Rupert Marais joins us to shed light on a sophisticated digital maneuver that is quietly turning household entertainment systems into a global infrastructure for AI data harvesting. As a specialist in endpoint security and device management, he has spent years tracking how legitimate software kits can be repurposed to bypass traditional security perimeters. Today, we explore the technical mechanics behind how free smart TV applications are transforming private living rooms into “exit nodes” for a massive proxy network, the deceptive nature of the consent screens provided to users, and the specific steps individuals can take to reclaim control over their home bandwidth.
Why have smart TVs and similar connected devices become the preferred targets for companies looking to build these massive, residential proxy networks?
A smart TV is the ideal candidate for this kind of operation because it effectively hides in plain sight, remaining plugged in and connected to a high-speed, unmetered home network 24 hours a day. Unlike a smartphone that might be tucked in a pocket with a dying battery, these devices are “always-on” fixtures that provide a remarkably stable exit node for web-scraping traffic. From a technical perspective, these TVs offer a clean, residential IP address that doesn’t trigger the same red flags as a data center would. The sensory experience for the user is virtually unchanged—they are watching a movie or a show—while in the background, their connection is being leveraged to fetch data from across the web. It creates a perfect “silent” environment where a single device can relay massive amounts of traffic without the owner ever feeling a dip in their streaming quality or seeing a physical change in their device’s behavior.
Could you walk us through the technical process that occurs the moment a user opens an app embedded with this specific SDK?
The technical journey begins the instant the application is launched, as the SDK immediately “phones home” to a central server—often one associated with Bright Data or its predecessor, Luminati—to fetch a set of instructions. What’s particularly alarming is that the research shows this initial handshake lacks rigorous security checks; the server hands over instructions without truly verifying the identity of the requester, which is a control mechanism weaker than what we see in most basic malware. Once the tunnel is established, the device starts acting as a relay, fetching web pages on behalf of third-party clients who want to hide their scraping activities behind a domestic IP. On platforms like iOS, this traffic is even programmed to slip past an active VPN, making it invisible to many of the standard monitoring tools that security teams rely on. The device continues to work as a proxy in the background, even while someone is on a call or watching a screen, as long as the battery remains above a certain threshold.
There is a significant discrepancy between “occasional use” and the actual data limits found in the code; how vast is this “consent gap” for the average user?
The gap between user expectation and technical reality is staggering, often hidden behind a simple opt-in screen that fails to convey the sheer scale of the resource hijacking. For instance, while a Roku app might claim it will only use the device “occasionally,” the underlying configuration loaded by the SDK often permits up to 200 GB of traffic every single month. In specific regions like Uzbekistan and Oman, these limits are dialed up even further, instructing the hardware to keep relaying data until the battery is nearly flat. This isn’t just a minor trade-off for a free app; it’s a systematic exploitation of household infrastructure that can even link multiple devices—like phones and computers—together under a single user profile to maximize data throughput. When users click “accept,” they are essentially volunteering their home as a branch office for a global data business without ever being told their bandwidth is being sold to the highest bidder.
What has changed in the current AI-driven market to make these residential home connections so much more valuable than they were a few years ago?
The primary driver is the voracious appetite of the AI industry, which requires massive datasets to train models but faces increasingly sophisticated “anti-bot” defenses from companies like Cloudflare or DataDome. These security layers are designed to block scrapers coming from known data center IPs, so the industry has pivoted to residential connections to blend in with legitimate human traffic. By routing through a network of over 400 million residential IPs, AI scrapers can appear as if they are just another person browsing the web from their couch, making them nearly impossible to filter out. We’ve seen a shift from purely criminal operations like the Aisuru botnet to these “consent-based” models, which aim to legitimize the hijacking of domestic hardware. Even though platforms like Google and Amazon have started restricting these background proxies, the demand for high-quality data means that companies will continue to seek out “gray areas” like Samsung’s Tizen or LG’s webOS to keep the data flowing.
For a homeowner or an IT professional looking to secure their environment, what are the most practical and effective ways to sever these background connections?
The most effective way to take back control is to implement blocking at the network level using a router-integrated tool like Pi-hole or NextDNS, which can stop the SDK from ever reaching its control servers. You specifically want to target and block domains like proxyjs.luminatinet.com, proxyjs.bright-sdk.com, and clientsdk.brdtnet.com to ensure the “brain” of the operation cannot communicate with your device. This approach is particularly clean because it disables the proxy relay function without interfering with the app’s primary entertainment features or other legitimate paid services. For those managing mobile devices, it’s important to remember that this traffic can sidestep office Wi-Fi by using cellular data, so a combination of network blocks and app audits is necessary. Because the company can change its connection addresses at any time, staying protected requires an active, updated blocklist to keep up with the evolving infrastructure of these proxy networks.
What is your forecast for the future of smart device security in light of these background proxy networks?
I believe we are heading toward a period of increased friction between platform gatekeepers and third-party SDK providers, as the “always-on” nature of our homes becomes the primary battleground for data collection. While big players like Roku and Amazon have already started stripping away support for these background proxies, the AI industry’s demand for training data is so high that developers will continue to find new ways to leverage under-protected systems. We will likely see a move toward deeper integration where these proxy capabilities are baked into even more obscure device firmware, making them harder to detect for the average consumer. Ultimately, the burden of security is shifting toward the network layer, where users will have to become increasingly vigilant about what their “passive” devices are actually doing when the screen is dark. The era of the “unwatched” device is ending, and we will soon see a standard where home networks must be managed with the same rigor as corporate infrastructures to prevent this kind of unauthorized resource harvesting.
