Tell HN: Reddit accounts cancellation/suspension caused by VPN usage

332 points by netfortius ↗ HN
Posted earlier about an account of mine having been suspended with no apparent reason (at least of posting rules breaking), then other two which I had in the past, for testing. As I was/am traveling at present, I used VPN in a few places, and I tested the theory of this being the source: created a new account yesterday, used it fine with no posting or submissions, then used it again today with two different VPN exit points, and sure enough: "Your account has been permanently suspended from Reddit."

If the Redit bozos do not comprehend the need for VPN, if *content* provided is of not harmful in any way, then I sure wish them good luck in keeping this service going ...

Edit: PIA as VPN, with three major exit points, used interchangeably: France (local when there, public place), UK (local when there, public place) and US (employer specific requirement). Original account was 10K+ submissions and almost same for comments, with never close to questionable content - got suspended during my travel, with no apparent (at time) cause. Two older/test accounts I dug up in the immediate aftermath of first closed, with no submissions, got also suspended within the span of a few days of use (reading/access only). One "control" test account got banned today, after having been opened yesterday - this purposely used while "flipping" between VPN exit points. HTH

253 comments

[ 3.2 ms ] story [ 70.5 ms ] thread
I've been using a VPN continuously since the UK introduced the "Snooper's Charter". VPN usage has risen hugely around the world and it's not uncommon to see (mis)advertising on TV from more disreputable companies like Sophos and NordVPN.

Over time, these positions will become increasingly untenable. If everyone uses a VPN or lives behind CGNAT then these kack-handed approaches to "security" won't be seen as being plausible – the more real users they block or inconvenience the greater the harm to their product and I am sure this is going to go up over time. It's not like a real attacker can vary their ipv4 addresses willy-nilly at any rate...

Could you please elaborate on NordVPN being disreputable? This is the first I'm hearing of this.
Can you disclose which VPN you are using? I sometimes use ExpressVPN + a different browser to protect my identity, but it would be annoying if I lost my account.

The charitable interpretation is that Reddit got a lot of abuse from individual IPs, the IP didn't seem to be shared to them, and they just blacklisted it. I assume they don't generally blacklist IPs from abusive users, since otherwise university campusses would quickly have problems :-).

> The charitable interpretation is that Reddit got a lot of abuse from individual IPs, the IP didn't seem to be shared to them, and they just blacklisted it.

They likely buy databases of IP addresses which have likelihood of fraud attached to them from third parties like Neustar or Geocomply or Digital Envoy.

Being a VPN address is a great way to get a giant red flag on those databases (correctly).

Doesn't surprise me the slightest, Reddit is not like it used to be. It used to be the underdog where free speech flourished and today it's a chineese-owned propaganda machine. A few users controls the biggest subreddits and most deviating views get themselves either banned or restricted.
Chinese? I'd say Russian.
> Oceania was at war with Eurasia; therefore Oceania had always been at war with Eurasia.
I'm pretty sure a certain chinese company invested ~300M$ couple of years ago[0] if i recall correctly.However the platform became totally unusable and a sh*tfest way before that,think ~2014+, mainly because it was the turning point where no transparency was maintained or provided anymore, especially when it comes to moderation of users & their posts and management of subreddits.By early 2016 this was almost 'proved', but at that point this tactic resulted in creating echo-chambers, which drove up users and made it the "successful" platform it is today.Turns out nobody really cares about transparency and doing the proper job when the users and numbers are constantly exploding due to the forementioned created echo-chambers. By the way my guess why reddit was never russian-oriented or 'aligned' is because most russophile subreddits were actively targeted and shut down(for good reasons many times), whilst chinese subreddits, the 'official' north-korean (propaganda) subreddit, and many others, were kept up and almost treated as separate platforms from the mainstream website.

[0] ( https://techcrunch.com/2019/02/11/reddit-300-million/ ) Indeed it was,once again, Tencent, the company famous for destroying MMOs, infiltrate the western gaming markets and pollute it with micro-transactions, cosmetics, etc.We're on the edge of touching politics and geostrategy here and I don't want certain people to jump telling me i'm a conspiracy nutjob.At this point the record is there, go look at it.

>the 'official' north-korean (propaganda) subreddit,

I'd honestly always assumed /r/pyonyang was very clever anti-NK propaganda. The role it occupies as Reddit in-joke aligns with western agendas.

/r/nknews skews closer to actual North Korean propaganda, but I think (or maybe just hope) the general vibe there is the readership understands that ANYTHING you read online about North Korea is potentially propagandized in one way or the other.

