Comment by VladVladikoff

Comment by VladVladikoff 2 days ago

3 replies

View on Hacker News

Yes that is the crux of the issue. However many times when I reported bad actors to Mullvad the attacks were multi day attacks that were ongoing. It would have been trivial for Mullvad to add a filter to check for future packets from that VPN ip to my server IP and flag the associated account. However I believe even this approach is far to manual and invasive. I think there would be a better way using AI to analyze abuse patterns, and automatically flag bad users which match these patterns.

The issue is that VPN providers have zero motivation to do this, because a non-zero percentage of their user base is literally paying them BECAUSE they can use the service to attack other servers with a level of anonymity. If the VPN providers were to combat this issue it would negatively impact their revenue.

yjftsjthsd-h 2 days ago

> It would have been trivial for Mullvad to add a filter to check for future packets from that VPN ip to my server IP and flag the associated account.

In other words, to break the fundamental premise of their product and identify traffic to a user.

> I think there would be a better way using AI to analyze abuse patterns, and automatically flag bad users which match these patterns.

Not without, again, creating an entire system which exists only to record traffic and tie it back to users.

Basically, both of your suggestions amount to "stop providing the product that is their entire business model", because the whole point is that they go out of their way to avoid having the information that you want them to use.

Reply View 1 reply
  • mmooss 2 days ago

    They don't have to tie it back to an individual, only to an account or, if they respond quickly enough, to a set of activities or traffic pattern.

    Reply View 0 replies
Imustaskforhelp 2 days ago

Lets face it man , they can't do anything.

they can't have AI detection or any other thing to help you. Simply put they can't help you. If they have to , then they aren't that private.

And they are in the business of privacy.

I wonder why threat actors are abusing your website ? I think you have also used cloudflare anti DDOS ? so the problem isn't DDOS , then what exactly is the problem ? are they signing up and abusing your free service or something like that ?

Reply View 0 replies