The Smart TV in Your LivingRoom Is a Node in the AIScraping Economy

Posted by nikcub 3 days ago

Counter234Comment106OpenOriginal

Comments

Comment by xg15 3 days ago

> After config fetch, the SDK opens a persistent WebSocket to:

wss://proxyjs.brdtnet.com:443

This hostname resolves to AWS Global Accelerator IPs

There is some irony that both the scrapers and the websites being scraped are probably hosted on AWS, while playing an elaborate cat-and-mouse game pretending that they weren't.

Comment by trumpdong 3 days ago

Cloudflare sells DDoS protection services to DDoS control panels.

Comment by cyanydeez 3 days ago

Kind how the American government needs commercial businesses which they poorly regulate so those businesses provide privacy invasions as a legal means to wash their hands.

Comment by rootsudo 3 days ago

Same for arms dealing, and every other industry.

Comment by nikcub 3 days ago

Bright Data is available as a product on AWS Marketplace

https://aws.amazon.com/marketplace/seller-profile?id=bf9b432...

Comment by BLKNSLVR 3 days ago

Adding to DNS block list immediately.

Comment by xoa 2 days ago

>Adding to DNS block list immediately.

Just making a note here for anyone else with the same thought: I went to ping the domains listed ITT, and nothing went through. I'm running OPNsense and amongst other things using some of the hagezi DNS block lists [0]. It looks like brdtnet.com, bright-sdk.com and various subdomains were already in there, which is a nice sanity check.

That said, also worth noting that an Unbound or other resolver based DNS block list can prevent resolution but doesn't preventing connecting to the underlying IP, it's not the same thing as actually invoking your firewall itself. For that I think you need to stick the lists into something that will resolve them regularly and then actually Firewall that off. So for OPNsense you can setup an alias using the URL Table (plain text) or URL Table in JSON depending on format, or manage it externally directly if desired via external. Then the source will be updated and aliases will all be resolved on operator defined schedules, and can in turn be fed into regular firewall rules. Don't forget these can turn into massive lists, so make sure your internal resource limits (so for OPNsense that'd be Firewall Maximum Table Entries) are set sufficiently high and the hardware can handle it.

Other systems may handle it differently, just it's important to double check what is actually happening including if something malicious tries to be sneakier. And ultimately for these sorts of untrustable embedded devices that lack owner control, it's probably a lot better and more sustainable, if more effort upfront, to isolate them into their own vlan/subnet and then whitelist instead of blacklist. So they can only access what you decide they need to and nothing else, vs access everything except what is disallowed. Still, blacklisting bad actors as a final layer for everything may still be useful.

----

0: https://github.com/hagezi/dns-blocklists

Comment by BLKNSLVR 1 day ago

Excellent point on allow listing. I feel like I'm moving further and further in that direction - primarily due to the block lists becoming un-manageable in their size / memory needs.

OPNSense is beautifully flexible for this.

Comment by xg15 3 days ago

Don't forget the config endpoint before as well.

> On every launch the SDK calls:

GET <https://clientsdk.bright-sdk.com/sdk_config_ios.json>?appid=<bundle>&ver=<sdk-version>&uuid=sdk-ios-<32hex>

Comment by cobbzilla 3 days ago

I never connect any “smart” device to wifi. If it doesn’t work without connectivity, I don’t want it. I use my TVs as display devices. They have HDMI-in and that’s it.

Comment by graypegg 3 days ago

I have a smart TV that's never spoken to the internet after exiting the factory, but it's a pretty tenuous state of affairs. I have this fear that someone staying over is going to see the "Services unavailable, press [menu] to troubleshoot" toast that shows up overtop the HDMI feed for a few seconds and think they're helping me by connecting it. 4-5 years worth of firmware updates all at once... half a decade of watch data somehow extracated from the HDMI feed and stored for precisely this moment... ads everywhere. Even if it doesn't happen instantly, I can only assume there's some flag deep in the OS called makeEverythingWorse just waiting to be flipped on the femtosecond The Beast catches a whiff of a slightly-higher patch number; now content in it's doomed state after having fufilled it's one true purpose of telling someone at samsung my favourite show is HDMI2.

I have had to back my mother down from that precipice on her own TV so I know it's worth worrying about. The siren call of an entirely empty TV homescreen beckoning us with a struck-out radio tower icon. "We have Disney+ and CraveTV too... press [menu]... pay no attention to the sticky note your son put on the coffee table"

Comment by dylan604 3 days ago

> I have this fear that someone staying over is going to

This happened to me. After they left, I tried a factory reset, but I don't have confidence there's not some code to remember previously saved wifi connections because my tinfoil hat is firmly in place. However, as you've said I only use the TV as an HDMI receiver. None of the TV's apps are used again. So I'm not sure how much they can detect from just the use of the HDMI port as the only thing being used. The games we play to get the subsidized pricing.

Comment by Eisenstein 3 days ago

HDMI is heavily used for ACR (automatic content recognition) in smart TVs:

"Our findings indicate that (1) ACR operates even when it is used as a “dumb” display via HDMI"

"For both LG (a) and Samsung (b)TVs, the scenarios with the highest ACR traffic are Linear and HDMI."

* https://dl.acm.org/doi/epdf/10.1145/3646547.3689013

Comment by tlavoie 3 days ago

Sure, but what can it do without a network?

Comment by Eisenstein 2 days ago

It can store the data until it connects to one, though that's not going to be as useful for anyone selling it. Real-time auctions are where the money is, from what I understand.

Comment by tlavoie 2 days ago

Maybe if it can start colluding with my other devices over HDMI!

Comment by randochatter 3 days ago

Can't you have your wifi/router blacklist the TV?

Comment by archerx 3 days ago

Find the TV’s MAC address and block it on your router. My brother home network had this system where your MAC address had to be whitelisted on the router to communicate with the network, as the days go by I see how in hindsight how this might be for the best in the end.

Comment by onesociety2022 3 days ago

I’m paranoid that actually blocking internet access to the TV will result in filling up the TV’s disk with all of this intrusive data they have collected waiting to be uploaded, eventually run out of space and brick the TV. This could be just bad software or actually malicious where they intentionally break something if it loses connectivity for too long and they can see you using it with other connected devices.

We really need normies to care enough about this to the point manufacturers will need to think they need to advertise on their TVs that they are privacy-friendly and don’t collect anything as a selling point. Until then, they don’t really care. I just wish someone like Apple made a TV with their Apple TV functionality baked in that I could trust.

Comment by elzbardico 3 days ago

Lot's of people do it and I haven't seen nobody reporting this. Given the miser hardware specs most smartvs have, if this was a problem, it wouldn't take years to fill up the small storage space most of those TVs come with.

Comment by hoherd 3 days ago

Allow list is the best approach. Soon TVs will randomize their MAC just like our phones do.

Comment by lozf 2 days ago

Indeed, but some scoundrel is probably scraping this page and having an LLM prepare their pitch as to how manufacturers could improve Ad / Data collection revenue by bypassing these suggestions :/

Comment by m3047 3 days ago

I split my network(s) into subnets (sharing the same wire, not to be confused with the actual subnets which don't share the same wire) which correspond to routability policies. This in turn involves firewall rules, routing table entries, and DHCP configs corresponding to those subnets.

I give away the software which does the following. I get this (and a lot more) for every host on my network, and I know what every host is.

