0

How can website that limits downloads per IP "ignore" that IP is changed by VPN?

I really am not keen to overcome a such limitation, but I'm just curious how (or if) the website may act as if it knows it's the same person/machine behind the different IP's, while at the same time acknowledging the new IP.

There is a limit of 5 articles that can be downloaded freely from this website per day. When that limit is reached there is a message like: "5 items already downloaded from IP etc" and the real IP is listed.

At this point I open a private session in Firefox (after having closed the normal one), change the IP there with an addon like CyberGhost VPN Free Proxy, and then I can verify that my IP and location are changed with an addon like IP Address and Geolocation. Even Google responds, as it switches language accordingly.

Trying to download from that site, the same message is shown: "5 items already downloaded from IP ..." and the new IP is listed. Changing again the IP, the message stays the same, only the IP changes.

The website seems to be reporting falsely that the new IP was already used in order to truly stop the same person overcome that limit.

What is happening here, or rather: what can be happening here?

cipricus
  • 965
  • 1
  • 10
  • 29
  • 4
    Maybe someone else used that VPN to download from that site – Gantendo Nov 26 '21 at 14:49
  • https://coveryourtracks.eff.org/ Another option is that they use browser fingerprinting – Gantendo Nov 26 '21 at 14:50
  • 4
    Or the VPN endpoints are blocked by default by that site so no matter which VPN-IP you use they may be all blocked. – Robert Nov 26 '21 at 14:58
  • 2
    Good suggestions in the comments, but it also shows one issue with this question. This question cannot be factually answered and the word "can" even suggests that this question leans towards opinions. The helpcenter has a nice paragraph explaining why this kind of question should not be asked on SuperUser. – LPChip Nov 26 '21 at 15:22
  • 1
    This really cannot be answered and ultimately by answering or commenting, we enable circumvention of a sites restrictions. – StainlessSteelRat Nov 26 '21 at 16:14
  • @LPChip - I had simply ignored the possibility of other identification than IP. That's my problem surely, but once guessing that there might be others I though to simply ask: can there be others. The simple answer is yes. No much more than that. – cipricus Nov 26 '21 at 17:26
  • @StainlessSteelRat - What's wrong with circumventing sites "restrictions"? Don't you ever use adblokers? It's a matter of safety and power, and the weakest party is always the individual. – cipricus Nov 26 '21 at 17:28
  • @LPChip - Could you suggest how to edit this and avoid closing? I just want to learn quickly a few more things about this. Why cannot it be answered in the way an answer has already been posted? – cipricus Nov 26 '21 at 17:40
  • @LPChip - could you link to that paragraph in the helpcenter? I'll try to edit the question, I hope it will then look better than closed. – cipricus Nov 26 '21 at 17:50
  • Either way the question can not be definitely answered. What I do or don't do as an individual does mean sites like StackExchange should enable the doing! – StainlessSteelRat Nov 26 '21 at 19:55

1 Answers1

2

The website is identifying you by other means than just the IP address.

It may be as simple as a cookie that identifies you, but can be very many other methods. In general the term you search is called Device fingerprint.

Cookies are very easy to delete and IP addresses are also easy to change using a VPN or proxy. The website could be using any of the parameters described in the post Unique Browser / User ID?

harrymc
  • 455,459
  • 31
  • 526
  • 924
  • Shouldn't cookies be excluded as a cause when using private session in Firefox? – cipricus Nov 26 '21 at 17:29
  • Some (actually many) websites are not very sophisticated regarding fingerprinting, so they only use cookies. The website you mentioned has made a better effort, perhaps because it had to. – harrymc Nov 26 '21 at 17:37
  • There is also the fact that the site says that the new IP has been already used up to the limit. So, the site it is either lying, or the suggestion made in comment by @Gantendo must be true (that site and that addon are so popular that the limit per IP is easily reached.) – cipricus Nov 26 '21 at 17:38
  • Possible, but I doubt it. More likely the website developer was just not very careful with his message. – harrymc Nov 26 '21 at 17:40