Adult sites, online pharmacies, ticket brokers are treated the same way, and that has nothing to do with evading the NSA. MasterCard added all internet services (the MCC -- merchant category code -- that covers ISPs) to a high risk tier earlier in the year; I got the letter from First Data in the mail myself.
First, I do not think this is about chargebacks, at all. I don't know what it is about, but it's not chargebacks. This looks like a blanket revocation of anonymizing/VPN services. That isn't how fraud/risk engines work (note: I wrote several fraud/risk engines for ecommerce/banking/travel industry as well as passive device fingerprinting).
Sure, make this a riskier transaction, flag it for review. Uh oh, CC info is from Ohio, but IP is from Russia? Up the risk. Same device that is trying to conduct this transaction also tried 30 others in the past two days? Flag for review, up the risk (several hundred more etc etc).
Second, I can't think of a single thing that is legal to buy that is blanket revoked by some company like this.
Third, adult sites, online pharmacies, ticket brokers and the others are NOT treated the same way. They are treated as higher risk transactions that A. need more/closer review B. have a more comprehensive/exhaustive/deeper risk rules engine run on them. and/or C. have a special set of rules that apply specifically to that domain. The CC companies don't just turn off buying an entire domain of goods (adult, online pharmacies, ticket brokers....or VPNs), that isn't how they work.
If true, this smells of something different.
Not blanket revoked. You can still purchase VPN services other than IPREDator.[0]
I'm surprised people here are taking TorrentFreak as an actual journalistic entity and not a website devoted to enticing a knee-jerk and vehement subset of tech users into clicking their articles.
Firearms.
https://www.paypal.com/webapps/helpcenter/article/?solutionI...
https://payments.amazon.com/sdui/sdui/about?nodeId=6023
https://squareup.com/legal/seller-agreement
Also, at least two of those have prohibitions on "occult materials". I'm not quite sure what that means, but it doesn't sound illegal.
This case may also have other motives (the pirate bay related?) but chargeback is the issue and the story is more complex than it sounds: http://www.securitykiss.com/resources/roboblog/credit_cards/
Not to even speak of the whole NSA spying thing.
Not all of us are corporate drones with the mother ship VPN to connect to, so we have to pay for ours.
I can't believe the number of people here on HN who think that no one but criminals use VPNs.
1. http://arstechnica.com/business/2012/04/90-of-popular-ssl-si...
Thank you. All we hear about is how the government is trying to silence us and there's some vast payment processor conspiracy trying to stop us from using credit cards, as if they would want to stop us from giving them money. No, HN, the majority of VPN traffic is not innocent nerds accessing Facebook on a public wifi.
I say this as someone who does rely on a VPN quite a lot. There's sticking up for righteous ideals and then there's ignoring the fact that a ton of your traffic is nefarious. We can't sit around doing nothing as bad guys use our tech for criminal activities and then get outraged when someone brings it up.
That's a bold claim. Do you have any evidence of that?
The fraud detection team at my bank called me last week to confirm the renewal payment was genuine. The same payment has been occurring every month for two years without issue, so it seems likely something has been tweaked within their detection algorthm.
I think this is always a bad argument to make. By that same logic they'd be banning all torrent sites, too, and a lot of other stuff, possibly even Bitcoin.
I think these VPN's should sue Mastercard and Visa, just like Wikileaks did, and won. They can't just decide "who is the bad guy" and ban them.
Please post source for this. As far as I know Visa and Mastercard have not made any statements and outlined any possible reasons for this action yet.
I know around ten people, who are technically-adept (but not techies), who are using VPNs for Netflix, BBC iPlayer, Hulu, sporting events, etc... In many cases they are "paying to pay" for these services.
Hackers, crackers, carders, and script kiddies can pretty easily get access by compromising insecure hosting accounts or remote windows machines in the desired location.
How am I possibly going to live without access to Facebook?
ssh -D 8080 username@ipaddress
The biggest difference to a VPN is that you need to separately configure every application to use the local proxy – otherwise, everything sent over the local proxy is encrypted and securely transferred (thanks to the SSH protocol) just like with a VPN.
Of course, you can also install a VPN server if you want, but that's probably a bit more complicated.
[1]: http://www.lowendbox.com/ [2]: https://www.digitalocean.com/
The United States and its financial system exist to serve the interests of some truly disgusting people.
There's a reason every risk scoring tool for e-commerce highly weighs whether the connection is from a VPN or other type of proxy. Using a VPN is not illegal or nefarious, but public anonymizing VPNs (as opposed to private VPN-into-the-company-network VPNs) are used for illegal and nefarious purposes to a huge degree. The volume of fraud occurring through them is measured in billions of dollars a year.
Absolutely correct. Fraud scoring systems are heuristic. Your fraud score is positively and negatively correlated with a large number of behaviors, almost all of which are benign by themselves, but in aggregate can be used to predict fraudulent behavior.
Or are you addressing some other issue?
Political action must be taken. All of the forward secrecy and TLS and onion routing and steganography and PGP and AES in the world counts for nothing if they'll just declare such technologies illegal and harass the users.
This said, most of my friends there have moved on to using some VPSs for that long ago, and so do I, when I go there to see them.
Bitcoin sounds helpful for the ones not willing to use those methods, but for how long?
I've tried using AWS + OpenVPN in the past, but really life is too short to maintain your own VPN service (especially dealing with mutating firewalls)
It makes little sense that the US gov had these guys banned because they were anonymous since they aren't. Mounting trafic coloration attacks against a VPN is trivial if you see everything going in and out ( same for Tor). Maybe the RIAA and MPAA had enough clout to do it, but why not usenet providers as well?
What's a credit card?
Dynamic DNS can be used for a singular server, through how reliable depend on the TTL and how accepting other DNS resolvers are in accepting low TTL's (which in practice some aren't). However, if you are behind NAT, VPN is truly the only option for home servers.
Also, is it possible they were banned for other reasons? Eg high chargeback ratios? I can tell you from experience that chargeback ratios in the anonymization industry are very high, for obvious reasons.
I realise I can just search for VPN providers, but I am interested in what is considered the best/easiest/cheapest solution.
Having a VPN configured and available on all of your devices makes it easy to use on a whim, probably the best thing for your privacy.
Who would pay an anonymizing service with credit card?!