
Ask HN: Amazon.com blocking VPNs. What can we do? - mleonhard
On 2020-06-23, DNS queries for www.amazon.com through my VPN provider started returning 10.200.0.1.  The VPN provider confirmed that Amazon is intentionally blocking all of their customers.<p>Many people use VPNs to protect their privacy.  Privacy is an important part of personal liberties.  Privacy improves quality of life.  Current VPN software does not make it easy to bypass the VPN for just one website.  Now people will have to choose between using Amazon and protecting their privacy.  Amazon is harming society.<p>What can we do?<p>1. Call and cancel your Prime membership and other subscriptions.  Explain the reason for cancelling.  Walmart.com is a good alternative.<p>2. Move off of AWS.  Digital Ocean is a good alternative.  What is a good alternative to AWS domain registration?
======
8organicbits
If I'm following, the DNS query to your VPN providers recursive resolver is
getting a 10.x.x.x IP address. So the Amazon authoritative DNS server must be
generating different responses based on which DNS resolver you use.

From a purely technical perspective, I'd think DNS over HTTPS (DoH) would let
you bypass the VPN providers DNS server and use 1.1.1.1 or something.

How many VPN providers are affected? Which VPN provider were you using?

~~~
mleonhard
I'm not interested in playing a cat-and-mouse game with Amazon's netsec team.
If I try to bypass their blocks, they will probably blacklist my account. Then
I couldn't access the music and movies that I already purchased.

Amazon has many techniques to combat fraud, each has a cost and benefit. They
decided to block VPNs because they thought it would help them make more money
overall.

Publicly-traded companies care only about money. Increasing the cost of VPN
blocking is a good way to get them to stop doing it. That's why I cancelled my
subscriptions and did it by phone, since phone-support is more costly to
companies.

I'm using PrivateInternetAccess.com . I picked them because they have
California servers and they fund EFF and WireGuard.

~~~
8organicbits
The Ask HN is asking for advice, so I'll offer some. Although I understand you
may be frustrated.

PIA client has tooling to change your DNS resolver, so there's an easier
approach than I originally offered.

[https://www.privateinternetaccess.com/helpdesk/guides/androi...](https://www.privateinternetaccess.com/helpdesk/guides/android/troubleshooting-4/android-
change-dns-android-wifi-settings#android---change-dns-android-wifi-settings)

------
jjgreen
I closed my account (opened in 1999) when they tried to fingerprint me with a
1-pixel image a couple of months ago, arseholes. Thanks to Firefox this
attempt was detected and blocked.

~~~
throwawaybbqed
Can you explain what you mean by fingerprint? I'm a bit alarmed.

~~~
jjgreen
You render an image on the client browser, how this comes out will depend on
screen-resolution, video driver etc, then you hash the result and store it on
the server. When the mark visits a different site, you do the same, and if the
hashes match, a good chance it's your target.

This is the HTML from Amazon's front-page after I logged in (and the Firefox
fingerprint blocker stepped-in)

<img
src="//us-u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&amp;r=https%3A%2F%2Faax-
eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex-
rc%3DWA1GheMVTG2hSi76AJLwBg%26ex%3Dopenx.com%26id%3D" width="1" height="1">

Search "Browser fingerprinting" for more info

