> After config fetch, the SDK opens a persistent WebSocket to:

wss://proxyjs.brdtnet.com:443

This hostname resolves to AWS Global Accelerator IPs

There is some irony that both the scrapers and the websites being scraped are probably hosted on AWS, while playing an elaborate cat-and-mouse game pretending that they weren't.

I never connect any “smart” device to wifi. If it doesn’t work without connectivity, I don’t want it. I use my TVs as display devices. They have HDMI-in and that’s it.

On my TCL TV, you have to connect it to read the Google policies you are agreeing to. If you don't, you agree to policies unread.

Thankfully, the blast radius of this is nothing without connectivity.

But it lets you continue without reading them? There's a lot of questionable terms of service rules but this one has to be uninforcable.

> The SDK’s config ships a flag “use_netifs”: true. That flag triggers code in the SDK binary that constructs its NWConnection with a specific required interface: en0 (WiFi) or pdp_ip0 (cellular), rather than using the system default route.

> On iOS, this bypasses any configured VPN’s tun0 interface entirely. The peer tunnel does not cross a user-configured VPN, even when the rest of the app’s HTTPS traffic does.

What's a legitimate use case for this API? When/why should an app be allowed to bypass a user-configured VPN?

One of the problems I can see here is the problem that running a Tor exit node has: badly behaved users are going to be using it to hide their location.

Imaging having the police show up at your door because they've figured out that you're trafficking child porn, when the actual culprit is someone that is using your TV as a proxy to trade child porn.

Not if my firewall blocks it from accessing the outside world. (But allows HomeAssistant to control it)

I find Cloudflare to be more unethical than Bright Data.

Both are causing a dynamic that will lock down the internet evermore for everything straying slightly from the corporate-approved line.

If the divide was data center vs residential IPs, fine, but thanks to Bright Data and friends, residential IPs are getting suspicious as well, so I guess the next step is full-on client verification then...

I wish federal or state laws could force providing transparency because asking for privacy is a dead end at this point. Just force products and providers that run in my home where they phone in. Then, I can decide what to do with that whether I send them to a black hole or let them pass.

I went through the Bright Data KYC and was actually able to speak with their CEO. They are thorough and personable.

Not the one in my living room.