this post was submitted on 15 Apr 2024
39 points (85.5% liked)

Lemmy.world Support

3220 readers
52 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge

You can also DM https://lemmy.world/u/lwreport or email report@lemmy.world (PGP Supported) if you need to reach our directly to the admin team.

Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world/

founded 1 year ago
MODERATORS
ruud@lemmy.world
MrKaplan@lemmy.world
jelloeater85@lemmy.world
lwadmin@lemmy.world
Serinus@lemmy.world
39
Please stop blocking VPNs for established accounts (lemmy.world)
submitted 6 months ago by Zak@lemmy.world to c/support@lemmy.world
33 comments fedilink hide all child comments
 

I often use a commercial VPN service, which I suspect is not rare among Lemmy users. Most of the time, I'm able to post to lemmy.world, but on occasion I am not. The default web UI provides zero feedback, just a spinning submit button forever, but if I look in the browser dev tools, I can see it's being blocked.

I understand that some limitations are necessary to prevent spam and other abuse, however this is a very blunt instrument. The fact that I have a 10 month old account with consistent activity should outweigh any IP address reputation issues.

Perhaps the VPN limitations could be narrowed in scope to cover only account creation and posts from young accounts.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] 5h17h34d@lemmy.world 9 points 6 months ago (1 children)

I've always wondered why Google makes me jump though hoops when I'm tunneled through my VPN. I'm logged in to Google for chrissakes, that should be all the difference in both of these situations.

[โ€“] jet@hackertalks.com 5 points 6 months ago (1 children)

There's some very good reasons:

  • VPN traffic could be masking an attack on the account
  • By using a VPN, they lose a degree of certainty that it's you, they can't use the IP address as a factor to establish the probability it's actually you
  • Differentiating you as a person, from other people with the same source address, perhaps who are behaving poorly, or who've implemented robots to do things Google doesn't like.

I fully believe VPNs should be a fundamental right on the internet, nobody should have to identify themselves by IP address to use the internet. But from an account security perspective alone there's a good reason to be extra super duper sure of somebody before allowing them to log in

[โ€“] 5h17h34d@lemmy.world 4 points 6 months ago (2 children)

But, I'm LOGGED IN. To Google. Bad actors on the same VPN ip address are not logged in as me (I hope).

[โ€“] bitfucker@programming.dev 3 points 6 months ago

Say that to the victim of cookie stealing attack

[โ€“] jet@hackertalks.com 2 points 6 months ago

Somebody might have stolen your login cookies, and is impersonating you. If the IP that your traffic originates from changes rapidly that could be an indicator.