I often use a commercial VPN service, which I suspect is not rare among Lemmy users. Most of the time, I’m able to post to lemmy.world, but on occasion I am not. The default web UI provides zero feedback, just a spinning submit button forever, but if I look in the browser dev tools, I can see it’s being blocked.

I understand that some limitations are necessary to prevent spam and other abuse, however this is a very blunt instrument. The fact that I have a 10 month old account with consistent activity should outweigh any IP address reputation issues.

Perhaps the VPN limitations could be narrowed in scope to cover only account creation and posts from young accounts.

  • 5h17h34d@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    8 months ago

    I’ve always wondered why Google makes me jump though hoops when I’m tunneled through my VPN. I’m logged in to Google for chrissakes, that should be all the difference in both of these situations.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      8 months ago

      There’s some very good reasons:

      • VPN traffic could be masking an attack on the account
      • By using a VPN, they lose a degree of certainty that it’s you, they can’t use the IP address as a factor to establish the probability it’s actually you
      • Differentiating you as a person, from other people with the same source address, perhaps who are behaving poorly, or who’ve implemented robots to do things Google doesn’t like.

      I fully believe VPNs should be a fundamental right on the internet, nobody should have to identify themselves by IP address to use the internet. But from an account security perspective alone there’s a good reason to be extra super duper sure of somebody before allowing them to log in

      • 5h17h34d@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        8 months ago

        But, I’m LOGGED IN. To Google. Bad actors on the same VPN ip address are not logged in as me (I hope).

        • bitfucker
          link
          fedilink
          arrow-up
          3
          ·
          8 months ago

          Say that to the victim of cookie stealing attack

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          8 months ago

          Somebody might have stolen your login cookies, and is impersonating you. If the IP that your traffic originates from changes rapidly that could be an indicator.

  • Rooki@lemmy.world
    link
    fedilink
    arrow-up
    10
    arrow-down
    6
    ·
    8 months ago

    Hello @[email protected] ,

    we understand your frustration, but lemmy doesnt give us any alternative to that, as we cant block posts/comments from younger accounts easily.

    The issues with the UI, that it doesnt give any real feedback is, sadly an issue with the LemmyUI, but it will be probably improved in the future.

    We are looking into better alternatives to that, but until then we sadly have to stay on our current path.
    We will be of course announcing if we found an alternative to that.

    • Zak@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      Thanks for the explanation. It seems I should be proposing improvements to the Lemmy software since the software doesn’t currently support the policy I’m suggesting.

  • CrayonRosary@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    The worst part about this issue is, once you hit submit and get the infinite spinner, the text box for the post or comment is locked, and you can’t even copy/paste the text in order to try again after turning off the VPN, and you can’t cancel the submission to unlock it.

  • 4am@lemm.ee
    link
    fedilink
    arrow-up
    6
    arrow-down
    7
    ·
    8 months ago

    The fact that I have a 10 month old account with consistent activity should outweigh any IP address reputation issues.

    I dont even know where to begin unpacking this flagrantly ridiculous sentence, but I’ll just say this is the same energy as the “devs are lazy” entitlement when popular video games suddenly acquire a cheater problem

    • Zak@lemmy.worldOP
      link
      fedilink
      arrow-up
      7
      arrow-down
      2
      ·
      8 months ago

      Proposing changes like this is how open source projects work.

      Account age and reputation metrics are a pretty good way to limit abuse because the supply of established accounts is limited, making them difficult to replace when they get banned.

    • El Barto@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      8 months ago

      Lol nice trolling attempt!

      For anyone else reading, I’m a dev, and I didn’t get any “devs lazy” vibe from the OP.

      It’s a sensible request, not a ridiculous one.

        • extant@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          When people are blocked for using a VPN it’s usually because that IP was used in an attack at some point and added to a blacklist and since no one really owns it its never been contested, or its been used in multiple attacks and considered permanently added. Since a VPN provider’s entire purpose is to hide what you’re doing it’s difficult for a provider to keep its users from abusing that IP.

          So while it’s possible to get a list of IP’s that are owned by VPN providers and proactively block them it’s generally only intended to block IP’s known to be abusive.

          Lemmy instances are just blocking IP’s used in abuse, Reddit is actively trying to prevent robotic scrapers to keep their data more valuable to sell to AI companies so they are only interested in blocking VPN’s they suspect are trying to scrape data and not a logged in user who happens to be using a VPN because if they know the user and are using a VPN and start scraping they can just ban the user.

          Tl;Dr its about intent; Lemmy is preventing abuse vs. Reddit is protecting the value of its data for sales.