This month marks the 20th anniversary of Cybersecurity Awareness Month, and is an opportunity to bring attention to the threats that businesses and people face as they go about their digital lives. Launched in 2004, as a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), Cybersecurity Month seeks to educate both businesses and people about the current and emerging threats they may encounter online.
Over the past 18 months a new threat vector to digital advertisers has emerged: residential IP proxy networks, and nefarious actors have been leveraging them to bilk advertisers of their budgets.
What is a residential IP proxy network, and how do they affect marketers who target users as they go about their digital lives? Let’s dig into this critical topic.
Google “residential proxy IP” and you will quickly realize there is a burgeoning industry in the after-market trade of home IP addresses for purposes other than individual home use. Numerous companies offer to make thousands, even tens of thousands of legitimate residential IPs available to parties looking to maintain privacy and anonymity online, and at very little cost. Should this matter to you?
The short answer is yes for all marketers, SSPs and DSPs keen to ensure their ads are seen by real home users and not proxies. But residential IP proxies are difficult to detect, as they “look” just like legitimate home users in the marketer’s targeted geography. This is why it’s important to engage a partner that makes the necessary investments to stay ahead of the risks such networks create.
Let’s discuss what residential IP proxy networks are, and why they should be on your radar.
What is a Residential IP Proxy Network?
Residential Proxy IP networks are networks that use the IP addresses of consumers who sign up for any number of apps that pay them to share their internet bandwidth. Those apps become gateways for other clients of the app provider. Put another way, residential proxy networks enable consumers with residential internet access to “sublet” their IP address to residential IP proxy network subscribers, enabling their internet traffic to appear as if it is originating from the sublet IP address. Home computers, laptops, smartphones and tablets can all act as intermediary servers.
Obtaining Residential IPs for a Proxy Network
If a residential IP proxy network can sell thousands upon thousands of IP addresses to its clients, where and how do they obtain them? The networks rely on multiple strategies to build their pool of available residential IPs to proxy:
- Consumers. Consumers play an important role in residential proxy IP networks, often unwittingly. The proxy networks tell consumers that by sharing their internet bandwidth, they can earn easy money. To get paid, all the consumer needs to do is install an app — Pawns.app, Honeygain, Peer2profit, PacketStream to name a few — and start collecting passive income. The amount of money they earn isn’t huge; payments range from $.20 per GB per shared data to $75 per month. Still, it’s easy money.
- SDKs. Some residential IP proxy networks will provide an SDK to app developers who want to monetize their apps. Those SDKs will use the IP addresses associated with the devices on which that SDK is installed and make them available as part of their network.
- Browser extensions. Some networks are able to convince the provider of a browser extension to include their code within that extension. Like the SDK example above, the IP addresses of the users who install that extension will be included in the residential IP proxy network.
- Botnets. Some nefarious players leverage a botnet to obtain residential IP addresses.
While residential proxy IP networks have been available for some time, what is changing is the exponential growth in both the number of networks and their scale. Certain proxy networks boast access to hundreds of thousands of residential IP addresses, which are made available to anyone willing to pay. This escalation demonstrates the need for heightened vigilance and robust security measures to combat the risks associated with these networks.
How Residential IP Proxy Networks Harms the Digital Ad-Tech Sector
Once residential IP proxy networks have amassed a pool of IP addresses, they allow other entities to purchase residential IP addresses at scale, and from any region desired. Granted, there are some legitimate uses for these networks. Let’s say a CPG advertiser launches an advertising campaign in multiple countries, and wants to ensure that the ads render appropriately in each market. Residential IP proxies will enable that marketer to spot check ads in every location.
But these networks also pose a significant danger to the ad-tech sector in that what looks like a residential user in an appropriate location may actually be a bot or malicious actor hiding behind a proxy. We have also seen evidence that bad actors leverage residential IP proxy networks to commit ad fraud, such as disguising a bot that has been programmed to click on ads, watch videos and even fill out surveys in order to earn commissions advertisers pay on campaign KPIs.
Another challenge Digital Element sees relates to the supply side. Many websites purchase traffic in order to increase the CPMs they can earn for their impressions. Residential IP proxy networks aid in fraudulent advertising by inflating or misrepresenting audience size, demographics and locations of users.
On the demand side, similar challenges are encountered when advertisers experience artificially low conversion rates or artificially high impressions, which results in inefficient spending and poor campaign results.
How Digital Element Detects Residential IP Proxies
Digital Element devotes tremendous resources to maintaining the most accurate and meaningful IP geolocation data for our customers. Included in that is our ongoing focus on emergent technologies, such as residential proxy networks, to ensure our customers can depend on us not only for reliable geolocation data, but also insights regarding important shifts that could impact your business.
While there is not a simple solution, the first step is understanding how much of your incoming traffic is proxied to residential IPs. Digital Element can provide you with this understanding by uncovering IP addresses that are linked to, or have a history of, association with residential IP proxy networks or VPNs.
IP addresses also contain a lot of contextual data that help us predict the legitimacy of a user behind a device. That contextual data includes attributes such as activity level and IP stability. We know, for instance, that proxied IP addresses are shared by clients all over the world, so they are likely to be seen in multiple locations. That’s an important insight; if an IP address remains consistently associated with a specific location for an extended period, it is less likely to be a proxy.
IP address intelligence data, such as activity levels and stability, can’t decipher between legitimate and illegitimate users alone, but it can provide much-needed context that organizations need to make smart decisions to protect their advertising budgets.
Digital Element’s Nodify Threat Intelligence solution provides critical contextual information to help identify inbound or outbound traffic tied to VPNs, proxies, or a darknet. In turn, businesses are enabled with powerful insights that help them protect against nefarious actors while reducing risk and cost.
Focus on Residential IP Proxy Network Traffic this Cybersecurity Awareness Month
Cyber criminals are highly creative people who constantly innovate new ways to steal from innocent consumers and companies. Cybersecurity Awareness Month is a good time to take time out of busy schedules to do a deep dive on the cybercriminal’s newest tools.
If you’d like to learn more about Nodify and residential IP proxy traffic detection, visit https://www.digitalelement.com/solutions/threat-intelligence/nodify/ or reach out to firstname.lastname@example.org