A researcher has reverse-engineered the iOS SDK used by Bright Data, revealing that it can transform consumer devices, including smart TVs, into exit nodes for web-scraping traffic. This data is heavily marketed to the AI industry, raising concerns about user consent and bandwidth usage, with further coverage provided by The Hacker News.Bright Data, formerly Luminati, operates a large residential proxy network, with a portion sourced from an SDK embedded in free applications. This SDK, when installed via an opt-in screen, allows devices to relay web-scraping traffic using the user's home IP address and bandwidth. The research, published by Include Security, highlights a significant consent gap, as the SDK's capabilities, such as allowing up to 200 GB of traffic per month, far exceed the "occasionally" usage described in some app consent screens. The traffic bypasses configured VPNs on iOS and lacks robust authentication.This practice, an evolution of Hola VPN's past model of selling user bandwidth, is now driven by the AI industry's demand for residential IPs to circumvent anti-bot defenses. While Bright Data claims its nodes are consent-sourced, the effectiveness of this consent remains a key question, especially as malicious botnets also exploit consumer devices for similar purposes.Source: The Hacker News
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds