Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
cookiengineer a day ago

> They argue that SIM card regulation could help “disincentivise” online manipulation, and say their tool can be used to test policy interventions the world over.

In Germany, you have to give ISP customer providers (help centers) a copy of your passport ID in a live video stream to authenticate. That was introduced since 2013, for all SIM registrations.

So explain to me, again, how did this help reduce botnet traffic from Russia that uses proxy services of third parties that installed their proxy backdoors in free apps on the PlayStore under the disguise of marketing and advertisement?

I don't understand why Google does not get any critique for allowing so much malware to be officially deployed via their PlayStore? They don't give a damn, have a history of not caring, and are the only point in the supply chain that is the problem. Every service provider that offers residential proxies is using those backdoors, and bought access for it from the advertisement companies.

If you report their Malware or Spamware, they ignore it. Try it, you will be disappointed. Because AdMob and other agencies are their customers. It's the same problem with Microsoft hosting Azure tenants that do spamming, sorry, "marketing campaigns".

Source: I track these companies and their rotating ASNs with zero tolerance for spam. [1]

[1] https://github.com/cookiengineer/antispam

cedilla a day ago | parent | next [-]

I don't think anyone made the claim that requiring identification while providing German phone numbers would do anything about abuse from Russian botnets or abuse from non-German phone numbers.

chatmasta a day ago | parent | prev | next [-]

How does blocking ASNs solve the problem you described, with proxy backdoors in apps? These will use residential/mobile IPs, right? That’s the point.

btw, may as well name and shame: the biggest culprit is Bright Data, formerly known as Luminati, also known as HolaVPN (the Chrome extension where they got their start, promising a VPN, routing traffic through a few DigitalOcean boxes, while selling each of their millions of users as a residential proxy endpoint to industrial scrapers). Nowadays they do the same but without the SPOF: they license their “SDK” to app developers, who launder the liability on their behalf.

cookiengineer a day ago | parent [-]

I'm currently working again on my ebpf firewall, where I'm integrating an active DDoS kind of analysis across the network, so that other backends using that firewall can synchronize their blocklists more efficiently and contribute their traffic data.

I want the firewall to be some kind of middleware(?) for Go backends, so you can plug it in and can stop worrying. At least that's the idea.

It's similar probably to what cloudflare's DDoS protection is built like, but I'm focusing on Go backends first (my own use case) and am trying to make this as decentralizable as possible.

Is gonna take a bit until I'm confident that this approach will work, but I highly recommend eBPF for blocking and traffic analysis. It's insane what you can offload to the NIC, even when it's only partial support and not fully supporting XDP. The blocks are just so much faster to do than in userspace.

chatmasta a day ago | parent [-]

Yes but how’s that going to help when the IPs you’re banning are mobile IP addresses? Bright Data claims to have over 7 million of them in their network. They aren’t in contiguous ASNs because they’re sourced from regular human users unknowingly running proxy endpoints on their mobile devices.

(I agree, eBPF is very cool. Once you dive into the Linux network internals you discover a bunch of shortcuts you can take to execute code on packets before they ever leave kernel space.)

cookiengineer a day ago | parent [-]

Well you have to have metrics and behavioral analysis anyways because of TOR and other proxies, right? For those kind of residential IPs, you will just treat them as /32 prefixes (well if they use IPv4).

There's nothing set in stone, as you have to ensure that 24hrs later they get a chance again, so bans will be temporary first and will be permanent only for repeating offenders.

uniqueuid a day ago | parent | prev [-]

Thank you for that work. I hope it's asymmetric meaning one hour of your work wastes thousands of hours for bad actors.