Detect Users Are Logging In Via A VPN

I need to be able to detect when a user is logging in via a VPN. The reason is that my business model requires a certainty that the person who originally signed up to perform the service is the person that is now logging in to use the service.

For example, if my user signs up to perform a service they are the person who gets compensated for doing that service. If that user asks a different person to perform the service then that creates a problem with the business model.

What signals can I use to confirm that the person is not logging in via a VPN? If I capture the login IP address is that the user’s computer IP? Is it their cable modem public IP? Is it the VPN IP? Same with country signal.

Hi @michaelwhite63,

This may be a bit outside my expertise but I’m fairly certain the only trackable difference here will be the IP address. Somehow you need to track and confirm “allowed” IP addresses vs those that are not allowed. This is likely very messy. Maybe you can leverage Auth0 Signals service, though I’m not certain that will help in this case.

IMO, this sounds like a problem that is better solved via other means like live user identity verification / liveness checks, MFA, biometrics, etc.

1 Like