How can you hide the usage of an external VPN?

Question

Let's assume we need a VPN to access some site, e.g. for bypassing geo-blocks. But those site doesn't want VPN users. A good example is Netflix. However, I don't want to specify this just on Netflix, since there are other services blocking VPNs as well.

So I thought about how those target site could detect if I'm using a VPN or not. One indicator is a high amount of connections from a single IP. This is relatively easily fixable with multiple external IPs on the VPN server. But those IPs themselves could leak this information.

1. Whois data

PrivateVPN is an example:

# whois $(dig +short de-nur.pvdata.host) | grep -i vpn
% Abuse contact for '185.89.36.0 - 185.89.36.127' is 'support@privatevpn.com'
netname:        PRIVATEVPN

VPN in the whois or even the name of common VPN providers are clearly and easily to match.

2. IP databases

I found ipinfo.io where we can enter an IP and even get information about the device type. For example, another VPN server 162.245.206.242 gave me

company: Object
name: "i3D.net B.V"
domain: "i3d.net"
type: "hosting"

where a query with my real IP (normal private customer home internet connection) shows type: "isp" with the name of my ISP. So I assume that simply querying those APIs and ban all users with type: hosting would match most VPN servers.

How could we hide it?

I don't see a practical way to hide it. Services like ipinfo earn money by collecting such information and keeping them up to date.

The only way would be a VPN service that uses servers hosted by private ISPs. Is there any other method of using a VPN service without letting the target site knowing it?

Answer 1

Based on the example of Netflix I think you falsely assume that it is all about explicit detection of VPN. Netflix for example seems to check that the geographic location matches the information in the account. It also seems to check if the traffic comes from some web hosting sites, since the expectation for a customer would be some DSL line or maybe public hotspot instead.

Thus how to bypass such detection depends a lot of how the detection is done. A common way to bypass these checks is to come from a "residential" IP address, i.e. an IP address associated with customer DSL, cable, fiber or mobile connections. There is a whole industry to offer "residential proxy networks" to whoever want to hide its activity behind innocent citizens and these service are often used by companies doing web scraping or similar. The residential proxy networks work by (ab)using "free" (with a catch) VPN like Hola VPN or which even employ network of hacked machines (botnet) of private citizens - see Resident Evil: Understanding Residential IP Proxy as a Dark Service.

Of course, you might actually find the VPN offered by Hola and others actually useful for your purpose since it also allows you to let your own traffic hide behind some residential IP address in another country. Just be aware that others will do the same with your own IP address and any problems coming from this (i.e. accessing illegal content) are then your own.

Answer 2

.... or host your own VPN. Host a VPN in a VPS in the country you want. You get to define what info gets exposed. And it is unlikely that other people sharing the IP might also be hosting a VPN and visiting the same site.