
You no longer can sign on to Namecheap while using VPN (Private Internet Access) - pasbesoin
I was last in Namecheap in December.  I&#x27;ve had a PIA account for years, for public cafes and such, and after Comcast started e.g. injecting Javascript, I started using it at home as well.  Today, Namecheap&#x27;s sign on flow took my credentials and then presented me with a Recaptcha.  After checking &quot;I&#x27;m not a robot&quot;, I received a page telling me my credentials were invalid.  Worried, I did a password reset, apparently successfully.  But then got the same flow.  Namecheap support informs me they now block VPN connections.<p>I&#x27;ve been concerned for some time that the Internet is becoming differentiated.  This appears to be one more sign of it.  Let my ISP snoop on and potentially interfere with my connection, or forego doing business.  I fear this will only continue to grow worse.<p>I&#x27;m also concerned for Namecheap.  Why block this?  And the flow was atrocious and uninformative.  Also new since December:  Once in, www.namecheap.com now redirects to ap.www.namecheap.com that uses a separate certificate from a different root, that uses the obsolete combination of RSA and HMAC-SHA1.<p>I&#x27;ve liked Namecheap, but I&#x27;m not finding this combination of changes acceptable.  And I don&#x27;t like the broader implications, perhaps an encroachment of some form of &quot;true name&quot; prerequisite for TCP&#x2F;IP level Internet connectivity.
======
pasbesoin
I kept the OP brief -- I seem to recall a size limit for them. And also, for
the sake of the reader.

A bit more: The dashboard and domain list pages were under this
ap.www.namecheap.com subdomain (new to me) with its cert from GeoTrust having
the obsolete configuration -- www.namecheap.com uses one from COMODO that has
more current settings. But the shopping cart and checkout pages are still
under www.namecheap.com .

And, I've been having more and more problems with sites rejecting access while
I'm using a PIA connection. First came the blockage from Netflix and Amazon
streaming video. Then, archive.is and some others. Now Namecheap? Is Amazon
next?

I'm not hiding anything in particular. But I don't want Comcast monitoring and
selling my connectivity, nor feeling free to inject Javascript into it
whenever it likes.

I guess it's time to set up my own VPN on some hopefully untainted IP address.
But more generally, are we slowly being pushed to use our / our ISP's
addressing? "True name" addressing, one site at a time?

Feels more and more like the Internet is falling under corporate and
government control. Not just the snooping, but active control.

Call me paranoid.

P.S. Encountering the combination of these changes, all at once, caused me
considerable pause. Credential swiping? Fraudulent sub-domain passing through
the main site while harvesting data?

Ultimately, after chatting with support a couple of times and weighing what I
know and have seen in the past from Namecheap, I decided to proceed. Finding
the checkout pages on the main domain was also a bit reassuring, and I used a
credit card that I can monitor and cancel and chargeback if necessary.

Hopefully, Namecheap will clean this up.

They've generally received favorable comments and recommendations here on HN,
for years. The basis of my posting this here.

------
coreyp_1
I agree that this is horrible. I also agree that I think it is a completely
wrong course of action for those trying to protect their privacy from
corporate and Commercial intrusion. But I don't know what to do about it.

What recourse do I have as an individual?

------
asher_
They also only have SMS as a 2FA option, which is neither convenient nor
secure. I've been a customer of theirs for a long time, but they do indeed
make some poor decisions every now and again.

~~~
mdotk
What do you consider a convenient way to protect yourself? A VPN on your
laptop isn't going to help much if your laptop is compromised or stolen. 2FA
would of course work though.

------
gesman
information === money

Also, PIA should allow paid accounts to add their own custom nodes and manage
them via their convenient interface.

This would cause such a bummer for wanabe-trackers.

------
mdotk
I can sign into NC with a PIA VPN no problem.

