The list of tor exit ips is publicly viewable. Some IPS block the entire list contrary to Tor Project’s request not to do exactly that.
I assume this “VPN Server” that they can see is the “entry node”, and not the “exit node” (i.e. my IP as seen by the world) - but never got a clear answer to that
Traditionally, the entry node and the exit node have been the same VPN server/ip. In that sense, your ISP does know the IP of your exit server, since they are the ones connecting you to it.
For example, your X ISP’s logs could show “At 15:00, user #123 connects to IP 1.2.3.4, which lookup shows is assigned to “CheapVPNs Ltd”. At 15:01 our email server received 1,000,000 emails from IP 1.2.3.4 all angrily complaining about how “X ISP sucks”. Correlation implies user #123 is responsible for the mail bomb attack against our servers.”
At the moment, Mullvad specifically does use different entry and exit IPs, but they are all still located in the same datacenter and subnet. That is, you could be connecting to a Mullvad VPN server 1.2.3.4, 1.2.3.5, or 1.2.3.6 in London, and they all exit out through 1.2.3.1 in London. This is just something Mullvad does. Other VPN services may not do it and Mullvad hasn’t done it in the past. Someone analyzing ISP logs could correlate these IPs if they really wanted to.
Mullvad also offers “multihop”, but the way they have it implemented currently (changing the destination port number), an ISP could still deduce your exit IP if they bother looking up records of Mullvad network structure (which are publicly available), since they know the IP number and the port number of your entrance node.
The only way to hide your VPN exit IP from your ISP currently is to use multiple VPN services and nest them inside each other (or use one service and nest it inside itself using the “multiple devices” perk). Then only a state-level actor could hope to correlate your traffic by monitoring the ingress/outflow of multiple IPs simultaneously.
The US bans all of it, while Japan has an exception for drawings
Absolutely incorrect. You are thinking of Canada or UK. In US, drawings are fine. Rather it is photorealistic depictions “indistinguishable from that of a minor” that are prohibited, almost presciently pre-empting techniques like deepfake and stablediffusion by 20 years, a rare win by legislators.
Thank you for being aware! I’ve experienced this on github.com. I’ve tried to submit issues several times to open source projects, complete with proposed code to solve a bug, but github shadowbans my account 6 hours after creating it (because I use a VPN? a third-party email provider? do not provide a phone number? who knows). I can see the issue and pull request when logged in, but they only see a 404 on their project page even if I give them a direct link. I ended up sending them a screenshot of the issue page just to convince them this was even possible. Sad to hear gitlab does it even worse now by making phone mandatory.