I've always been one to find ways around things here on the interwebs, and I've particularly enjoyed bypassing my schools' filters to access websites we weren't allowed to access (this one, for example).

That being said, I've alway pondered how I could (not how I would) get away with creating a satellite account and get away with digital murder. How would admin's catch banned users who created accounts using a VPN or a Tor Bridge? Especially if they don't comment at all and just lay low, lurking their way around the site?

If they lay low there's pretty much no way they're gonna get caught.

There are times admins don't notice alts until they log in and start doing things even when the IP is probably the same.

And then that account can get away with causing more of the same problems before it gets shut down. If their not on the same IP it's the activities of the account that gives it away.

IE: Vladimir infinite side accounts or dead_dorian's ban evasion immediately come to mind.

(Not to mention. Non static IP addresses (like mine) change pretty much constantly and assuredly do every time the power goes off and on.

So it's not a perfect thing to go by a it is really ban or registry wise... and I don't use a VPN but it might look that way go some from the outside. But that's getting off topic sorry.)

I guess my point is. Theres no way to tell. Unless they make themselves known somehow. Its not perfect but not much you can do.

Also bear in mind that the admins are tight-lipped about this, for good reason.

Just going to leave this here.

Switching IPs and removing cookies is probably more than enough.

I think I might have plucked a nerve... I feel like I'm on the admin's watch list now or something...

Nikolaithefur said:
I think I might have plucked a nerve... I feel like I'm on the admin's watch list now or something...

It not hard to do. Trust me.

If you're 'incognito' causing trouble:

GDelscribe's 3rd + 4th sentences pretty much cover it

If you're 'incognito' not causing trouble:

Why would anyone bother? Like, is there a single reason other than being insanely anal about the rules, that mods would even try to identify such a person, rather than spending that time addressing active trouble?

If you're not causing any trouble nobody's going to look. I evaded a ban for a whole year (without even changing IP address) because there was never any reason for any admins to check me.

If you continue to cause the same problems, whether you're using VPNs/Tor or not, admins are going to know it's you based on behaviour. There's not that many ban evaders around, and all of them have distinct behaviour that can seperate them from others.

GDelscribe said:
(Not to mention. Non static IP addresses (like mine) change pretty much constantly and assuredly do every time the power goes off and on.

Depending on the ISP you'll usually end up with an IP in the same range (like 182.42.13.9 changing to 182.42.13.77) and many sites have the ability to search the whole IP range, I'm not sure about e621 though. It's not always a good way to avoid bans.

I just find it strange how my IP address hasn't changed in over a year, even though I use No-IP to keep my "Dynamic IP Address" static.
I won't be doing anything anytime soon that would get me banned in the first place, but curiosity was killing this Wolfdog... XD

Nikolaithefur said:
I just find it strange how my IP address hasn't changed in over a year, even though I use No-IP to keep my "Dynamic IP Address" static.
I won't be doing anything anytime soon that would get me banned in the first place, but curiosity was killing this Wolfdog... XD

There i one thing that overshadows and defeats all precaution from being banned again. You can _recognize_ the offender.
Those poorly brained sods who were being banned permanently would keep behave just the same. If they were obnoxious and banned for that, chances are that they still will be obnoxious in same way, not realizing it.

Nikolaithefur said:
How would admin's catch banned users who created accounts using a VPN or a Tor Bridge?

If you're asking that question, then you should already know about this site or the concept of browser fingerprinting in general. After running the test, click the underlined text for the full fingerprinting report.

That was the first such site I had seen linked anywhere, but I was a little surprised just now that it was the fourth result after googling "browser anonymity test". The other top results can give you more context, but suffice it to say that browsers can leak a ton of deanonymizing data.

On the one hand, you can clean install a mainstream browser version, not modify it all, and visit sites with the appearance of a "normal user" from the server's perspective, but then your browser will still leak lots of data with those default configs.

On the other hand, you can harden your browser to plug a lot of those leaks, but--guess what?!--the absence of those leaks generally produces a narrower-than-default browser fingerprint anyway and poorer browsing experience regardless. To that point, consider that guides for browser hardening will provide some differing recommendations and that end users won't follow each instruction exactly, thus hardened browsers may still be differentiated from each other, only now by more minute degrees. It's a "damned if you do, damned if you don't" dilemma.

Deanonymizing hardened users isn't an exact science, but e621 staff don't need to build an airtight legal case, just a convincing partial case to go ahead and discipline suspected ban evaders. Lastly, there's the self-evident disclaimer: we don't know to what level e621 actually fingerprints its users or how heavily that data is weighed in disciplinary decisions.

So far I've only discussed fingerprinting a user's browser, but between building cases around a user's browser and on-site behaviors e621 can also compare site configurations. Have two users under scrutiny set up their accounts similarly or identically? Duplicated blacklist contents leans closer to being a dead giveaway. How about something as seemingly innocuous as a custom preferred posts-per-page value? Also, login times are typically recorded server-side and can be used to establish patterns and draw parallels. Further, searches might be recorded, and entire browsing sessions could be tracked from which to draw more parallels, although implementing that consumes more resources and so I presume is less likely (i.e., value:cost of catching ban evaders probably isn't there).

abadbird said:

If you're asking that question, then you should already know about this site or the concept of browser fingerprinting in general. After running the test, click the underlined text for the full fingerprinting report.

That was the first such site I had seen linked anywhere, but I was a little surprised just now that it was the fourth result after googling "browser anonymity test". The other top results can give you more context, but suffice it to say that browsers can leak a ton of deanonymizing data.

