Re: The great Netflix vpn debacle! (geofeeds)

[Owen DeLong via NANOG <nanog () nanog org>]

> On Aug 31, 2021, at 16:32 , Jeroen Massar <jeroen () massar ch> wrote:
>
> On 2021-09-01 01:13, Owen DeLong via NANOG wrote:
> > You just broke 99% of the smart television sets in people’s homes, unfortunately.
>
> If only everybody would not get a separate box, be that a AppleTV, a Playstation, a XBox, Chromecast, ... or many 
> other options.
>
> Fun part being that it is hard to get a Dumb TV... though that is primarily simply because of all the tracking 
> non-sense in them that makes them 'cheaper'... (still wonder how well that tracking stuff complies with GDPR, I am 
> thinking it does not ... Schrems anyone? :) )

Interestingly, no, it’s easy to get a “dumb TV” these days… We just call them “monitors”. I have two of them (one on 
either side) of my iMAC as I write this. (Makes for great X-Plane flying visuals.

On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it 
was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than 
the 27” televisions which didn’t do 4K only 1080p, but I digress).

> > That will resolve itself over time, of course, as sets are replaced, but anyone with
> > a set that is more than ~3 years old is mostly unlikely to have IPv6 support in it and
> > the vendors are ALL universally terrible about updating firmware.
>
> Quite a bit of Android TV out there too.... and we all know how well that supports DHCPv6... ;)

Does DHCPv6 really matter in a home? Really? I mean, I understand the NAC argument in the
corporate LAN environment, but the average household user can’t even spell NAC, let alone
implement an 802.1X stack.

> Btw, geofeeds are getting fetched by some entities.

I presume geofeeds are getting fetched by many entities, but I’m not sure what the point of that is.

> I've seen at least Dataprovider.com and DB-IP, others that fetch the CSV don't bother to set UA to something unique, 
> thus one sees curl + axios coming by for instance, which does not tell much; but apparently we have to give up on UAs 
> anyway, even though they are great for things like bots where one can have a wee bit of contact details in the line.

Yeah, Safari can now be trained to lie about it’s UA in developer mode easily. I presume this is true in Crome, 
Firefox, and just about anything else as well. It’s behind the drop-down panel to keep the adults out of the VCR, but 
it’s easily visible to any kid that would know how to program a VCR.


> For instance DB-IP does regular updates of their code (rXXXX) and fetches quite often:
>
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:32:09 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6499"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:02:14 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6499"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:11:11 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6500"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:42:15 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6500"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:21:59:46 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6501"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:01:24:28 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6501"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:04:43:01 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6501"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:05:11:05 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6501"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:05:23:18 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6502"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:02:49:59 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6502"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:22:23 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6504"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:55:04 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6504"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:21:26 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6507"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:51:20 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip 
> geofeed updater r6507"
>
> and looking up the IPs in DB-IP.com indeed nicely shows the locations configured in the geofeed, thus that is 
> succesful.

I guess, but what do they do in terms of their “It’s a VPN” or “Not a VPN” service?

> But I am fairly sure that they will mark things as VPN if they get a sniff of that; though "VPN" seems to mean 
> "Virtual Public Network", not the Private of days gone...

A little of both these days.

I’m still holding out for DOHOTOROUDPOIPOGREOIPSECOIP for name resolution.

(I’m really not, just my twisted brand of cynical disgust at the everything->HTTPs trend)


Owen