120M : VPN

[General Maximus]

Quote:

Originally Posted by Jumping

I got PIA from that review

me too, it works a treat and it is nice to have the peace of mind if the various methods of anonymity they provide.

[gba93]

Quote:

Originally Posted by General Maximus

me too, it works a treat and it is nice to have the peace of mind if the various methods of anonymity they provide.

+1

[roughbeast]

Quote:

Originally Posted by trublue

For those of you who solely want a vpn to gain access to Netflix in the states should know that they are starting to crack down on anyone who uses a vpn or other tools to bypass geolocation restrictions.

http://torrentfreak.com/netflix-crac...orrentfreak%29

If I were in that position I would keep a couple of VPN addressees up my sleeve.

[qasdfdsaq]

It's easier for them to block than for you to subscribe to yet another service.

[pip08456]

From the linked torrentfreak report

"TorGuard told us that if Netflix continues with a strict ban policy, they will provide an easy solution to bypass the blocks"

[Ignitionnet]

Quote:

Originally Posted by pip08456

From the linked torrentfreak report

"TorGuard told us that if Netflix continues with a strict ban policy, they will provide an easy solution to bypass the blocks"

Of course they will. Isn't like they're trying to sell something to people so why would they lie about their product?

Netflix can block anything TorGuard can legally put out there sadly.

[Kushan]

Can does not mean will. It would cost a fortune to police every single VPN and proxy out there.

[Ignitionnet]

Quote:

Originally Posted by Kushan

Can does not mean will. It would cost a fortune to police every single VPN and proxy out there.

It could be done largely automatically with a minion to review and click the button.

Any time multiple connections are coming from different Netflix IDs on the same IP can raise eyebrows. Those connections coming from a datacentre ups the confidence level some more and the odds of a false positive can be reduced as residential IP pools are easy enough to find.

Using trials or even brief subscriptions to the VPNs to obtain endpoints is another possibility.

None of this requires massive technical skill or expensive and for a company of Netflix's size a full time compliance minion verifying the reports the security team generate shouldn't be a big deal.

It hasn't been done because Netflix haven't felt the need to get serious about it, much as the BBC haven't gotten serious on people using VPNs to view iPlayer. If the people they purchase rights from lean on them enough they'll get it sorted.

EDIT: Think about it this way - block the 'big' boys and people jump ship. Suddenly a new bunch of IP addresses start connecting en masse with lots of different Netflix IDs and appear in the reports. Repeat with the new outlier. Keep on going.

[Kushan]

Quote:

Originally Posted by Ignitionnet

It could be done largely automatically with a minion to review and click the button.

Any time multiple connections are coming from different Netflix IDs on the same IP can raise eyebrows. Those connections coming from a datacentre ups the confidence level some more and the odds of a false positive can be reduced as residential IP pools are easy enough to find.

Using trials or even brief subscriptions to the VPNs to obtain endpoints is another possibility.

None of this requires massive technical skill or expensive and for a company of Netflix's size a full time compliance minion verifying the reports the security team generate shouldn't be a big deal.

It hasn't been done because Netflix haven't felt the need to get serious about it, much as the BBC haven't gotten serious on people using VPNs to view iPlayer. If the people they purchase rights from lean on them enough they'll get it sorted.

EDIT: Think about it this way - block the 'big' boys and people jump ship. Suddenly a new bunch of IP addresses start connecting en masse with lots of different Netflix IDs and appear in the reports. Repeat with the new outlier. Keep on going.

If only it were that simple.

Quote:

Any time multiple connections are coming from different Netflix IDs on the same IP can raise eyebrows.

I'm not sure this happens as much as you think it does. A lot of the existing bypasses don't even use a VPN but simply fiddle with the DNS. So for a start, you have to be careful you know which IP's originate from which countries - something that isn't always accurate, but sure that's doable.

Next, you're assuming that VPN's don't have a swathe of IP's to route. I know a few that have plenty to put their customers on. Even if they don't, that's short term at best as Netflix fully supports IPv6 and it would be trivial to tunnel traffic through that, even to clients that don't support it. Good luck filtering that by volume.

