this post was submitted on 23 Apr 2024
161 points (90.0% liked)
Privacy
32003 readers
1076 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Twitch shadowbans public VPNs due to abuse/bots. The most common method for people to get around bans is to use a VPN -- now assume millions of viewers, and you've got an easy recipe for needing to stop that activity.
You're not punished for being privacy conscious; you're being punished for being roughly in the same realm as harassers, etc.
If you don't want to be banned, rent a VPS and set up your own private VPN for only you. The problem is that using Nord, Windscribe, etc etc is that you're sharing that VPN tunnel with hundreds, maybe thousands of people at a time.
It's trivial for twitch to differentiate between users who are logged in and have verified accounts. Slapping bans by IP is archaic and lazy when you have more precise metrics to go by. And at the very least, they should make you aware that you are banned before accepting your money for their services.
You can just make a new account and blam you're free from the ban on your account. That's why IP bans exist.
VPNs exist and then boom IP bans no longer matter. Hell, some ISPs give you a new IP if you just restart your modem. IP bans sweep up clusters of users behind large gateways like college dorms or carrier-grade NAT.
IP bans do not work and I’m sure twitch seldom uses them, the exceptions being VPNs and cheap/free VPS services.
Think of it from the reverse direction. If you have a twitch account in good standing that's verified with a valid email and has no violations, why all of the sudden would it make sense to apply a ban to this account? Perhaps preventing new accounts from being created on a sketchy IP could be a sensible solution, but shadowbanning an existing account makes no sense and is a lazy approach to security. In addition, fingerprinting makes it so a service can easily differentiate between users using the same IP.
What if the account is compromised? Now the spammer is able to do their spams freely on the IP address.
It's just a hell of a lot easier to black list the entire IP than to try to manually let in small percentage of people who use a VPN AND want to comment or whatever.
"It's okay to punish people who have done nothing wrong as long as they're a minority group."
It's a lazy approach to filtering/moderation that breaks the service for legitimate users and is not much easier to implement than a per-account reputation system.
Much like the practice of blacklisting email forwarding domains, I won't use it in any service I run, except maybe temporarily to mitigate an active DDOS attack.
Ok genius: solve it then. How do you stop compromised accounts from using a VPN without affecting innocent users?
You don’t. The shitbags ruined it for everyone.
When you detect a compromised account you could put a freeze or lock on it. If there are that many compromised logins that constant account swapping is an issue then twitch needs to overhaul their account security.
Of course it is easier, however, the point was that it is lazy...
It probably is the the best bang for their buck. I doubt they lose significant profit from the simple stopgaps.
I suppose it's possible to build a system that would let you specifically allow a VPN IP to be green-listed on your account, but you'd probably have to allow it by signing in from a known good IP first.
I think it seems like lot of work for something that isn't really private and is still probably vulnerable to exploit.
Compromised accounts logging in from VPNs are a thing, and most Twitch users probably can’t be trusted not to be reusing passwords across literally everything.
Maybe I'm missing something but you can tell a compromised account from a secure account by the user behavior, no? If an account is compromised the activity will be spam/harassment, etc at which point a ban on that account would happen. And compromised accounts could be accessed from a non-vpn Ip also.
This. Ban by actual activity. None of this machine learning precog bullshit.
I'm curious to hear the opinion of those downvoting this response. It seems off brand for privacy enthusiasts to disagree with my take on IP bans.
It's because many privacy enthusiasts are or have also been in network infrastructure, and realize the measures that must be taken on a hostile network which literally defines the internet.
I told you what to do. Rent a VPS, and set your own VPN up. Nothing is stopping you from doing this the right way.
Temporarily banning shared IPs from creating new accounts when there are problems would sort of make sense, in a wrong but convenient sort of way. Permanently shadowbanning them only for chat and including existing accounts which have never misbehaved, which is what they've done, can not be so easily excused. It's been like this for years. At some level they must know by now that it was a mistake, but I imagine there's some kind of stupid office politics type of situation preventing them fixing it.
They're just desperate to curb botting. They've also started to reduce the amount of things you can do as a user who hasn't verified their phone number for this reason. (Also so they can cross-track you on Amazon but that's pure bonus.)
Using a VPS defeats the purpose. The whole point of a VPN and Tor is to mix your traffic with others. It's a requirement for privacy in many primitive countries, such as the US.
They are being punished for following best practices.
VPS typically have shared IPs. You're paying extra for a dedicated IPv4.