Banning anyone that signs up while using a VPN is horrible UX

I normally use a VPN on my laptop, so I obviously had it running when I signed up for Netlify. This sent me to a screen that I need to verify my identity, but then when I attempted to, it told me: “We were unable to verify your identity and reinstate your Netlify account.”

I contacted support and sent a message on Twitter yesterday. I have not heard back yet.

In the meantime, I was also able to turn off my VPN and sign up using a different email address in two seconds. :joy:

So I have to ask, is this really the ideal UX for new people signing up?

I understand Netlify probably has to deal with a ton of malicious accounts. It even makes perfect sense to not allow account creation while using a VPN, but why can’t you just ask users to disable their VPN. I’m even completely willing to add a credit card, photo of my ID, or whatever you need to verify my account, but you wont let me.

The fact that I can just turn off my VPN and sign-up with another email in two seconds, but can’t get my account unsuspended is ridiculous. And it’s not as though VPNs are uncommon. This must be happening hundreds of times a day to completely legitimate users.

It’s not the VPN that’s the issue, it’s the number of users with same IPs (due to the VPN) that’s the issue. If your same IP (the one provided by your VPN) has been used repeteadly for spam, it would be flagged as well.

I wouldn’t say “hundreds of times a day”, but it does happen “all day, every day”.

I have an open feature request concerning Netlify improving the messaging surrounding it, as it’s currently no wonder people get stuck and then seek assistance.

I’ve added your message to the thread as additional evidence of the difficulties users face.

But in a practical sense, isn’t it extremely likely that any widely used VPN service is going to result in this problem?

I understand that there is a completely rational reason behind flagging accounts, but it also seems to ignore the fact that false positives are likely extremely common.

But even that isn’t a big deal, it’s the fact that when a legitimate user’s account is flagged, they are told to verify their identity, at which point they’re told, no, they can’t verify their identity. Then if they were paying attention, they’ll go back a page and submit a support request form. Then they will get an email asking what their problem is and to send a screenshot. Then they have to wait a few days to maybe get a response.

Or they can just turn off their VPN and sign up with a different email.

What’s the point of having that entire crazy process of lifting a suspension, when all Netlify cares about is the user having an un-flagged IP address?