    # peers upstairs-roku.m3047 +addr +serv
    dns.google [8.8.4.4]                                              domain [53]     
    dns.google [8.8.8.8]                                              domain [53]     
    athena.m3047 [10.0.0.220]                                         domain [53]     
    mediaservices.cdn-apple.com [23.46.228.133]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.134]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.135]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.137]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.138]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.139]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.140]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.142]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.143]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.144]                       https [443]     
    mediaservices.cdn-apple.com [23.46.228.145]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.169]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.176]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.178]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.185]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.186]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.187]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.188]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.193]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.196]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.201]                       https [443]     
    mediaservices.cdn-apple.com [23.213.34.203]                       https [443]     
    nrdp.push.prod.netflix.com [35.81.198.46]                         www [80]        
    ec2-35-86-100-253.us-west-2.compute.amazonaws.com [35.86.100.253] psbserver [2350]
    austin.logs.roku.com [35.212.27.142]                              https [443]     
    scribe.logs.roku.com [35.212.34.174]                              https [443]     
    austin.logs.roku.com [35.212.72.105]                              https [443]     
    austin.logs.roku.com [35.212.119.44]                              https [443]     
    display.ravm.tv [35.212.178.254]                                  https [443]     
    logs.netflix.com [44.226.179.188]                                 https [443]     
    logs.netflix.com [44.228.67.58]                                   https [443]     
    nrdp.push.prod.netflix.com [44.229.50.4]                          www [80]        
    logs.netflix.com [44.229.122.169]                                 https [443]     
    nrdp.push.prod.netflix.com [44.232.75.216]                        www [80]        
    api.roku.com [44.249.213.211]                                     https [443]     
    nrdp.prod.ftl.netflix.com [45.57.40.1]                            https [443]     
    nrdp.prod.ftl.netflix.com [45.57.41.1]                            https [443]     
    nrdp.push.prod.netflix.com [52.24.26.117]                         www [80]        
    logs.netflix.com [52.33.247.19]                                   https [443]     
    themes-service.sr.roku.com [54.200.214.141]                       https [443]     
    occ-0-1009-1007.1.nflxso.net [198.38.112.135]                     www [80]        
    occ-0-1009-1007.1.nflxso.net [198.38.112.144]                     www [80]        
    occ-0-1009-1007.1.nflxso.net [198.38.112.145]                     www [80]        
    occ-0-1009-1007.1.nflxso.net [198.38.112.165]                     www [80]        
    occ-0-1009-1007.1.nflxso.net [198.38.112.169]                     www [80]        
    occ-0-1009-1007.1.nflxso.net [198.38.112.170]                     www [80]        
    occ-0-1009-1007.1.nflxso.net [198.38.112.172]                     www [80]        
    occ-0-1009-1007.1.nflxso.net [198.38.112.178]                     www [80]        
    mdns.mcast.net [224.0.0.251]                                      mdns [5353]     
    239.255.255.250 [239.255.255.250]                                 ssdp [1900]

Comment by like_any_other 3 days ago

> after having fufilled it's one true purpose of telling someone at samsung my favourite show is HDMI2.

It is able to identify content directly from the pixels, they will know what you've watched even if it was from a pirated .mp4 served from your PC:

https://en.wikipedia.org/wiki/Automatic_content_recognition

Comment by dawnerd 3 days ago

I fear the same but made sure I block basically everything at the network level. First thing I do is hook the tv to the network and black hole its mac.

Comment by dreamcompiler 3 days ago

Or open up the TV and disable its wifi hardware.

Comment by rationalist 3 days ago

That is the only solution, otherwise there is no guarantee that someone just won't connect the TV to their phone's hotspot.

Comment by Innittech 3 days ago

That's fine! With technologies like Amazon Sidewalk and cheap and cheerful 4g/5g radios nobody NEEDS to ask your permission to connect any more. You COULD use an older device but you don't want to be left behind, do you? And your peers will think you're poor or possibly a C.H.U.D. if you don't just accept your digital yoke.

Comment by everdrive 2 days ago

You taunt but you've described the ideal state.

Comment by goobatrooba 2 days ago

I get this policy in theory but don't see how it works in practice in a modern life where you want some device that runs Netflix, YouTube, of similar to show on your TV. It can be the TV or an android box - but somewhere you end up trusting a third party and a software that may end up running other this party apps. The alternative is a local jellyfin server but that means you very likely have to break some laws to put content that the family wants to see on it.

Personally I'd just not want any TV in my house, but convincing the family of that is not easy ;-)

Comment by cobbzilla 2 days ago

I drive my TVs with a locked-down mac mini.

Comment by lelandfe 3 days ago

On my TCL TV, you have to connect it to read the Google policies you are agreeing to. If you don't, you agree to policies unread.

Thankfully, the blast radius of this is nothing without connectivity.

Comment by idiotsecant 3 days ago

But it lets you continue without reading them? There's a lot of questionable terms of service rules but this one has to be unenforcable.

Comment by lelandfe 3 days ago

You must check a checkbox in agreement to continue. To read the policies one agrees to, an internet connection is required. You may check the checkbox without reading.

