Plausible deniability. This thread is about dealing with potential abuse of IP addresses.
It wasn’t me!
Other people can use my open WiFi
These days the open WiFi excuse doesn’t quite carry the same weight as it once did. Not many people leave their WiFi open without a passphrase anymore. Besides strangers mooching off you, you have to trust others in your household.
With the rise of cryptocurrencies we now see a new type of decentralized privacy networks (VPNs). These systems work by stakeholders running node software in their homes, allowing for other users to reach out to the Internet through their connections.
This is a similar issue to running Tor exit nodes. Which is why most Tor exits are known institutions and registered non-profit organisations dedicated to this purpose. The difference I’m trying to point out here leads to the concept of the residential proxy. There’s a big legitimate market for buying proxies where the service providers advertise that they can supply their users with a huge pool of rotating residential IP addresses.
These residential proxies work by routing traffic to other real actual household live devices such as people’s desktops and mobile phones. Here is a quote from one such proxy service provider:
One key drawback is their authenticity comes at a price of a slightly slower speed compared to other proxies. Since they rely on the connections of the end users, their speed can vary to some extent in accordance with the bandwidth and overall quality of those connections.
In addition, since end users can potentially disconnect without warning, residential proxies can potentially suffer from stability issues.
My first question to this is: people actually sign up for this? People actually are comfortable with running whatever software on their computers to share their connection as an EXIT NODE? Where do you sign up to do such a thing?
I understand a lot of people think they do this and it allows them to have plausible deniability that things coming from their IP address aren’t actually them. Are you willing to take this risk and potentially have to explain yourself in court with this argument? Or potentially risk your relationship with your ISP (that may be your only option.) I’m sure this would go against the terms and acceptable use for most residential ISP connections.
Even if the feds don’t come knocking, you’ll likely see an increase in captcha prompts just like when you’re using paid commercial VPNs, except now it’s affecting your home connection. Not ideal since it affects your quality of life.
I read from another source that people actually sign up for this, and they’re getting paid, by how much I do not know. So, I might sign up for this, but depending on how much I will be paid and how much internet speed I will be having as a result.
Plausible deniability isn’t going to protect someone from months or even years of headaches, calls, hassles, or false charges if their IP just happens to show up linked to something bad. You expect the system to just take you at your word about this? Plausible deniability isn’t proof of innocence, nor will the authorities just throw up their hands and give up. No, they will continue to persecute as it was your IP and you’re the only person they can tie to it. Plausible deniability certainly didn’t help people when the MPAA or RIAA came suing either.
That’s not getting into the fact that the people using these services are the highest percentage most likely up to illegal activities. The likelihood they are random paranoid people just wanting to stay anonymous starts decreasing rapidly once they are willing to pay real money for this kind of service.
This is a good point as one of my ISPs uses cgnat causing a random easy captcha every now and again but it doesn’t bother me because it’s nothing like as bad as you’ll encounter using common Tor exit IPs.
Not always, but I actually prefer cgnat in a lot of cases. I like to think of it in a similar benefit as shared IP addresses on VPNs. Would like to know more details regarding the way the ISP would track what customers are using which IPs during which time durations and multiple people using the same IP at the same time.
Absolutely agree, and with the rise of crypto and decentralized VPNs this is only going to gain popularity and commonality.
Don’t need to be on your property to use you as a proxy. Otherwise I’m with you and I secure mine as well but this only reinforces your responsibility for where your IP address ends up across the web.
Yes a lot of people are clueless and are just getting lucky. I don’t even share my WiFi with people I know or family.
This is my argument as well. Even if you end up winning in the end, you still had to defend yourself.
As this is an entry node it makes for a much different situation. Other than the bandwidth usage issue, this is no different than running a harmless node like Bitcoin for example. Where your IP is publicly advertised and making various connections to participate in the network.
The problem is the exit node where others can access endpoints appearing as your IP. I’m sure you understand this though and I’m just making a point for other readers.
I think alot of the arguments about plausible deniability are missing the point. If you’re not doing anything that will land you in court then yes it is absolutely a risk. If you are then it is a good defence, depending on how your country’s legal system interprets IP addresses equalling people.
I suppose it depends on what illegal stuff you’re doing. I would imagine that stuff like torrenting most people would be using a VPN, for the really serious stuff, assuming you’ve got your opsec covered, it may still be a nice thing to fall back on if you do end up in court.
Well if you’re doing something illegal how likely is is that some random jumping on your wifi is doing worse? How valid a defense having an open wifi is would depend on your jurisdiction but if it is the case that it could be a valid defense then it may be worthwhile if you’re up to no good.
Exactly… this is a gray area issue with much needed case law precedent to base things on going forward. I can already see how it will end up with Internet access becoming more strict and digital IDs verifying who’s who for everything. As we move more towards IPv6, IP addresses will be a globally unique one time use session based identifier. Long live NAT and IPv4.