Hi cybersecurity folks,
So this is a theoretical question that I’ve always wondered about.
* Log into Reddit (from my home IP).
* Turn on my VPN and tunnel through … IDK… let’s say the UK.
* Verify that I’m geolocating through the UK
* Refresh Reddit …
Nothing happens. I can continue browsing the site.
I can then repeat the process and change to any other VPN endpoint. No warning is triggered. I’m not automatically logged out and prompted to go through 2FA again.
What I don’t understand:
It would obviously be (physically) impossible to change from where I live to another country to another country in the space of a few seconds. And if the TOS of platforms restrict you to not sharing credentials…wouldn’t there be like no legitimate reason for this activity to take place from the perspective of these platforms?
Ie, I would have thought that from the perspective of your average social network the activity would almost certainly look suspicious / potentially malicious.
What I’m thinking: do websites like Reddit (/Facebook/etc) subscribe to a list of known commercial VPN provider IP ranges? So they can see that I’m moving around between endpoints on the same VPN?
Curious how this all works and how sites are able to distinguish between potentially malicious login attempts and ones that represent innocuous user activity.