I often use a commercial VPN service, which I suspect is not rare among Lemmy users. Most of the time, I’m able to post to lemmy.world, but on occasion I am not. The default web UI provides zero feedback, just a spinning submit button forever, but if I look in the browser dev tools, I can see it’s being blocked.
I understand that some limitations are necessary to prevent spam and other abuse, however this is a very blunt instrument. The fact that I have a 10 month old account with consistent activity should outweigh any IP address reputation issues.
Perhaps the VPN limitations could be narrowed in scope to cover only account creation and posts from young accounts.
I’ve always wondered why Google makes me jump though hoops when I’m tunneled through my VPN. I’m logged in to Google for chrissakes, that should be all the difference in both of these situations.
There’s some very good reasons:
I fully believe VPNs should be a fundamental right on the internet, nobody should have to identify themselves by IP address to use the internet. But from an account security perspective alone there’s a good reason to be extra super duper sure of somebody before allowing them to log in
But, I’m LOGGED IN. To Google. Bad actors on the same VPN ip address are not logged in as me (I hope).
Say that to the victim of cookie stealing attack
Somebody might have stolen your login cookies, and is impersonating you. If the IP that your traffic originates from changes rapidly that could be an indicator.