I have had to back my mother down from that precipice on her own TV so I know it's worth worrying about. The siren call of an entirely empty TV homescreen beckoning us with a struck-out radio tower icon. "We have Disney+ and CraveTV too... press [menu]... pay no attention to the sticky note your son put on the coffee table"
This happened to me. After they left, I tried a factory reset, but I don't have confidence there's not some code to remember previously saved wifi connections because my tinfoil hat is firmly in place. However, as you've said I only use the TV as an HDMI receiver. None of the TV's apps are used again. So I'm not sure how much they can detect from just the use of the HDMI port as the only thing being used. The games we play to get the subsidized pricing.
It is able to identify content directly from the pixels, they will know what you've watched even if it was from a pirated .mp4 served from your PC:
Personally I'd just not want any TV in my house, but convincing the family of that is not easy ;-)
Thankfully, the blast radius of this is nothing without connectivity.
wss://proxyjs.brdtnet.com:443
This hostname resolves to AWS Global Accelerator IPs
There is some irony that both the scrapers and the websites being scraped are probably hosted on AWS, while playing an elaborate cat-and-mouse game pretending that they weren't.
https://aws.amazon.com/marketplace/seller-profile?id=bf9b432...
Just making a note here for anyone else with the same thought: I went to ping the domains listed ITT, and nothing went through. I'm running OPNsense and amongst other things using some of the hagezi DNS block lists [0]. It looks like brdtnet.com, bright-sdk.com and various subdomains were already in there, which is a nice sanity check.
That said, also worth noting that an Unbound or other resolver based DNS block list can prevent resolution but doesn't preventing connecting to the underlying IP, it's not the same thing as actually invoking your firewall itself. For that I think you need to stick the lists into something that will resolve them regularly and then actually Firewall that off. So for OPNsense you can setup an alias using the URL Table (plain text) or URL Table in JSON depending on format, or manage it externally directly if desired via external. Then the source will be updated and aliases will all be resolved on operator defined schedules, and can in turn be fed into regular firewall rules. Don't forget these can turn into massive lists, so make sure your internal resource limits (so for OPNsense that'd be Firewall Maximum Table Entries) are set sufficiently high and the hardware can handle it.
Other systems may handle it differently, just it's important to double check what is actually happening including if something malicious tries to be sneakier. And ultimately for these sorts of untrustable embedded devices that lack owner control, it's probably a lot better and more sustainable, if more effort upfront, to isolate them into their own vlan/subnet and then whitelist instead of blacklist. So they can only access what you decide they need to and nothing else, vs access everything except what is disallowed. Still, blacklisting bad actors as a final layer for everything may still be useful.
----
> On every launch the SDK calls:
GET <https://clientsdk.bright-sdk.com/sdk_config_ios.json>?appid=<bundle>&ver=<sdk-version>&uuid=sdk-ios-<32hex>
You can also check if your network is running a residential proxy exit node here: https://layer3intel.com/is-my-network-a-residential-proxy
There is discernible lag from proxy to c&c node. The individual bots don't have access to a lot of compute, and are sometimes restricted wrt feature set (e.g. proprietary video codecs).
There are a few other techniques. It's a cat and mouse game though. And the bot owners are usually more motivated than you are.
Alternatively, if it's the first time the IP is seen and it's a deep linked page with no referer, send a neverending chunked gzip data stream.
Imaging having the police show up at your door because they've figured out that you're trafficking child porn, when the actual culprit is someone that is using your TV as a proxy to trade child porn.
If there is any good news about this, it is that the fatigue seems to be hitting normal people. Buddy from work complained to me how he now is now forced to be a full blown wifi/internet admin so that his kids' restrictions/limits are appropriately enforced.
I am just venting, because I am not entirely certain what an appropriate solution here is.
If the divide was data center vs residential IPs, fine, but thanks to Bright Data and friends, residential IPs are getting suspicious as well, so I guess the next step is full-on client verification then...
> On iOS, this bypasses any configured VPN’s tun0 interface entirely. The peer tunnel does not cross a user-configured VPN, even when the rest of the app’s HTTPS traffic does.
What's a legitimate use case for this API? When/why should an app be allowed to bypass a user-configured VPN?
When you're the application providing the VPN or when you're any app built to communicate with something on a local-ish network, not something actually reachable globally.
temporarily if full tunnelling isn't working, one can split tunnel to route around issues due to VPN
But imo an app should never bypass something like a network boundary.
Which presumably passes it a URL to scrape and waits for it to return the data.
What happens if I write my own tool that connects to that C&C server, waits for a URL to scrape, and returns gigabytes of freshly brewed hot horseshit?
If they're making a request to my machine to go and curl a page, how do they even know whether or not it was https?
> you are allowing Bright Data to occasionally use your device’s free resources and _IP address to download public web data from the internet_. (emphasis mine)
I think the misleading part -- to the end-user -- is the "download public web data" part. If the data is public why can't Bright Data download it themselves? Well, because the other end doesn't want them to, apparently. The product is make you help Bright Data circumvent the undesired properties of the "public" data providers, on behalf of someone who happens to have the cash but as of yet is at the short end of the Internet stick (for all the right reasons, I'd say).
This is absolutely deplorable, but knowing the directions this is heading, I am neither surprised nor concerned, frankly. People have long voted with their wallet -- it's not the privacy-conscious Joe the Hacker that is being proxied through here, it's our parents and millions of people who just want entertainment at the end of the working day, including _parents_ of small children.
Day by day the dark Internet theory sounds more plausible, and frankly I am all there for it. The Internet will collapse into a feudal internetwork where any routing will need hop-by-hop key, so real people (and agents, frankly) can maintain a measure of trust that right now is being actively circumvented.
I was unable to find related Android SDKs. I tried looking at the various apps on AppGoblin to find the android versions, then looking through their unmapped SDK parts but didn't see anything.
https://github.com/BrightSDK/bright-sdk-gradle-plugin-docs
This looks like it should just be "com.brightdata" but I did not find anything. With 60 iOS apps there must be apps with Android SDK, but I'm not sure why I am not finding any.
If anyone knows, or would like to chat feel free to connect. I'm happy to share data.
I'd love to find and remove any apps from my devices that have this SDk active.
https://www.thequantizer.com/tutorials/wireshark-iphone-traf...
It has been a while since I personally did such traces, but Wireshark was very simple to use and once the network is exposed, it has lots of information available online if you need more.
I found bypassing your VPN particularly appalling, as is the whole thing. Personally, it would be amazing if there were a limit on how much can be in Terms of Service, as no one wants to read that much anymore.
> MDM, mobile EDR
Anyone care to ELI5 these?
Mobile EDR: Endpoint detection and response. This is cybersecurity software to monitor and deal with network activity happening in mobile devices like tablets, phones, etc…
- DNS block & SNI filtering: I expect BrightData to rotate the endpoints if this issues gains enough attention. It will take some time once all the apps embedding the SDK catch up, but if they're smart SDK may already have a backup C&C connection they will try to reach out to after prolonged unavailability of the current endpoints.
- TLS fingerprint: unless SDK pins it, it's the cheapest one to rotate continously.
- MDM solution: almost unattainable to private users; not clear how stable the SDK name is to rely on.
Not saying I have a better approach. It seems behavior like this should be explicitly banned on Apple/Google's side with immediate termination of their publisher accounts.
So what I have now is a pre-smart TV I found at the thrift, still very good picture that’s more than enough for the few times I use it.
There should be a way to disable the “smart” garbage in new TVs, or an option to buy normal ones at least.
Ah yes. The big privacy scraping company called themselves The Luminati. It’s like they are side-investing in tin foil hats or something.
