Please stop blocking VPNs for established accounts - eviltoast

I often use a commercial VPN service, which I suspect is not rare among Lemmy users. Most of the time, I’m able to post to lemmy.world, but on occasion I am not. The default web UI provides zero feedback, just a spinning submit button forever, but if I look in the browser dev tools, I can see it’s being blocked.

I understand that some limitations are necessary to prevent spam and other abuse, however this is a very blunt instrument. The fact that I have a 10 month old account with consistent activity should outweigh any IP address reputation issues.

Perhaps the VPN limitations could be narrowed in scope to cover only account creation and posts from young accounts.

  • 5h17h34d@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    7 months ago

    I’ve always wondered why Google makes me jump though hoops when I’m tunneled through my VPN. I’m logged in to Google for chrissakes, that should be all the difference in both of these situations.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      There’s some very good reasons:

      • VPN traffic could be masking an attack on the account
      • By using a VPN, they lose a degree of certainty that it’s you, they can’t use the IP address as a factor to establish the probability it’s actually you
      • Differentiating you as a person, from other people with the same source address, perhaps who are behaving poorly, or who’ve implemented robots to do things Google doesn’t like.

      I fully believe VPNs should be a fundamental right on the internet, nobody should have to identify themselves by IP address to use the internet. But from an account security perspective alone there’s a good reason to be extra super duper sure of somebody before allowing them to log in

      • 5h17h34d@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        7 months ago

        But, I’m LOGGED IN. To Google. Bad actors on the same VPN ip address are not logged in as me (I hope).

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          7 months ago

          Somebody might have stolen your login cookies, and is impersonating you. If the IP that your traffic originates from changes rapidly that could be an indicator.