Hacker News new | past | comments | ask | show | jobs | submit login

Hilarious conclusion from the author. It's almost certainly not the case that the owners of this service are using it to 'DDoS' targets, rather it's much more likely they are using your device to host a proxy server and then selling access to some 'residential proxy reseller'.

On the other side of that, some random Joe has probably purchased access to a set of these 'residential proxies' and is using them to scrape flight data from the airline site the article author noticed, with some of those requests being sent over the author's connection.

Many 'free vpn' and 'free proxy' apps engage in this behavior, you may proxy your requests via their connection, but they also proxy their requests via yours, generally reselling that access to someone who finds your IP address to be of value to them due to the fact that it's not a datacenter address.

It's certainly questionable to straight up unethical either way, especially so if the service doesn't disclose to you that they're doing that, but on the other hand I find the author's DDoS conclusion to be so contrived and out of touch with reality that I had to write this comment.




Did you read the part where there was a hosted, downloaded, config file that contained the target URLs? That doesn’t seem proxylike.

          "urlList": [
      {
        "url": "https://turkmenistanairlines.tm/tm/flights/search?_token=J8SxUX2Qwzltw4LiHsRHTCtfthgBYxf4hyI8oNly&search_type=internal&departPort=TAZ&arrivalPort=CRZ&tripType=rt&departDate=4%2F22%2F2023&arrivalDate=5%2F4%2F2023&adult=1&child=0&infant=0&is_cship=on",
        "method": "GET"
      },


My mistake, I looked at the article for 10 seconds before assuming that this app is no different than hundreds of other ones, apparently it is a rare outlier. At any rate, there are more effective ways to disrupt service if that was the goal.


Upvoted for honesty :)


Is it evident that it's not proxy? Even if it's not work like HTTP Proxy, still it could work as a sort of proxy service for scraping.


Pretty harsh to say that this is a hilarious conclusion when your own conclusion seems even more rash. If your conclusion was the case, wouldn't that mean there'd also have to be people interested in scraping random (static) https://www.science.gov.tm/ pages?


It doesn't seem to be putting the result data anywhere though (unless I missed that part)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: