Comment by jsheard
3 years ago
I had to stop using Mullvad because so many of their IP ranges were blocked or throttled by various services, it was borderline unusable as a daily driver. Unfortunately there isn't a good way for them to protect the reputation of their IPs when they don't collect any information that could be used to identify abusive customers, by design.
Maybe retiring port forwarding will help, but their IP ranges aren't going to be removed from every shitlist out there overnight.
To be fair, I use subscribed ProtonVPN. Same exact issues.
Cloudflare gives me captchahell with infinite "click on fire hydrants or vans or bicycles or stoplights".
Amazon just pretends to "site error".
Numerous sites like Tiktok, JLwaters, my state's data portal, and others just give me a 403 forbidden.
Other sites just load a <html></html> blank document on my VPN.
And Proton is actually kind of hard to get port forwarding turned on. You can do it by adding a suffix to the OpenVPN name, or by generating a wireguard with port forwarding on.
But again, I don't think it's anything to do with port forwarding per se. The current web demands deanonymization. And naturally "abuse" is blamed, even when attached to legit accounts with legit historical purchases etc.
Even without a VPN, the built-in tracking protection in Firefox trips Cloudflare’s bot detection every time. It’s a not-so-subtle FU for taking any steps to protect your privacy online.
The goal is privacy, but the side effect is that you appear exactly as any spam/scraping bot out there. So website owners block this scenario and are fine that it'll likely exclude a minority of visitors who try to browse the web with maximum privacy.
3 replies →
> The current web demands deanonymization. And naturally "abuse" is blamed
I used to work at a smallish mom-and-pop website host (do those even exist anymore?) that also offered email services. Our PF firewall just straight-up blocked huge swaths of IPv4 CIDRs because it was 99% email spam and exploit scanners. We had no ability whatsoever to fight it any other way. I don't recall even a single complaint from any of our customers.
> I don't recall even a single complaint from any of our customers
Well, there are two different reasons you might not have received any complaints...
2 replies →
> And Proton is actually kind of hard to get port forwarding turned on. You can do it by adding a suffix to the OpenVPN name, or by generating a wireguard with port forwarding on.
Regrettably, I suspect this does nothing for abusers, who are motivated, and instead impacts only "legitimate" customers.
ProtonVPN supports port forwarding? Had no clue!
Sure does. And it's easier with Wireguard than OVPN.
I never successfully got an OpenVPN set up with proper port forwarding. It would appear to, and then just up and fail.
With Wireguard, I set the port automatically with UPnP (Soulseek and torrents). Have it set up there, and works like a champ.
You'll have to log in, go to Wireguard configs, set port forwarding and a P2P VPN, and download. Then do the usual with /etc/Wireguard and start it up. That's it.
Re: Captchas: Have you had any luck with PrivacyPass? https://www.hcaptcha.com/privacy-pass
Ive had no luck, cause I wasn't aware of PrivacyPass.
Thank you! Looking into it now.
I deliberately chose Mullvad because their IPs are on those blacklists.
My impression is that the only way for an established, non-tiny VPN provider to have clean IPs is if they're buying residential proxys. My impression is that the only way to make the residential proxy business work at scale is either malware or unwanted misleading bundled crapware. I don't feel comfortable benefiting from a service that, at best, relies on tricking less tech savvy people into installing crapware.
There are ways to get residential proxies in a more ethical way these days. Some apps/extensions are now offering money for network access/network usage and they are open about what they are doing. They pay you with cash in exchange for your network, no covert VPN or sneaky SDK in unrelated apps.
I think even the more ethically dubious providers are shifting towards that model. Which makes sense since they have to pay anyways.
I'm skeptical even those services properly inform users about the risks and downsides. I also suspect those services turn a blind eye to resellers violating their consent policies
2 replies →
see: https://earnapp.com/
I doubt port forwarding had anything to do with this. These IPs are on blacklists because they are used by robots and scammers to make requests, not because they are used to host malware.
yes. Cloudflare seems to be aggressively blocking Mullvad and Tor and I am sure others. It started a few months ago. Meta has been blocking them for some time also. The other side of this problem is so many domains are sitting behind Cloudflare.
It's not without reason. VPN providers are (by the nature of their business) home to all sorts of shady business. Sucks that some innocent people get hassle from it, but IP reputation systems are nothing if not damn effective at preventing abuse.
Isn’t it possible for Cloudflare customers to turn off the captcha, or at the very least prevent infinite captchas?
Yes, but I don't know which rules are responsible. It could be the bot management product but it could also be custom or default firewall rules. I think it's a combination of both. I don't know if the goal was to deliberately block certain exit points or if that was a side effect of some common settings meant to block bots or generic abuse.
[dead]
I don't use them but an alternative provider. The benefit of not collecting info is still worth the hassle. I usually have no problems to access anything aside the rare cloudflare prompt that they believe me to be a robot.