[imiric]

> I always wondered about companies/individuals who voluntarily [...] block their users by IPs coming from bad countries

The problem is not with "bad" countries.

The problem is when a large amount of abusive traffic comes from a handful of countries, it's technically easier to block entire IP ranges and ASNs, than to filter and allow the small amount of well-behaved clients while blocking the rest. This is especially the case when the company has no commercial presence in these countries.

To be fair, the scenario you describe where countries are blocked purely out of political or personal reasons does exist, and I agree that it's morally wrong, even if it's the prerogative of any individual or company who they want to provide service to. But in my experience the blocking is usually motivated by abuse.

[kassner]

> The problem is when a large amount of abusive traffic comes from a handful of countries, it's technically easier to block entire IP ranges and ASNs

Abuse is becoming a much bigger problem lately, to the point that even large western providers are getting the same treatment nowadays. More and more I see people talking about banning Hetzner, OVH, DigitalOcean, and at any given time I can see several of their IP addresses in abuse reporting websites (spamhaus, abuseipdb).

What is the future here? I see no reason for those providers to tighten on abusers, given how long they’ve already ignored it. Pretty sure at some point you’ll have to have your own ASN and IP ranges to be able to do anything on the internet.

[bez00m]

> the scenario you describe where countries are blocked purely out of political or personal reasons does exist

In my experience the reason is one of the following:

1. Following the local jurisdiction. By far the most common one, and one I have least questions for. At least not to the companies who implement this policy - someone over here already posted the consequences of not complying. Big companies often care to say "nothing personal, buddy, strictly business", but nothing more as in the OP's case with Microsoft.

2. Avoiding the attacks, as you said. I definitely agree they exist. And I can imagine every Cloudflare block page I've seen is because of that, but in my experience it's maybe 5-10% of all blockings I experienced.

3. Political activism. What my comment was about. It's always either individuals or small companies. It's always outrageously dumb and pathetic (obviously, except when it comes from an actual victim) and just does the job opposite to the proclaimed intention.