← Back to Blog

Your Smart TV as a Proxy for AI Scraping: Understanding the Shadow Market of Residential IPs

In June 2026, Include Security revealed the dark side of the residential proxy market: SDKs in free Smart TV applications turn televisions into exit nodes for foreign scraping. Let's analyze where the "400 million IPs" come from, what the FBI says, and how to choose a clean proxy network to avoid getting banned.

📅July 1, 2026
Your Smart TV as a Proxy for AI Scraping: Understanding the Shadow Market of Residential IPs

When you purchase "residential proxies," you are paying for one key promise: your traffic will go out to the internet through a real home IP address of an ordinary user, rather than through a flagged data center. But whose address it is and how the provider obtained it is a question that remained in the shadows until recently. In June 2026, an independent researcher known as Buchodi, along with the Include Security team, published an analysis that vividly revealed the underbelly of this market: the television in your living room right now could be a node in a commercial proxy network—routing someone else's scraping traffic while you watch a series.

What Happened: SDKs Inside Free Smart TV Apps

The study, first published on June 5 and updated on June 17, 2026, examines the SDK of Bright Data (formerly Luminati Networks)—the largest player in the residential proxy market. The company advertises a network of over 400 million home IP addresses, of which, according to its own description, more than 150 million are obtained through a "voluntary" SDK embedded in free applications.

The mechanics are simple and thus unpleasant. The developer of a free game or streaming app embeds the Bright Data SDK under a "free content in exchange for resources" model. The user agrees to the terms—and their device becomes an exit node: through it, other clients paying Bright Data route web scraping traffic. According to the analysis, the SDK establishes a persistent WebSocket connection with proxyjs.brdtnet.com:443, pulls configuration without authentication from clientsdk.bright-sdk.com, and immediately sends the device's public IP to the server.

Particularly telling are the platforms where this occurs. Among the partners named in the study are PlayWorks Digital (over 400 game titles for Smart TVs reaching around 250 million TV households through Comcast, Sky, Cox, LG, Samsung, Vizio, Roku), CloudTV (125+ TV brands), the Viber messenger (Rakuten) with an audience in the hundreds of millions, the Korean publisher Supercent, and Moonfrog Labs with the game Teen Patti Gold (~10 million MAU). This means we are not talking about marginal applications, but rather a mass market.

"Sometimes" vs. 200 Gigabytes a Month

The key complaint from the researcher concerns the wording of consent. The analysis cites the opt-in text from the Petflix app for Roku: "To use Petflix for free and with less advertising, you allow Bright Data to sometimes use the free resources of your device and IP address to download public web data." The word "sometimes" does not align well with technical limits: with global default values of 50 MB per day and 500 MB per month, for Smart TVs in the iOS framework, the parameter max_bw_monthly_wifi is set to 200 gigabytes monthly.

Even more alarming are the criteria for "idle" time, during which the device begins to relay someone else's traffic: according to the analysis, the SDK ignores whether the screen is on, whether a phone call is taking place, and activates even at a minimal battery charge of 20%, with a ceiling of 70% CPU load and 90% memory. The researcher also described a bypass of VPN on iOS—the proxy traffic bypassed the tunnel. After an inquiry (on May 11), Bright Data responded on June 8, citing a PwC audit, and on June 17 acknowledged the VPN bypass as a "bug that has been fixed."

The degree of sophistication of the scheme is also indicated by the fact that the aggressiveness of data collection is adjusted by region. According to the analysis, for Uzbekistan and Oman, limits are raised to 1 GB per day and 30 GB per month with a minimum charge of just 1%, while for Qatar and the UAE, more lenient limits of 40 MB per day apply with a battery threshold of 20%. This means the network literally "tightens" the load where there is less chance that the owner will notice the traffic consumption. The technical footprint is also characteristic: the TLS certificate for the connection is issued to CN=*.luminatinet.com—a legacy domain still under the old Luminati brand.

