Leaderboard

@tranquivox69 Hello! Probably everything is fine. The "pinger" is disabled when the system is connected to some VPN server, according to the logic that the round trip times for Eddie connection purposes make sense only between the client node and the VPN servers, and not between client+VPN server and the all other VPN servers. https://github.com/AirVPN/Eddie/blob/de5c1ebb91030dc654a4cd3de81bfa8225982400/src/App.CLI.Common.Elevated/ping.cpp public bool GetCanRun() { bool canRun = true; // Logic: Can't ping when the connection is unstable. Can't ping when connected to server. if (Engine.Instance.IsConnected()) { canRun = false; } else if (Engine.Instance.IsWaiting() && (Engine.Instance.WaitMessage.StartsWithInv(LanguageManager.GetText("WaitingLatencyTestsTitle")) == false)) canRun = false; return canRun; } If you want the pinger to be active even while the system is connected to the VPN you can set canRun to true (here above), even when Engine.Instance.IsConnected() is true. When the pinger is active you should not see in Windows "ping.exe" processes (if we're not mistaken). See also: https://github.com/AirVPN/Eddie/blob/de5c1ebb91030dc654a4cd3de81bfa8225982400/src/App.CLI.Common.Elevated/ping.cpp and https://github.com/AirVPN/Eddie/blob/de5c1ebb91030dc654a4cd3de81bfa8225982400/src/Lib.Core/Jobs/Latency.cs Kind regards

I would suggest that special servers be setup only permitting outgoing traffic on low ports (0-1023). This should protect the exit IPs from getting registered as assiciated with torrent traffic etc. because these servers would be very unsuitable for torrenting. I believe this clean exit-IP will be valuable for people who only browse the web or do other simple things. It does not restrict freedom because you can always choose to use a server that is open for ALL traffic - if this is your requirement.

The issue is no log VPN providers generally attract users who most likely are going to be using VPNs to cover up certain types of copyright-infringing activities and the only web hosting companies that accept their business also are the ones seen as higher risk. This is why on one hand Air adding more servers here and there is great until one finds out it's yet another M247 and the like. From a anti-fraud perspective, these are garbage-tier IP addresses that may cause more issues when keeping them unblocked due to the hosting provider not being helpful when addressing copyright issues. I can tell you anecdotally at least that when dealing with brute force attacks for my own online businesses, the IP's are almost entirely VPN-based and come from many of the same hosting providers Air uses (such as the aforementioned M427). If, for example, a company's business 99% comes from residential IP addresses and 50% of fraud comes from VPNs, it may be safer just to blanket ban any high risk IP (if not outright banning anything from a datacenter which is very easy to identify via tools like GeoIP). I've suggested in the past that Air add a stricter tier with things such as lower speed caps, blocks on torrenting, etc., for the users who just want to use a VPN for privacy reasons and other legal activity and want to be on a lower risk IP address.

I don't believe refreshing the servers' exit ip addresses would solve it, since the root of the problem is the lazy ban some WAFs like Sucuri and AWS's WAF implements. They need to stop relying on blind ip blocklists and work on other checks like Cloudflare does. We as users can't do much, but VPN providers could pressure them into working on a better solution.

It would be nice to have a Meta Blocklist. This list block all Meta apps, services, trackers etc. (Facebook, Messenger, Instagram, Whatsapp). Maintained by Lightswitch05 (https://github.com/lightswitch05/hosts) A hosts file to block all Facebook and Facebook related services, including Messenger, Instagram, and WhatsApp. License: Apache 2.0 (https://github.com/lightswitch05/hosts/blob/master/LICENSE) Raw URL: https://www.github.developerdan.com/hosts/lists/facebook-extended.txt