Re: Netflix VPN detection - actual engineer needed

[Cryptographrix <cryptographrix () gmail com>]

Come now, content providers really just care that they have access to
regional controls more so than their ability to blanket-deny access (ok,
minus the MLB who are just insane).

And part of those regional controls deal with the accuracy of the location
information.

If their app can request my device's precise location, it doesn't need to
infer my location from my IP any more.

As a matter of fact, it's only detrimental to them for it to do so, because
of the lack of accuracy from geo databases and the various reasons that
people use VPNs nowadays (i.e. for some devices that you can't even turn
VPN connections off for - OR in the case of IPv6, when you can't reach a
segment of the Internet without it).


On Fri, Jun 3, 2016 at 4:17 PM Spencer Ryan <sryan () arbor net> wrote:

> There is a large difference between "the VPN run at your house" and
> "Arguably the most popular, free, mostly anonymous tunnel broker service"
>
> If it were up to the content providers, they probably would block any IP
> they saw a VPN server listening on.
>
>
> *Spencer Ryan* | Senior Systems Administrator | sryan () arbor net
> *Arbor Networks*
> +1.734.794.5033 (d) | +1.734.846.2053 (m)
> www.arbornetworks.com
>
> On Fri, Jun 3, 2016 at 4:09 PM, Cryptographrix <cryptographrix () gmail com>
> wrote:
>
> > I have a VPN connection at my house. There's no way for them to know the
> > difference between me using my home network connection from Hong Kong or my
> > home network connection from my house.
> >
> > Are they going to disable connectivity from everywhere they can detect an
> > open VPN port to, also?
> >
> > If they trust my v4 address, they can use that to establish historical
> > reference. Additionally, they can fail over to v4 if they do not trust the
> > v6 address.
> >
> >
> >
> >
> > On Fri, Jun 3, 2016 at 4:05 PM Spencer Ryan <sryan () arbor net> wrote:
> >
> > > There is no way for Netflix to know the difference between you being in
> > > NY and using the tunnel, and you living in Hong Kong and using the tunnel.
> > >
> > >
> > > *Spencer Ryan* | Senior Systems Administrator | sryan () arbor net
> > > *Arbor Networks*
> > > +1.734.794.5033 (d) | +1.734.846.2053 (m)
> > > www.arbornetworks.com
> > >
> > > On Fri, Jun 3, 2016 at 4:03 PM, Cryptographrix <cryptographrix () gmail com
> > > > wrote:
> > >
> > > > Same, but until there's a real IPv6 presence in the US, it's really
> > > > annoying that they haven't come up with some fix for this.
> > > >
> > > > I have no plans to turn off IPv6 at home - I actually have many uses
> > > > for it, and as much as I dislike the controversy around it, think that
> > > > adoption needs to be prioritized, not penalized.
> > > >
> > > > Additionally, I think that discussing content provider control over
> > > > regional decisions isn't productive to the conversation, as they didn't
> > > > build the banhammer (wouldn't you want to control your own content if you
> > > > had made content specific to regional laws etc?).
> > > >
> > > > I.e. - not all shows need to have regional restrictions between New
> > > > York (where I live) and California (where my IPv6 /64 says I live).
> > > >
> > > > I'm able to watch House in the any state in the U.S.? Great - ignore my
> > > > intra-US proxy connection.
> > > >
> > > > My Netflix account randomly tries to connect from Tokyo because I
> > > > forgot to shut off my work VPN? Fine....let me know and I'll turn
> > > > *that* off.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Fri, Jun 3, 2016 at 3:49 PM Spencer Ryan <sryan () arbor net> wrote:
> > > >
> > > > > I don't blame them for blocking a (effectively) anonymous tunnel
> > > > > broker. I'm sure their content providers are forcing their hand.
> > > > > On Jun 3, 2016 3:46 PM, "Cryptographrix" <cryptographrix () gmail com>
> > > > > wrote:
> > > > >
> > > > > > Netflix needs to figure out a fix for this until ISPs actually
> > > > > > provide IPv6
> > > > > > natively.
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Fri, Jun 3, 2016 at 3:13 PM Blair Trosper <blair.trosper () gmail com
> > > > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > Confirmed that Hurricane Electric's TunnelBroker is now blocked by
> > > > > > > Netflix.  Anyone nice people from Netflix perhaps want to take a
> > > > > > crack at
> > > > > > > this?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Jun 2, 2016 at 2:15 PM, <mike.hyde1 () gmail com> wrote:
> > > > > > >
> > > > > > > > Had the same problem at my house, but it was caused by the IPv6
> > > > > > > connection
> > > > > > > > to HE.  Turned of V6 and the device worked.
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > >
> > > > > > > > Sent with Airmail
> > > > > > > >
> > > > > > > > On June 1, 2016 at 10:29:03 PM, Matthew Kaufman (
> > > > > > matthew () matthew at)
> > > > > > > > wrote:
> > > > > > > >
> > > > > > > > Every device in my house is blocked from Netflix this evening due
> > > > > > to
> > > > > > > > their new "VPN blocker". My house is on my own IP space, and the
> > > > > > outside
> > > > > > > > of the NAT that the family devices are on is 198.202.199.254,
> > > > > > announced
> > > > > > > > by AS 11994. A simple ping from Netflix HQ in Los Gatos to my
> > > > > > house
> > > > > > > > should show that I'm no farther away than Santa Cruz, CA as
> > > > > > microwaves
> > > > > > > > fly.
> > > > > > > >
> > > > > > > > Unfortunately, when one calls Netflix support to talk about this,
> > > > > > the
> > > > > > > > only response is to say "call your ISP and have them turn off the
> > > > > > VPN
> > > > > > > > software they've added to your account". And they absolutely
> > > > > > refuse to
> > > > > > > > escalate. Even if you tell them that you are essentially your own
> > > > > > ISP.
> > > > > > > > So... where's the Netflix network engineer on the list who all of
> > > > > > us can
> > > > > > > > send these issues to directly?
> > > > > > > >
> > > > > > > > Matthew Kaufman