If propaganda was the purpose of that investment then it would have been a terrible one. Major subreddits are very often plastered with anti china stuff. It doesn't even have to be factual. Meanwhile back when i modded a major subreddit with somewhat of a politics focus around the time when the whole situation in Ukraine kicked of russian propaganda accounts were very obvious and common. (relatively new accounts with certain formats of usernames posting short stuff that was found verbatim on similar accounts, etc)

It reminds me of an American study someone once commented here on HN where they looked into this and whilst they found Russian "shilling" substantial they there were surprised to find actually more anti china bots (mainly posting in simple chinese) across platforms like twitter than pro china ones. Pro-china propaganda efforts were found and measured but were largely amateurish, quickly banned and ineffective.

the day reddit will end up like digg is always a day too late

now they have in sight the IPO so they are doing great cleaning, even of the past, they are rewriting it to be more attractive to sponsors and investors; a monstrous number of posts and subs are deleted every hour every day with the excuse that they apply [new] rules not specified anywhere and even often contrary to the well-established customs

they have gone from total administrative absenteeism to be a Kafkaesque nightmare, primarily for moderators (volunteers)

as a European I did not understand the concept of the word "cancel culture" but now that I'm seeing it with my own eyes I hope reddit fail very soon because now has become a spite to everything that Aaron wanted

so no, they have not become chinese/russian/"destiny manifest" propaganda machines, they are just a horrible horrible horrible place (with 10mb of javascript per connection as cherry on top)

> the day reddit will end up like digg is always a day too late

Many people ITT are saying that they're even worse than that right now. At least the Digg big redesign was halfway usable.

On the flip side, there's now a decent chance that the next "big" discussion platform might be a properly federated system, allowing for some longer-term resilience against this sort of deterioration. Much like E-mail/Usenet vs. centralized Compuserve or AOL.

(comment deleted)
It seems fine to me, had an account for 5+ years, 30k karma and use a VPN to access it at school daily.
Same VPN exit point? Maybe this is the difference between traveler like my case and someone protecting their comm over same infra path?!?
I use a VPN and have had no issues, but that's just one data point.
I suspect I was banned from Instagram in the same way. No explanation was given.

I use ProtonVPN. It wasn't until Spotify stopped working sometime later (403 Forbidden for all HTTP requests) that I narrowed it down to using VPN.

Seems to be a growing thing. Thankfully, Spotify didn't do anything to my account, and it continued to work from regular IPs.

At work we got a login attack via VPN IPs and we blocked VPNs from login in via AWS WAF and 2 days later a major user was complaining that he cant login. We had to remove the rule. (developers were working on captcha in the meantime)

I also used a tunnel when Spotify was not available globally. It did not create any issues.

Using a Public VPN is double edged sword. If you really need it its better to setup a wireguard tunnel to a own server as the the Public VPN IPs as monitored by the security companies and also get abused all the time.

Can't you do a captcha with the WAF? I'm pretty sure that's an option on AWS
the attack was to an api endpoint. which is queried via xhr on the main app. adding captcha to it would break the app to all users.

the developers are now working on adding captcha at the application level and also signing the api endpoints.

> Can't you do a captcha with the WAF? I'm pretty sure that's an option on AWS

You can.

I know because our information security office did it to all of our web endpoints. Which are mostly API endpoints. Without telling anyone involved with individual apps, before or even, until specific complaints got to them, after doing it.

*Large rueful sigh*

I feel your pain. It's stuff like that that just makes you know, they not only have no idea what they're doing, the level of agency and access they have mean it's just a question of when they finally accidentally something big on fire one day - and whether you'll be able to make it out unscathed with eg just some lost sleep.

Would probably make a good story for http://old.reddit.com/r/talesfromtechsupport, as you're probably already aware. If you feel like (and can stand) writing it (heh).

The reason OP flipped between VPN exit locations in the first places has been because they wanted a VPN against the local ISP (public wifi, apparently) manipulating/sniffing traffic, without the latency penalty of going from France to the UK or vice-versa. That said, a vps in Amsterdam is quite practical from both locations, especially if mildly-congested wifi is already involved.
What were you posting?

I've used a VPN constantly and I have a Reddit account in the 15-year club, it hasn't been an issue.

No posts in the control account. Just VPN exit points "switching"
But couldn't it be that this specific behavior triggered a spam warning? I have no insight into Reddit regarding security, but would expect new/fresh and empty accounts under special scrutiny and when an account like that hops from IP to IP this would - if I were to build a heuristic at least trigger an alarm/ban/temporary lock of voting/posting functions.

Just an idea regarding your latest test. The part of the main account sucks - I am with you on that.

