this post was submitted on 23 Apr 2024
151 points (89.5% liked)

Privacy

32165 readers
913 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

If you notice your chat messages show up in the chat feed but don't appear on the streamers in-screen chat, you have been shadowbanned.

Twitch will still take your money for donations, subs, etc, but your feedback won't be seen by anybody but you. This shadowban does not appear in the appeals page and can be applied randomly and intermittently. You are never informed about this by the way. You'll likely be talking in a chat and assuming you're being ignored. Hop into a private tab and load up the stream where you'll be able to notice if your messages are missing in chat.

From my observations, there seems to be some type of algorithm/system that determines who to shadowban. I'm assuming it assigns extra points for factors like VPN usage, Linux, and adblockers. Once you've been shadowbanned, switching one of those three will not work to unban you until some arbitrary timer expires.

I'm posting this in case anybody else has experienced this and felt frustrated and isolated. You're not being ignored (unless you're a twat and are being ignored). You're just being punished by Twitch for being privacy conscious.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 47 points 7 months ago (2 children)

Do you have anything more than assumptions to go on for the reasons? If you only assume those are the reasons you shouldn't announce them as a big headline item.

[–] [email protected] 14 points 7 months ago (3 children)

Your question is a good one. I'm not the one who downvoted you fyi. To answer your question, it is absolutely a personal anecdote based on my own experimentation. I'm sure others will add their own experiences. Based on my experiences there's no doubt about twitch shadowbanning based on VPN use. I'll admit I don't have a basis for Linux and adblockers being a part of the equation, but I made it clear in my original post that those were assumptions.

To further speculate, I have an idea that the shadowban may actually be triggered by somebody using the same VPN server doing something that triggers it, affecting anybody else on that server. I can't possibly provide evidence for that theory, but it would explain the seemingly random nature of the shadowbans.

[–] [email protected] 18 points 7 months ago (1 children)

VPNs seem a fairly common reason. I am mostly curious how you came to the conclusion that Linux use was a factor since that is not a common ban reason.

[–] [email protected] 8 points 7 months ago

I've only experienced a shadowban while using ubuntu. I switch between all the major operating systems on the same twitch account and with the same vpn service/servers. The bans have only been initiated while on linux, although they did follow over to the other OSes until some type of timer was passed.

This follows what some online shopping services do, which is to assign weights to certain user metrics and if a set threshold is crossed it rejects your payment or otherwise blocks you from a transaction. So VPN+MacOS might work but VPN+Linux matches some type of metric fraud systems associate with criminals.

[–] [email protected] 14 points 7 months ago

You probably got swept up in the Suspicious User heuristics that Twitch uses now. Mods and Broadcasters should still see your chats. Message a moderator of the channel and explain the situation. They can remove your account from the shadowban from that channel.

It probably means lots of users from that VPN’s gateway IP have been reported/banned/manually added to the Suspicious User restriction list.

I doubt it has anything to do with Linux, and I guarantee it’s not a move to flip you off for trying to guard your privacy as an innocent person.

The issue is that a lot of the things you can do to hide your identity online are the same things people doing bots or harassment do, because they work.

So, their system learns that pattern and when you match it you get caught up. There is no good way to tell users apart when doing offensive security like this, other than waiting for accounts to start spamming the n-word in chats and ruining the stream experience, which is the thing this system is mean to prevent.

Don’t get caught up in privacy paranoia - there are much bigger fish they’re trying to fry than someone who just doesn’t want ad networks tracking them.

[–] [email protected] 8 points 7 months ago

For what its worth, I have seen the same thing with a VPN. Sometimes changing servers will work. They also flat out block logins if they don't like your browser settings.

I just gave up on using the site. If they tell you you don't need protection, YOU NEED PROTECTION.

[–] eskimofry 7 points 7 months ago

Not OP but: It may not be assumptions but personal anecdote. I guess it takes concerted effort by significant number of individuals to find out if this is happening.

[–] thantik 34 points 7 months ago* (last edited 7 months ago) (3 children)

Twitch shadowbans public VPNs due to abuse/bots. The most common method for people to get around bans is to use a VPN -- now assume millions of viewers, and you've got an easy recipe for needing to stop that activity.

You're not punished for being privacy conscious; you're being punished for being roughly in the same realm as harassers, etc.

