This investigation into nordvpn's "32+ million residential proxies" is interesting
I decided it would be prudent to recreate this experiment and see if my results match these. Turns out they do.
Here's what I did:
1) I verified that the akamai client ip header is actually the IP of the machine making the request to akamai. Confirmed.
Here's a de-duped text file of about ~2 hours of continuously asking akamai what my IP is when making the disneyplus request:
That repo also has a very simple bash script that just runs over and over logging to a file so you can replicate it yourself.
Alright, NordVPN basically admitted they're using residential IPs, but are claiming it's not secret, it's not malware, and they'll explain it to you if you sign an NDA.
Hey, look. A new page on NordVPN explaining this. What a coincidence that it'd appear today...
OCR Output (chars: 849)
Here’s how it goes:
1. We purchase services that provide pools of
2. There are two types of pools. The first one
consists of IPs purchased from ISPs directly.
The second one consists of the IPs of
people who have voluntarily downloaded
specific applications on their devices. The
sole purpose of these applications is to
reward the end user for voluntarily sharing
part of their bandwidth with various
services. Each individual who has the app
downloaded is fully aware of this purpose
and receives a reward for the traffic sent
and received through their device.
3. These IPs are only used initially when
forming a connection. Regular browsing
data and user IPs are never sent this way.
4. The owner of the IP address can’t see any
individual identifiable personal data
because no such data is ever sent.
@firstname.lastname@example.org's anti-chud pro-skub instance for funtimes