways; a factor likely to exacerbate the collective debate for years to come.

This blog post will dig into the privacy-advancing corpus to examine yet another attempt at anonymity: the residential proxy. Distrust, competitive advantage, secrecy, and censorship—these are all legitimate areas of correlation surrounding the implementation of proxies as history will have it. But regardless of use case, these devices also come with a fistful of unsavory side effects, as they can be taken advantage of by fraudsters and cybercriminals alike.

Let's take a look.

What is a residential proxy?

Proxy servers, otherwise known as proxies or gateways, have been a predominant feature of the networking domain for quite some time. The concept surfaced as the need arose for an intermediary, transparent function capable of accepting and forwarding requests, on behalf of users, destined for the larger-scale Internet.

Some of the early functionalities attributed to proxies included the ability to cache content (e.g., web pages) to improve responsiveness and overall user experience, as well as the potential to masquerade internal traffic by not revealing the true origin of such requests. If we learned anything from these early attempts at conjuring privacy it is that proxies palpably offered an important approximation to the challenge of hiding users' web activity from a third party.

What is a residential proxy?

As proxies worked to intercept communication between sender and receiver, this also meant that they could serve as a sort of entry-level firewall in certain enterprise settings where traffic needed to be tightly controlled and scrutinized. Moreover, Internet users living in censorship-prone countries took advantage of the spatial distribution of open proxies to circumvent the limited access to the information they were seeking. Unencumbered access to many of these vantage points, however, did not last long, as proxy platforms with known public IPs were overtly targeted by censoring authorities.

In recent years, a new form of proxying has come into view in response to the restrictions on Internet freedom. Known as the residential proxy, this new approach entails the disposition of physical end user devices (e.g., a desktop computer) acting in unison to provide proxy services to a broad consumer base around the globe.

The Residential Proxy network

This emerging market of residential hosts acting as proxies is comparable to more traditional approaches that rely on datacenter endpoints. Borrowing a private IP address provided by an Internet Service Provider (ISP) to homeowners, residential proxies are, however, more dynamic in nature, usually featuring a back-connect-type role in a network of similar devices to provide additional resilience and prevent detection by potential censors.

How a Residential Proxy works

Like any of its predecessors, the residential IP proxy relays your traffic through an intermediary proxy server, but this server does not forward your request directly to the target site. Instead, a resource server chooses a random IP address from a pool of contracted residential proxies and routes your request through it. A simple, yet elegant solution to legitimizing traffic even to the most sophisticated content inspectors.

What are residential proxies used for?

Residential proxy consumers can generally establish the point of departure for their traffic by relaying through a specific geographical area of their choosing. For example, users in São Paulo, who wish to browse a certain site hosted in Tokyo, can have their requests routed through a residential proxy network in Paris- from a connectivity standpoint, all the website 'sees' is traffic originating from Paris. Once again, this acceptable amount of concealment is possible by leveraging an aggregate of personal computers, mobile devices, and even IoT equipment- lately, major proxy service providers have also begun offering software development kits (SDKs) tailored to developers who wish to integrate residential-like proxying into their application frameworks.

In short, here are some of the most popular use cases for residential proxies (sparing you most of the underlying definitions):

Web Scraping

Depending on budget and other legal considerations, web scraping management via proxies is almost a mandatory solution. In particular, the semi-private nature of residential proxy IPs improves the quality of the overall scraping score—this is in stark contrast to proxy pools merely composed of datacenter IPs, which are more prone to programmatic detection and banning.

For example, AWS offers cost-effective, serverless, lambda, and compute architectures that can support scraping services by following a few simple steps. However, website crawlers and spiders using these cloud services are at a higher risk of having a diminished crawling experience given AWS' servers frequent reputation with the cyber security community for hosting harmful content.

Internet Marketing Management

Rotating proxy networks, such as those offered by residential IP proxies, allow marketing managers to quickly and effectively oversee different ad campaigns, as these participating IPs are flagged in regional (local) Internet registries and, thus, are linked to legitimate users.

Commonly referred to as ad verification, the goal here is also to avoid improper ad placement by unscrupulous competitors and even dissuade criminal actors from dishonest activities that threaten contextual brand reputation.

Consequently, companies can obtain that much-desired competitive edge by ensuring their ads can reach the desired target audience and country, avoiding loss of revenue due to misplaced advertisement.

SEO Content Management

The impact of cybersecurity on Search Engine Optimization (SEO) strategies cannot be overstated. Although the economics of residential proxies vastly facilitate SEO practices, it is predominantly the scalability features that are the decisive factor when it comes to properly assessing a site's ranking; for instance, by simulating, measuring, and auditing conditions such as click-through rates, dwell times, bounce rates, and similar data points as if these were coming from real visitors. As a result, residential proxies allow SEO tools to analyze specialized markets in areas where scraping is heavily frowned upon. Finally, proxies with more local targeting options can help optimize SEO content via algorithm adjustments based on local business conditions.

To summarize, residential proxies, especially those proficient at mimicking human-like browsing behavior via IP rotation, are intentionally designed to provide a competitive edge. Whether your work involves scraping web content on a large scale or the use of bots to keep a close eye on social media trends, a single residential IP will not be sufficient to keep the powers that be from blocking your activity in the long run.

