How to Safeguard the Proxy Industry
- Published:
Proxies, the tool used as an IP address substitute, have been increasing in popularity. A large part of that is the rising importance of public data acquisition. Like with any tool in the world, however, proxies can be used for good or ill. There are plenty of legitimate reasons for proxy use, ranging from load management and public web data collection purposes to increased anonymity. Yet, not everyone is well-meaning.
When we began in 2015, there were little industry-wide practices. The proxy market was still in its infancy. We had to develop our own procedures that would ensure highest standards and safeguards from any illegal activities which could possibly arise.
In the foreseeable future, with the massive surge of interest in online data acquisition currently happening, proxy use will increase in tandem. In order to avoid social and governmental backlash against the industry, we must take great care and maintain the highest standards of ethics.
Initial Contact
There are some benefits and drawbacks of being in the B2B sphere. One of them is the slower acquisition of clients and partners. In many cases, that’s a drawback. However, in our industry, there is a benefit to it – we can put measures in place to ensure our solutions will be used ethically before a purchase happens.
A long purchasing process makes it easy to weed out some enquiries at the early stages. We have, since forever, added several questions (e.g. what are the reasons behind their need for proxies) in our contact and registration forms. Answers to these questions help us get a better understanding of use cases and how we might be able to aid them.
It took a bit of time to hone the edges of the purchasing process. It’s partly the reason why, for some time, we didn’t have a self-service system. We wanted to implement additional procedures that could ensure the ethical use of our solutions first. Manual reviews and sales are a lot more manageable at a smaller scale, reducing risk of misuse.
Our security checks don’t end with a few questions, however. Once through the first gate, a member of our account management team will greet them in order to understand their business better.
Training Personnel
With some prior research and knowledge, malicious people may fool simple systems. Some safeguards after the sales process has completed are, unfortunately, necessary. Usually, they involve minor tracking and maintenance of the solution used.
However, what constitutes unethical use should always be decided beforehand. At Oxylabs, we have several sets of forbidden data sources and activities. We deny access to some sources where misuse of our proxies might lead to potential negative consequences to businesses or other parties involved, even if accessing the target is not strictly illegal.
Thus, while every partner is informed about our acceptable use policies and is contractually obliged to comply with it, our staff is trained to notice discrepancies in use. Our policy is to continuously investigate if IP addresses are being reached through our proxies. In other cases, our teams look for certain patterns that correlate with abuse and inform the relevant parties about improper use of our solutions.
Finally, we knew that having a risk management and compliance team for proxy use is a necessity. The proxy industry is very unique as the primary solution is just a “gatekeeper” for other activities (e.g. web scraping). Usually, in-house training will be required, however, having our risk and compliance teams on hand saved us numerous potential headaches.
Reducing Risky Cases
Quite unfortunately, there are some ways to commit fraud within complex digital products. Keeping up with all the techniques and methods may be challenging. Therefore, outsourcing some of the steps throughout the entire process is a good idea.
With the launch of our self-service, we knew we would have to process a quickly escalating number of cases. As I’ve mentioned previously, the old school sales process is a lot slower, but it’s also easier to implement anti-fraud along the way.
At that point in time, we already knew how much effort it takes to assess potentially fraudulent transactions that can occur in automated systems. It made better business sense to find someone who could cover the process outside of our company. Thus, we outsourced a part of risk assessment and payment processing to one of our business partners.
Finally, there’s a very simple technical fix that reduces the potential for abuse significantly – limiting ports. Ports like 587 are completely unnecessary in 99.9% proxy use cases. Having them open by default only opens more avenues for unethical use. In extremely rare circumstances, one might simply enable a required port for one particular partner.