this post was submitted on 23 Apr 2024
163 points (90.5% liked)
Privacy
31957 readers
469 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You can just make a new account and blam you're free from the ban on your account. That's why IP bans exist.
VPNs exist and then boom IP bans no longer matter. Hell, some ISPs give you a new IP if you just restart your modem. IP bans sweep up clusters of users behind large gateways like college dorms or carrier-grade NAT.
IP bans do not work and I’m sure twitch seldom uses them, the exceptions being VPNs and cheap/free VPS services.
Think of it from the reverse direction. If you have a twitch account in good standing that's verified with a valid email and has no violations, why all of the sudden would it make sense to apply a ban to this account? Perhaps preventing new accounts from being created on a sketchy IP could be a sensible solution, but shadowbanning an existing account makes no sense and is a lazy approach to security. In addition, fingerprinting makes it so a service can easily differentiate between users using the same IP.
What if the account is compromised? Now the spammer is able to do their spams freely on the IP address.
It's just a hell of a lot easier to black list the entire IP than to try to manually let in small percentage of people who use a VPN AND want to comment or whatever.
"It's okay to punish people who have done nothing wrong as long as they're a minority group."
It's a lazy approach to filtering/moderation that breaks the service for legitimate users and is not much easier to implement than a per-account reputation system.
Much like the practice of blacklisting email forwarding domains, I won't use it in any service I run, except maybe temporarily to mitigate an active DDOS attack.
Ok genius: solve it then. How do you stop compromised accounts from using a VPN without affecting innocent users?
You don’t. The shitbags ruined it for everyone.
When you detect a compromised account you could put a freeze or lock on it. If there are that many compromised logins that constant account swapping is an issue then twitch needs to overhaul their account security.
Of course it is easier, however, the point was that it is lazy...
I suppose it's possible to build a system that would let you specifically allow a VPN IP to be green-listed on your account, but you'd probably have to allow it by signing in from a known good IP first.
I think it seems like lot of work for something that isn't really private and is still probably vulnerable to exploit.
It probably is the the best bang for their buck. I doubt they lose significant profit from the simple stopgaps.