Re: netflix proxy/unblocker false detection
> There is nothing to stop Netflix from probing a mixture of IPv4 and IPv6 > during the same video playing session. Thus they could correlate the IPv6 > with the IPv4 which correlates with my CC which correlates with my address on > file. This only works in environments that have both IPv4 and IPv6. Further, with CGN, your IPv4 address visible to Netflix is likely to represent an ever increasing geographic area in the coming years. They aren’t blocking all IPv6, just certain things like HE tunnels. If your provider implements native IPv6, you shouldn’t have any issues. If you _REALLY_ want a workaround for IPv6 over an HE tunnel, it is doable… If you get a /48 from ARIN (dirt simple to do and currently $150/year with a $500 initial cost IIRC) and set up a BGP tunnel with HE, you’ll be all set. Those seem to pass muster for Netflix Geolocation because the addresses don’t look like a tunnel to them. This does require you to have at least one public dedicated IPv4 address from your ISP, but that’s true for any HE tunnel, so if you get stuck behind CGN, your other HE tunnel options will evaporate as well. > I firmly believe that Netflix /could/ solve IPv6 playback, even through VPN, > if they wanted to. I completely believe that Netflix is capable of solving > this. I also completely believe that Netflix doesn't give a REDACTED and > chooses to ignore this problem. OK.. Assume the following: 1. Some users want to violate geofencing. 2. HE tunnel endpoints are easily updated (this is a fact more than an assumption) 3. It’s quite simple to use the same tunnel registered in a particular location in a variety of countries on several continents. (I haven’t don this for Netflix, but I have done it for IPv6 training purposes, I have a portable IPv6 classroom which uses an HE tunnel for the IPv6 routing. It uses a single IPv4 address at the site where the class is being taught and works the rest out either through NAT (IPv4) or HE Tunnel (IPv6).) How, from the Netflix side of the equation, do you determine where the tunnel actually terminates? Not where it’s registered, but where it actually terminates. How do you do this with sufficient reliability that studios who have lots of money to try the same tricks can’t easily produce enough proof that it’s easy to circumvent and you are in breech of contract and subject to significant penalties? > Instead, they choose to foist the problem onto other parties. Or pass the > blame. Again, the solutions you think easily solve this really aren’t viable. You’re looking from the very narrow perspective of your situation. The problem is that everyone with an HE tunnel isn’t in your situation and there’s no reliable way for Netflix to tell them apart. >> And too many content owners care very much where you are right this >> instant. > > Nope. I disagree. Oh, trust me, content owners are ape about this shit. They really do care. > I can just as easily extend my IPv4 address through a VPN as I can an IPv6 > address. -- Performance may suffer, but that's a different issue. Yes, but when you extend your IPv4 address through a VPN, that’s nearly impossible for them to detect. OTOH, if you use an address known to be associated with one of the many IPv4 VPN services out there, it’s not unlikely for them to block that too. > I can use my home's IPv4 address, which is GeoIP located to the same area as > my home which matches my CC billing address, can be used anywhere in the > world. Again, it comes down to detection. First, it actually requires some sophistication to do what you’re suggesting. Not a lot, but some. It takes almost nothing to do an HE tunnel. In fact, several portable routers will do HE tunnels semi-automatically through the HE API. If the studios could figure out a way to block what you’re suggesting, believe me, they’d foist that on to Netflix as well. OTOH, it’s easy to detect an HE addressed HE tunnel and those have a relatively low fraction of legitimate users compared to the numbers intent on circumventing geofencing. > So ... if I can use my IPv4 address outside of where Netflix thinks that I am > at, why is my IPv6 address any different? Because they don’t have a way to KNOW about your IPv4 address mobility. They can’t easily detect it. OTOH, your HE tunnel IPv6 address is easily detected. > I completely believe that there are technical solutions to this problem. I > also completely agree that Netflix is choosing to ignore them. OK… Explain one that you think is feasible across the entire spectrum of Netflix’s user base that will keep the studios off their case. >> Because they are unreasonable luddites who think that geographic monopolies >> make good business sense. > > As stated above, where the Luddites, or Netflix as their agent, thinks my IP > is located is actually divorced
Re: netflix proxy/unblocker false detection
