> residential proxy node and sells your IP address to third parties for fraud, scraping, and ad abuse.
I know the potential for bad actors here, but there is legitimate use of these services.
I used to work in the “brand protection” space. Our entire business model was SOC-aaS, scraping, verifying, and ending lookalike sites among other threats. If you’ve banked at Wells Fargo or had an iCloud account, our job was to try and make that a little bit safer.
Fact is the enemy gets a vote and quite many so-called threat actors are buying very capable kits that know what the fingerprint of a clean room virtual instance or VPN looks like.
Maybe this is too obvious to say but it doesn't matter what they're selling the access for, it's the unwanted installation of the proxy that's malware. If you're buying access from a service that gets its residential network access that way you're contributing to the problem.
> It's a fundamentally different threat model and most endpoint protection isn't looking for it because the behavioral signatures look like normal network activity.
Is it even possible for a prosumer home router like OPNsense or OpenWRT to detect this?
For the router itself? No. For the 'prosumer' admin? Sure.
How many prosumers or otherwise network admins filter outbound traffic though? And of the select few that do—how many are actually 'inspecting' say, outbound TCP/443 (e.g., monitoring traffic volume, looking up destination addresses, and/or inspecting SNIs) for example?
> Your machine runs a little slower, your bandwidth gets a little thinner, and someone halfway around the world is routing traffic through your home IP.
I wish in 2026 the default on new computers (Windows + Mac) was not only "inbound firewall on by default" but also outbound and users having to manually select what is allowed.
I know it is possible, it's just not the default and more of a "power user" thing at the moment. You have to know about it basically.
As a power user I agree, but how do you avoid it being like the Vista UAC popups? Everyone expects software to auto update these days and it's easy enough to social engineer someone into accepting.
Even if it was a default there is so many services reaching out the non-technical user would get assaulted with requests from services which they have no idea about. Eventually people will just click ok with out reading anything which puts you back at square one with annoying friction.
I do this outbound filtering but I don't use a computer running Windows or MacOS to do it
It doesn't make sense to expect the companies promoting Windows or MacOS to allow the user to potentially interfere with their "services" and surveillance business model
Windows and MacOS both "phone home" (unfiltered outgoing connections). If computer owners running these corporate OS were given an easy way to stop this, then it stands to reason that owners would stop the connections back to the mothership. That means loss of surveillance potential and lost revenue
As of 2006, still nothing stops anyone from setting the gateway of their computer running a corporate OS to point to a computer running a non-corporate OS that can do the outbound filtering