I haven't seen any issues with my 10+ year old accounts. They are probably marked as safe and only newer accounts at risk.
Probably my 10 years + verified email + MFA + never using a public VPN saves me a lot of grief in the abuse detection algorithm lottery.
What is the most promising original-Reddit clone?
There isn't any, unless someone solves the spam or bot account problem.
There are a bunch of them, but by far the largest problem with new networks like this comes with the network affect. In the beginning no users use the network, but if no users use it no body migrates to the platform and the circle continues. This is the reason why it is so hard to migrate your social circle away from FB Messenger or Whatsapp.
the OG is 4chan
4chan isn't the OG, it was long predated by Slashdot and Something Awful.
And those were predated by Usenet which still exists but nobody has solved the spam issues.
Small tip for people reading comments: if you want to read Reddit anonymously you can replace the domain of any reddit URL with teddit.net.

It's an open source, lightweight, web UI for Reddit focused on privacy: https://teddit.net/.

Git repo available here: https://codeberg.org/teddit/teddit.

What a stupid domain choice. WARNING: It is not sufficient to replace first char in domain. You must also TLD.
I wonder if it's feasible to make a VPN network where you peer with only _one_ other individual but that individual is selected somewhat randomly. As in, you offer your residential IP to one other person and one other person offers their residential IP to you.

The only services I've seen involve a few people offering their servers as n-ary client exit nodes which obviously ends up with saturation problems like the tor network. Obviously the legal concerns are a big deal but if companies like Mullvad aren't liable for illegal web traffic, one might be able to get similar protections for people that install this VPN.

That seems like a bad idea. When illegal activity is done on the internet the first thing law enforcement will do is go after you (by subpoena'ing your ISP for your information based on IP). You also have places like Germany where copyright representatives are very aggressive and will fine/settle you large amounts when downloading pirated content.
I’d guess it’s not the usage of a VPN that has triggered this, but rather a new account immediately presenting multiple IP addresses. I’d guess that would trigger abuse flags at most places (especially from known VPN IP addresses which tend to have a lot of malicious activity originating from them).

This isn’t to defend them - it seems very odd to immediately permanently suspend accounts like that!

Yes. Most likely it is just a correlation, not the real cause. We have been using https://focsec.com/ for detecting trial abuse in our products. People using VPNs (+ new free email accounts) to "restart" trial periods is something that is quite common, we found.
How resource intensive / business focused is your product?

Lots of people use vpns for work or privacy, I think that method would have a lot of false positives. In cases where trial account usage costs you very little or nothing I'd err on the side of not blocking users.

> I think that method would have a lot of false positives

What makes you think that? This is you saying that that detection service is not very good, FWIW.

People don’t use public VPNs for work. The tunnel terminates in the same network that the physical office is on. And using a public VPN from a work machine for privacy is a very bad idea. That’s grounds for termination if they catch you and possibly an even worse issue if the company ends up under investigation for any reason. They’re going to take a very close look at anything of yours they can get access to since it won’t have ended up in normal audit logs.
What do you mean by public VPN? Do you mean free proxies? I'm talking about paid private vpns like expressvpn. The p in vpn stands for private so that's a bit redundant. Your traffic is still encrypted, these vpns can't run a MITM attack on you.
> (especially from known VPN IP addresses which tend to have a lot of malicious activity originating from them).

While certainly true, in my experience unknown VPN IP addresses can be even more problematic since for them, even providers willing to support the interests of VPN users just see lot's of suspicious usage from you IP address without any real explanation.

> This isn’t to defend them - it seems very odd to immediately permanently suspend accounts like that!

Normally I would agree, but since the account is not only just a few days old but also didn't post or create comments, I think that immediately banning it makes sense.

For a new account which didn't create any content yet the user isn't loosing anything important if the account is deleted and since the user is unlikely to have any real attachment to the account yet, they are more likely to just create a new account than to deal with any warning/suspension/whatever procedures.

IMHO you shouldn't expect your account to stick around until you have at least some non trivial content in the account.

Of course the main account is a different story.

Upvote bots use VPN all the time, so there might just be a chance that you managed to get IP from VPN that was perma banned by reddit (yes, its a thing).
It seems obvious that this is the result of someone else having abused Reddit too much from PIA addresses.

I also find blanket proxy bans reasonable: it’s akin to refusing service to those who wear a balaclava to a store.

I see the analogy but there’s a pretty big difference between hiding your face and hiding your device’s IP address. The former is a social norm going back tens of thousands of years, the latter is an arbitrary and artificial artefact of man made technology in the last 30.

A better analogy is sending mail with either proxy return addresses or none at all. Both are socially acceptable in most circumstances.