On the one hand, you can clean install a mainstream browser version, not modify it all, and visit sites with the appearance of a "normal user" from the server's perspective, but then your browser will still leak lots of data with those default configs.

On the other hand, you can harden your browser to plug a lot of those leaks, but--guess what?!--the absence of those leaks generally produces a narrower-than-default browser fingerprint anyway and poorer browsing experience regardless. To that point, consider that guides for browser hardening will provide some differing recommendations and that end users won't follow each instruction exactly, thus hardened browsers may still be differentiated from each other, only now by more minute degrees. It's a "damned if you do, damned if you don't" dilemma.

Deanonymizing hardened users isn't an exact science, but e621 staff don't need to build an airtight legal case, just a convincing partial case to go ahead and discipline suspected ban evaders. Lastly, there's the self-evident disclaimer: we don't know to what level e621 actually fingerprints its users or how heavily that data is weighed in disciplinary decisions.

So far I've only discussed fingerprinting a user's browser, but between building cases around a user's browser and on-site behaviors e621 can also compare site configurations. Have two users under scrutiny set up their accounts similarly or identically? Duplicated blacklist contents leans closer to being a dead giveaway. How about something as seemingly innocuous as a custom preferred posts-per-page value? Also, login times are typically recorded server-side and can be used to establish patterns and draw parallels. Further, searches might be recorded, and entire browsing sessions could be tracked from which to draw more parallels, although implementing that consumes more resources and so I presume is less likely (i.e., value:cost of catching ban evaders probably isn't there).

I hadn't even know about the whole browser fingerprinting thing until you brought it up (I installed that "Privacy Badger" add-on for my Browser), so thank you for that.

With all this info in mind, you're saying a ban-evader could just recreate an account then go "under-the-radar" by not re-enacting their previous behaviors? I agree with you on the cost of catching ban evaders probably isn't there, but it seems unfair to allow a user who was specifically banned to continue being a user because it's too expensive to stop them. Most banned users aren't banned without a notice (unless they're a troll account), so that means that these users have the potential to keep doing the same negative behaviors indefinitely.

^^ interestingly, that reports No on Do Not track criteria even after I enable DNT in firefox preferences. I later installed Privacy Badger, but don't think I should have to do that just to enable DNT.

(otherwise moderately good, I think? It said that my browser fingerprint gave away 10.29 bits of information. Let's say there are 10 million internet users, then my information would allow them to narrow it down to a set of 2 ** (log(10000000,2) - 10.29) == 7987 people I might be?
Not sure I can get it much lower: those 10.29 bits are solely from HTTP Accept header and User-Agent header)

FWIW, I've got Ghostery, AdBan, and NoScript installed. Examining the output table, I think having javascript disabled reduces your trackability a lot (but of course you can't always do this)

Has the E6 staff considered hardware bans?

Motherboard ID bans and stuff like that? I don't know much about this sorta thing but that seems like it would be far more effective then an IP ban or a username ban.

Cynosure said:
Has the E6 staff considered hardware bans?

Motherboard ID bans and stuff like that? I don't know much about this sorta thing but that seems like it would be far more effective then an IP ban or a username ban.

Mac bans are pretty much the best way to do bans. But they can be a little drastic.

^ It's better in some ways, but I'm not sure I would go that far. MAC spoofing is also possible , and in fact is a standard tactic for someone trying to get into a WiFi network illegitimately.

GDelscribe said:
Mac bans are pretty much the best way to do bans. But they can be a little drastic.

Your MAC address is not even visible to the webserver unless you are running an application like Java/WMI which could pass that information on.

rysyN said:
Your MAC address is not even visible to the webserver unless you are running an application like Java/WMI which could pass that information on.

I think you're right. The only context I could think of MAC banning someone is in WiFi Management (ie, banning a device from obtaining an IP address on the network because their MAC Address was blacklisted)

Windows applications can read a variety of Mac addresses, some games do use these to create unique fingerprints to make permanent bans.

willieaames said:
If they are using static ip vpn its easy to caught them.

That's why the admins could block IP block me at any time... I use both a static IP service provider AND a static IP VPN for times like now when I can't afford to pay my bill.
Nicky here is skating on thin-ice already... (^.^)[/spoiler]

Linicks said:
I've always been one to find ways around things here on the interwebs, and I've particularly enjoyed bypassing my schools' filters to access websites we weren't allowed to access (this one, for example).

That being said, I've alway pondered how I could (not how I would) get away with creating a satellite account and get away with digital murder. How would admin's catch banned users who created accounts using a VPN or a Tor Bridge? Especially if they don't comment at all and just lay low, lurking their way around the site?

Linicks said:
I've always been one to find ways around things here on the interwebs, and I've particularly enjoyed bypassing my schools' filters to access websites we weren't allowed to access (this one, for example).

That being said, I've alway pondered how I could (not how I would) get away with creating a satellite account and get away with digital murder. How would admin's catch banned users who created accounts using a VPN or a Tor Bridge? Especially if they don't comment at all and just lay low, lurking their way around the site?

This user was banned for ban evasion.
9000 keks

FurryMcFuzzball said:
This user was banned for ban evasion.
9000 keks

This user still exists.
Double-kek.

FurryMcFuzzball said:
This user was banned for ban evasion.
9000 keks

They were banned for something else, then banned from another account but ban evasion bans all accounts for it, even the first one.