Proxy Types: Which Are the Most Harmful to Advertisers?

Proxy traffic in and of itself isn’t a bad thing -- internet users have been using proxies for many years to evade location-based rules and protect their identity. In the hands of fraudsters, however, the use of proxies poses huge threats to advertisers, their campaigns, and their ad spend. 

In this article, we’ll explore different proxy types, which proxy types fraudsters use, the threats behind this type of proxy use, and how to prevent it. 

• Who uses proxies and why?
• Which proxy types do users and fraudsters use?
  
• The most dangerous proxy type for marketers
  
• The biggest dangers of proxy use for marketers and advertisers
  
• How to detect if a proxy is being used
  
• How to protect your campaigns and ad spend from all proxy traffic
  

Who uses proxies and why?

Proxies act as a safeguard that protects users’ online identities. Instead of connecting to a website directly, people connect to websites via proxies that act as a go-between that links their computer or device to websites and hides their real IP address to avoid tracking.

People

Proxies function as shields that protect the user’s identity when they visit websites. For this reason, people use proxies for several legitimate reasons, including:

1. To protect their privacy and security online
2. To bypass internet censorship and access restricted websites
3. To hide their IP address and location
4. To access content that is only available in certain countries

Fraudsters

Fraudsters also use proxies for similar reasons, but most often with nefarious intent, including:

1. To hide their IP address: Proxies enable bots or software to make requests to websites and other online services without revealing their own IP address. This can be useful for avoiding detection or blocking by the target website or service.
   
   
2. To bypass restrictions: Some websites or services may block or restrict access based on the IP address of the request. Using a proxy, the bot or software can bypass these restrictions and access the site or service.
   
   
3. To give the appearance that requests are coming from multiple locations: By using multiple proxies, the bot or software can make requests to a website or service that appear to be coming from different locations. This can be useful for tasks such as web scraping, where the bot needs to gather data from multiple sources.
   
   
4. To protect the identity of the bot or software: In some cases, using a proxy can help protect the identity of the bot or software, making it harder for others to trace the requests back to the original source.

Which proxy types do users and fraudsters use?

While some proxies are only used for technical purposes, such as content distribution, high availability, or security, there are several proxy types that people and fraudsters can use, including:

1. HTTP proxies: These can be used to access web pages and other internet resources. HTTP proxies are also known as high-performance content filters.
   
   
2. SOCKS proxies: These proxies are used to support a variety of internet protocols and can be used to access a wide range of internet resources, including websites, games, and more.
   
   
3. SSL/TLS proxies: These proxies use encryption to secure internet connections and can be used to access websites that require secure connections, such as online banking and shopping sites.
   
   
4. Corporate proxies/VPNs: Businesses use these to provide their partners and employees with secure, remote access to both their internal and external networks and resources.
   
   
5. Anonymous proxies: These proxies hide the IP address of the client, which makes it difficult to track their online activity. These can be either data center (the proxy is hosted in a data center such as Amazon or Microsoft Azure) or residential (the IP address is associated with a commercial ISP in a country such as Verizon, Orange, or Vodafone).

What is the most dangerous proxy type for marketers?

Not all proxies are created equal. Some proxy types represent a bigger danger for marketers when it comes to ad spend and distorted campaign metrics. 

Anonymous residential proxies are the most dangerous for advertisers since they are the hardest to detect and are often used for tasks such as web scraping or automated software browsing. When it goes unnoticed that these proxies are being used by fraudsters, the effectiveness of your ad spend becomes severely compromised.

Residential proxies can also be used to bypass restrictions or filtering based on the IP address of the request. This can lead to paying for users outside of your targeted locations and the harmful distortion of your metrics.

Some websites or services may block or restrict access based on the IP address of the request, but the use of a residential proxy can make the request appear as if it is coming from a legitimate, non-restricted location. This can lead to several unwanted situations, such as paying for users that are out of your target area and the skewing of your metrics.

The biggest dangers of proxy use for marketers and advertisers

Fraudsters use proxies because they can hide their location, servers, and networks, providing them with the anonymity and speed they need to perform illegitimate tasks. 

There are two main dangers of fraudulent proxy use that marketers and advertisers need to be aware of:

1. The use of large-scale click farms and botnets 

Fraudsters use click farms and botnets to send torrents of invalid clicks to ad campaigns from any location, which leads to wasted impressions and drained campaign budgets. 

Those using more sophisticated bots will even use expensive residential proxies to fake their location and/or network. For example, they can make it appear as though they’re browsing on a different connection from a different country.

2. Impact on the ability to optimize campaigns  

Proxy use causes a distortion of campaign metrics, which renders advertisers unable to optimize campaigns based on location and language. Not only does this impact the success of their campaigns, but users also receive a much less streamlined and relevant user experience. 

Since proxy traffic also impacts browser fingerprinting, advertisers cannot access important user information, such as whether users are new or returning.

How to detect if a proxy is being used

Most non-anonymous proxies can usually be detected by checking the headers sent by the browser. They will either modify the X-Forwarded-For header to add the client’s IP to the header (in a X-Forwarded-For: <client>, <proxy1>, <proxy2> fashion) or add their custom headers -- like Opera Mini does. 

However, it becomes complicated when we look at anonymous proxies. When these proxies are hosted in data centers and hosting providers, such as Amazon or Microsoft Azure (among many others), it’s very difficult to tell the difference between them and a corporate proxy/VPN hosted in the same data centers. This makes it challenging to filter users that are actively hiding their location versus users browsing from their workplace. 

For example, a user skipping a geolocation block from China versus a user from Italy browsing from a multinational company’s computer could both be seen under an Amazon Singapore IP address.  

On the other hand, the issue becomes more severe if anonymous proxies are residential instead of belonging to a data center. This is because the pool of users that are unable to be distinguished from a proxy user is on a much bigger scale than corporate proxies, as it goes from users browsing from corporate networks to all of the customers of a commercial ISP. 

For example, one of the biggest proxy providers in the industry has more than 5 million residential IPs in the United States alone.

When it comes to residential proxies, it’s extremely difficult to detect them based on IP listings or header tampering. The best approach in tackling illegitimate proxy behavior is to focus on the user instead of playing cat and mouse with the IP address. 

How to protect your campaigns and ad spend from all proxy traffic

Even if you’re able to detect the fraudulent use of proxies by identifying surges in traffic from outside of your campaign’s target zone, manual methods of blocking and blacklisting each suspicious IP address are incredibly time-consuming and often inefficient. 

Fraudsters continue to use proxies since they provide the anonymity and speed they need to perform nefarious tasks at scale. Businesses that are serious about preventing fraud and protecting their ad spend must take action against illegitimate proxy use. 

However, taking action must be done in the most efficient way -- which is only possible with an AI-powered solution that leverages automation.

Opticks can verify that users are not sophisticated bots, check the correlation between location and browser configuration, and conduct advanced network analysis to detect invalid clicks -- even when fraudsters browse using these proxies. 

We use proprietary, AI-based fraud-detection algorithms and automated ad fraud protection against all types of proxy traffic. And, with manual checks and reviews to ensure legitimate web traffic isn’t blocked, organizations can be assured that their campaigns are protected against fraudulent proxy traffic.

Find out more about how the expert team at Opticks can help protect your ad spend and campaigns by booking a free product demo.