If you don't want to be banned, rent a VPS and set up your own private VPN for only you. The problem is that using Nord, Windscribe, etc etc is that you're sharing that VPN tunnel with hundreds, maybe thousands of people at a time.

[–] [email protected] 9 points 7 months ago (3 children)

It's trivial for twitch to differentiate between users who are logged in and have verified accounts. Slapping bans by IP is archaic and lazy when you have more precise metrics to go by. And at the very least, they should make you aware that you are banned before accepting your money for their services.

[–] [email protected] 7 points 7 months ago (2 children)

You can just make a new account and blam you're free from the ban on your account. That's why IP bans exist.

[–] [email protected] 5 points 7 months ago

VPNs exist and then boom IP bans no longer matter. Hell, some ISPs give you a new IP if you just restart your modem. IP bans sweep up clusters of users behind large gateways like college dorms or carrier-grade NAT.

IP bans do not work and I’m sure twitch seldom uses them, the exceptions being VPNs and cheap/free VPS services.

[–] [email protected] 3 points 7 months ago (1 children)

Think of it from the reverse direction. If you have a twitch account in good standing that's verified with a valid email and has no violations, why all of the sudden would it make sense to apply a ban to this account? Perhaps preventing new accounts from being created on a sketchy IP could be a sensible solution, but shadowbanning an existing account makes no sense and is a lazy approach to security. In addition, fingerprinting makes it so a service can easily differentiate between users using the same IP.

[–] [email protected] 3 points 7 months ago (2 children)

What if the account is compromised? Now the spammer is able to do their spams freely on the IP address.

It's just a hell of a lot easier to black list the entire IP than to try to manually let in small percentage of people who use a VPN AND want to comment or whatever.

[–] [email protected] 8 points 7 months ago* (last edited 7 months ago) (1 children)

It's just a hell of a lot easier to black list the entire IP than to try to manually let in small percentage of people who use a VPN AND want to comment or whatever.

"It's okay to punish people who have done nothing wrong as long as they're a minority group."

It's a lazy approach to filtering/moderation that breaks the service for legitimate users and is not much easier to implement than a per-account reputation system.

Much like the practice of blacklisting email forwarding domains, I won't use it in any service I run, except maybe temporarily to mitigate an active DDOS attack.

[–] [email protected] -3 points 7 months ago (1 children)

Ok genius: solve it then. How do you stop compromised accounts from using a VPN without affecting innocent users?

You don’t. The shitbags ruined it for everyone.

[–] [email protected] 4 points 7 months ago

When you detect a compromised account you could put a freeze or lock on it. If there are that many compromised logins that constant account swapping is an issue then twitch needs to overhaul their account security.

[–] [email protected] 6 points 7 months ago (2 children)

Of course it is easier, however, the point was that it is lazy...

[–] [email protected] 2 points 7 months ago

It probably is the the best bang for their buck. I doubt they lose significant profit from the simple stopgaps.

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago)

I suppose it's possible to build a system that would let you specifically allow a VPN IP to be green-listed on your account, but you'd probably have to allow it by signing in from a known good IP first.

I think it seems like lot of work for something that isn't really private and is still probably vulnerable to exploit.

[–] [email protected] 2 points 7 months ago (1 children)

Compromised accounts logging in from VPNs are a thing, and most Twitch users probably can’t be trusted not to be reusing passwords across literally everything.

[–] [email protected] 1 points 7 months ago (1 children)

Maybe I'm missing something but you can tell a compromised account from a secure account by the user behavior, no? If an account is compromised the activity will be spam/harassment, etc at which point a ban on that account would happen. And compromised accounts could be accessed from a non-vpn Ip also.

[–] [email protected] 3 points 7 months ago

This. Ban by actual activity. None of this machine learning precog bullshit.

[–] [email protected] -1 points 7 months ago (1 children)

I'm curious to hear the opinion of those downvoting this response. It seems off brand for privacy enthusiasts to disagree with my take on IP bans.

[–] thantik 2 points 7 months ago* (last edited 7 months ago)

It's because many privacy enthusiasts are or have also been in network infrastructure, and realize the measures that must be taken on a hostile network which literally defines the internet.

I told you what to do. Rent a VPS, and set your own VPN up. Nothing is stopping you from doing this the right way.

