The Web Is Broken – Botnet Part 2

Original Article ↗ Hacker News Discussion ↗

Residential proxy SDKs = malware/botnets

  • Many commenters see “network sharing”/B2P SDKs as indistinguishable from malware: they conscript users’ devices into residential botnets without meaningful consent.
  • Main harms discussed:
    • Criminal activity traced to innocent users’ IPs.
    • IP reputation damage leading to constant CAPTCHAs.
    • Abuse of target sites (DDoS, scraping, fraud) using residential IPs that are harder to block.
  • Some argue the novelty isn’t technical but social: this is an openly marketed “service,” not treated as malware by platforms or AV vendors.

App stores, platform vendors, and permissions

  • Strong criticism of Apple/Google/Microsoft for:
    • Allowing such SDKs through review while enforcing payment and business-model rules aggressively.
    • Marketing review as “safety” while primarily protecting platform revenue.
  • Suggestions:
    • Treat these SDKs as malware/PUPs; AV and app-store protection should quarantine apps that include them.
    • Require conspicuous, non-ToS-hiding disclosure, and possibly special entitlements for arbitrary outbound connections.
    • Finer-grained network permissions: per-domain access, OS-level toggles to fully revoke network for apps (praised on GrapheneOS, lacking on stock Android).

Detection and mitigation

  • Practical ideas:
    • DNS blocklists (e.g., Hagezi) on Pi-hole/routers.
    • Host firewalls and monitors (Little Snitch, OpenSnitch, pcapdroid) and OS privacy reports to see unexpected domains.
    • IP intelligence: ASNs, country, VPN/hosting flags; residential-proxy detection services.
  • Pushback: IP/ASN alone is weak in a world of residential proxies, CGNAT, mobile handoffs; must combine with behavior, fingerprints, and context.
  • Tools like Anubis (proof-of-work reverse proxy) praised as effective but acknowledged as “nuclear option” that slows everyone and risks an arms race.

Scraping, AI crawlers, and the future web

  • The article’s “block all scraping” stance is contested:
    • Some want to whitelist good actors (search, Internet Archive) and block stealth bots.
    • Others argue this entrenches incumbents and harms competition and archiving.
  • AI-driven scraping is widely blamed for making bot traffic unbearable and pushing sites toward PoW walls, logins, and potentially deanonymized, attested browsing.

Economics, dependencies, and culture

  • Residential SDKs seen as a symptom of:
    • Ad-driven, “free app” economics pushing devs to shady monetization.
    • Developer “dependency addiction,” where third-party SDKs with opaque behavior are added with little auditing.
  • Debate over whether this is “greed” or survival in a distorted, predatory consumer app market.