Comment by walrus01
19 hours ago
Respectfully, no, that's not how it works. You think the people running anti-fraud and anti-bot measures don't have tools that know the specific ipv4 and ipv6 CIDR ranges of every ASN that they categorize as hosting/colo providers?
And that's just as a basic first effort reject measure to prevent automation tools from using things designed for human-interactive use only.
Go try to do many of these things from Cogent IP space and see how long your project lasts.
Every developer at my company uses their Claude Code subscription on an EC2 dev box. Plenty of other tech companies do the same. Heck nowadays people even install Claude Code directly on production servers in data centers and use it as an ops tool. None of this is a problem. Fraud and abuse detection is a lot more sophisticated than just checking an IP range.
None of the LLM providers block professional use thus they must necessarily permit access from commercial IP ranges.
I have no idea how the resellers are doing it but an obvious starting point would be a cheap VPS node that routed each account to a unique semi-permanent IPv4 or IPv6/64. All the provider would see would be a regular account making a normal looking stream of requests from a stable datacenter IP address. Any given request stream would remain consistent (at least over a period of a few hours) because a reseller would take care not to split the session of a single user across multiple different accounts and not to interleave the active sessions of multiple users on a single account.
Detecting this would be extremely difficult because on a longer time frame it's perfectly normal for many distinct accounts to work on the same code base.
And it’s perfectly normal to be running Claude Code on EC2, a VPS, etc. I do it all the time!
You block clouds, you block devboxes and your customers.
Wouldn’t it be funny if the same residential proxies allowing these labs to scrape the Internet is also what’s enabling these resellers?
If we're getting up to the scale of these resellers and also considering chinese state interests then we're well into the range of purchasing a few small ISPs in different countries and "padding" the legitimate subscribers.
Sorry for being a newb here but are you saying Anthropic blocks people from running claude code on datacenter ip ranges?
Or is the datacenter IP just one part of the picture?
I assume they use residential proxies (tunneling in the background of crappy Android games) for the "last" hop.
Nonsense. Many if not all legit Claude users are using Claude Code inside their Cloud servers. How else would you use it anyway? For just local dev? That's so 2000 and late bro.
No, I'm not saying it's the exclusive and only measure (that would indeed be something we might see 20, 25 years ago), it's one of a myriad of discrete datapoints used to determine if an account is authentic or not.
There's a lot of inauthentic coordinated automated systems these days along the general lines of scraping/crawling/social media manipulation/sockpuppetry that require running through residential proxies or proxies to places that don't look like datacenter IP space.