> All authentication and download events came from virtual private server (VPS) and Tor IP addresses, which is not the most subtle way to access an account.
If I login from my computer and a few hours later an attacker logs in from the other side of the planet, most big providers will trigger extra checks/email notifications of unusual events.
I wonder if intentionally using Tor/VPS is a way to bypass those checks, since a Tor/VPS can have a far away geo-IP.
Yes, I've also had this thought. I also wonder how wide the geographic net is for some providers. If it's sufficiently wide, it's not infeasible to brute-force the right geographic location by just looping through a few locations. It also has the adverse affect of locating the victim.
If I login from my computer and a few hours later an attacker logs in from the other side of the planet, most big providers will trigger extra checks/email notifications of unusual events.
I wonder if intentionally using Tor/VPS is a way to bypass those checks, since a Tor/VPS can have a far away geo-IP.