Re: Netflix VPN detection - actual engineer needed

["Ricky Beam" <jfbeam () gmail com>]

On Sun, 05 Jun 2016 19:35:27 -0400, Mark Andrews <marka () isc org> wrote:
> It is a attack on HE.  HE also provides stable user -> address
> mappings so you can do fine grained geo location based on HE IPv6
> addresses.

They may be "fine grained", but they are still lies. One's tunnel can be  
terminated from *anywhere*, at *anytime*. HE doesn't publish the IPv4  
address of the tunnel endpoint, nor do they update any public facing  
registry w.r.t. the "address" of that IPv4 address. (which is 99% voodoo  
as well.)

> Also despite what the content cartel say using a VPN to bypass
> georestrictions to get movies is not illegal, nor is it "piracy".
> Individuals are allowed to import content from other countries.  It
> is commercial importing that is banned.

While the end user may not be violating any law (other than their  
"contract" with Netflix), Netflix certainly is. They signed a contract  
that says they cannot send X to Romania / X is only allowed in the USA. In  
the end, they are allowing content to go where they agreed to not send it.  
They are legally required to do something about that. (or at least, *look*  
like they are.)

Netflix (and their licensees) know people are using HE tunnels to get  
around region restrictions. Their hands are tied; they have to show  
they're doing something to limit this.

All you can tell about a HE tunnel is the tunnel broker server that's  
hosting it. (it's in the hostname -- eg. ash1) Beyond that, you have  
absolutely no idea where in the universe the other end actually is. Plus,  
it can move in an instant... one DDNS update, and it's somewhere else.

--Ricky