this post was submitted on 23 Apr 2024
151 points (89.5% liked)
Privacy
32165 readers
849 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's trivial for twitch to differentiate between users who are logged in and have verified accounts. Slapping bans by IP is archaic and lazy when you have more precise metrics to go by. And at the very least, they should make you aware that you are banned before accepting your money for their services.
You can just make a new account and blam you're free from the ban on your account. That's why IP bans exist.
VPNs exist and then boom IP bans no longer matter. Hell, some ISPs give you a new IP if you just restart your modem. IP bans sweep up clusters of users behind large gateways like college dorms or carrier-grade NAT.
IP bans do not work and I’m sure twitch seldom uses them, the exceptions being VPNs and cheap/free VPS services.
Think of it from the reverse direction. If you have a twitch account in good standing that's verified with a valid email and has no violations, why all of the sudden would it make sense to apply a ban to this account? Perhaps preventing new accounts from being created on a sketchy IP could be a sensible solution, but shadowbanning an existing account makes no sense and is a lazy approach to security. In addition, fingerprinting makes it so a service can easily differentiate between users using the same IP.
What if the account is compromised? Now the spammer is able to do their spams freely on the IP address.
It's just a hell of a lot easier to black list the entire IP than to try to manually let in small percentage of people who use a VPN AND want to comment or whatever.
"It's okay to punish people who have done nothing wrong as long as they're a minority group."
It's a lazy approach to filtering/moderation that breaks the service for legitimate users and is not much easier to implement than a per-account reputation system.
Much like the practice of blacklisting email forwarding domains, I won't use it in any service I run, except maybe temporarily to mitigate an active DDOS attack.
Ok genius: solve it then. How do you stop compromised accounts from using a VPN without affecting innocent users?
You don’t. The shitbags ruined it for everyone.
When you detect a compromised account you could put a freeze or lock on it. If there are that many compromised logins that constant account swapping is an issue then twitch needs to overhaul their account security.
Of course it is easier, however, the point was that it is lazy...
I suppose it's possible to build a system that would let you specifically allow a VPN IP to be green-listed on your account, but you'd probably have to allow it by signing in from a known good IP first.
I think it seems like lot of work for something that isn't really private and is still probably vulnerable to exploit.
It probably is the the best bang for their buck. I doubt they lose significant profit from the simple stopgaps.
Compromised accounts logging in from VPNs are a thing, and most Twitch users probably can’t be trusted not to be reusing passwords across literally everything.
Maybe I'm missing something but you can tell a compromised account from a secure account by the user behavior, no? If an account is compromised the activity will be spam/harassment, etc at which point a ban on that account would happen. And compromised accounts could be accessed from a non-vpn Ip also.
This. Ban by actual activity. None of this machine learning precog bullshit.
I'm curious to hear the opinion of those downvoting this response. It seems off brand for privacy enthusiasts to disagree with my take on IP bans.
It's because many privacy enthusiasts are or have also been in network infrastructure, and realize the measures that must be taken on a hostile network which literally defines the internet.
I told you what to do. Rent a VPS, and set your own VPN up. Nothing is stopping you from doing this the right way.