Notes from the
home network.

Tonight we shipped firmware 1.2.1 to every ProxyBox in the field. Two changes, both the kind of thing you only notice if we mess it up.

Per-device admin password rotation on first boot. Until tonight, every device booted with the same factory credentials (a stock admin user with a shared default password). That is fine for dev Pis on our desk, but it is absolutely not how a shipped product should behave. As of 1.2.1, the first boot on a fresh SD card renames the admin user to pbadmin, generates a cryptographically random password, stores it encrypted under /opt/proxybox/etc/, and wires it into the proxy API client. Every unit now has its own secret. If one device's password ever leaks, it leaks exactly one device, not the fleet.

OTA actually works now. We have to be honest here. The OTA handler in 1.0.0 was broken. The code path that downloaded a firmware tarball and triggered the update existed, but the function that applied it (_perform_ota_update) was referenced and never defined. Every "update available" notification from the last two weeks was pointing at a method that did not exist. If you tapped "update now", the device logged an error and did nothing.

We caught this while prepping 1.2.1 for mass flashing, bootstrapped a fix through the admin SSH tunnel on every already-shipped unit, and confirmed a real end-to-end update cycle tonight. Going forward, OTA pulls a signed tarball from our firmware host, verifies the signature, unpacks to a staging dir, runs a version-specific upgrade script, and bounces the service. Boring, and correct.

Why this matters. Per-device passwords are the thing that lets us actually ship hardware to customers. Shared defaults are a time bomb. Working OTA is the thing that lets us fix bugs after your device is on your shelf without asking you to re-flash an SD card. Both of these should have been true on day one. They were not. They are now.

If you already own a box, you do not need to do anything. Your device will pick up 1.2.1 on its next nightly check. If you want to force it, open the app, tap your device, and hit Check for updates. And if you catch us shipping anything else half-broken, email us. We would rather know.

the ProxyBox team

The proxy market has changed fundamentally over the last three years. In 2023, most developers could get by with a cheap datacenter proxy for scraping, testing, and automation. That era is over. The platforms won.

Google, Amazon, Cloudflare, and the major social networks have invested billions into bot detection infrastructure. Their fingerprinting goes far beyond IP reputation. They cross-reference TLS fingerprints, HTTP header ordering, JavaScript execution patterns, and behavioral signals. But the single strongest signal remains the IP address itself. A request from a datacenter IP range owned by AWS, DigitalOcean, or Hetzner is immediately suspect. A request from a Comcast residential address in Denver is not.

This is why the residential proxy market has exploded. According to industry estimates, it grew from $2.1 billion in 2023 to $4.8 billion in 2025. But the traditional model has a fundamental problem: you are renting someone else's IP. Proxy providers recruit users into bandwidth-sharing programs, often buried in the terms of service of free VPN apps, and then sell that bandwidth to you at a premium. You have no control over the IP, no guarantee of exclusivity, and no idea who else is using it.

ProxyBox inverts this model entirely. Instead of renting a stranger's IP through a provider, you turn your own home IP into a proxy. You own the hardware. You control the access. Nobody else uses your IP. And because it is genuinely your residential connection, assigned to you by your ISP, it carries the highest possible trust score with every detection system on the internet.

The shift from rented to owned infrastructure is the biggest change in the proxy industry since rotating gateways. If your business depends on reliable web access, the question is not whether you need residential IPs. The question is whether you want to own them or rent them.

We are building ProxyBox because we believe the current proxy industry is fundamentally broken. You pay a provider $300 to $1,000 per month for residential bandwidth, and you have no idea where that bandwidth comes from. You cannot audit the network. You cannot guarantee your IP has not been flagged by another user. And if the provider goes down, your entire pipeline stops.

ProxyBox is a small, low-power device that you plug in near your home router. It joins your Wi-Fi, creates a secure WireGuard tunnel to our relay infrastructure, and through that tunnel, you can route HTTP, SOCKS5, and VPN traffic through your home IP from anywhere in the world. The device draws less than 5 watts, runs silently with no fan, and sets up in under 60 seconds via Bluetooth using our iOS app.

The Free tier gives you the hardware and residential proxy access. Premium users ($10 per month) get WireGuard VPN, priority relays, real-time health alerts, priority support, and access to the advanced dashboard. Lifetime ($149 once) is every Premium feature forever with no recurring charge. Every plan includes WireGuard encryption, signed firmware updates, encrypted BLE setup, and a strict no-logs policy.

We are not building another proxy provider. We are building infrastructure that developers own. Your device, your IP, your rules. No middleman, no shared pools, no trust issues. ProxyBox is now shipping and available at proxybox.us.

We designed ProxyBox to be the simplest networking device you have ever configured. Here is the entire setup process, step by step.

Step 1: Plug it in. Unbox your ProxyBox and plug in the USB-C power cable somewhere near your Wi-Fi router. The LED on the front will blink while it boots, then go solid when it is ready. This takes about 20 seconds. No Ethernet cable needed, the device joins your Wi-Fi during setup.

Step 2: Pair the box. The native ProxyBox app for iPhone is coming soon. Today you can pair right from a desktop browser using web Bluetooth, or join the box's own setup Wi-Fi network, both walk you through the same steps. Create an account (or log in if you already have one), then scan for your unconfigured ProxyBox over Bluetooth Low Energy.

Step 3: Tap to pair. Your ProxyBox appears in the app with a short claim code. Tap it, pick your home Wi-Fi network, and type the Wi-Fi password. The app encrypts the credentials end-to-end (X25519 plus AES-GCM) and sends them to the device over Bluetooth. The box connects to Wi-Fi, registers with our API, and configures its WireGuard tunnel automatically.

Step 4: Get your credentials. Once registered, the dashboard displays your proxy credentials (host, port, username, password) and offers a one-tap option to generate a WireGuard VPN configuration. You can copy the proxy string directly or scan the WireGuard QR code from any device.

Step 5: Start using it. Point any HTTP or SOCKS5 client at your proxy credentials and your traffic routes through your home IP. Or import the WireGuard config into the WireGuard app on iOS, macOS, Windows, or Linux and you have a full VPN tunnel to your home network from anywhere.

The entire process, from unboxing to first proxied request, takes under 60 seconds if your app account is already set up. We have timed it. For detailed configuration examples with cURL, Python, Node.js, Selenium, and Playwright, see our documentation.