Just saw this little ad come across my Facebook feed offering residential proxy networks for $1 per gig, billed as “ideal for businesses looking to expand their market understanding and adapt quickly to industry changes.” Whatever that means.

Obviously, its code for “ideal for businesses to generate fictitious leads using realistic-looking geographically targeted consent information with a residential IP address.”

Manufactured TCPA consent has been the bane of my existence as a TCPA plaintiff’s attorney and TCPA plaintiff for the longest time. Attempts by tele-scum to do so range from downright laughable, for example by providing an opt-in dated after the call took place, to highly-sophisticated, often in some variation of the callback proxy network scam. Detecting a lead submitted with a fraudulent residential callback proxy network is relatively easy if one knows what to look for. But convincing TCPA defence attorneys that their client is a bad actor and that the lead gen they hired is manufacturing consent using these proxies is an exercise in futility, particularly as most people (TCPA attorneys included) have no clue what a residential callback proxy even is. They think that if a lead appears to come from a residential IP address in the same geographic area as the Plaintiff, it must be legitimate and it must be the Plaintiff’s IP address.

How wrong these technologically illiterate defence attorneys are.

This is the first part of a multi-part series on exposing manufactured TCPA consent. That being said, in this article, I will outline what a residential callback proxy network is and how it differs from other VPN and proxy services.

Proxies/VPNs Generally

Webster’s defines a “proxy” as “authority or power to act for another.” A proxy is just that: it gives an internet user to route their traffic through a different IP address and computer system than their own. Everyone’s internet connection has a public IP address that is used to identify it on the internet. This is akin to a house number: just like one resides at 123 Main Street in Pennsylvania, a computer might reside at an IP address of (for example) 71.23.24.56. If I were to drop off a letter at the local postbox, it would have a Pennsylvania postal mark. So too when I visit a website. Because of the way the internet works, a website visitor necessarily provides their IP address to every website they visit. Each IP address, akin to a postal mark, is associated with a specific geographical area, such as a major city, as well as the internet service provider to which it was assigned. And, given the right set of circumstances and resources, anyone can track down an IP address to its source, such as my office, through a subpoena to the ISP.

That’s where proxies, colloquially known as VPNs, or Virtual Private Networks, come in. VPNs, at their most fundamental level, permit an internet user to proxy traffic through another location and IP address. Going back to the mailing analogy for a moment, if I wanted to mail a letter but wanted make it appear as if I was located in Los Angeles, I could send my letter inside a bigger envelope to my friend in Los Angeles. He could then take the letter, drop it in his local postbox, and it would get a Los Angeles postal mark. So too with a VPN or proxy. Using a proxy, an internet user sends all their internet traffic in a secure “tunnel” to another IP address, where it is then introduced into the wider internet. In so doing, any traffic that I originate from my IP address of 71.23.24.56 will look like it’s instead coming from (for example) 72.98.76.54. It’s worth noting that the process also works in reverse: the website to which I am connecting will send any response back to 72.98.76.54, which will then “tunnel” it back to me at 71.23.24.56.

Why People Use Proxies

Proxies have a myriad of uses, both good and bad. Most every major company equips its work from home workforce with a VPN for accessing company resources on the go, thereby avoiding needing to expose its internal servers and services to the public internet. VPNs are a powerful tool for bypassing censorship and accessing geographically-restricted content. Using a VPN, for example, a Chinese person can read Western media that criticizes the Chinese Communist Party. And, unfortunately, VPNs are used to commit crime and fraud, including fraudulent TCPA opt ins. Most people are under the impression that VPNs also provide a degree of anonymity, protect their information from “hackers on public Wi-Fi,” and completely hide the fact to websites and the general public that a VPN is being used. They’re not. These people and companies advertising the same are delusional, as this excellent article explains in greater detail.

Identifying VPN Use: The IP Address Space

As most people know, their internet service is provided through an internet service provider, or ISP. For traditional land-based internet services provided to residences, these are companies like Comcast, Verizon, or Charter. These companies also have business divisions that also service businesses. For wireless services, a user’s mobile internet service is provided through one of the “big three:” AT&T, T-Mobile, or Verizon. Then there’s data centre internet services providers that don’t service the general public. Most people have not heard of these companies, which include Level3, Cogent, and Zayo.

Recall that each IP address is associated with a specific internet service provider, geographical region, and network. As a result, it is relatively trivial to identify that a person is using a VPN because (typically, but not always), the IP address will appear to originate from a large data centre and will typically have an IP address serviced by one of the major data centre service providers, like Level3. Similarly, a website knows that you are on a phone when it detects that you are accessing it from an IP address associated with AT&T-Mobile.

Large VPN companies like NordVPN, Private Internet Access, or ExpressVPN (which happen to be owned by the same scummy parent company and malware distributor Kape Technologies), will set up servers in data centres around the world, obtain a handful of IP addresses for each, and then proxy millions of users through such IP addresses. As a result, such IP addresses are quickly flagged both for abuse and as used as part of a VPN network. Thus, the fact that one is using a VPN is readily apparent, as is any related blocking associated with it. I personally have seen lists of purported “opt-ins” from scummy tele-scammer Fortune 500 companies which all originated from the same data centre IP address. Disproving that consent is a walk in the park. But these scammers have wised up in their game recently by fabricating consent using residential callback proxies.

Residential Callback Proxies “Solve” The VPN Identification Problem

At their most fundamental level, residential callback proxy networks solve the problem of “dirty” IP addresses that are flagged as originating from large data centres and as part of a VPN network because the “tunnel” exits at a residential network, not at a large data centre. Go back to the mailing analogy for a minute. I could also send my letter to a company in Los Angeles that specializes in simply dropping letters in the postbox, but if I did that, I would get a machine-generated postal mark. But I can also ask my friend to go to the post office, buy a stamp, and have them stamp the postal mark at the post office, making it significantly more difficult to detect what I am doing. As I explain above, it’s relatively simple to disprove 5,000 opt ins from the same data centre IP address in California when the people purportedly submitting this info are located all over the country. And it’s relatively trivial for lead fraud detection systems to mark these IPs as fraudulent and simply block them.

Generally speaking, just as the ad displayed above speaks to, a residential callback proxy network, in addition to using residential IP addresses, also employs an IP “rotation” system, thus ensuring that one consistently gets a new residential IP address in the same selected geographical area every time they visit a website. And because they do so, detecting that a particular IP address is associated with a residential callback proxy is quite difficult indeed; there are not millions of data points and users to collect information about possible fraudulent activity on as in a data centre IP.

Thus, the importance of the residential callback proxy network in the TCPA consent fabrication scam is this: it is trivial to disprove an opt-in that originates from a server farm for multiple reasons alluded to previously. It is far more difficult to prove that the opt-in originated from a residential callback proxy network. And most TCPA attorneys (and courts) don’t bat another eye at a list of 5,000 opt ins from unique residential IP addresses located in the same geographical area as the opt in. Thus, overseas lead generators can self-fabricate a website visit that appears to originate from a residential IP address in the same geographical area as the person called, thus giving them consent that appears to come from the victim, and making it quite hard for victims of this fraud to disprove such allegations.

The next part of this series will take a deep dive into the shady underworld of residential proxies, how they operate, and how they obtain vast numbers of IP addressing resources. Part three will address how illegal telemarketers use them to manufacture consent and in fact use such fraud as the basis for such spurious allegations as the hiring of confederates and as ammunition for motions to compel arbitration. Stay tuned.