Why This Is Needed for the Scraping Market

The reason residential IPs are so valued is obvious. Data center addresses have long been widely blocked by anti-bot systems like Cloudflare, DataDome, and HUMAN. A request coming from a regular home connection like Comcast or T-Mobile appears to the website as a live user and passes through filters. This is why all heavy scraping—including the collection of training data for AI—seeks out residential networks. The demand is colossal: according to industry observations, the monthly number of requests to residential proxy domains grew from nearly 400 billion to over 500 billion between early 2025 and April 2026, with one of the main drivers being AI scraping.

This same demand also generates legal battles over data. Just recall the lawsuit filed by Reddit on October 22, 2025, in the Southern District of New York against Perplexity AI and three proxy intermediaries—Oxylabs, AWMProxy, and SerpApi—for "industrial" collection of user comments. Regulatory pressure is also increasing: starting August 2, 2026, the European AI Act becomes fully applicable, mandating opt-out for text-and-data mining. We discussed these changes in detail in our article on how the EU AI Act changes the rules of web scraping.

What the FBI Says

The problem is not only about the privacy of individual TV owners. On March 12, 2026, the FBI issued a separate public service announcement (PSA) about residential proxy networks. In it, the bureau describes a residential proxy as an intermediary using legal IP addresses assigned by providers to household IoT devices—TV boxes, digital photo frames, smartphones, tablets, and routers. According to the FBI, such networks are becoming a standard tool for abuse: obfuscating the connection between C2 servers and infected devices, spreading malware, phishing and identity theft, spam, and creating fake accounts.

The main risk for the average person is articulated directly by the FBI: when illegal activity occurs from your IP, the innocent owner of the address will have to deal with it. The bureau's recommendations for citizens are straightforward: avoid TV devices that promise "free" sports, movies, and series; be cautious with free VPN applications; do not install pirated software; use only official app stores and reputable publishers. Businesses are advised to segment their networks and block IP addresses associated with residential proxy networks.

What This Means for Proxy Buyers

The main takeaway for the industry is that residential proxies have a supply chain, and it can be "clean" or "dirty." If IP addresses are gathered through hidden SDKs, botnet-like schemes, or infected devices, the buyer of such a network faces three specific problems. First, the reputational quality of the IPs: addresses from murky sources are often already flagged and end up on blocklists, meaning your scraping gets banned where a clean network passes. Second, legal and ethical risks: using infrastructure gathered without clear consent from individuals is not the kind of story a serious business wants to sign up for. Third, stability: a node that drops out as soon as the owner picks up their phone is not the uptime you can rely on for production parsing.

A practical checklist when choosing a provider boils down to several questions. Where do the IPs come from and how was consent obtained from their owners? Is there an independent audit of the sources (as in the case of Bright Data's reference to PwC)? Are the types of proxies transparent and are the pools—residential, mobile, data center—segregated for different tasks? For sensitive scenarios like multi-accounting and working with mobile applications, mobile proxies provide the most "live" fingerprint, while for mass parsing, it is wiser to combine residential proxies with rotation for specific geo-tasks. It is not about "how many millions of IPs are claimed," but rather how clean, consistent, and legally sourced those addresses are.

How to Protect Your Own Devices

If you are on the other side—simply an owner of a Smart TV or phone—the minimum hygiene looks like this. At the network level, the analysis recommends blocking SDK domains: proxyjs.brdtnet.com, proxyjs.luminatinet.com, proxyjs.bright-sdk.com, clientsdk.bright-sdk.com, clientsdk.brdtnet.com— for example, through DNS filtering on your router or Pi-hole. According to the study, blocking these addresses stops the device from functioning as a relay, without affecting the paid service of Bright Data, which operates on other addresses. And, as the FBI advises, it is critical to be mindful of what "free" applications you install: free content that you do not pay for with money is often paid for with your IP address and traffic.

Conclusion

The analysis by Include Security is not "a revelation of one company," but an X-ray of the entire residential proxy market: the demand for live home IPs is so high that they are gathered from anywhere, even from the television in the living room, and the line between "voluntary consent" and a hidden botnet turns out to be thinner than one would like. For those who purchase proxies professionally, this is a reason to stop looking only at the price per gigabyte and start asking about the origin of the IPs. A clean, transparently sourced network is not marketing; it is a direct condition for ensuring that your scraping does not get banned and does not become part of someone else's legal story.