Netflix VPN detection - actual engineer needed

• Previous message (by thread): Netflix VPN detection - actual engineer needed
• Next message (by thread): Netflix VPN detection - actual engineer needed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 06 Jun 2016 19:41:14 -0400, Mark Andrews <marka at isc.org> wrote:
> What lie?  Truly who is lying here.  Not the end user.  Not HE.  There is
> no requirement to report physical location.

The general lie that is IP Geolocation. HE only has what I tell them (100%  
unverified), and what MaxMind (et.al.) tell them (~95% unverified.) They  
know my IPv4 endpoint address, but that doesn't give them a concrete  
street address -- they're guessing in exactly the same way everyone else  
does. And more to the point, HE doesn't share that information with  
anyone. (whois is populated with your account information. they don't ask  
where your tunnels are going.)

> Are they legally required to go to this level?

Possibly, but Netflix isn't going to push this. Win or Lose, they still  
lose distribution rights.

>> Netflix (and their licensees) know people are using HE tunnels to get
>> around region restrictions. Their hands are tied; they have to show
>> they're doing something to limit this.
>
> No, they do not know.  The purpose of HE tunnels is to get IPv6 service.
> The fact that the endpoints are in different countries some of the time
> is incidental to that.

YES. THEY. DO. There have been entire COMPANIES doing this. (which is  
likely what sparked this level of response.) Neither HE nor Netflix are  
naming names, but a short walk through the more colorful parts of the  
internet should be enlightening.

> Garbage.  You have to establish the tunnel which requires registering
> a account.  It also requires a machine at the other end.  Virtual
> or physical they don't move around the world in a DDNS update. The
> addresses associated with a tunnel don't change for the life of
> that tunnel.

True. 'tho, you can list any nonsense address you want. They do nothing to  
validate it. (Use my favorite BS address: Independence MT -- pop: zero.  
It's a dirt road across a mountain in the middle of absolutely nowhere.  
Google it!)

The tunnel endpoint (your IPv4 address) is known only to HE, and not  
exposed to ANYONE. That's not going to EVER change. Once your tunnel has  
been setup, that address ("Client IPv4 Address") is not set in stone.  
People have dynamic addresses, and HE recognizes this, so there are  
numerous methods to change the tunnel endpoint address. (tunnel  
configuration page, update through an http(s) request, etc.) THUS, a  
tunnel can move; it can be terminated anywhere, at anytime. Not only can  
one update the endpoint to a different address on the same box, but to a  
completely different box entirely.

Furthermore, one account can have several tunnels through different  
servers that present addresses from different regions. Where I appear to  
be in the world, thus, depends on which tunnel I have enabled. (and in  
which countries HE has prefixes, which currently appears to be 4)

• Previous message (by thread): Netflix VPN detection - actual engineer needed
• Next message (by thread): Netflix VPN detection - actual engineer needed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]