An independent researcher has reverse-engineered the iOS SDK utilized by **Bright Data**, a prominent data business heavily marketing to the AI industry. The findings detail how this SDK, embedded within various consumer applications, converts user devices—including smart TVs—into residential proxy exit nodes. **Bright Data**, the successor to **Luminati**, boasts one of the world's largest residential proxy networks, claiming over 400 million IP addresses. A significant portion of this supply originates from this SDK, which users supposedly opt into via consent screens within free apps, contributing to a pool of over 150 million IPs. ### The Hidden Impact on Your Home Network Published on June 5 by **Include Security** and independent researcher **Buchodi**, the findings highlight a critical concern: the web-scraping traffic originates from the user's home IP address, not the customer's. While not an immediate risk of account compromise or data theft, the primary implication is the unauthorized use of a user's home internet connection and bandwidth as infrastructure for third-party scraping operations. Connected smart TVs are particularly attractive targets for this model. They are typically always plugged in, often on fast, effectively unmetered connections, and operate largely unwatched, making them ideal relays for continuous data traffic. The deepest technical evidence stems from the iOS SDK analysis, though **Bright Data**'s platform support and public partner list suggest broader smart TV integration. The research also uncovered that the peer channel facilitating scraping jobs lacks robust authentication, and on iOS, its traffic can bypass a configured VPN. ### Inside the Peer Tunnel Upon an app's launch, the SDK establishes contact with one of **Bright Data**'s servers, which delivers instructions without significant authentication. From that point, the server can direct the device to fetch web pages using the user's home internet connection. The researcher characterized the security controls on this job-carrying channel as weaker than those typically found in most malware. On iPhones, the traffic was observed to circumvent VPNs, and much of the SDK's activity remained hidden from standard app monitoring tools. The device can continue relaying traffic in the background, even while in use, as long as the battery level is not critically low. ### The Consent Gap Crucially, the opt-in screens presented to users often misrepresent the actual extent of the SDK's operations. For instance, in one Roku app named **Petflix**, the consent screen vaguely stated it would use the device and connection "occasionally." However, the SDK's internal settings allow for up to 200 GB of traffic per month. In certain countries, such as Uzbekistan and Oman, these limits are set significantly higher, with devices cleared to operate almost until their battery is depleted. The SDK can also link a user's phone and computers running the same company's apps, treating them as a single entity. **Bright Data** publicly lists its app partners, which include smart-TV app developers like **PlayWorks Digital**, **CloudTV**, and **Longvision**. The researcher cautions that inclusion on this list only indicates past collaboration, not necessarily that an app currently contains the SDK; each would require individual verification. ### An Old Model, Fueled by AI Demand This proxy model is not entirely new. **Bright Data**'s predecessor, **Luminati**, emerged from **Hola VPN**, which was [found in 2015](https://thehackernews.com/2015/05/hola-widely-popular-free-vpn-service.html) to be selling its free users' bandwidth as exit nodes. The difference now is primarily the scale and the buyer. With sophisticated anti-bot defenses from companies like **Cloudflare** and **DataDome** blocking datacenter IPs, AI-driven scrapers increasingly route traffic through residential connections. **Krebs** [reported in October 2025](https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-residential-proxies/) on botnets like **Aisuru** fueling large-scale AI data harvesting, and **Google** [dismantled the criminal IPIDEA proxy network](https://thehackernews.com/2026/01/google-disrupts-ipidea-one-of-worlds.html) in January. While these operations hijack devices, **Bright Data** maintains its exit nodes are opt-in, making the meaningfulness of that consent a central question. **Lowpass**, syndicated by **The Verge**, [first highlighted](https://www.lowpass.cc/p/smart-tv-web-scraping-ai-bright-data-proxy-networks) the smart-TV angle in February, with the current research providing the technical deep dive. Following these revelations, **Google**, **Amazon**, and **Roku** have restricted background proxy SDKs, leading **Bright Data** to drop support for these platforms, though it still lists **Samsung's Tizen** and **LG's webOS**. ### What to Do For IT security professionals and privacy-conscious users, this traffic is relatively straightforward to identify and block. On a home network, the most direct approach is to block the specific web addresses the SDK uses at the router level, employing tools such as **Pi-hole** or **NextDNS**. Key domains to block include `proxyjs.brdtnet.com`, `proxyjs.luminatinet.com`, `proxyjs.bright-sdk.com`, `clientsdk.bright-sdk.com`, and `clientsdk.brdtnet.com`. According to the research, blocking these addresses will prevent devices from acting as relays without affecting **Bright Data**'s paid services, which operate on separate infrastructure. Organizations managing employee mobile devices should also consider scanning for apps containing this SDK. A crucial point to remember is that on mobile data connections, this traffic can bypass corporate Wi-Fi, meaning network-level blocks alone may not always be sufficient. Furthermore, **Bright Data** could potentially alter the SDK's connection methods in the future, necessitating ongoing updates to blocklists.