In this case it’s like wandering in to a store with a balaclava on and receiving a permanent ban from the store.
I think the analogy is closer to "refusing service to those who refuse the rectal thermometer test upon entry to a store".
Why a store would ban a balaclava if the person fully authenticates himself and has a long good track record and does nothing wrong?
I don't think reddit accounts get banned by using VPN but it is more about what you are posting using your accounts.
I've definitely created a new account recently over VPN, posted a single question in a linux forum and then found the account was shadow banned.
You can always contact the reddit team and if your account is suspended wrongly, it would definitely be reinstated.
Also important to note that if you didn't post a lot, many subs will auto-remove content from low karma users. So it's possible to have misidentified a global shadow ban with a few subreddit's low karma filter. One of my spammer adversaries regularly games FreeKarma4U and a specific star wars game subreddit until they figure out our low karma filter threshold then they go nuts with the spam.
It's really more about what kind of things people were posting from that VPN IP in the months/years before you. The abuse detection system will say "the tshirt spammer is back, flag this account" just because you used the same VPN as them.
It can be even worse than suspending you, as early as 2018 i noticed they were shadow banning you based on VPN (PIA also). Meaning you could still post but not be seen, or have the ability to notify people you replied to. I've never since bothered to have an account there. Reddit's CEO, like Jack Dorsey, denies 'shadow banning', even though you can test it by getting -100 karma and watching your comments reach nobody. The negative karma shadow ban is why Reddit is the biggest hivemind on the internet, FYI.
The -100 shadowban is mostly subreddit dependent, and done via automoderator by the mods of most larger subreddits.

An actual admin shadowban does happen and they are employed, but I don't think they're particularly hidden. As a mod I see "User is shadowbanned" when they message us if they've been shadowbanned from Reddit by the admins.

Yes, I would like to see the source that makes the claim that Reddit doesn't shadowban, because any mod of any subreddit can trivially refute that. I see shadowbanned users all the time, and Reddit calls them shadowbanned in the UI; it's not a secret. Nearly all of them are fairly new accounts, presumably having run afoul of some sort of automatic system. It definitely has plenty of false positives, but at the same time I also see essentially zero spam, so it's clear that they're trying to optimize for false positives rather than false negatives. It would be great if mods could at least approve a shadowbanned user for posting in their own subreddit, right now the only recourse is for them to make a new account and roll the dice again.
I was globally shadowbanned for using Mullvad VPN. Happened with multiple accounts. I usually posted in a subreddit where a mod would manually approve my comments, allowing me to get some hundred comment karma, but that still didnt fix it and the mod was getting tired of approving so i eventually gave up using reddit altogether
> Reddit's CEO, like Jack Dorsey, denies 'shadow banning', even though you can test it by getting -100 karma and watching your comments reach nobody

Jack Dorsey was the CEO of Twitter, not Reddit.

Edit: Fair, I stand corrected. Leaving comment as-is.

"like" implies he's not.
Twitter did a similar thing to combat misinformation IIRC, that's why i mentioned Jack.
All is not lost if your account is mistakenly suspended due to VPN usage. They still allow you to:

* Communicate with reddit admins via /r/reddit.com modmail

* Appeal your suspension via https://www.reddit.com/appeals

with a permanently suspended account. See https://reddithelp.com/hc/en-us/articles/360045734911-My-acc...

Did that already, first for the original account, then the two older ones. Suspension reconfirmed almost immediately, on all three, indicative of an automated system in the backend. There is no Kimi (human intervention) behind this alleged appeal process.
This is sadly the case for may online platforms.
Did you try modmail to the global admins? That has to go somewhere that's read by actual humans.
I was permanently banned last year, for no reason I could find. I do somewhat rarely run a PIA VPN at times so maybe that flagged me.

I appealed the suspension, which sounded hopeless, but about 10 days later my account was restored.

Tragedy of the commons, since PIA is popular, its naturally popular with people with actual sockpuppeting and webscraping to do. Switching VPNs to a less popular provider may provide temporary relief, if they are routing through IPs that are not infested with bots.

To get around this and the other Captcha-related annoyances, PIA now offers dedicated IP as a $40-per-year add on:

https://www.privateinternetaccess.com/vpn-features/dedicated...

Thank you! Forewarned is forearmed
It's how the Reddit spam filter works. Once your account is flagged as spam by the system, it would be global shadowbanned automacially. At this stage, your account is essentially finished, it's basically impossible to talk to someone and get your account unblocked. Eventually the account would be deleted, all the post you've ever made would also be gone in the worst-case scenario, just like my previous account.

My Reddit account was banned because I was posting from Tor. I've registered successfully via Tor and was able to use it without any problems for 6 months or so. One day, I was suddenly shadowbanned. I guess it was because the exit node I happened to be using that day was on a "kill on sight" spam blocklist.

