Netflix VPN detection - actual engineer needed

Wed Jun 8 16:13:28 UTC 2016

As of last week, I still wasn’t getting an IPv6 address by default on my iPhone 6S+
on T-Mobile.

Just saying.

Owen

> On Jun 7, 2016, at 11:00 AM, Ca By <cb.list6 at gmail.com> wrote:
> 
> On Tuesday, June 7, 2016, Cryptographrix <cryptographrix at gmail.com> wrote:
> 
>> Very true - I was being a bit extremist out of frustration, but I think
>> you're spot on - he.net tunnels and even 6to4 are toys to provide IPv6
>> support, not actually IPv6 support.
>> 
>> And I'm quite frustrated because there's so little actual v6 support, and
>> I *do* actually need it on a daily basis for work.
>> 
>> Because there's no actual ISP IPv6 support anywhere else (in parts of the
>> US that *have* multiple ISPs), you can't even make the case to your ISP
>> that it's a legitimate requirement for you because they know you're not
>> really going to get v6 elsewhere.
>> 
>> 
> I think we have different definitions of "no actual isp ipv6 support"
> 
> Again, a helpful akamai blog
> https://blogs.akamai.com/2016/06/four-years-since-world-ipv6-launch-entering-the-mainstream.html
> 
> fixed line: Comcast, AT&T, TWC, just to name the largest in the nation have
> meaningful deployments of ipv6. The only thing holding back greater
> deployment for those networks are legacy CPE that will age out slowly.
> 
> All 4 of the national mobile operator have ipv6 default on for most
> new phone models.
> 
> Yes, many gaps to fill still. But, on "my network" with shy of 70 million
> users, everything has ipv6 except the iPhone, and that will change RSN. And
> for users with v6, the majority of their traffic is ipv6 e2e since the
> whales (google, fb, netflix, increasingly Akamai) are dual stack.
> 
> CB
> 
> 
>> 
>> 
>> On Tue, Jun 7, 2016 at 10:22 AM Ca By <cb.list6 at gmail.com
>> <javascript:_e(%7B%7D,'cvml','cb.list6 at gmail.com');>> wrote:
>> 
>>> 
>>> 
>>> On Tuesday, June 7, 2016, Cryptographrix <cryptographrix at gmail.com
>>> <javascript:_e(%7B%7D,'cvml','cryptographrix at gmail.com');>> wrote:
>>> 
>>>> As I said to Netflix's tech support - if they advocate for people to turn
>>>> off IPv6 on their end, maybe Netflix should stop supporting it on their
>>>> end.
>>>> 
>>>> It's in the air whether it's just an HE tunnel issue or an IPv6 issue at
>>>> the moment, and if their tech support is telling people to turn off IPv6,
>>>> maybe they should just instead remove their AAAA records.
>>>> 
>>>> (or fail back to ipv4 when v6 looks like a tunnel)
>>>> 
>>>> 
>>> I think you need to reset your expectations of a free tunnel service.
>>> 
>>> he.net tunnels are a toy for geeks looking to play with v6. In terms of
>>> Netflix subcriber base, it is amazing insignificant number of users.
>>> 
>>> At the end of the day, anonymous tunnels, just like linux, are not
>>> supported by Netflix. And, he.net tunnel users are hurting ipv6 overall
>>> just like 6to4 by injecting FUD and other nonesense complexity.... For a
>>> toy.
>>> 
>>> Move on to a real issue instead of beating this dead horse.
>>> 
>>> CB
>>> 
>>> 
>>>> 
>>>> 
>>>> On Tue, Jun 7, 2016 at 9:22 AM Mark Felder <feld at feld.me> wrote:
>>>> 
>>>>> 
>>>>>> On Jun 6, 2016, at 22:25, Spencer Ryan <sryan at arbor.net> wrote:
>>>>>> 
>>>>>> The tunnelbroker service acts exactly like a VPN. It allows you,
>>>> from any
>>>>>> arbitrary location in the world with an IPv4 address, to bring
>>>> traffic
>>>>> out
>>>>>> via one of HE's 4 POP's, while completely masking your actual
>>>> location.
>>>>>> 
>>>>> 
>>>>> Perhaps Netflix should automatically block any connection that's not
>>>> from
>>>>> a known residential ISP or mobile ISP as anything else could be a
>>>> server
>>>>> someone is proxying through. It's very easy to get these subnets -- the
>>>>> spam filtering folks have these subnets well documented. /s
>>>>> 
>>>>> --
>>>>>  Mark Felder
>>>>>  feld at feld.me
>>>>> 
>>>>> 
>>>> 
>>> 