What could possibly go wrong? Sublet your home broadband to strangers who totally won't commit crimes
Money for nothing but your nicked IP
In-depth The latest passive income trend, we're told by Lithuania-based internet biz IPRoyal, is internet sharing, a term that here means "subletting" or "reselling."
And "passive income," of course, refers to getting paid without doing anything, a concept that may sound appealing but generally glosses over potential costs.
Launched in January, IPRoyal pays residential internet users in exchange for "sharing" their internet service, something many internet service providers like Sonic Internet [PDF] and Comcast prohibit in their terms of service. And it sells access to that bandwidth to customers seeking proxy services.
Other companies, like PacketStream and Packity, both based in Los Angeles, and Belarus-based Honeygain run similar businesses: proxy networks that let customers rent out unused bandwidth for a fee.
A proxy in an internet context is simply a server that acts as an intermediary between the user and the next point on the network. Bandwidth renting services provide apps that people install on their devices that act as proxies for other customers to gain access to their internet connection so they can use the IP address of the bandwidth-providing consumer.
"You essentially employ your internet connection to make money for you," Honeygain explains on its website. The outfit goes on to claim that its network is used by researchers at e-commerce, advertising, and web intelligence companies for ad-fraud prevention, brand protection, travel fare aggregation, and SEO monitoring services.
Profs prep promising privacy-protecting proxy program... Yes, it is possible to build client-server code that safeguards personal infoREAD MORE
What's new here, or relatively so, is the idea of turning one's internet service into a fee-generating party line. The Register asked Rudy Rucker Jr, co-founder of the San Francisco-based ISP MonkeyBrains, about bandwidth subletting, and he remarked, "Distributed VPN service! I didn't know it existed as a service."
He described the arrangement as a consensual compromise of your network, in that you allow your broadband connection to relay other people's potentially questionable activities across the internet. Someone might want to tap into these at-home proxies to build up a "large block of IPs so that you can generate revenue by 'clicking Ads' or 'bot reviewing apps,'" he said, recounting how he'd once seen a cabinet with about 50 iPhones automated to rate products. "Gross."
"My understanding is that this is not about 'sharing internet via WiFi to neighbors' but rather 'let someone proxy through your link to fake your source IP,'" said Rucker.
"To me, this means that clients would use more bandwidth on their links, not less," he said. "The more people use, the more people need ISPs. This looks clearly like something that strengthens our business, not threatens it."
At the same time, he's wary about how people would actually be using the service.
"Do I agree with people selling their link to help people fake reviews, drive up fake advertisement engagement?" he said. "No. Do I think I'll ever use this service personally? Probably not. It may be neat to be able to set up ad-hoc pings from around the globe. Neat idea, not worth the effort for our business."
This is not about 'sharing internet via WiFi to neighbors' but rather 'let someone proxy through your link to fake your source IP'
Rucker cited Tor as a service that enables anti-surveillance and anti-tracking uses that he supports. "Personally, I just don't see a use case for a service that pays people to 'Share their internet' that doesn't sound like a scam," he said.
Moreover, there's the issue of whether individuals actually have any right to resell bandwidth they've bought.
"Is a customer's 'unused' internet really theirs to share and sell?" Rucker asked. "The unused resource is more of a shared resource in a specific network segment (all segments have bottlenecks) and people who do this would be 'taking from the commons.'"
"Now if people monetized bandwidth from 1am to 6am, I would not see that taking from anyone, and I couldn't argue with that!" he added. "Usage at peak times would make our bandwidth bill go up, but not by a noticeable amount."
The companies involved in the parceling and resale of bandwidth insist the practice is secure, and not at all used for any of the awful things that happen on the internet.
“IPRoyal is built on three core pillars – security, safety, and privacy," said Karolis Toleikis, CEO of IPRoyal, in a statement. "All our clients need to confirm their identity by providing their name and valid ID documents. That way, we know who they are. We also make sure all the traffic our trusted partners use is 100 per cent safe."
However, IPRoyal, which refers to internet-sharing subscribers as "pawns," does warn that some of the others in the market may not be so scrupulous. Without naming names, the company points out that not everyone employs security measures to prevent data leakages, illegal content, and DDoS attacks from being conducted via their users, sorry, pawns' IP addresses.
Toleikis in an email to The Register insisted there's no difference between selling bandwidth and sharing your internet connection with the rest of your family at home.