As far as I have found from a lot of menu spelunking, this agreement is irrevocable. If I ever go online, it will be used.

Comment by trumpdong 3 days ago

That's the kind of thing that doesn't always hold up in court.

Comment by 3 days ago

Comment by rationalist 3 days ago

The reality is, no one is going to take the companies to court over things like this.

Comment by wiml 3 days ago

Disney eventually walked it back due to bad PR, but this did happen: https://wdwnt.com/2024/08/disney-dismissal-wrongful-death-la...

Comment by rationalist 3 days ago

That has very little in common with 99.999+% of people who don't experience a tragedy like that and just have their data used against them.

Comment by asdff 3 days ago

Sounds like a great reason to return a TV. It isn't like you must have a TCL TV.

Comment by elzbardico 3 days ago

If I don't connect to the internet ever, my agreement to Google policies is probably a moot point.

Comment by rationalist 3 days ago

If you don't connect, sure. If a visitor connects the TV, all bets are off.

Comment by lelandfe 3 days ago

I have had to tell people not to connect the TV. It yearns for release.

Comment by drhike 3 days ago

If it has an Ethernet port I would use that then unplug it. It still gets to phone home once but you don't have to worry about it maliciously saving your Wi-Fi password for later

Comment by tamimio 3 days ago

You can create a guest wifi with temporary password, I do that when I need to connect devices that might store the password like kindle or such.

Comment by secretsatan 3 days ago

[dead]

Comment by jon-wood 3 days ago

Frustratingly I do want some of the functionality that comes with connecting my TV to the network - specifically the ability to control things like turning it on and choosing which input its set to via an API it exposes. That's manageable by putting it on a VLAN which isn't allowed access to the outside world, but its also really annoying to me that I have to do that.

Comment by asdff 3 days ago

You don't need an api for that. You can do that with a 30 year old CRT if you wanted. Copy IR signals from remote. Put IR blaster in front of IR receiver. Make whatever tool you want to control the IR blaster. Done.

Comment by jon-wood 2 days ago

Yes. I could do that. I could also hook something up to the debug serial port and reverse engineer that, or use HDMI-CEC, or make a tiny robot that pushes the buttons on the back of the TV. I'm using the API though, because I already have a Home Assistant server on my network and that can communicate with the API without me having to faff about making tiny robots.

Comment by andrepd 2 days ago

It's annoying because I would definitely like for some internet-enabled functionality, such as youtube. I would also like to connect it to the LAN and not to the internet for other things, such as streaming from my NAS...

Comment by calcifer 3 days ago

> The SDK’s config ships a flag “use_netifs”: true. That flag triggers code in the SDK binary that constructs its NWConnection with a specific required interface: en0 (WiFi) or pdp_ip0 (cellular), rather than using the system default route.

> On iOS, this bypasses any configured VPN’s tun0 interface entirely. The peer tunnel does not cross a user-configured VPN, even when the rest of the app’s HTTPS traffic does.

What's a legitimate use case for this API? When/why should an app be allowed to bypass a user-configured VPN?

Comment by chmod775 3 days ago

> What's a legitimate use case for this API?

When you're the application providing the VPN or when you're any app built to communicate with something on a local-ish network, not something actually reachable globally.

Comment by picofarad 3 days ago

> When/why should an app be allowed to bypass a user-configured VPN?

temporarily if full tunnelling isn't working, one can split tunnel to route around issues due to VPN

But imo an app should never bypass something like a network boundary.

Comment by kotaKat 3 days ago

Look at how far TikTok can go if you try blocking DNS. The hardcoded IPs, self-DNS-resolution and cat-and-mouse game of blocking is quite... interesting.

Comment by vsgherzi 3 days ago

Is there anywhere I could read more about this ?

Comment by kotaKat 3 days ago

https://github.com/M4jx/TikTokBlocklist

I think they may have scaled back from this, but they were running a 100% malware-style playbook to hit the Tiktok servers like it was some kinda sketchy C2 package. Lots of attempts of their own DoH (and DoT!) and normal DNS servers to try to get into the Tiktok network.

