nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netflix VPN detection - actual engineer needed

From: Steve Atkins <steve () blighty com>
Date: Mon, 6 Jun 2016 09:02:49 -0700


On Jun 6, 2016, at 8:21 AM, Tore Anderson <tore () fud no> wrote:

* Spencer Ryan


As an addendum to this and what someone said earlier about the
tunnels not being anonymous: From Netflix's perspective they are. Yes
HE knows who controls which tunnel, but if Netflix went to HE and
said "Tell me what user has xxxxx/48" HE would say "No". Thus, making
them an effective anonymous VPN service from Netflix's perspective.


Every ISP would say «No» to that question. In sane juridstictions only
law enforcement has any chance of getting that answer (hopefully only if
they have a valid mandate from some kind of court).


HE.net run a perfectly good rwhois server which has my town, state, country
and zip code for my personal IPv6 tunnel, just the same as they have
full contact information for my HE-provided business IPv6 space.


But Netflix shouldn't have any need to ask in the first place. Their
customers need to log in to their own personal accounts in order to
access any content, when they do Netflix can discover their addresses.


The content providers are concerned about who is consuming the
content, not who is paying for it. Those needn't be the same people,
and given how careful people are not to share netflix creds with friends,
often won't be.

Netflix could stomp on credential sharing, but they don't seem to particularly
want to. Blocking a few VPN providers seems a figleaf to keep the content
providers happier while inconveniencing relatively few end users - anyone
who's using a VPN or tunnel anyway can probably change things around
to avoid the blocking with little effort.

Cheers,
  Steve
Previous By Date Next
Previous By Thread Next

Current thread: