Netflix VPN detection - actual engineer needed
Ricky Beam
jfbeam at gmail.com
Mon Jun 6 21:53:58 UTC 2016
On Sun, 05 Jun 2016 19:35:27 -0400, Mark Andrews <marka at isc.org> wrote:
> It is a attack on HE. HE also provides stable user -> address
> mappings so you can do fine grained geo location based on HE IPv6
> addresses.
They may be "fine grained", but they are still lies. One's tunnel can be
terminated from *anywhere*, at *anytime*. HE doesn't publish the IPv4
address of the tunnel endpoint, nor do they update any public facing
registry w.r.t. the "address" of that IPv4 address. (which is 99% voodoo
as well.)
> Also despite what the content cartel say using a VPN to bypass
> georestrictions to get movies is not illegal, nor is it "piracy".
> Individuals are allowed to import content from other countries. It
> is commercial importing that is banned.
While the end user may not be violating any law (other than their
"contract" with Netflix), Netflix certainly is. They signed a contract
that says they cannot send X to Romania / X is only allowed in the USA. In
the end, they are allowing content to go where they agreed to not send it.
They are legally required to do something about that. (or at least, *look*
like they are.)
Netflix (and their licensees) know people are using HE tunnels to get
around region restrictions. Their hands are tied; they have to show
they're doing something to limit this.
All you can tell about a HE tunnel is the tunnel broker server that's
hosting it. (it's in the hostname -- eg. ash1) Beyond that, you have
absolutely no idea where in the universe the other end actually is. Plus,
it can move in an instant... one DDNS update, and it's somewhere else.
--Ricky
More information about the NANOG
mailing list