Comment by wbshaw 2 days ago

Blocking your tv on the local network is great in principle. However, didn't Amazon Fire devices start using Sidewalk to establish a route to the mother ship for a while? All it needed was a default config on your neighbor's ring doorbell and it was gtg

Comment by yodon 3 days ago

Naive question: what would I search for to find a tutorial on how to detect this on my devices, which are mostly iOS, or in my home network?

I'd love to find and remove any apps from my devices that have this SDk active.

Comment by tisdadd 3 days ago

There could be better, but this looked reasonable at first glance if you also have a Mac.

https://www.thequantizer.com/tutorials/wireshark-iphone-traf...

It has been a while since I personally did such traces, but Wireshark was very simple to use and once the network is exposed, it has lots of information available online if you need more.

I found bypassing your VPN particularly appalling, as is the whole thing. Personally, it would be amazing if there were a limit on how much can be in Terms of Service, as no one wants to read that much anymore.

Comment by skinwill 3 days ago

Not if my firewall blocks it from accessing the outside world. (But allows HomeAssistant to control it)

Comment by asdff 3 days ago

A lot of smart TVs bake in ads. I had a used sony bravia for like a frusterating three days before I put it on the side of the road, because it would just boot loop and the ui had like 3 seconds worth of input latency. I never connected it to the network, so it helpfully showed me ads for the various sony studio movies that were coming out at the time of the TVs manufacturing about 10 years ago.

Comment by hackrmn 3 days ago

If the kind of proxying isn't illegal, in my opinion it should be -- saying it's bordering on circumvention of fundamental assumptions about Internet routing and IP address leasing (and ownership), would be a sorry understatement compared to what Bright Data has managed to package into a product payment:

> you are allowing Bright Data to occasionally use your device’s free resources and _IP address to download public web data from the internet_. (emphasis mine)

I think the misleading part -- to the end-user -- is the "download public web data" part. If the data is public why can't Bright Data download it themselves? Well, because the other end doesn't want them to, apparently. The product is make you help Bright Data circumvent the undesired properties of the "public" data providers, on behalf of someone who happens to have the cash but as of yet is at the short end of the Internet stick (for all the right reasons, I'd say).

This is absolutely deplorable, but knowing the directions this is heading, I am neither surprised nor concerned, frankly. People have long voted with their wallet -- it's not the privacy-conscious Joe the Hacker that is being proxied through here, it's our parents and millions of people who just want entertainment at the end of the working day, including _parents_ of small children.

Day by day the dark Internet theory sounds more plausible, and frankly I am all there for it. The Internet will collapse into a feudal internetwork where any routing will need hop-by-hop key, so real people (and agents, frankly) can maintain a measure of trust that right now is being actively circumvented.

Comment by trumpdong 3 days ago

It's completely legal and the law you mentioned about IP routing and address ownership does not exist.

Comment by hackrmn 2 days ago

But I didn't mention any law? My first sentence is written the way it is, for a reason?

Comment by trumpdong 2 days ago

There isn't and shouldn't be such a law. Europe has these KYC for IP address laws and it sucks.

Comment by zeratax 1 day ago

can you explain why? what unintended consequences would such a law have?

Comment by trumpdong 1 day ago

It was illegal to offer public WiFi hotspot in Germany until about 2018 because any consequences for its illegal use (up to and including fines for downloading movies and prison for downloading child porn) would automatically fall upon the person to whom the IP address was registered.

Imagine if any time someone was caught driving drunk, the registered owner of the car went to jail.

This was fixed in 2018 by adding a special exception to the law. Other countries had public wifi a decade earlier. Germany still doesn't have much.

Comment by drchaim 3 days ago

I just checked,I have AdGuard for the whole network. On the TV, 80% of requests are blocked; across the entire network, around 50%. crazy.

Comment by NewCzech 3 days ago

One of the problems I can see here is the problem that running a Tor exit node has: badly behaved users are going to be using it to hide their location.

Imaging having the police show up at your door because they've figured out that you're trafficking child porn, when the actual culprit is someone that is using your TV as a proxy to trade child porn.

Comment by iugtmkbdfil834 3 days ago

I genuinely dislike how user hostile everything has become. I effectively have to become an expert in near everything and track all news on the off-change something major upends previous assumptions. And if I miss it somehow and complain about it, defenders will come out of the woodwork to defend, deflect or derail the conversation.