I always posted in good faith and never got into any flamewar, a few links I shared were well-received by the subs.

Recently it almost happened again with my current account, but this time I was not global shadowbanned and it seemed to be just a local spam filter (many subreddits have their own anti-spam policies and auto-moderation queues). I sent a message to the Subreddit admin and I was able to post again. But after this incident I've completely stopped accessing my Reddit account via Tor.

(comment deleted)
> At this stage, your account is essentially finished, it's basically impossible to talk to someone and get your account unblocked.

Seems like they're following Google's strategy. Presumably, ad profit from each individual user is low enough that it's cheaper to accept false positives in their anti-abuse mechanism than it is to provide a functioning appeal process. Maybe if the user manages to go viral on Twitter or HN with their story they could get it reversed. Going viral with stories of false-positive bans is the primary way to restore a Google account, it probably works for Reddit too. Normal people have to suck eggs.

At least losing a Reddit account is less life-disrupting for most people than losing their Google account.

Is Google banning accounts just for vpn usage?
why wouldn't they? modern browsers constantly snitch on all sorts of things, including IP addresses (I say 'snitch' because so few people outside the industry are aware of even this basic fact/practice), so it's not unlikely they would have some automated banning tool. and the banned google accounts we hear about when some knowledge worker on here goes viral have fallen victim to those tools/systems.
I don't know about VPNs specifically, but stories of Google handing out automated, unappealable permabans are rampant. There's one on the front page of HN right now: https://news.ycombinator.com/item?id=30345201

Entirely possible that user will get their account back since they won the social media lottery, but for every viral story there are god knows how many people out there who lost all their email/photos/etc. because of some inscrutable machine's mistake.

It's the strategy of all the major social players.

Several months ago I followed a new cardistry (look it up) personality on Instagram. I scrolled through and "liked" one or two dozen of their performance clips, out of the hundreds that they've posted. My Instagram account was blocked, for "manipulation" or some verbiage like that. Basically, the algorithm thought that I was a bot hired to inflate that person's numbers.

The Instagram appeals process is to email them a selfie, holding a piece of paper with the current date and something else written on it. I did this, but never got any kind of response. My Instagram account that I had for 5-10 years is just gone.

Turned out to be a blessing in disguise. I created a new account attached to the same phone and email address (somehow THIS isn't detected as abuse?). But I just lost interest in the app, and life seems to be better now for having done so. If Reddit ever nukes me, then it would be the kick in the ass that I need to stop wasting time on that toxic site as well.

Delete your email address from your profile. That got my ten year account banned.
Sounds like something someone who's going to sell their account would do.
"Using encryption, sounds like something a criminal would do." Yes, that is what this sounds like.

iI have another idea why Reddit does not like VPN. They cannot monetize your data as easily.

I was answering the unasked question of why Reddit would care if someone removed the email address associated with their account.
Using a proxy or VPN also sounds like things a spammer would do, and this is also why Reddit would care and autoban these accounts. But the point of this thread is that, these anti-spam mechanisms always cause collateral damages (like some of us in this thread) and the experience can get really frustrating when that happens.
I deleted it after verification because I wanted to remain anon. Thirteen years ago.
>The Instagram appeals process is to email them a selfie, holding a piece of paper with the current date and something else written on it.

Do they also ask you to put a shoe on your head?

No … Instagram is a .com domain so you don’t need to head-shoe (at least, not in the US …)
wait... does any domain registrar ask that user's prove themselves with the shoe on head method?
I believe it's just a reference to 4chan, where asking someone to post a shoe-on-head for verification was a meme, being a .org domain.
I recently learned about the kik strategy for handling child porn via Darknet Diaries[1]. If you can't actually tell anyone at kik about child porn, kik can't know about it and if nobody at kik knows about it then they're apparently not required to do anything about it.

[1] https://darknetdiaries.com/episode/93/

This is astonishingly illegal.

What needs to happen is for someone who has a report to make to contact the state attorney general and say "because this company is profiting from child pornography with no reporting mechanism, they have lost their safe harbor protection, and are complicit."

Companies like this need to be taught at the metaphorical end of a rifle.

Yeah, I think that's basically what the FBI agent they interviewed said. There's nothing for him to do and it would be entirely up to prosecutors to do anything. Part of the wrench is that kik can show that they do some sort of things that possibly qualify as "moderation" under the law. Things like auto-banning bots. So in court has apparently successfully kik has made the claim that they do moderate based on things like this so that checks the safe harbor requirement apparently.

But... all the people they claim to have on their "Safety Board" haven't worked for kik for years and all efforts to contact anyone on twitter or anywhere fail. Even DMCA takedowns of revenge porn were being ignored now. It seems to be a dead platform that nevertheless gets app updates uploaded so something is still going on somewhere by someone.

