Netflix VPN detection - actual engineer needed

joel jaeggli joelja at bogus.com
Wed Jun 8 17:25:00 UTC 2016


On 6/8/16 9:13 AM, Owen DeLong wrote:
> As of last week, I still wasn’t getting an IPv6 address by default on my iPhone 6S+
> on T-Mobile.

turn off mobile hotspot...

> Just saying.
> 
> Owen
> 
>> On Jun 7, 2016, at 11:00 AM, Ca By <cb.list6 at gmail.com> wrote:
>>
>> On Tuesday, June 7, 2016, Cryptographrix <cryptographrix at gmail.com> wrote:
>>
>>> Very true - I was being a bit extremist out of frustration, but I think
>>> you're spot on - he.net tunnels and even 6to4 are toys to provide IPv6
>>> support, not actually IPv6 support.
>>>
>>> And I'm quite frustrated because there's so little actual v6 support, and
>>> I *do* actually need it on a daily basis for work.
>>>
>>> Because there's no actual ISP IPv6 support anywhere else (in parts of the
>>> US that *have* multiple ISPs), you can't even make the case to your ISP
>>> that it's a legitimate requirement for you because they know you're not
>>> really going to get v6 elsewhere.
>>>
>>>
>> I think we have different definitions of "no actual isp ipv6 support"
>>
>> Again, a helpful akamai blog
>> https://blogs.akamai.com/2016/06/four-years-since-world-ipv6-launch-entering-the-mainstream.html
>>
>> fixed line: Comcast, AT&T, TWC, just to name the largest in the nation have
>> meaningful deployments of ipv6. The only thing holding back greater
>> deployment for those networks are legacy CPE that will age out slowly.
>>
>> All 4 of the national mobile operator have ipv6 default on for most
>> new phone models.
>>
>> Yes, many gaps to fill still. But, on "my network" with shy of 70 million
>> users, everything has ipv6 except the iPhone, and that will change RSN. And
>> for users with v6, the majority of their traffic is ipv6 e2e since the
>> whales (google, fb, netflix, increasingly Akamai) are dual stack.
>>
>> CB
>>
>>
>>>
>>>
>>> On Tue, Jun 7, 2016 at 10:22 AM Ca By <cb.list6 at gmail.com
>>> <javascript:_e(%7B%7D,'cvml','cb.list6 at gmail.com');>> wrote:
>>>
>>>>
>>>>
>>>> On Tuesday, June 7, 2016, Cryptographrix <cryptographrix at gmail.com
>>>> <javascript:_e(%7B%7D,'cvml','cryptographrix at gmail.com');>> wrote:
>>>>
>>>>> As I said to Netflix's tech support - if they advocate for people to turn
>>>>> off IPv6 on their end, maybe Netflix should stop supporting it on their
>>>>> end.
>>>>>
>>>>> It's in the air whether it's just an HE tunnel issue or an IPv6 issue at
>>>>> the moment, and if their tech support is telling people to turn off IPv6,
>>>>> maybe they should just instead remove their AAAA records.
>>>>>
>>>>> (or fail back to ipv4 when v6 looks like a tunnel)
>>>>>
>>>>>
>>>> I think you need to reset your expectations of a free tunnel service.
>>>>
>>>> he.net tunnels are a toy for geeks looking to play with v6. In terms of
>>>> Netflix subcriber base, it is amazing insignificant number of users.
>>>>
>>>> At the end of the day, anonymous tunnels, just like linux, are not
>>>> supported by Netflix. And, he.net tunnel users are hurting ipv6 overall
>>>> just like 6to4 by injecting FUD and other nonesense complexity.... For a
>>>> toy.
>>>>
>>>> Move on to a real issue instead of beating this dead horse.
>>>>
>>>> CB
>>>>
>>>>
>>>>>
>>>>>
>>>>> On Tue, Jun 7, 2016 at 9:22 AM Mark Felder <feld at feld.me> wrote:
>>>>>
>>>>>>
>>>>>>> On Jun 6, 2016, at 22:25, Spencer Ryan <sryan at arbor.net> wrote:
>>>>>>>
>>>>>>> The tunnelbroker service acts exactly like a VPN. It allows you,
>>>>> from any
>>>>>>> arbitrary location in the world with an IPv4 address, to bring
>>>>> traffic
>>>>>> out
>>>>>>> via one of HE's 4 POP's, while completely masking your actual
>>>>> location.
>>>>>>>
>>>>>>
>>>>>> Perhaps Netflix should automatically block any connection that's not
>>>>> from
>>>>>> a known residential ISP or mobile ISP as anything else could be a
>>>>> server
>>>>>> someone is proxying through. It's very easy to get these subnets -- the
>>>>>> spam filtering folks have these subnets well documented. /s
>>>>>>
>>>>>> --
>>>>>>  Mark Felder
>>>>>>  feld at feld.me
>>>>>>
>>>>>>
>>>>>
>>>>
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 229 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160608/5fe31426/attachment.sig>


More information about the NANOG mailing list