Types of residential proxies

Although the sort of IP-rotating mechanism employed by some residential proxies has a wide margin of benefits, it is not without its limitations. For example, it is a common occurrence for rotating residential proxy networks to experience longer periods of downtime and less-than-optimal speeds. In practice, residential IP proxies are also plagued by high costs; hence, it is up to users to strike a balance between speed, usability, and price from the myriad providers that offer these services.

On the other hand, static residential proxies are preferable in some situations whereby a constantly-rotating IP would be flagged as suspicious by a capable algorithm, blocking further access to the user or application in question.

Another scenario entails an e-commerce server tasked with preventing returning visitors from producing an inordinate amount of logins from multiple geographical locations and IPs—this will certainly be considered a sign of proxying which may, according to policy, be blocked as such.

Because static residential proxies are intrinsically considered datacenter proxies, they combine the robustness and high speeds associated with datacenter routing infrastructure. The fixed, non-ISP-related nature of static residential proxies is also alluring to businesses that require closed-loop network interactions with their client base, or simply because it simplifies contractual and operational models given its relative transparency. In short, the static residential proxy combines features akin to its more dynamic sibling, but rarely exhibiting the same price tag.

Dangers of residential proxies

Far from being the anonymization panacea they claim to be, residential proxies have been fertile ground for content thieves, fraudsters, and scalpers for quite some time. In fact, trouble in paradise began when these cybercriminals learned the fine art of covering their tracks behind an amalgam of low-cost residential and datacenter proxies, allowing several types of cybercrime to run unchecked—or at least with very little oversight.

In a recent SecurityTrails interview with Spur Intelligence co-founder Thomas Kilmer, the entrepreneur briefly adds what happens when users lend residential IPs, and any associated devices, to proxy networks that fall prey to criminal activity. Regrettably, he says:

".. any malicious or fraudulent activity they perform will be attributed back to you. If you take your device to work and connect to their network, these proxy companies will then have access to that connection. In the best case, the proxy customers activities are attributed back to your company. In the worst case, the proxy customers can access internal company documents. Some of these services do not filter access to intranet sites."

In addition, residential proxies are known enablers of chargebacks—the forceful removal of funds from a merchant's account by a bank, or a similar entity, on behalf of cardholders due to a fraudulent charge via a third-party vendor.

The story is rather simple: fraudsters know how to enjoy the type of cover that residential IPs provide when purchasing and delivering goods using stolen credit cards. By the time the true cardholder notices the charges and engages the credit card company (to open an investigation), the goods have been delivered and the profit is safe in the fraudster's pocket.

Analogous to chargebacks, residential IP proxies have brought additional issues into sharp focus—for example, credential stuffing. The technique is built around a sufficiently-large cache of stolen usernames and passwords (a.k.a., credential dumps) used to automate brute-force attacks against unsuspecting sites and web applications.

Anatomy of a credential stuffing attack

To avoid being detected and blacklisted, the toolset includes, you guessed it, a good amount of proxies, serving as bots, to create the desired ripple effect given the multiplicity of origin IPs involved.

Finally, in "Resident Evil: Understanding Residential IP Proxy as a Dark Service", professor Xianghang Mi et al. questions the very practice of some (if not all) residential IP proxy providers in securing these hosts from what he calls "willing" participants.

In this seminal paper, he goes on to explain how this behavior adds to the collective difficulty in separating IPs assigned to legitimate users from those used for illicit purposes. Using an infiltration framework to gain visibility into a handful of popular residential IP proxy brokers, and after having legally acquired their services, the researchers classified and examined no less than 6 million residential IPs—the results: over 36 percent of the traffic could be attributed to spammers, with another combined 46 percent linked to malicious URLs and brute force activity.

Do you really need this kind of proxy service? Is it legal?

So, with this much fuss about the use of residential proxies, or even their questionable legality, are they really worth the trouble?

First, consider your browsing habits—do you require high levels of stealth and anonymity as you go about your daily online activities? Or, are you tasked with the sort of marketing research that encompasses aspects such as ad verification or price monitoring? Are you a researcher, with a focus on academic data, struggling to leverage a sufficiently-large distribution pool that is conducive to proper analysis? If you answered yes to any of these questions, then a residential proxy may just be the solution you need.

Staring at the flip side of the argument are the harsh realities associated with the perennial dark side of the Internet. Are you willing to risk your private, ISP-given IP address becoming an exit node for malicious activity, including, for example, click fraud schemes so popular nowadays? What about your own machine or mobile device being compromised and eventually joining thousands of other bots with no other purpose than to stage further attacks?

Despite their growing popularity, residential proxy networks, by design, circumvent important restrictions placed by organizations to protect their business models, so their legality will always be questioned.

As a final word of advice, perform your due diligence when (if) deciding to engage the services of a residential proxy provider and, above all, steer clear of free proxy services—these can wreak havoc on your plans, very quickly. Always take the reductionist approach to guide your decision-making process: if it's too good to be true, well, you know the rest.

Gianni Perez Blog Author

Gianni is a technical writer at SecurityTrails and adjunct college cybersecurity instructor with over two decades of infosec experience. He knows firsthand the demands security professionals face, and draws upon his knowledge of IT systems - from administration and software dev, as well as automation, to provide valuable security insights that make a real difference.

Subscribe to the SecurityTrails newsletter
Sign up for our newsletter today!

Get the best cybersec research, news, tools,
and interviews with industry leaders