[dmurray]

I don't think it's a hilarious bug in their logic, just collateral damage in the war between VPN providers and Disney/Netflix/etc. The VPN providers try to get IP ranges that look like residential IPs. Ideally they rent them from the same ISPs who really do provide residential service. By the nature of the traffic, Disney can't tell for sure that it's coming from a VPN - just something like "a suspiciously large number of users connected from this range, especially users who currently seem to be travelling internationally".

Perhaps the user had a dynamic IP address and kept getting one in the same range that was also used for VPNs. Perhaps he had a static one but Disney banned ranges by the /28 instead of individual addresses.

[3np]

Not only that, some VPN providers run through actual residential IPs acquired through browser extensions, apps, and smart devices.

[TedDoesntTalk]

Some official NordVPN clients turn your device into a proxy server which the other side of the NordVPN business (OxyLabs) sells to other customers.

[alacritas0]

Do you have a source to support that claim?

[3np]

I don't have time to dig up anything authoritative right now, but I assumed this was common knowledge and uncontroversial. It is precisely this kind of practices (reusing/selling/buying user and customer IPs - there are companies that specialize as brokers) that allows them their low prices while generally not getting blocked by services like Netflix, and I suspect it's also what's behind the move from NF.

[dmurray]

> there are companies that specialize in brokers...

You're describing a botnet here. There are certainly organizations that will sell you access to their botnet, but I wouldn't describe them as uncontroversial, and I'd like to learn about ones that are structured as companies or that have as authoritative a reach as NordVPN.

[3np]

Luminati, for one. The mentioned OxyLabs, for another.

I'm not saying this by itself is anything illegal - users generally unwittingly agree to it through wall-of-text ToS.