Basically the only option they were discussing was getting the app removed from Google and Apple stores and they compared the situation to Parler where the app was pulled for failing to moderate. And yet kik seems to get a pass somehow. It's a very disturbing and frustrating episode.

This would be easy to prosecute, assuming the allegations are true. They don’t have a working DMCA contact, so they lose safe harbor. They could have the lawyer testify that her client’s underage nudes and related dmca takedowns were never removed, despite court order to take them down. That’s obviously not a special case, so they could spot check a few dozen prior cases, and show non-compliance for those too.

Of course, doing that would cut off a stream of easy pedophile convictions. The prosecutor’s office might like the status quo. It certainly helps increase their metrics.

one mild problem is that kik is from canada

the fbi's real world response would be "let us introduce you to some canadian officers, and we're going to help, but it's actually up to them"

still, as the former owner of an ISP, i've had to do this, and they're actually quite professional and reasonable about it

Makes you wonder if it's deliberately kept up to allow easy transmission of that kind of material... giving CSAM traffickers ample rope to hang themselves, as it were.
(comment deleted)
Shadow banning is such a disgusting practice. It's basically sweeping the "problem" under the rug, whilst leaving the "problem" completely in the dark with regards to what it was they did wrong.

It's lazy, it's abusive, and it should be illegal.

Edit: to clarify, I'm totally fine with this tool being employed to combat spam(bots). Just not against normal posters/contributors.

I think dang might disagree with you there.

Also "illegal" is a little over the top. Are we talking misdemeanor or felony, here?

I totally get it when it's used solely to combat spam(bots), but, at least on Reddit, this tool's use has become too widespread and hits too many normal community contributors.

Edit: I'd just like it to be not allowed by law to hopefully curtail its use. I don't really care about what the repercussions of doing it anyway might look like.

Who cares what dang thinks. He’s petty like the Reddit mods are.
Its a great tool to combat nefarious personae (both bots and humans). Its like a tarpit for smtpd/sshd (spamd on OpenBSD). Reddit is a free service to use, so it stands within reason their support dept. (which you'd contact concerning (shadow)bans) is sub-par. For paid subscribers, I would want my money (and time) back.

    > which you'd contact concerning (shadow)bans
Reddit support does not intervene in disputes involving moderation or moderators - unless it's the subject of some virtual riot.

Shadowbanning seems mostly used to silence slightly different opinions, and that's what I have a problem with.

>whilst leaving the "problem" completely in the dark with regards to what it was they did wrong.

This is the original intent. As far as I understood shadowbanning was for nefarious actors such as spambots, manual spammers, etc so they'd keep going without automatically creating new accounts.

It should not be illegal to ban someone from a website under any circumstances.
I think he means the practice of shadow banning. Not that I agree there either, but I agree that it is abusive.
What if they just started shadow banning African Americans? Would that be illegal? This is a serious qeustion. If we have no idea on who they are shadow banning how can we tell if they are not being discriminatory?
(comment deleted)
The practice of excluding by race is not actually illegal.

Think about fraternities. Think about ethnic centers.

People have an expectation that because it's immoral in the obvious case, it's illegal.

It's actually not. Nothing stops anyone from making a group for, say, Chinese American newspaper reporters, or Lebanese car mechanics.

What's actually illegal is turning people down for jobs or housing over race.

The law would only be interested if the website was the only way to get to protected topics like a job board

It's also illegal in the U.S. to turn away customers because of their race. That's more relevant than private club membership.
I'm not talking about regular bans, I'm talking about shadow banning.

In case you're not familiar with the concept: it entails "muting" an account without ever notifying said account of that fact. They can still post, comment, vote, and everything else, but no one will see this content.

Sorry, I should have worded that a little more clearly, but my statement applies to shadow banning as well. In my view, it is totally unreasonable to make arbitrary software behavior like shadow banning illegal.
I don't disagree with you, let's play devils advocate: To be fair to the companies, the amount of work to fight off bots and bad accounts is quite complicated, costly (both financially, quality of site, reputation wise) and similar to all kinds of frauds gets increasingly more challenging as the fraudsters improve their game. Add in managing the people who are purposely incendiary and not bots.

The amount of people getting caught up in the filter is likely quite small. Should they have a better system to get accounts re-activated? Probably - would make sense that they cast a wide net and then have a relatively easy way out for real individuals who can prove identify. Is that perfect? Heck no.

    > The amount of people getting caught up in the filter is likely quite small.
I don't believe that this is the case, though. Subreddit mods often seem to use it against counter-narrative type of posts - a single post could get you shaddow-banned for life on 50 subreddits that all happen to be under that mod's control. Happens often enough.