> On Jun 26, 2020, at 12:32 , Grant Taylor via NANOG wrote: > > On 6/26/20 12:08 PM, Brandon Jackson via NANOG wrote: >> Correct they block HE.net's tunnel broker IP's because they practically are >> at least for the sense of geo restrictions "VPN" that can be used to get >> around said geo restriction. > > I want to agree, but I can't. Move up the stack. I pay my bill with a CC > which has my billing address. I would even be willing to tell Netflix my > home address directly. Yes, but it doesn’t matter where you live… It matters where you are watching at the moment. When I travel internationally, I guarantee you I get an entirely different Netflix experience than when I am at home. That’s what content creators what for reasons passing understanding. They want control over where you can view their content, not who can view it. > If they are willing to trust the CC information to take my money, then they > should also be willing to trust the information for my service address. Not that simple. Your phone, iPad, and Laptop aren’t reliably at your service address. No guarantee that the desktop or television you are using is at your service address, either. > If I want to use my Hurricane Electric IPv6 tunnel, to watch content that > matches my stated address which matches my CC billing address, which matches > my IPv4 address (region), then why the REDACTED can't I do so over my HE IPv6 > tunnel? Because you might not actually be in the licensing region containing your service address at the time. > I would even be willing to go through a physical snail mail confirmation > loop. I'll even pay a nominal fee to do so. That’s only going to prove where you live, not where you are at the time of viewing. > I want to watch content available in my region while I'm at the associated > address. Why can't I? You can. But what if you’re not at the associated address? I can use an HE tunnel terminated and numbered in Los Angeles from Brazil or Moscow or Tokyo or… I can even use the same tunnel from all of those locations. Personally I think all this geofencing is stupid, wasteful, and yet another example of just how truly broken the whole concept of DRM is. I’m not defending it, but I can at least (Hopefully) explain the argument that is driving this. > I think that blindly blocking Hurricane Electric IPv6 tunnels "because they > can be used as a VPN" is an old way of thinking and completely fails to take > other parts of the stack into account. Not really… You can still use an HE tunnel as a VPN to get around geofencing of content so long as your HE tunnel address isn’t blocked. > Netflix's blocking of HE IPv6 tunnels is preventing many people in the U.S.A. > that have a non-IPv6-ISP from being able to use IPv6. I've even heard of > people actively not using IPv6 because of Netflix. That’s unfortunate and needs to be reported more widely in hopes of getting this situation resolved. >> As much as I hate it as I use said tunnel service it is understandable > > I disagree. No, really, it is… It’s awful, but unless you want even less streaming content available on Netflix, it’s the reality inflicted by the content producers. The good news is that Netflix (at least so far) isn’t playing these stupid games with their own content and they’ve been bringing some darn good stuff under their label. Tragically, the IPv6 tunnel blocking seems to have been implemented as an all or nothing. Personally, I think Netflix should offer geo-unrestricted content to IPv6 tunnel users and note that the other content is unavailable because tunnel locations are unreliable. That should placate the studio jack holes responsible for this mess while still allowing studios that don’t play these stupid games a better foothold with IPv6 tunnel users. Personally, I’d like to see the Netflix UI upgraded so that you could have the option of indexing all content (whether you could view it or not) and each time you clicked on something you weren’t allowed to view, it provided contact information for the responsible party setting the restriction. Unfortunately, I suspect that the majority of users wouldn’t enjoy this opportunity for commercial activism, so I understand why Netflix doesn’t do this. >> I don't really blame Netflix for this, > > I do. Your blame is misplaced to some extent. I agree there are things Netflix could do better here (see above), but in general, the root cause of this is stupid restrictions placed on content by the producers. >> I blame the content producer/owners and the industry as a whole for >> mandating such restrictive practices. > > Are the content producers / owners mandating "Block Hurricane Electric IPv6 > tunnels" or are they mandating "Block playback to people that are outside of > the playback region”? Pretty much. Netflix use to treat tunnels as local to their registered region and the studios came at them hard claiming that was inade
Re: netflix proxy/unblocker false detection
On Fri, 26 Jun 2020 10:21:47 +0200, Mark Tinka said: > Sadly, PlayStation still don't support IPv6. Hopefully, it comes with > the PS5, although I see no reason why the PS4 and PS3 can't. The PS/4 will in fact dhcpv6 at startup, and it will answer pings from both on subnet and from elsewhere, and will properly hand you an RST when there's nobody listening on a TCP port, and a port unreachable for a UDP port. So it's very much a "lights are on but nobody's home" because nothing is using an IPv6 port. One big reason that PS4 doesn't use IPv6 is that although the OS supports it, the developer toolkit doesn't have that API in it, so no games or apps can use it without an incredible amount of pain and suffering. It wouldn't help games that want to talk to Playstation Network until Sony got *that* part working, but if the API was there at least things like the Netflix and Hulu and similar apps could use it pgpEx0LLWYFUs.pgp Description: PGP signature
Re: netflix proxy/unblocker false detection
On 28/Jun/20 19:37, Randy Bush wrote: > think of the burden on the netflix customer support of HE's IPv6 > tunnels. I wasn't aware about the HE situation and Netflix. I just learned about this via this thread. I understand why they are blocking those tunnels. Mark.
Re: netflix proxy/unblocker false detection
> If you don't use some kind of device to connect to Netflix, if you > have a reasonably modern TV that supports a native Netflix app as > well as IPv6, you'd be good to go. think of the burden on the netflix customer support of HE's IPv6 tunnels. randy