upvote

points

by paxys17 hours ago |
comments
upvoteby walrus0117 hours ago|
[-]
Not going to work for very long or at any scale coming from datacenter/hosting provider IPs. Google "residential proxies for sale" for the tip of an iceberg of how they snowshoe the traffic.
reply
upvoteby dannyw15 hours ago|
parent|
next
[-]
I use my Codex and Claude Code subs on like 4-6 different servers, ranging from AWS to Vultr to Linode etc.

That’s a major and legitimate use case for developers, Anthropic can’t just block data center/hosting IPs because their actual customers use them on data center/hosting IPs.

reply
upvoteby walrus0113 hours ago|
parent|
[-]
Now consider what will happen if your pattern of queries and context history triggers a pattern that makes it obvious it's some API key being used by multiple different entirely unrelated people on totally different things, or any other pattern of use that makes it obvious it's being used for distillation.
reply
upvoteby dannyw13 hours ago|
parent|
[-]
Two parts here.

First, well-calibrated systems for detecting API compromise is a good thing (or good intent at least). Credential malware is exploding.

Second, the challenge is that significant amount of genuine work — such as evals — seems practically impossible to distinguish from generating RLAIF outputs.

reply
upvoteby paxys17 hours ago|
parent|
prev|
next
[-]
As long as you stick to a single unique IP per account it isn't going to get flagged.
reply
upvoteby walrus0117 hours ago|
parent|
[-]
Respectfully, no, that's not how it works. You think the people running anti-fraud and anti-bot measures don't have tools that know the specific ipv4 and ipv6 CIDR ranges of every ASN that they categorize as hosting/colo providers?

And that's just as a basic first effort reject measure to prevent automation tools from using things designed for human-interactive use only.

Go try to do many of these things from Cogent IP space and see how long your project lasts.

reply
upvoteby paxys16 hours ago|
parent|
next
[-]
Every developer at my company uses their Claude Code subscription on an EC2 dev box. Plenty of other tech companies do the same. Heck nowadays people even install Claude Code directly on production servers in data centers and use it as an ops tool. None of this is a problem. Fraud and abuse detection is a lot more sophisticated than just checking an IP range.
reply
upvoteby fc417fc80216 hours ago|
parent|
prev|
next
[-]
None of the LLM providers block professional use thus they must necessarily permit access from commercial IP ranges.

I have no idea how the resellers are doing it but an obvious starting point would be a cheap VPS node that routed each account to a unique semi-permanent IPv4 or IPv6/64. All the provider would see would be a regular account making a normal looking stream of requests from a stable datacenter IP address. Any given request stream would remain consistent (at least over a period of a few hours) because a reseller would take care not to split the session of a single user across multiple different accounts and not to interleave the active sessions of multiple users on a single account.

Detecting this would be extremely difficult because on a longer time frame it's perfectly normal for many distinct accounts to work on the same code base.

reply
upvoteby dannyw15 hours ago|
parent|
[-]
And it’s perfectly normal to be running Claude Code on EC2, a VPS, etc. I do it all the time!

You block clouds, you block devboxes and your customers.

reply
upvoteby hanakuso16 hours ago|
parent|
prev|
next
[-]
Wouldn’t it be funny if the same residential proxies allowing these labs to scrape the Internet is also what’s enabling these resellers?
reply
upvoteby fc417fc80216 hours ago|
parent|
[-]
If we're getting up to the scale of these resellers and also considering chinese state interests then we're well into the range of purchasing a few small ISPs in different countries and "padding" the legitimate subscribers.
reply
upvoteby awakeasleep16 hours ago|
parent|
prev|
next
[-]
Sorry for being a newb here but are you saying Anthropic blocks people from running claude code on datacenter ip ranges?

Or is the datacenter IP just one part of the picture?

reply
upvoteby Chu4eeno16 hours ago|
parent|
prev|
next
[-]
I assume they use residential proxies (tunneling in the background of crappy Android games) for the "last" hop.
reply
upvoteby elwebmaster16 hours ago|
parent|
prev|
[-]
Nonsense. Many if not all legit Claude users are using Claude Code inside their Cloud servers. How else would you use it anyway? For just local dev? That's so 2000 and late bro.
reply
upvoteby walrus0116 hours ago|
parent|
[-]
No, I'm not saying it's the exclusive and only measure (that would indeed be something we might see 20, 25 years ago), it's one of a myriad of discrete datapoints used to determine if an account is authentic or not.

There's a lot of inauthentic coordinated automated systems these days along the general lines of scraping/crawling/social media manipulation/sockpuppetry that require running through residential proxies or proxies to places that don't look like datacenter IP space.

reply
upvoteby c1sc014 hours ago|
parent|
prev|
next
[-]
Hey, if the bastards can use residential IPs to suck all information into their models with their crawlers, so can we!
reply
upvoteby woctordho11 hours ago|
parent|
prev|
[-]
There are lots of botnets providing home IPs.
reply