I imagine a few might have issues with legal CYA, but just some ordinary website, why stop someone using a VPN from accessing the website? Is it all about their data collection? Just the generic way websites are made? Companies are strong-armed by the guv’ment to not allow VPNs do that they can force the company to give up information with or without a warrant?
Streaming companies generally license content for a specific geographic area and can’t sell to customers outside that geographic area [Netflix has frequently been mentioned as an example of this requirement].
I get streaming and like trying to watch sports from out of the area. What I’m asking about is some ordinary website whose content is not tied to geographic area not allowing VPNs to connect.
The other thing which comes to mind is Europe’s General Data Protection Regulation laws and similar legislation:
This legislation is very broad and I think a lot of websites don’t want to get visitors from Europe via VPNs as they would then be subject to some of the provisions of this law even though they are not located in Europe.
A normal site like the SDMB(*) might ban VPNs to help detect socks, trocks, and banned people. It would also help block spammers. If the site figures out that an address is spamming, it can block that address. But if the spammer can switch to a VPN, they can spam using that new address. Along those lines, it could be that the VPN addresses end up being naturally blocked due to the amount of spam coming through the VPN’s address. The website might not actually be banning VPNs. What might have happened is that so much spam came in through the VPN’s address that the address was banned through the normal procedure of blocking troublesome IP addresses.
*Just using SDMB as an example. Not saying they actually ban VPNs.
There’s no such thing. Websites have a variety of purposes and there is no one reason they would deny VPN access.
The website might be behind Cloudflare and your particular VPN might be noted as one used by a bot and it got caught in bot rules for basic Cloudflare setups.
Or the site owner might have their Cloudflare settings set up too tightly for their needs and they clicked the “don’t allow VPNs” button.
Some people use VPNs to engage in problematic traffic, like doing DDNS attacks or other sorts of bad behavior. The next person to use that same VPN node can be totally innocent but the provider (whether the website itself or their some sort of content host like cloudflare) doesn’t know if you’re that bad actor using the same VPN. I will often get a CAPTCHA when using google when I turn on my VPN for example wanting me to prove I’m not a bot when they know my traffic is coming from a node where someone else caused a problem.
Right. If you gave us some specific examples of websites that are blocking VPN traffic, we could probably come up with reasonable reasons for each one.
Cloudflare usually gets an extra “are you human?” captcha.
I really hate the websites that just… don’t work on VPN. No polite reminder to turn it off, just a 404-type error.
Socks, trolls, and spammers all use VPNs. Most legitimate users do not. But we do have some legitimate users on VPNs so we don’t have a blanket ban on VPNs. I can definitely understand why some websites do, though.
That said, Discourse automatically blocks IP ranges when we have too much spam from those IP ranges, so the more spammers use a particular VPN, the more likely that VPN is to have its entire IP range banned.
If you are trying to block the worst that the internet can throw at you, a polite reminder isn’t going to cut it. You need to completely block them from accessing your site.
If you use a VPN, you are basically throwing yourself into the same bucket along with the socks, trolls, spammers, and malicious hackers. Yes, there are a few legitimate users in that bucket, but in my experience they are few and far between.
No, I’m talking about appearing like for all intents and purposes the website does not exist/is broken, so you don’t even have an inkling that the VPN is the issue but assume they website is down. As opposed to a page that simply tells you to turn it off before accessing, however politely or not they want to word it.
I disagree with the second point, but will stop there in FQ.
We’re talking about the same thing. I don’t know how familiar you are with networking protocols, but if you filter off based on IP and MAC then it really doesn’t matter what someone with malicious intent does at higher levels. Their malicious packets will be filtered off regardless of what protocol they are using.
From your personal point of view, their site simply doesn’t respond to anything that you send to it, so the symptoms are identical to a site that is down or does not exist.
Serving up a web page to let you know that the VPN is an issue opens up a big security hole, because at that point you are no longer filtering down at the IP and MAC level. Some sites will do that, but for others, the low level filtering is much easier to do and is less hassle for the site administrators.
I am mainly talking about a site like the SDMB, which is all that I have data for. I don’t have actual statistics, but my gut feeling is that for every legitimate user we have that signs up from a VPN IP, we have probably a dozen legitimate users signing up from non-VPN IPs, probably about 3 or 4 trock accounts using VPNs, and probably somewhere in the neighborhood of 50 to 100 spams that mostly come from VPN IPs.
Obviously this is going to vary depending on what type of site that you run. I’m just giving you the statistics that I have.
As for the internet in general, getting exact statistics for VPNs is pretty much impossible, since you can’t tell what is being transported inside the VPN packets.
Related to this, how does a website know that you are using a VPN?
They check to see if your IP (the one that they see the traffic originating from, not your PC’s IP) is on one of their lists of known VPN IPs. It’s a simple lookup, nothing fancy.
And what’s crazy is I have this problem on some sites that have a legitimate reason for banning VPNs such as trying to get hometown sports broadcasts in a different town or trying to bypass Netflix regional controls. What I don’t get are website like catsontrampolines.com preventing VPNs from accessing their site. Why would they even care? Or is that the host’s decision? Or do idiosyncratic website designers just build it in to all of their sites?
That appears to be an unclaimed domain, so it probably falls under general GoDaddy policies. Was that the URL you meant to post?
I use a VPN for additional protection from malicious web sites. I experience less pop ups and hijacks.
There’s also additional privacy.
I understand in the past VPN’s were primarily used by hackers.
It’s a different world today. It’s not only the web site coding that can be sketchy. The ad servers can be a source of Malware.
I remember a few years ago the SDMB was getting adult ads. The mods eventually got it shut down.
The protection of a VPN is more important for every day user. They aren’t as sophisticated in recognizing Phishing and web site hijacks.
I picked a generic name that was unclaimed to prevent, “I can get on there with my VPN.” The point is why would some random generic site that doesn’t need to know where you are located care or check for your use of a VPN?
It’s just their network settings. They probably don’t even know.