Detect and Treat Privacy Proxy Connections Strategically
User-friendly privacy proxies are empowering an increasing number of U.S. consumers to browse the internet with greater privacy. Privacy proxy service providers route end-user traffic through intermediary IP addresses, masking the end user’s true IP address. Content Delivery Networks (CDN) manage the intermediary IP addresses instead of Internet Service Providers (ISP). As a result, a user on a mobile device with a privacy proxy enabled appears to have an IP address allocated to a CDN instead of an ISP. The user’s stated country does not change, but the postal code, city, state, or region may differ from the end user’s location.
Mismatches between a user’s detected IP address and their stated location typically indicate risk. Even modest consumer adoption of privacy proxy services would drive a significant increase in flagged IPs or false positives, depending on an organization's decisioning workflow. Left unaddressed, this surge of mismatched IP addresses jeopardizes multiple business functions, from risk management to content syndication to customer experience.
The rise of privacy proxies could increase business risk
Several trends indicate that a substantial portion of consumers are adopting privacy proxies. More internet users desire privacy, as evidenced by the increasing usage of VPN services. As many as one-in-four internet users[1] accessed a VPN in the past month. VPN use increased 23 percent[2] during 2021. Over one-third[3]of anti-virus users report using a VPN.
The increasing normalization[4] of employees working from home also raises demand for services like privacy proxies. Smaller organizations and independent contractors may gravitate to privacy proxies as an easy way to increase security and privacy for remote workers. Privacy proxy service providers will act to capitalize on increasing consumer demand, likely ratcheting up the volume of anonymized traffic on the internet.
Unfortunately, the increase in privacy proxy traffic could also help bad actors to hide their tracks. Attackers use anonymizing services to evade fraud and threat detection mechanisms at target organizations. Since privacy proxies hide some useful risk signals about end users, organizations need other means to distinguish legitimate traffic from high-risk traffic.
Without a rapid, dependable way to identify privacy proxy traffic, organizations may have to treat users of privacy proxies with additional caution. However, increasing authentication requirements for legitimate users jeopardizes customer lifetime value and increases the likelihood of false positives. False positives cost organizations, both frustrating legitimate customers and requiring additional manual resources to confirm that legitimate users do not pose a threat.
Organizations that do not adapt to a marked increase in privacy proxy traffic invite undue business risk of more frustrated customers, increased fraud loss, and more frequent violations of content syndication contract requirements. Mitigating these risks hinges on having a clear indication of the threat posed by users behind privacy proxies.
Enhance IP decisioning with a privacy proxy value
To help security professional make informed decisions about traffic coming in via privacy proxies, Neustar UltraGeoPoint decisioning data will indicate when IPs are privacy proxies, beginning on January 22, 2022. The addition will require changes to internal systems, business logic, and user experience.
Q: Will I need to make any changes to my system?
A: Systems that parse the proxy type field in a manner that requires the return value to be one of a set of values will need an updated set of accepted values to include “privacy proxy.”
Q: Will I need to update my business logic?
A: Business logic that currently flags IPs with a value for the anonymizer status field may need to adjust treatment of privacy proxy IPs. The anonymizer status for these IPs will be populated.
Q: Will users of privacy proxies get blocked from accessing content or services?
A: Customers using Neustar UltraGeoPoint data retain control over the user experience. Each organization decides how to handle privacy proxy IPs.
Q: What are the new data values in Neustar UltraGeoPoint?
A: The “anonymizer_status” will be “private,” the “proxy_last_detected” will be the date the IP was last detected as a privacy proxy, the “proxy_level” will be “elite,” and the “proxy_type” will be “privacy proxy.”
Consumers want more privacy online. Organizations need clear insight into the users accessing their digital services. These two seemingly opposing imperatives can co-exist in harmony. IP addresses consist of dozens of other attributes that can indicate a user’s riskiness when effectively used in a decisioning flow. Privacy proxies add another critical attribute for analysis. Forward-thinking organizations that invest in IP decisioning data simultaneously gain the insight needed to maintain secure operations while accommodating consumers’ desire for greater privacy.
[1] Thebestvpn, VPN Statistics and Usage
[2] VPN Compass, Cybersecurity and VPN Statistics and Trends for 2021
[3] MalwareBytes, VPN usage is increasing, says December 2020 survey
[4] McKinsey & Company, The future of work after COVID-19