nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netflix VPN detection - actual engineer needed

From: Alex Buie <alex.buie () frozenfeline net>
Date: Fri, 3 Jun 2016 16:53:22 -0400
This is not a zero sum solution. Fallback to IP geolocation if more precise
location detection is not available, but if it is, use that. You could even
have a "location score" composite index composed of all the different
locale and historical session data you've accumulated. (cf things like
cloudflare bad-actor detection which uses many heuristics to determine if
you are who you say you are and whether to serve content to you)

On Fri, Jun 3, 2016 at 4:43 PM, Spencer Ryan <sryan () arbor net> wrote:


And what about the millions of TVs, DVD players and all the other embedded
devices that don't/can't support any kind of location services?
On Jun 3, 2016 4:38 PM, "Cryptographrix" <cryptographrix () gmail com> wrote:


It's much less hard to make an IP connection lie about it's location than
it is to make a non-rooted (which is easy to detect) iOS device lie about
it's AGPS-derived location.

In all cases.
On Fri, Jun 3, 2016 at 4:28 PM Naslund, Steve <SNaslund () medline com>
wrote:


Two problem I see with that.

1.      My TV is going to have a hard time figuring out its GPS

location

inside my living room.
2.      It's not hard to make a device lie about a GPS position.

Steven Naslund
Chicago IL

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of

Cryptographrix

Sent: Friday, June 03, 2016 3:18 PM
To: Robert Jacobs; Spencer Ryan
Cc: North American Network Operators' Group
Subject: Re: Netflix VPN detection - actual engineer needed

To be honest, I don't care about content providers having control over
regional access controls - it's completely technologically backwards,

but

they're all about time zones so they can do what they want.

BUT there are more reliable ways than using an IP to get geographic
location in an era where any website can request your GPS location.

They have an iOS team that can provide them with *the most

authoritatively

precise location of my device* for their Apple TV app.

My IP should be the last thing they check to determine my location. I

can

do a million things to tweak that, including things that their proxy
detection will never ever find out about.


On Fri, Jun 3, 2016 at 3:55 PM Robert Jacobs <rjacobs () pslightwave com>
wrote:


Seems everyone continues to forget the content providers are not
Netflix...They are the Disney, Discovery, NBC, Turner ect... These

are

the ones that put clauses and restrictions in their licensing and
re-broadcast agreements forcing things like Netflix is doing..

Robert Jacobs | Network Director/Architect

Direct:  832-615-7742
Main:   832-615-8000
Fax:    713-510-1650

5959 Corporate Dr. Suite 3300; Houston, TX 77036



A Certified Woman-Owned Business

24x7x365 Customer  Support: 832-615-8000 | support () pslightwave com
This electronic message contains information from Phonoscope

Lightwave

which may be privileged and confidential. The information is intended
to be for the use of individual(s) or entity named above. If you are
not the intended recipient, any disclosure, copying, distribution or
use of the contents of this information is prohibited. If you have
received this electronic message in error, please notify me by
telephone or e-mail immediately.



-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Spencer

Ryan

Sent: Friday, June 3, 2016 2:49 PM
To: Cryptographrix <cryptographrix () gmail com>
Cc: North American Network Operators' Group <nanog () nanog org>
Subject: Re: Netflix VPN detection - actual engineer needed

I don't blame them for blocking a (effectively) anonymous tunnel

broker.

I'm sure their content providers are forcing their hand.
On Jun 3, 2016 3:46 PM, "Cryptographrix" <cryptographrix () gmail com>

wrote:



Netflix needs to figure out a fix for this until ISPs actually
provide
IPv6 natively.



On Fri, Jun 3, 2016 at 3:13 PM Blair Trosper
<blair.trosper () gmail com>
wrote:


Confirmed that Hurricane Electric's TunnelBroker is now blocked

by

Netflix.  Anyone nice people from Netflix perhaps want to take a
crack at this?



On Thu, Jun 2, 2016 at 2:15 PM, <mike.hyde1 () gmail com> wrote:


Had the same problem at my house, but it was caused by the IPv6

connection

to HE.  Turned of V6 and the device worked.


--

Sent with Airmail

On June 1, 2016 at 10:29:03 PM, Matthew Kaufman
(matthew () matthew at)
wrote:

Every device in my house is blocked from Netflix this evening
due to their new "VPN blocker". My house is on my own IP space,
and the

outside

of the NAT that the family devices are on is 198.202.199.254,
announced by AS 11994. A simple ping from Netflix HQ in Los
Gatos to my house should show that I'm no farther away than
Santa Cruz, CA as microwaves fly.

Unfortunately, when one calls Netflix support to talk about
this, the only response is to say "call your ISP and have them
turn off the VPN software they've added to your account". And
they absolutely refuse to escalate. Even if you tell them that
you are

essentially your own ISP.


So... where's the Netflix network engineer on the list who all
of us

can

send these issues to directly?

Matthew Kaufman
Previous By Date Next
Previous By Thread Next

Current thread: