@Hex oh boy, this explains exactly what I see on our network at work.

Millions of IP addresses from global residential networks making exactly 1 request. With a human-looking, but old user agent header.

We had to implement a JavaScript cookie challenge for all users, which is sad but works.

@Hex
> with the user’s consent, turns their phone or smart TV into one of those exit nodes.

isn't there someone they forgot to ask?

Idk about other countries, but at least in Poland, ISPs typically forbid customers from "letting other people outside of customer premises use the service" in their ToS.

These proxies wouldn't exist if ISPs enforced their own ToS.

Also, why aren't we holding ISPs accountable for the relayed traffic?

@Hex
I am surprised by how easy it is to bypass a VPN on iOS!

"The SDK’s config ships a flag “use_netifs”: true. That flag triggers code in the SDK binary that constructs its NWConnection with a specific required interface: en0 (WiFi) or pdp_ip0 (cellular), rather than using the system default route.

On iOS, this bypasses any configured VPN’s tun0 interface entirely. The peer tunnel does not cross a user-configured VPN, even when the rest of the app’s HTTPS traffic does."

#VPN #iOS #privacy

@Hex

I should be the one watching the TV. It should not be watching back.