infosec

Coinbase’s risk models flag VPN usage as a negative sign since attackers always use VPNs, and their recommendation is not to use a VPN when accessing Coinbase. 

Thoughts?

PSA: Don't use a VPN to access Coinbase. 

Attackers always use VPN's, so our risk models take that as a negative sign even if you're legitimately using your own account.

I have tremendous respect for the Coinbase team and their dedication to security, but in high-risk regions (read: authoritarian regimes, conflict zones), forgoing VPN usage can put users’ physical safety at risk.

Mantej Rajpal 🇺🇸

Coinbase’s risk models flag VPN usage as a negative sign since attackers always use VPNs, and their recommendation is not to use a VPN when accessing Coinbase. 

Thoughts?
https://x.com/mantej/status/1863968648022446246?s=46&t=dO0uo_CgV6MrB7N3NkVjDA

security engineering and applied cryptography mantej.blog

it almost sounds like Coinbase is slightly less prejudiced to users that MFA then VPN?

in any case, CEXs are counterparty risk, high-value transfers lose security once they leave the wallet w/ self-hosted node. just doesn't seem to be a good medium for few movements of deep savings or private cash, but exceptional for repeat movements of shallow, publicly seen funds.

I see it as a psuedo-excuse for them to just not allow their users to access their services with a VPN and blame it on the algo (that they made).

VPNs are so widely marketed that their usage is ubiquitous in today's day and age. Everybody and their brother has or could use VPN app or service.

Its like banning encrypted messaging apps because criminals use them.

I want them to take all measures necessary to maintain security

Does Coinbase have large user bases in high-risk regions? My sense was they mostly operate in pretty stable / primarily democratic countries