"It's like creating a hotspot with your mobile phone to share your internet access with friends. It's perfectly legal, as long as you make sure you have unlimited bandwidth, so you don't have to pay for it," he said. "However, pawns (internet connection owners) should make sure their ISP allows sharing. It's their responsibility to make sure that it is permitted."
It's like creating a hotspot with your mobile phone to share your internet access with friends
Toleikis insisted no IP address used by his company's pawns has been blacklisted so far. "Our pawns trust us a lot more than other similar services," he said. "The reason is simple – we apply multiple security layers to avoid any illegal activity with our pawn traffic."
"Some of our pawns even check the network by themselves to see where and how their traffic is used," he added. "In case they notice anything suspicious, we urge them to let us know so we can further improve everyone's safety."
As a security measure, he said, the service requires customers to provide a selfie alongside a passport image.
Asked whether any clients have abused the service, Toleikis said in the first months some clients were making multiple connections to the Sony PlayStation Network.
"To ensure that all the traffic to and from our pawns stays safe, we banned all domain addresses from that particular company (Sony/PlayStation)," he said. "None of our clients can go to those websites anymore. We are making sure that all our pawns who decide to share their internet via our application and earn some extra money will be safe, and their traffic will not be used for any illegal activity."
- Seven 'no log' VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet
- Hotspot Shield VPN throws your privacy in the fire, injects ads, JS into browsers – claim
- Evil or benign? 'Trusted proxy' draft debate rages on
- US DoD, Brit ISP BT reverse proxies can be abused to frisk internal systems – researcher
In online forums devoted to GPT websites – "Get Paid To" – detractors are not hard to find. An individual posting to Reddit claims, "Honeygain got my residential IP blacklisted as a VPN," and another individual posting to the thread claims to have aroused the ire of IT staff after installing Honeygain on a work computer. The PC supposedly participated in an attack on the Sony Playstation servers.
One can also find mostly glowing reviews, which would be more convincing if fake reviews weren't a thing and if this sort of proxy service weren't well-suited for posting bulk positive reviews under different IP addresses.
Honeygain did not immediately respond to a request for comment.
Knight takes pawn
The amount of ostensibly passive income people earn in this manner varies. IPRoyal advertises $0.20 per GB of data and last month claimed, "On average, our Pawns earn around $5-30 per month." This in response to an individual claiming the amount was only about $0.15 per day.
Others offer $0.10 per GB, or less depending on availability. And the performance impact of backdooring your own internet connection, the companies claim, is minimal. Packity, for example, says its app will not use more than 15 per cent of available internet bandwidth.
The Register asked to speak with someone at PacketStream about the company, and received a response from the firm's support address that ignored our inquiry about whether we should attribute the replies to any individual in particular.
We asked PacketStream the following questions:
- "Do ISPs have any issue with PacketStream reselling customer bandwidth, given that many explicitly forbid resale?"
- "Have any PacketStream customers had their ISP accounts cancelled or blacklisted as a result of what's done on IP addresses that they're associated with?"
- "Has PacketStream had to remove or warn any proxy address customers for illegal or disallowed activities? If so, any idea how often that happens?"
- "How would you describe growth at the company since its inception?"
The response we received did not directly address most of our questions, but offered general reassurance about the legitimacy of the business.
- "We have both active & automated processes to prevent abuse and terminate accounts. We’re a US company and service thousands of business customers, including large enterprise companies who choose PacketStream’s proxy solution because of our fully opt-in, transparent bandwidth sharing model."
- "We value the integrity of our IP network. Maintaining an ecosystem that’s beneficial for all participants is important to us."
- "PacketStream is not an anonymity tool. We collect customer information. PacketStream’s model doesn’t lend itself well to abuse cases."
- "We launched a little over two years ago and we’ve seen strong growth on both the Packeter and customer sides of our business. We’ve seen an increase in the demand for business intelligence tooling as more companies have leaned into digital efforts during the shutdowns. We’re glad that we’ve been able to support households with a passive, supplemental income stream during the pandemic."
The Register asked Comcast whether any of its staff cared to comment on bandwidth renting. After an interim inquiry for more detail, the US cableco did not respond. ®
- Black Hat
- Black Hole
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Domain Name
- Identity Theft
- Kenna Security
- Network switch
- Palo Alto Networks
- Radio Access Network
- Software-defined network
- Streaming video
- Submarine cable
- Systems Approach
- Trusted Platform Module
- Voice over IP
- World Wide Web
- Zero trust