Become a TechRadar Insider
- Infoblox Threat Intel finds 65%+ of its cloud customers made DNS queries to residential-proxy domains in 2026
- Residential proxies could result in legal exposure or reputational damage if threat actors abuse them
- While not all residential proxies are illegal, abusers take advantage of anonymity coupled with cheap, unauthorized residential proxies to perform tasks that may be unethical, if not outright illegal at times
Users installing free VPNs, streaming apps, and even productivity apps might be unaware that they are often unintentionally the product themselves.
The old adage about there being no free lunch rings true here with many of these 'free' services essentially renting out the identity of an unsuspecting victim's network to strangers, many of which use it for malicious reasons.
The practice, which is considered fair game by many such applications has security and privacy implications in addition to users being flagged for fraud or extra verification as IP reputation systems at datacenters account for requests seemingly originating from a victim's network.
Blending in for a reason
The service being used here is called a 'residential proxy,' and while legitimate providers may exist, many of the sources are dubious to say the least. This is because demand for 'clean' residential proxies is both tremendous and consistent.
Research from Infoblox Threat Intel indicates that the situation is more dire than previously assumed, as nearly two thirds (65%) of its Threat Defense Cloud customers made DNS queries to domains used to access or orchestrate residential proxy networks in 2026, totaling over 500 billion such queries per month.
This is different from anonymizers like Tor or commercial VPNs, which produce anonymized traffic via voluntary nodes for the former and datacenter IPs for the latter. It leverages existing hardware on one's residential network, such as home routers, phones, IoT gadgets, or anything else that can essentially run a proxy service.
The kicker is that most of these services never obtain permission from a 'host' or bury such clauses deep in their End-User License Agreement (EULA), often leading unsuspecting victims to 'help' with malicious activities such as fraud, unpermitted data scraping, and even streaming services that bypass regional limitations.
Victims suffer because not only do such services essentially freeload on their existing connections, slowing down their internet, but it could also result in their IP addresses or networks being marked as untrustworthy or even fraudulent if the occurrences remain regular. This could open them up to legal trouble: It is hard, time-consuming, and sometimes downright impossible to prove that you were the conduit rather than the perpetrator for said activities.
Avoiding this is easier said than done, but there are ways to reduce susceptibility to this kind of abuse. A software audit should be your first line of defense. Knowing what runs on all your devices and whether it is trustworthy or not is key to preventing exposure.
One should pay particular attention to free VPNs, cheap IoT devices from dubious manufacturers, streaming software, and even browser extensions, all of which can expose one to threat actors. Investing in a router or software service that blocks such requests would also go a long way, as would leveraging Protective DNS to monitor your network.
To start, users can also use services to monitor and check their IP's risk profile, allowing them to determine whether they are already a victim of abuse.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
