alt Hacker NewsHow does blocking ASNs solve the problem you described, with proxy backdoors in apps? These will use residential/mobile IPs, right? That’s the point.
btw, may as well name and shame: the biggest culprit is Bright Data, formerly known as Luminati, also known as HolaVPN (the Chrome extension where they got their start, promising a VPN, routing traffic through a few DigitalOcean boxes, while selling each of their millions of users as a residential proxy endpoint to industrial scrapers). Nowadays they do the same but without the SPOF: they license their “SDK” to app developers, who launder the liability on their behalf.
I'm currently working again on my ebpf firewall, where I'm integrating an active DDoS kind of analysis across the network, so that other backends using that firewall can synchronize their blocklists more efficiently and contribute their traffic data.
I want the firewall to be some kind of middleware(?) for Go backends, so you can plug it in and can stop worrying. At least that's the idea.
It's similar probably to what cloudflare's DDoS protection is built like, but I'm focusing on Go backends first (my own use case) and am trying to make this as decentralizable as possible.
Is gonna take a bit until I'm confident that this approach will work, but I highly recommend eBPF for blocking and traffic analysis. It's insane what you can offload to the NIC, even when it's only partial support and not fully supporting XDP. The blocks are just so much faster to do than in userspace.