Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It sounds like that's what they're doing, in order to find other spam accounts: > We'll manually review all accounts that use (more than one of) those ip addresses.


Obviously only vanviegen knows what they're doing, but here is what I'd do (IANAL!):

1. Identify offender (scammer/spammer) using other methods like manual review

2. Block offender as described, and only now start logging the IPs for them (claim: at that point it's legitimate interest)

3. If another user now uses one of the IPs, assume their also offenders and log their IPs as well to weed out false positives (claim: they use the known offender IPs, so there is a good chance their also offenders -> leg. int.)

4. Ban all actual offenders and delete associated IPs for false positives.

It's possible they're doing this flow and just simplified it for posting here.

Saving the IP/geolocation could also be legitimate interest to identify altered locations. E.g. say you're US based and suddenly login from $abroad they could send you a 2FA mail to secure your account.


Review is the key. They're using it as an indicator of bad behavior to provide direction where other bad behavior may be.

The IP didn't identify the person, but it did potentially implicate accounts that needed to be reviewed or that may have been compromised.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: