- A security researcher has reverse-engineered how a popular data firm turns consumer devices, including smart TVs, into web-scraping proxies.
- The SDK, embedded in free apps, allows up to 200 GB of monthly traffic to be relayed from a user’s home IP with minimal authentication.
- The demand for residential IPs to bypass anti-bot defenses is largely driven by the AI industry’s need for massive data harvesting.
In June 2026, a technical analysis revealed that millions of consumer devices, including always-on smart TVs, are being covertly transformed into exit nodes for commercial web scraping. The findings, published by Include Security and independent researcher Buchodi, detail how Bright Data uses an SDK embedded in apps to route AI data-harvesting traffic through residential connections.
This model, the successor to the Luminati network, pools consent from users via opt-in screens within free applications. Consequently, a connected TV becomes an ideal, unmetered relay point due to its constant power and bandwidth. The research found the peer channel carrying scraping jobs has weaker security controls than most malware and lacks real authentication.
On iOS devices, this proxy traffic notably bypasses a user’s configured VPN. Meanwhile, the opt-in consent presented to users often misrepresents the scale of data usage, with SDK settings permitting up to 200 GB of traffic monthly. Bright Data publicly lists partners like smart-TV app makers, though inclusion only indicates a past business relationship.
This practice is an evolution of a model first exposed in 2015 involving Hola VPN. However, the surge in demand is now fueled by AI companies needing residential IPs to evade scraping blocks from firms like Cloudflare. Krebs reported in October 2025 that botnet proxies are fueling similar large-scale AI data harvesting.
Platforms like Google and Roku have since restricted such background SDKs, prompting Bright Data to focus on others like Samsung’s Tizen. Network administrators can block relay traffic by targeting specific Bright Data domains like proxyjs.brdtnet.com. This action prevents devices from acting as infrastructure without affecting the company’s separate paid services.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
