Nearly half of LG smart TV apps contain residential proxy SDKs

248 points · 160 comments on HN · read original →

Points and comments are a snapshot, not live.

Over a third of LG and Samsung smart TV apps contain proxy SDKs that sell the device's IP address.

Spur scanned 6,038 LG and Samsung smart TV apps, finding 2,058 with residential proxy SDKs. These SDKs, from companies like Bright Data and Oxylabs, let apps route third-party traffic through the user's home network, often without clear consent. Many apps are first-party proxy inventory: simple screensavers or games where the IP is the product. Amazon and Roku ban such SDKs, but LG and Samsung have not. The article warns of risks including local network access and botnet footholds, citing the Kimwolf botnet that abused proxy networks to reach LAN devices.

What commenters are saying

Commenters express outrage and find the practice disturbing, comparing it to the show Silicon Valley. Several question how background execution is possible, noting that LG's webOS supports suspended states. A strong camp argues this should be illegal, while a minority defends consent-based proxy usage, comparing it to Tor or VPNs. Others counter that residential proxies enable scraping that evades rate limits and violates ISP terms, burdening free infrastructure. A few users note their home automation setups with VLANs and local-only devices as a mitigation. Some criticize the article's AI-generated style.