I’ve been noticing over la last few years that is is becoming more and more difficult to login to accounts, whether a bank account, a membership account, sometimes even browsing websites for shopping, through my VPN server. Is this just my impression or is there something going on now whereby there are services that keep list of VPN servers that are then sold to backs so that these parties can keep out anyone from trying to login via a VPN. It feels like the general consensus is VPN=malicious rather than "VPN=“this guy is just trying to protect his privacy”. I use AIRVPN but was wondering if there are VPN services that are more sophisticate and try to circumvent these VPN server blocks? It becoming a real pain to the point I’m wondering what it the point of paying fro a VPN is I’m finding myself having to login through my ISP IP rather than my VPN IP.
Because information is worth money.
From the infosec practitioner perspective the number of bad actors coming from public VPN pops is exceptionally high compared to any other random IP, so they get put on a naughty list. We often cut out entire countries just because they have such a high ratio of bad 2 good traffic, particularly if it’s a country that we have no real expectation of user traffic originating from.
It’s not so much a VPN bad, but just that you’re hanging out with others that act bad. Kind of the Nazi bar thing but for hackers. If you set up a private VPN somehow on a random cloud host you likely wouldn’t see the same issues, how to keep the ownership anonymous though is another problem.
And in recent years, VPN abuse by malicious actors has gone WAY up. Well, either that or the ability for InfoSec practitioners to trace the threat actor back to the VPN has gone up. Or a combination.
Everything starts as a luxury until the working class bands together and demands it. 40 hour workweeks, overtime, sick days. These are workplace examples, but the concept holds true everywhere. In a capitalist society things like privacy aren’t considered until someone starts exploiting them for profit, at which point people start to get serious about protecting it. And this rule applies 5x in any tech realm, as governments are notoriously slow to build legal protections in new and fast moving sectors.
All that was to address your title, which is only tangentially connected to the rest of your post. Regarding the body, companies have absolutely started to equate VPN with bad actors. Still worth having. I just whitelist the services I have to.
I use ProtonVPN and have to turn it off to log into my bank, credit card, and other financial institutions. Also I seem to have to do a lot more Captcha puzzles than I used to, and have had online orders flagged as suspicious. in some cases, it seems like they’re just trying to protect your accounts. In others, it seems like they’re throwing a hissy fit because they feel they have a God-given right to your private data.
Yup. You make yourself look like a bot, you’re gonna get treated like a bot.
Yah, they will keep demonizing privacy until we give it up. Because those who care about personal freedom are all terrorists, pdfiles and drugs dealers. Just give up /s.
I don’t do shit online. Don’t shop. Set appointments. Don’t Google. Don’t do email. I am nearly a hermit though
Check out this guy online telling us online that he doesn’t do anything online.
Must be nice to not do anything at all. Independently wealthy I guess. Since you are basically not functioning in this world. Never applied for a job I guess.
No reason to assume that. Outside of big cities, many businesses don’t even have an online existence.
Generally browsing via VPN is not equal to more privacy. It just tells the websites you’re where the server is instead of where you are, while the server might log your full browsing habits even though they promise not to. While legitimate interests, like, ripping you off because you live in a rich country or making sure you’re not in a criminal country, makes browsing with VPN a bad experience.
Instead, you could fake your location at least in Firefox’ about:config.
// fake geo location (HB Zürich here) user_pref("geo.prompt.testing", true); user_pref("geo.prompt.testing.allow", true); user_pref("geo.provider.testing", true); user_pref("geo.provider.network.url", "data:application/json,{"location": {"lat": 47.377, "lng": 8.540}, "accuracy": 2700.0}"");
Because your information is what a number of services use to make money. Even before VPNs come into the equation, you’re undercutting the service’s ability to sell you by anonymizing yourself.
That said, as noted elsewhere here, VPNs can be used by bad actors which can get you just put on a massive block list; and in addition, VPNs can be used to circumvent regional protections such as provisions on what countries can watch what content on video streaming services, which those services also want to prevent and so can block known VPN addresses to avoid.
I use a credit union, and they obviously don’t care that my login location changes from week to week. If the login comes from outside the US, then I get a flag from the fraud department.
It feels like the general consensus is VPN=malicious rather than "VPN=“this guy is just trying to protect his privacy”.
VPNs are used for malicious purposes. After all if a VPN keeps no logs, doesn’t track usage, and lets one pay with alternate currency, why wouldn’t someone use one if they were wanting to commit a crime?
For any service it’s a battle between avoiding blocking actual users, and keeping out the bots and malicious users.
A VPN with a paid dedicated IP may help, or a DIY VPN hosted on a VPS somewhere, but I’d argue it’s not really any better than just using your ISP at that point since all your traffic comes from your own unique VPN IP.
But setting up a VPN on a VPS is not really going to do much for privacy is it? It wouldn’t take much to work out who is renting the VPS and the VPS has no incentive to hold back any info if a they were issued a search warrant.
Feels like it becoming more and more challenging living on the Internet without leaving breadcrumbs all over the place.
You don’t need VPN for everything. Bank is an example.
VPN it is just a tool, not making you invisible but still many companies will not log your real IP, and using it for tracking.
Good solution is to use different browsers (those can be fingerprint) so let’s say. Chrome for banking, shopping (Google is good for adds), and use another browser like Brave with Brave search engine for reading… searching.
TorBrowser - is the most powerful when it comes to privacy (just don’t use it for banking etc.) Some website blocking VPN IP, but TorBrowser might still work. :)
https://www.youtube.com/watch?v=Ni2%5C_BN%5C_9xAYTOR is just slightly harder to keep up on as far as being listed on the same tables as commercial VPN hosts because it’s so dynamic. Anyone can spin up a node and be a relay or, for the brave/foolish, an exit node in a few minutes.
Privacy largely comes from a plausible deniability in that the person asking for a site could be the originator or they could just be relaying a request for the originator. Freenet, or now called hypha net is similar that way.
My perspective on internet privacy has long been that while I don’t expect to be a ghost, I can make the picture as muddy as I can to make whatever profile they gather be as useless as possible.
It’s not profitable.
On a certain level, privacy always was a luxury. Through most of human history, you lived bumcheek to jowl with othet people. The trick is, now it’s a different beast. Corporations have the ability to be much more powerful in their invasions. As for your specific situation, there are some VPNs that try to hide that you are using a VPN. I think proton has something like that. I forget what it’s called. And you could technically go VPN on VPS and get a much easier time but you’d have to switch it out all the time if you wanted anonymous-at-server browsing, and you’d have to pay for the privilege which comes back to privacy as luxury.
How can we have private group computing, online shopping, when people here fail to control their individual computing (Google Chrome, iOS, etc)?
Yeah you need a different device or browser profile for KYC services only and remember to split tunnel vpn traffic to it