What is a Residential Proxy?
Cyber Risks & Threats | December 22, 2022
Instead of wearing a mask to rob a bank, today’s cybercriminals cover their tracks with IP masking techniques. One of the most cost-effective methods is residential proxies. But not all of them are bad — there are legitimate and good reasons for using them. In 2022, proxies made up approximately 1.8% of all fake traffic.
Here’s what residential proxies are, how they work, how you can use them for legitimate reasons, and how fraudsters may abuse them.
What is a proxy server?
A proxy server is a remote system, router, or computer that acts as an intermediary so users can access the internet using its IP address and location instead of their own. There are two types of proxy servers: Anonymous servers hide the users’ information, while transparent proxy keeps the originating IP visible to others.
What is a residential IP address?
An IP address is a unique series of numbers that identifies a device on a network and allows websites to determine its location. A residential IP address is registered under an internet service provider (ISP) that serves consumers (e.g., Comcast or Verizon in the US and Vodafone in the UK.) It’s associated with a physical device, such as a mobile phone or computer.
What are residential proxies?
A residential proxy routes internet traffic via an intermediary server, which accepts web traffic and passes it to another device or website. It assigns the user an alternative residential IP address provided by an ISP, which channels the server requests.
This technique reroutes activities through a different device to relay internet traffic to its destination. It conceals the originating IP address from the destination website, making it very hard to track down where the requests come from.
Residential proxies are different from data center proxies, which are created in bulk and can be easily detected if they don’t come from a trusted provider. As such, residential proxies are more reliable and less likely to get blocked.
What is a rotating residential proxy?
A routing proxy assigns a new IP address every time it makes a new connection — even if the request comes from the same user or device. Fraudsters abuse this feature to disguise their malicious activities by obscuring their IP address or location.
How do residential proxies work?
Residential proxies route traffic through intermediaries such as personal mobile and desktop devices. The process changes the IP address of the connection request, hiding the original IP address from the destination website and making the traffic appear to come from a different but legitimate user.
What are the pros and cons of residential proxies?
Pros of residential proxies
Residential proxies are hard to detect, highly scalable, and supported by all browsers. They’re less likely to be blocked by websites and allow users to access geo-restricted content. They enable precise location targeting with unique IP addresses while protecting sensitive data.
You can use a proxy server for data caching and storage, thereby reducing and balancing internet traffic to prevent crashes. It can also protect a network from viruses by isolating it from malicious traffic without additional hardware. Moreover, the integrated IP rotation capabilities make it an ideal tool for web scraping.
Cons of residential proxies
Residential proxies are expensive. The uptime is unpredictable, and the connection quality varies. Proxy servers that cache data may collect sensitive information, leading to data privacy concerns. Additionally, the proxy server only replaces the IP address but doesn’t provide encryption — which can create a false sense of security.
The provider must build a large residential IP pool to deliver on the promise of residential proxies. Meanwhile, some proxy servers require complex configurations to ensure that all gates are secure to achieve the highest level of protection.
How do proxy providers get residential IP addresses?
A proxy provider connects users with residential owners. It can acquire residential IP addresses legitimately in several ways:
- Insert software development kit (SDK) into applications to turn devices into proxy servers.
- Buy traffic from residential owners who install its app to sell unused bandwidth.
- Lease IP spaces from ISPs to access a data center, which acts as a static residential proxy.
However, a bad actor can turn a device into a residential proxy through unethical means:
- Hide functions and use misleading forms in an application or platform to turn a device into an exit node.
- Inject malware into devices to turn them into a proxy without the residential owner’s knowledge or permission.
Legitimate uses for residential proxies
Why do people use residential proxies to mask their IP addresses? There are many legitimate reasons — from protecting the privacy of individual users to helping IT and marketing professionals do their jobs.
Data security and privacy
Privacy-conscious individuals use residential proxies to access websites and online content without being tracked. The IP masking technique can help improve data security by preventing bad actors from tracing traffic back to their locations and collecting personal data about them.
Users can set their IP addresses to make the requests they send to websites appear to originate from another country. This technique allows them to circumvent region-based content restrictions and access videos or information blocked in their home countries.
Ad placements and ad network testing
Advertisers can use residential proxies and mobile IPs to perform ad tracking, media monitoring, and content compliance. Meanwhile, companies that sell ad spaces can use residential proxies to verify the ads they place on their websites and block suspicious ones.
Business and pricing intelligence
Residential proxies allow retailers to use sales intelligence software to automatically monitor, compare, and analyze pricing information from competitor websites to inform their pricing strategy so they can stay competitive and profitable.
Rotating IP addresses allow internet marketers to perform web scraping to analyze their competitors’ website and social media content to improve SEO. Marketers can also use this method to audit their link-building strategies and optimize their websites’ performance.
Security penetration testing
Cybersecurity professionals can use residential proxies as an IP masking technique to conduct penetration tests — simulating the methods criminals may use and the conditions under which they attack an organization’s systems and networks.
How hackers abuse residential proxies
Bad actors can use residential proxies to hide behind a seemingly normal and trustworthy IP address. They can then clear whitelists or blacklists and evade anti-fraud filters to access resources they otherwise can’t reach. They use the disguised bot traffic for:
Fraudsters can use residential proxies to commit ad fraud by masking the originating IP addresses of their bot farms. They use these bots to generate clicks, fill out forms to spam businesses, and create impressions for which they get paid.
Moreover, paid-to-click (PTC) sites pay people to click on ads and charge advertisers for the clicks. Bad actors can funnel display ads to their sites, route the traffic through residential proxies to avoid detection and use bots to click on those ads to generate revenue.
Competitor click fraud
Click farms or bot farms provide click-fraud-as-a-service. Companies pay to have bots or armies of humans click on their competitors’ ads to deplete their rivals’ ad budgets, boost their own search engine ranking, or skew the metrics to misguide their competitors’ PPC strategy.
The first line of defense against competitor click fraud is to review visitor logs to identify frequent and suspicious clicks from the same IP addresses. Advertisers can then block them to minimize invalid traffic. Rotating residential proxies, which change the IP address for each new connection, can render this strategy ineffective.
Web or content scraping
Web scraping isn’t illegal in and of itself, but many applications fall in legal grey zones, and some are downright illegitimate. For example, bad actors can use bots to scrape websites and steal content to publish elsewhere without the site owner’s or author’s knowledge or consent.
Fraudsters can scrape websites, replicate their code to create spoof websites, and trick victims into entering their credentials. They can also drive online traffic to fake eCommerce sites to steal payment information. Residential proxies allow these criminals to hide the IP address of the scraper bot and delay detection.
Scaper bots automatically purchase products or services in bulk at lightning speed. Fraudsters can use this method to buy limited edition products or event tickets, which they can resell at a much higher price later.
This method is often used to purchase limited-edition sneakers. Most shoe sites have measures to block data center IP proxies, but they aren’t as effective in blocking residential proxies because they appear legitimate and are much less suspicious.
For marketers, residential proxies are a double-edged sword. While the technique can support ad verification, provide pricing intelligence, and inform SEO strategies, bad actors can use them to conduct ad frauds or competitor click frauds and hurt marketing results.
Moreover, criminals can scrape your website’s code to create a spoof site for their phishing scam and use scaper bots to deplete your inventory or make your limited-edition products unavailable to your fans. The outcome of these crimes can damage consumer trust, create a frustrating customer experience, and tarnish your reputation.