> Years on, our primary data source is literally holding dozens of subscriptions to every commercial provider we can find, and enumerating the exit node IP addresses they use.

Assuming your VPN identification service operates commercially, I trust that you are in full compliance with all contractual agreements and Terms of Service for the services you utilize. Many of these agreements specifically prohibit commercial use, which could encompass the harvesting of exit node IP addresses and the subsequent sale of such information.

▲

infecto 18 hours ago | parent | next [-]

TOS are pretty meaningless in cases like this. It amounts to getting rejected as a customer and your account canceled.

▲

itintheory 14 hours ago | parent [-]

I think ToS violations can also run afoul of CFAA.

	▲	infecto 14 hours ago \| parent \| next [-]
		Those are pretty old cases that I think the courts have moved away from and even in those cases it was a TOS violation and explicit c&d that the company ignored.
	▲	qingcharles 9 hours ago \| parent \| prev [-]
		I don't think they can any longer, I think there is case law on this. Illinois law makes it a misdemeanor to violate web site ToS, though. And felony for the second time IIRC. Other states probably also.

▲

fourside 18 hours ago | parent | prev | next [-]

Maybe the tables could be turned and we can build a service with dozens of subscriptions to every VPN detection service and report them for ToS violations ;)

▲

immibis 2 hours ago | parent | prev | next [-]

There's a little secret that most of the business world knows but individuals do not know: You don't have to follow Terms of Service. In most cases, the maximum penalty the company can impose for a ToS violation is a termination of your account. And it's not illegal to make a new account. They can legally ban you from making a new account, and you can legally evade the ban.

Unless you're the one-in-a-million unlucky user who gets prosecuted under the CFAA's very generic "unauthorized access to a protected computer" clause, like Aaron Swartz. It seems the general consensus is this doesn't apply to breaking a website ToS, and Aaron was only in so much trouble because he broke into a network closet, as well as for copyright violation. But consult a lawyer if unsure. (That's another difference: A business will ask a lawyer if it wants to do something shady, while an individual will simply avoid doing it)

▲

MangoToupe 17 hours ago | parent | prev [-]

> I trust that you are in full compliance with all contractual agreements and Terms of Service

Why? It's not like there's any real moral (or, likely, legal) reason to care beyond avoiding the service's ban hammer.

▲

qingcharles 9 hours ago | parent [-]

In Illinois you could, in theory, be jailed for up to three years for violating a web site ToS. (classified as "Computer Tampering")

▲

MangoToupe 9 hours ago | parent [-]

I don't think that would hold up in court anymore.

	▲	qingcharles 2 hours ago \| parent [-]
		It's a statutory offense, so you could get lucky and the prosecutor wouldn't prosecute it, but it's there for them to use: https://www.ilga.gov/Documents/legislation/ilcs/documents/07... ... "the owner authorizes patrons, customers, or guests to access the computer network and the person accessing the computer network is an authorized patron, customer, or guest and complies with all terms or conditions for use of the computer network that are imposed by the owner;"