162
PSA: Twitch Shadowbans Users on VPN + Linux
(lemmy.ml)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
Twitch shadowbans public VPNs due to abuse/bots. The most common method for people to get around bans is to use a VPN -- now assume millions of viewers, and you've got an easy recipe for needing to stop that activity.
You're not punished for being privacy conscious; you're being punished for being roughly in the same realm as harassers, etc.
If you don't want to be banned, rent a VPS and set up your own private VPN for only you. The problem is that using Nord, Windscribe, etc etc is that you're sharing that VPN tunnel with hundreds, maybe thousands of people at a time.
It's trivial for twitch to differentiate between users who are logged in and have verified accounts. Slapping bans by IP is archaic and lazy when you have more precise metrics to go by. And at the very least, they should make you aware that you are banned before accepting your money for their services.
You can just make a new account and blam you're free from the ban on your account. That's why IP bans exist.
Think of it from the reverse direction. If you have a twitch account in good standing that's verified with a valid email and has no violations, why all of the sudden would it make sense to apply a ban to this account? Perhaps preventing new accounts from being created on a sketchy IP could be a sensible solution, but shadowbanning an existing account makes no sense and is a lazy approach to security. In addition, fingerprinting makes it so a service can easily differentiate between users using the same IP.
What if the account is compromised? Now the spammer is able to do their spams freely on the IP address.
It's just a hell of a lot easier to black list the entire IP than to try to manually let in small percentage of people who use a VPN AND want to comment or whatever.
"It's okay to punish people who have done nothing wrong as long as they're a minority group."
It's a lazy approach to filtering/moderation that breaks the service for legitimate users and is not much easier to implement than a per-account reputation system.
Much like the practice of blacklisting email forwarding domains, I won't use it in any service I run, except maybe temporarily to mitigate an active DDOS attack.
Ok genius: solve it then. How do you stop compromised accounts from using a VPN without affecting innocent users?
You don’t. The shitbags ruined it for everyone.
When you detect a compromised account you could put a freeze or lock on it. If there are that many compromised logins that constant account swapping is an issue then twitch needs to overhaul their account security.
Of course it is easier, however, the point was that it is lazy...
I suppose it's possible to build a system that would let you specifically allow a VPN IP to be green-listed on your account, but you'd probably have to allow it by signing in from a known good IP first.
I think it seems like lot of work for something that isn't really private and is still probably vulnerable to exploit.
It probably is the the best bang for their buck. I doubt they lose significant profit from the simple stopgaps.