As I mentioned I'm fine with this tool being used against spam.

isn't shadow-banning only something reddit admins can do, not subreddit moderators?
Subreddit mods can do it also, with a little help from the automoderator bot I believe.
ah, now I found the right thing, they set automoderator to hide every post automatically, thus getting the same result.
Off the top of my head, it seems self-evident that we can't assess the effectiveness of the filters without actual data. You may hear hundreds of complaints of 'false positives', but bots rarely complain, so those hundreds of false positives may be the collateral damage from blocking either a single bot or hundreds of millions of bots.

Although I'm not normally massively against using anecdotal data for hypothesis building, in this case, it seems as though without actual data, it'd be silly to comment further.

HN does the same. I messaged Dang about it and he apologized and un-shadowbanned me.

Apparently it was because I had two accounts made from the same IP. On on my laptop and one from my mobile phone.

Looks like you were recently banned, was that what you were referring to, or something different?

I noticed because your comment showed dead.

> It's lazy, it's abusive, and it should be illegal.

I really dislike "it should be illegal" for things like this. It's itself a lazy solution against a hard problem. It seems to often be used as shorthand for "I don't like this and I want it to stop". But making things illegal isn't a magic "make it stop" button. (Hello, War On Drugs, War On Terror, War On Poverty, etc).

If you want to involve the Government in solving your problem, you now must also account for:

* What is the exact text of a law against this that could actually make it through any particular Congressional body?

* How will possible violations of this law be reported and investigated?

* How will that law be misused by malicious prosecutors and investigators to hassle and punish anybody they don't like?

* How will all of the actors involved actually change their behavior in ways that you didn't expect in order to avoid being targeted for either well-intentioned or malicious prosecution for possible violation of these new laws?

Example: Say I run a pseudonymous social media site resembling Reddit, and shadowbanning is the only thing keeping it from being a hopeless pit of spam right now. If I can't shadowban anymore, maybe my only solution is to require hard proof of identity for all users at least as strict as the KYC your banks use. Now everything you ever post is hard-linked to your identity. Even if not publicly shown normally, it's vulnerable to hacks, malicious employees, or Government requests. That would obviously benefit the Government, so there's a little incentive for them to implement and enforce any such law in such a way that sites are effectively forced to do this. Whoops, we just made the problem worse.

> Recently it almost happened again with my current account

(Reddit allows the creation of multiple usernames using the same email address,) were your two different accounts that were (1) permanently banned and (2) temporarily banned using the same email address?

Just a PSA: Email is entirely optional. You can create multiple accounts without email.
I had a ten year old account that was banned for not having an email address. There were various warnings asking me to supply the email address. I refused and the account was deleted. No issues other than this.
Take your E-mail address seriously. After a security incident, Reddit sysadmins may force an E-mail verification and password reset. I lost my first Reddit account (Yes, I lost two Reddit accounts) because of that - the E-mail address was gone since a long time ago but I didn't bother to change that, so I couldn't complete the verification.
> Reddit allows the creation of multiple usernames using the same email address

Interesting, didn't know that. But the E-mail addresses are different.

My previous account was initially shadowbanned without notice (all posts auto-filtered, and if I remember it correctly, it was a global shadowban on all subreddits) so I had stopping using that account. Weeks later I checked again and it became permanently banned explicitly. The system said,

> Your account has been permanently suspended for breaking the rules. This account has been permanently closed. To continue using Reddit, please log out and create a new account (the username [REDACTED] cannot be reused). This is an automated message; responses will not be received by Reddit admins.

My current account in question was temporarily shadowbanned. I was able to post in a subreddit without problems, and one day I was suddenly shadowbanned. But it was not a global one because I was able to post in another subreddit, so I suspect it was just an Auto-Moderation filter. After I sent a message to the mod of that subreddit (not Reddit admins) and stopped logging in via Tor, the account went back to normal again. But I never actually received a reply from the mod, I'm not sure how exactly I got unbanned - automatically due to a "good" IP, or manually by a mod.

>Once your account is flagged as spam by the system, it would be global shadowbanned automacially. At this stage, your account is essentially finished, it's basically impossible to talk to someone and get your account unblocked.

FWIW I had that happen to me a year or two ago and was able to get the ban overturned.

Shadowbans are different from permanent bans or suspensions the OP has gotten. You at least you know you are banned when you're permabanned/suspended. Reddit claimed at one large incident of outrage over shadowbans that shadowbans were only intended for bots and that no actual humans should ever be shadowbanned and that they would rectify it after messaging admin. My account randomly got shadowbanned a few months ago and I got crickets via support/admin. They really don't give a shit and it shows in the quality of the content and comments.
If your account gets shadow banned and you don't notice does it really matter? You are still getting something out or you wouldn't keep posting. Sometimes just posting to yourself is enough.

