Copyright International Business Times
Reports of Abusive Traffic and Legal Notices Salad, a platform known for rewarding users who share computing resources, is facing a storm of backlash over its new bandwidth-sharing feature. Multiple contributors report that after enabling it, their home IP addresses became conduits for suspicious high-volume web traffic, leading to ISP warnings, IP removals, and legal threats. One contributor claimed to have received a Netflix notice citing 30,000 failed login attempts traced to their home IP. Another described similar activity after opting into the program: "My IP was being used by a malicious VPN customer for brute-forcing credentials—or worse." Users began piecing together what happened when Salad ran on their machines. Many saw outbound traffic surging toward major streaming domains like Netflix, Sony, Amazon, Disney+, and Hulu, resembling automated login attempts rather than normal streaming behavior. The result: permanent IP removals , repeated CAPTCHAs, and in several cases, formal legal warnings sent to residential account holders. Community investigators believe the "bandwidth-sharing" nodes were effectively functioning as open proxy exits, commandeered for credential stuffing or scraping attacks—far beyond Salad's advertised purpose of "video processing." Salad's Claims Versus Reality When Salad launched the bandwidth feature, it promoted it as a safe way to earn extra income by helping "process video content on premium streaming platforms." The company's documentation emphasized privacy, stating that contributors—known as "chefs"—would never see or control what traffic passed through them. Salad also claimed that the worst possible outcome would be a temporary streaming geo-block if a service mistook the user's IP for a VPN. But community evidence tells another story. Users monitoring their own traffic discovered non-streaming activity: login APIs, credential attempts, and requests totally unrelated to video content. Technical users allege that Salad applied no filters to block or restrict what passed through contributor IPs. Essentially, once activated, the user's connection became a general-purpose VPN endpoint, capable of relaying any kind of traffic—malicious or not. According to several independent analyses, Salad appears to be reselling bandwidth to an unnamed third-party VPN or proxy provider. That partnership, combined with the lack of transparent oversight, has drawn sharp criticism. "They advertised this as streaming-only," one affected user wrote, "but they turned our home IPs into proxy exit nodes without our consent." Community Backlash and Calls for Accountability The fallout has been swift. On Reddit's r/SaladChefs and other tech forums, users have condemned what they call Salad's "reckless pivot" from GPU workloads to bandwidth resale. Many describe feeling misled, noting that the company failed to disclose the risks of acting as a VPN endpoint. "GPU jobs were fine," one post reads. "But this bandwidth stuff is dangerously unregulated." Community moderators have seen a surge in posts urging others to disable the feature immediately , warning of potential liability. Meanwhile, Salad's official responses have done little to calm fears. When confronted, company representatives emphasized that bandwidth sharing is "optional" and that users "consented" by opting in—statements widely seen as dismissive. No public apology or detailed explanation has been issued. "Opt-in doesn't mean risk-free," one Redditor countered. "Once Salad decided to monetize our bandwidth, they had a duty of care. Instead, they blamed the users." VPN Industry Reaction: Privacy and Security Concerns Cybersecurity experts warn that Salad's model mirrors the infamous Hola VPN incident, where free users unknowingly became exit nodes for paid traffic that included illicit activity. The same risks apply here. VPN providers that rent residential bandwidth from platforms like Salad have no control over their exit points—violating user privacy and introducing major security holes. "If a VPN uses Salad's network, their 'no-logs' policy is meaningless," one analyst noted. Because each node runs on a personal machine, a malicious or curious participant could inspect, record, or tamper with the VPN traffic. This effectively turns random home users into surveillance points , undermining the entire premise of encrypted privacy. Experts caution VPN companies against partnering with Salad & its network of user nodes. As one researcher summarized: "You can't guarantee security when your exit nodes are strangers' devices that you have no contractual terms with.". VPN companies should only work with providers of IP's that have full control of the hardware they're offering the IP addresses from - thus guaranteeing full security and having a contractual agreement between the VPN and the company managing the devices. Legal Action Brewing Dozens of affected users are now preparing potential class-action litigation . Several have reportedly retained pro bono legal representation to pursue both Salad and the unidentified VPN company allegedly responsible for routing malicious traffic through user nodes. Participants claim to have collected Wireshark logs tracing attack patterns back to the buyer's network. While details remain under wraps, the group intends to argue that both companies are jointly liable for enabling unlawful activity and misleading contributors. The looming legal challenge has already sparked further outrage online, with users calling for regulators to investigate Salad's business model. The Bigger Picture What began as an innovative idea for passive income has spiraled into a reputational crisis. The controversy underscores the dangers of crowdsourced networking schemes : without strict controls, users can become unwitting participants in cyberattacks. For Salad, the implications are serious. Once a respected name in decentralized GPU computing, it now faces accusations of deception, negligence, and endangerment of its own community. Unless the company implements major transparency and security reforms—or shuts down the bandwidth feature entirely—it risks both legal fallout and the collapse of user trust.
