Resident Evil: Understanding Residential IP Proxy as a Dark Service

This article aims to present you our work on residential IP proxies and their security issues. A paper for our work has been accepted by IEEE Symposium on Security and Privacy 2019, the premier conference for computer security research. You can find more technical details from our research paper.

Web proxies are commonly used to serve various purposes such as identity anonymization, and accessing digital content only available in limited countries. However, traditional web proxies such as VPN, and newly emerging ones such as Tor network, all suffer from a common limitation: their IP addresses are known to be non-residential as most of them are deployed in data centers. Because IP address ranges of data centers are commonly known and some proxy networks such as Tor even keep published the list of their IP addresses, traffic destinations such as Netflix can still easily distinguish visits using those proxies and degrade services to those traffic. Actually, as reported in its blog, Netflix is already employing measures to block visits from web proxies. And previous research also shows that visits from Tor networks are being degraded by many web services.

In our work, we identified an emerging and increasingly popular web proxy service: residential IP proxy as a service, and we call it RPaaS. Since the starting of 2017, we have observed more and more companies showing up to provide such kinds of service, starting from three, and increasing to tens by December 2017. And many…