[–] [email protected] 9 points 7 months ago* (last edited 7 months ago) (1 children)

Temporarily banning shared IPs from creating new accounts when there are problems would sort of make sense, in a wrong but convenient sort of way. Permanently shadowbanning them only for chat and including existing accounts which have never misbehaved, which is what they've done, can not be so easily excused. It's been like this for years. At some level they must know by now that it was a mistake, but I imagine there's some kind of stupid office politics type of situation preventing them fixing it.

[–] [email protected] 7 points 7 months ago

They're just desperate to curb botting. They've also started to reduce the amount of things you can do as a user who hasn't verified their phone number for this reason. (Also so they can cross-track you on Amazon but that's pure bonus.)

[–] [email protected] 5 points 7 months ago (1 children)

Using a VPS defeats the purpose. The whole point of a VPN and Tor is to mix your traffic with others. It's a requirement for privacy in many primitive countries, such as the US.

They are being punished for following best practices.

[–] thantik 1 points 7 months ago* (last edited 7 months ago)

VPS typically have shared IPs. You're paying extra for a dedicated IPv4.

[–] apfelwoiSchoppen 18 points 7 months ago (3 children)

The corporate world is really clamping down on VPN use. VPNs for me for not for thee is their motto.

[–] shadycomposer 6 points 7 months ago (2 children)

Only the ‘free’ services. I bet amazon.com won’t ban you from shopping on vpn.

[–] [email protected] 1 points 7 months ago

They make it a whole lot harder, asking for photos of ID and selfies and bank statements directly from your bank, etc.

Amazon specifically. Unsure about other sites.

[–] apfelwoiSchoppen 1 points 7 months ago

Not just the free services, they're all doing it.

[–] [email protected] 2 points 7 months ago

logs in while connected to VPN

spends 15 minutes identifying fire hydrants, traffic lights, and stairs

[–] [email protected] -1 points 7 months ago

Use ipv6, they should be untraceable/ anonymous for non state actors.

They won't be able to what is and isn't a vpn.

We just need to cut grandma off those expensive ipv4 addresses

[–] [email protected] 12 points 7 months ago (1 children)
[–] [email protected] 12 points 7 months ago (2 children)

Got an alternative that isn't youtube?

[–] [email protected] 5 points 7 months ago* (last edited 7 months ago)

Touch grass /j

[–] [email protected] 0 points 7 months ago

If you don't care about privacy that much, which I assume you don't because you use Twitch, Kick is the only alternative I can recommend. Everything else either is dead, is in another language, or has no good content, which sucks because some of them had good privacy policies. Monopolies are dogshit.

[–] [email protected] 11 points 7 months ago

The shadowban I am pissed about is Reddit. The comments would appear for me just fine, but not visible outside of my account. Given that I have pretty much only commented about very neutral, even childish topics - I blame my email, which is on my own domain.

[–] [email protected] 10 points 7 months ago (1 children)

Can't you still connect to twitch chat via an IRC or XMPP client? Or did they axe that feature?

[–] Duamerthrax 6 points 7 months ago

Pretty sure that still works. A few tech streamers like Vedal rely on that for their stuff to work.

[–] [email protected] 10 points 7 months ago

I recently stumbled across an open-source frontend for Twitch called SafeTwitch, I really like it.

[–] [email protected] 8 points 7 months ago

Weirdly, when I was on an affected VPN and had a Twitch account, I could still stream. Just couldn't use the chat on my own stream. It makes no sense whatsoever, and the main effect it has is just to make users angry with them when they discover they've been shadowbanned for no rational reason.

[–] [email protected] 7 points 7 months ago

You can get through the shadow banning by sendubg multiple copies of your send request a number of time equivalent to 1 terabyte. Only works if you do it for each comment.

[–] [email protected] 5 points 7 months ago (1 children)

Out of curiosity, have you tested the shadow ban with a non-web Twitch client, like a phone app or an IRC client?

[–] [email protected] 3 points 7 months ago (1 children)

I have not. I try to avoid apps if I can.

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago)

Fair enough. Just so you know, though: F-Droid has open-source Twitch apps requiring minimal permissions, and last time I checked, you could use a desktop IRC client to interact with Twitch chat. (The latter requires more effort to set up.)