Say you do notice, you just start a new account for free. Bonus points for moving identities and breaking existing tracking history.

Getting banned can be a win/win

Why were you using Tor?
Mainly because I hate trackers. These days I'm using Tor for at least half of my web browsing. My desktop also runs QubesOS, the web browsers (both Tor Browser and the regular browser) are in their own disposable VMs. Once the window is closed, the system is reset and whatever cookies or exploits would all be gone permanently.
Why aren't you using Tor?
It's slow af and various site traffic blocking tools get triggered by it.
Logging in websites while using tor is completely useless.
>basically impossible to talk to someone and get your account unblocked

Not sure it would even matter. I once submitted a breaking news story to /r/news and it was autodeleted by their bot. I messaged a mod asking why it was deleted since it was in fact news and was not a duplicate and their response was to tell me I'm stupid and to permaban me from the sub.

I've had this happen. The top post on /r/worldnews was an Israeli "attack on Gaza", with no mention of the rocket attack on Israel an hour prior. I posted a link to a site - an English-language Arabic news site, mind you - that stated that the Israeli "attack on Gaza" was a precision strike against the military target that fired rockets at Israel earlier in the day.

My submission was deleted, my account was banned from the sub.

These are completely different issues. I was talking about a network-wide ban performed automatically by Reddit server-side anti-spam mechanisms, it's not about the internal policies or moderations (whether auto or manual) of a specific subreddit.
> impossible to talk to someone and get your account unblocked

Hence why Reddit will only and ever remain a tool for consumer to consumer communication, and why a business would be stupid to use it as a primary marketing channel.

Doesn’t reflect my experience. Created new reddit account once and noticed its content was getting 0 engagement anywhere, ever. Contacted support, and in two weeks or so, they replied apologising because the account “mistakenly tripped their spam filters”. Account is now unshadowbanned
Setting up an at-home VPN is still a goal for me, so that I can connect to the internet from home - and more importantly, not reused by anyone with malicious intent - from anywhere.
People shit on facebook but honestly how reddit is still pushing that redesign is unfathomable.
If it wasn't for the Apollo reddit client I would have stopped using reddit a long time ago. I used to use it mostly in the browser on my laptop/desktop, but it has become unusable even when using old.reddit.com (and plugins to force old.reddit.com).

I now only use it as an app on my phone which has ruined a lot of the conversation because it's far more cumbersome to type on mobile, as well as stuff like switching between browser/reddit to copy a link or quote something on the web is a pain on mobile.

I'm surprised there isn't a growing competitor to reddit at this point (that I know of)

> but it has become unusable even when using old.reddit.com

Can you elaborate on that? From what I've noticed old.reddit.com has essentially not changed over the past years.

I’ve been using old.reddit and RES and the UX, at least, has been consistent.
If old.reddit.com ever stops working that would be my cue to exit. The redesign is a case study in user hostile design and unusability.
The redesign has one major advantage from their point of view (which I suspect was the reason behind it in the first place) - the individual posts on main screen now take up much more screen space. This allows to seamlessly insert fairly large ads masquaraded as posts, which wasn't possible with the old design.
> the individual posts on main screen now take up much more screen space

It's insulting how deliberate this is. I just tried using the redesign for ~5 minutes to see if it was as bad as I remembered, and the amount of dead space on my screen is striking. I have a normal 16:9 monitor and roughly 2/3rds of the front page is just totally blank, meanwhile you have post titles taking up 3-4 lines of the tiny column they're forced into.

Two more major points: image/video hosting (i.e. they own the data), and inline autoplaying video.
I find the Chat feature to be an awful addition as well. Sometimes when I'm trying to sell things, people will send a chat instead of an Inbox message and I end up not seeing it for days because there's not much of a notification and Apollo for iOS doesn't support chat (maybe no unofficial Reddit client does?)
They're pushing the redesign because it works. I'd guess a good portion of their userbase is actually relatively new or young users, who prefer to scroll through endless wall of pictures/videos like they do on instagram. I'd never use Reddit like that, but seeing the discussions over the past few years it's obvious most (vocal) users are on mobile, and they use the instagram look.
My account was suspended. However I didn't use a VPN. I realised that my IP is wrongly categorized in the Geo databases like Maxmind and thus is flagged as a VPN IP..
The interesting takeaway here should be that if you want to take down somebody's reddit account, getting them to use your wifi access point while routing traffic through some of the cited vpns is enough.

And you would never be discovered... Just blame it on reddit!