If there is any good news about this, it is that the fatigue seems to be hitting normal people. Buddy from work complained to me how he now is now forced to be a full blown wifi/internet admin so that his kids' restrictions/limits are appropriately enforced.

I am just venting, because I am not entirely certain what an appropriate solution here is.

Comment by amelius 3 days ago

Solution is more regulation, stronger consumer organizations, and privacy watchdogs with actual teeth.

Comment by trumpdong 3 days ago

Groups like Bright Data have pretty good KYC. After the scare of the police visit, the actual perpetrator would go to prison.

Comment by KomoD 3 days ago

> Groups like Bright Data have pretty good KYC.

They don't. I use their residential proxies without ever having KYC'd.

Comment by goobatrooba 2 days ago

Sorry I don't know your use case, but wonder - looking at the Op post don't you feel like you are supporting a rather malicious company preying on tech illiterate users? I can understand the desire for a VPN that gives residential identities but plainly this is against the will or interests of the "provider".

Comment by trumpdong 3 days ago

Did you have to have a call with them to become a customer?

Comment by KomoD 3 days ago

Nope.

Comment by nikcub 3 days ago

Same - have accounts with 3 different services and have never been KYC'd even with heavy usage.

Comment by maxgashkov 3 days ago

Proposed mitigations look weak:

- DNS block & SNI filtering: I expect BrightData to rotate the endpoints if this issues gains enough attention. It will take some time once all the apps embedding the SDK catch up, but if they're smart SDK may already have a backup C&C connection they will try to reach out to after prolonged unavailability of the current endpoints.

- TLS fingerprint: unless SDK pins it, it's the cheapest one to rotate continously.

- MDM solution: almost unattainable to private users; not clear how stable the SDK name is to rely on.

Not saying I have a better approach. It seems behavior like this should be explicitly banned on Apple/Google's side with immediate termination of their publisher accounts.

Comment by blakesterz 3 days ago

Are there any defenses I can put in front of my websites that are good for stopping these things? The amount of traffic I see from residential proxies is just killing me. In particular defense against residential proxies.

Comment by Rasbora 3 days ago

Solutions exist specifically for detecting residential proxy traffic: https://layer3intel.com/tripwire

You can also check if your network is running a residential proxy exit node here: https://layer3intel.com/is-my-network-a-residential-proxy

Comment by jappgar 3 days ago

The bots used by these proxies are detectable in a few ways. Remember the bot itself doesn't run on the proxy...

There is discernible lag from proxy to c&c node. The individual bots don't have access to a lot of compute, and are sometimes restricted wrt feature set (e.g. proprietary video codecs).

There are a few other techniques. It's a cat and mouse game though. And the bot owners are usually more motivated than you are.

Comment by asdff 3 days ago

Have a link on your page that would be hidden by users via css. e.g. white text on white background. Have it just abuse compute or do something absolutely stupid for the bots that end up crawling over that link. Hell, just zip bomb them.

Comment by trumpdong 3 days ago

Make your server so efficient that a few extra requests doesn't bring it down.

Alternatively, if it's the first time the IP is seen and it's a deep linked page with no referer, send a neverending chunked gzip data stream.

Comment by bakugo 3 days ago

Add a captcha or proof-of-work challenge in front of your website. Those are pretty much your only options.

Comment by asdff 3 days ago

There's probably ways to go on the offensive too with pages that might be hidden from human users but still crawled by bots.

Comment by tamimio 3 days ago

Years ago I had smart TV, and while I never used anything “smart”, one day I connected it to the network to update it and forgot it, two days later I was checking my dns and 80% of the traffic and blocked queries in the past two days were from one device, after tracking it, it was the TV!

So what I have now is a pre-smart TV I found at the thrift, still very good picture that’s more than enough for the few times I use it.

There should be a way to disable the “smart” garbage in new TVs, or an option to buy normal ones at least.

Comment by ErroneousBosh 3 days ago

So wait a second then, it connects out using a websocket to its bot C&C server, right?

Which presumably passes it a URL to scrape and waits for it to return the data.

What happens if I write my own tool that connects to that C&C server, waits for a URL to scrape, and returns gigabytes of freshly brewed hot horseshit?

