Se acharem suspeito que a vossa Smart TV esteja a consumir gigabytes de dados por mês sem justificação, eis que isso fica explicado. Uma investigação revela preocupações sobre a utilização de Smart TVs Samsung e LG como pontos de saída para redes de proxy utilizadas em operações de recolha automatizada de dados na Internet. Segundo os investigadores, a tecnologia em causa está integrada em centenas de apps para os sistemas Tizen e webOS através de um kit de desenvolvimento fornecido pela empresa Bright Data.
O sistema permite que dispositivos domésticos reencaminhem tráfego de terceiros através da ligação à Internet dos utilizadores. Esta abordagem é particularmente valiosa para empresas de recolha de dados online, uma vez que os endereços IP residenciais são menos propensos a ser bloqueados por websites do que os IP utilizados em centros de dados. Os investigadores identificaram várias fragilidades na implementação da tecnologia, incluindo a ausência de mecanismos de autenticação e validação dos dispositivos participantes. O relatório refere ainda que, em determinados cenários, o tráfego associado ao sistema poderá contornar ligações VPN configuradas pelos utilizadores, levantando questões adicionais sobre privacidade e segurança.
Embora a participação nestas redes esteja teoricamente prevista nos termos de utilização das apps, muitos utilizadores não foram devidamente informados sobre o alcance da funcionalidade. Além do consumo de largura de banda, a utilização do endereço IP doméstico por terceiros poderá afectar a reputação da ligação junto de alguns serviços online e levar a bloqueios ou restrições devido a este tipo de uso, que ocorre de forma totalmente "invisível" para os utilizadores.
Actualização: A Bright Data contesta este relatório - não a nível do que faz, mas sim de que isso não é feito "às escondidas", ignorando o facto de que 99% das pessoas não irá ler os termos de uso - e pede a inclusão do comunicado que se segue (também não deixa de ser curioso que a empresa valide a "recolha de dados" com justificações que vão do salvamento de pessoas após terramotos à protecção de menores):
We believe transparency and security are critical in SDK use and all our products.
1. Bright Data's operations are independently validated by reputable, independent third parties.
This includes:
A first-of-its-kind external audit by PwC, available publicly at https://brightdata.com/trustcenter/pwc-report.
AppEsteem certification, an organization specifically dedicated to identifying and exposing bad actors in software, they found Bright Data's practices to be compliant and ethical.
Independent cybersecurity research firm Spur, whose security testing found Bright Data to be superior in transparency, compliance, and ethics.
ISO 27001, ISO 27017, and ISO 27018 certifications, as well as a SOC 2 Type II report, all available via our Trust Center at https://brightdata.com/trustcenter.
Any claim that Bright Data operates in an opaque, non-compliant, or unethical manner is directly contradicted by these independent, verifiable findings.
2. The Bright SDK Opt-In Process Exceeds Industry Compliance Standards and is the most rigorous user consent frameworks in the industry.
A clear, dedicated opt-in screen not buried in legal text or a terms-of-service scroll. Every opt-in is a proactive, affirmative action by the user, consent is never assumed.
The opt-in screen explicitly includes: (1) The general intended use of the IP address by Bright Data; (2) Confirmation that access is limited to Bright Data only; (3) Information about who Bright Data is; (4) A clear opt-out option; (5) A direct link to Bright Data's Privacy Policy; (6) A direct link to Bright Data's End User License Agreement.
Users can opt out at any time via a simple, two-step process directly from the app's settings, no hoops, no complications.
Users receive concrete added value in exchange for opting in, such as an ad-free experience, premium features, or virtual in-app rewards. Critically, users can continue using the app even if they choose not to opt in.
Every app undergoes an internal compliance review by Bright Data's team before it is accepted into the SDK program. Not all applicants are approved.
This information is publicly documented at: https://bright-sdk.com/users
3. Bright Data Does Not Misuse Bandwidth or Operate Without Consent, anything otherwise is false.
A few critical facts:
Bright Data only uses a device as a network node when it is not actively in use, when the device is plugged in or sufficiently charged, and always prefers Wi-Fi over cellular, preventing any impact on the user's experience.
CPU and memory are actively monitored. If the device is busy, Bright Data's processes go to sleep. This is publicly documented in our FAQ: https://bright-sdk.com/users#how-much-traffic-does-bright-sdk-consume
Bandwidth usage is minimal by design. On average, ~50MB per 24-hour period on Wi-Fi (equivalent to roughly 30 seconds of Netflix 4K streaming) and ~5MB per 24 hours on cellular(equivalent to streaming one song on Spotify).
Access is limited to approved, whitelisted domains only. No malicious, private, or non-approved sites can be accessed through a user's device.
No personal data is ever collected. Bright Data does not store cookies, device identifiers, browsing history, or any personally identifiable information. Only the internet connection (IP address) is temporarily and anonymously used.
4. Bright Data Partners With — Not Against — the Security Community
Bright Data actively seeks scrutiny and validation to create a safer internet:
We work with anti-virus and security certification companies to independently verify our software and processes.
Six of the top ten global cybersecurity firms are Bright Data customers, using our platform to protect their users and the broader internet.
We are founding members of the Alliance for Responsible Data Collection http://responsibledatacollection.org, which sets standards for ethical web data practices.
We employ a robust customer vetting process, including live video identity verification for every customer seeking access to our residential network. We turn away business that does not meet our ethical standards.
5. Web Data Collection is not a niche or fringe activity, it is the foundational infrastructure of the modern web.
It powers:
Consumer price comparison tools
AI and machine learning applications
Travel and hospitality search platforms
Academic research and non-profit investigations
Real-world social impact: Bright Data's mission has contributed to taking down sex trafficking rings, rescuing people after earthquakes, exposing major environmental polluters, and protecting minors online through legislation that criminalizes harmful content.
These documented cases are publicly available on our website and illustrate the serious, positive work made possible by ethical web data infrastructure.
Every claim suggesting that Bright Data operates without user consent, lacks transparency, violates privacy, or engages in unethical practices is factually incorrect and contradicted by independent audits, certifications, public documentation, and the lived experience of over 20,000 customers including Fortune 500 companies, academic institutions, and non-profits.
Sem comentários:
Enviar um comentário (problemas a comentar?)