"Invalid derivation origin" for specific users

We have some user facing the error of “invalid derivation origin” when trying to login to dashboard.gold-dao.org via Internet Identity. It’s working for everyone else, except very few users since 1-2 weeks.

It is unfortunately impossible for us to reproduce this as no one from the team is facing the same error.

Has someone faced the same and has an idea where this could come from?

1 Like

I see ...-cai.icp0.io": Failed to fetch which likely means that the icp0.io is blocked for some users resulting in II being unable to fetch a needed file to proof the derivation origin.

A while back the domain was inadvertently listed as spam domain: [Resolved] Icp0.io listed in Spamhaus DBL

This has since been resolved, but it’s likely that their internet provider has not updated its spam list yet to remove the domain again or has its own strict spam list.

I would recommend these users to try a different DNS than their internet provider and see if that resolves the issue, here are some options:

3 Likes

Also see this: Locked out of the IC after sending a transaction - #8 by borovan

If they are a heavy IC user, certain dapps are spamming the IC with each page load and can cause you to get blocked.

2 Likes

Thanks all for your feedback!

It does seem to be related to his antivirus and the domain being on some blacklist there. Turning off the AV let’s him access the site as intended…