Comment by woffoor 3 days ago

Most scrapped websites have https, so you need to perform a MITM attack. Scrapers will probably notice that.

Comment by voakbasda 3 days ago

No, you just need to stand up your own website and feed the scraper a URL to it.

Comment by ErroneousBosh 3 days ago

I would just generate scads of Markov chain output and make it look like a plausible web page.

Comment by dreamcompiler 3 days ago

That's pretty much what the bots are scraping now, with all the AI slop websites out there.

Comment by ErroneousBosh 2 days ago

Fair point well made.

Comment by ErroneousBosh 3 days ago

How would https affect it?

If they're making a request to my machine to go and curl a page, how do they even know whether or not it was https?

Comment by trumpdong 3 days ago

Not sure about Bright Data but these are usually SOCKS or HTTP CONNECT proxies because that's most flexible. But the customer might be paying by the gigabyte, so you can still feed them nonsense, maybe a 4 gigabyte TLS certificate.

Comment by metalman 3 days ago

Having never owned a telivision because of how much I didn't like advertising when tv was the primary delivery method, the feeling of having avoided a life sentence of bieng lashed to the tube is wierd, I know that people might catch me looking all to intently into there eyes trying to see if they are realy in there.

Comment by trumpdong 3 days ago

Phones do the same thing...

Comment by 3 days ago

Comment by ddxv 3 days ago

I found some 60 iOS apps that have the SDK mentioned in the article: https://appgoblin.info/sdks/brdsdk.framework (sorry this requires a free login due to heavy scraping, feel free to contact me for list)

I was unable to find related Android SDKs. I tried looking at the various apps on AppGoblin to find the android versions, then looking through their unmapped SDK parts but didn't see anything.

https://github.com/BrightSDK/bright-sdk-gradle-plugin-docs

This looks like it should just be "com.brightdata" but I did not find anything. With 60 iOS apps there must be apps with Android SDK, but I'm not sure why I am not finding any.

If anyone knows, or would like to chat feel free to connect. I'm happy to share data.

Comment by NewsaHackO 3 days ago

Why can't you just post the list as a comment?

Comment by trumpdong 3 days ago

Android apps are usually obfuscated, ostensibly to make them smaller, and now obviously to hide what's inside. Only a basic level of obfuscation is typically used, so you would have more luck searching for strings.

Comment by trumpdong 3 days ago

I find Cloudflare to be more unethical than Bright Data.

Comment by xg15 3 days ago

Both are causing a dynamic that will lock down the internet evermore for everything straying slightly from the corporate-approved line.

If the divide was data center vs residential IPs, fine, but thanks to Bright Data and friends, residential IPs are getting suspicious as well, so I guess the next step is full-on client verification then...

Comment by clvx 3 days ago

I wish federal or state laws could force providing transparency because asking for privacy is a dead end at this point. Just force products and providers that run in my home where they phone in. Then, I can decide what to do with that whether I send them to a black hole or let them pass.

Comment by trumpdong 3 days ago

DC and residential IPs aren't real categories that exist either. They are guesses by IP reputation companies. Nothing except practicality stops an ISP from mixing them both into the same DHCP pool.

Comment by trumpdong 3 days ago

These are legitimate client devices. Good luck with that.

Comment by 3 days ago

Comment by skywhopper 3 days ago

Not the one in my living room.

Comment by rdtsc 3 days ago

> The TLS certificate is CN=*.luminatinet.com — the domain for Luminati Networks, Bright Data’s pre-2018 corporate name

Ah yes. The big privacy scraping company called themselves The Luminati. It’s like they are side-investing in tin foil hats or something.

Comment by everybodyknows 3 days ago

FTA:

> MDM, mobile EDR

Anyone care to ELI5 these?

Comment by boilerupnc 3 days ago

MDM: Mobile Device Management. Software that helps ops folks control a fleet of mobile devices like tablets, phones, etc…

Mobile EDR: Endpoint detection and response. This is cybersecurity software to monitor and deal with network activity happening in mobile devices like tablets, phones, etc…

Comment by jibaoproxy 2 days ago

[flagged]

Comment by handle584 3 days ago

[dead]

Comment by theturtle 3 days ago

[dead]