Quote:

Those connections coming from a datacentre ups the confidence level some more and the odds of a false positive can be reduced as residential IP pools are easy enough to find.

How do you know it's coming from a datacentre? An IP doesn't give you any indication of where it's physically located and is not an identifier of anything other than a machine. This has gone through courts multiple times in multiple countries and they generally come to the same conclusions - IPs do not identify people.

Quote:

It hasn't been done because Netflix haven't felt the need to get serious about it, much as the BBC haven't gotten serious on people using VPNs to view iPlayer. If the people they purchase rights from lean on them enough they'll get it sorted.

This much is true, Netflix doesn't care, but they're feeling pressure from the media companies who are stuck in the dark ages.

Quote:

EDIT: Think about it this way - block the 'big' boys and people jump ship. Suddenly a new bunch of IP addresses start connecting en masse with lots of different Netflix IDs and appear in the reports. Repeat with the new outlier. Keep on going.

Again, see above. It wouldn't make business sense for a VPN to lose all those customers without doing something about it - and there's plenty they could do.

Like I said before, it's possible, but it's just not feasible.

[qasdfdsaq]

Quote:

Originally Posted by Kushan

If only it were that simple.

I agree with Ignition. It is that simple.

Quote:

I'm not sure this happens as much as you think it does. A lot of the existing bypasses don't even use a VPN but simply fiddle with the DNS. So for a start, you have to be careful you know which IP's originate from which countries - something that isn't always accurate, but sure that's doable.

It's a lot easier than you think. All IP addresses are allocated to specific countries and specific entities in that country by global, then regional regulatory authorities. Nobody can simply pick an IP out of the air and use it.

Quote:

Next, you're assuming that VPN's don't have a swathe of IP's to route. I know a few that have plenty to put their customers on.

Again, all IPs must be officially registered with the relevant regulatory body. Allocations are usually done in blocks, and information on who owns what block is freely available from the regulators. Once you find an offending body it's trivial to list every IP that company is allowed to use and ban them all.

Quote:

How do you know it's coming from a datacentre? An IP doesn't give you any indication of where it's physically located and is not an identifier of anything other than a machine.

An IP address also identifies the company that owns it.

Quote:

Like I said before, it's possible, but it's just not feasible.

I disagree. If they were lazy they could just whitelist the major US ISPs and block everything else.

[Kushan]

Quote:

Originally Posted by qasdfdsaq

It's a lot easier than you think. All IP addresses are allocated to specific countries and specific entities in that country by global, then regional regulatory authorities. Nobody can simply pick an IP out of the air and use it.

And yet, every single IP database out there has errors and omissions in it.

Quote:

Originally Posted by qasdfdsaq

Again, all IPs must be officially registered with the relevant regulatory body. Allocations are usually done in blocks, and information on who owns what block is freely available from the regulators. Once you find an offending body it's trivial to list every IP that company is allowed to use and ban them all.

Yet they couldn't even do that with the pirate bay?

Quote:

Originally Posted by qasdfdsaq

An IP address also identifies the company that owns it.

Which is not necessarily the company that's using it.

Quote:

Originally Posted by qasdfdsaq

I disagree. If they were lazy they could just whitelist the major US ISPs and block everything else.

And block thousands and thousands of legitimate customers. Plus that would sort of go against the whole net-neutrality thing.

[qasdfdsaq]

Quote:

Originally Posted by Kushan

And yet, every single IP database out there has errors and omissions in it.

There is only one official database.

Quote:

Yet they couldn't even do that with the pirate bay?

They could and did - The Pirate Bay itself was blocked pretty easily. Numerous proxies sprung up which were run in different countries by different people, which poses a different sort of target than one VPN provider, and to be fair, dozens of those have been blocked now too.

Quote:

Which is not necessarily the company that's using it.

It's the only company legally allowed to use it, bar delegation and sub-assignment which require the owner information to be updated.

Quote:

And block thousands and thousands of legitimate customers. Plus that would sort of go against the whole net-neutrality thing.

They've already said they're perfectly happy blocking "legitimate" users sharing the same VPN. And Netflix aren't exactly glowing beacons of net neutrality, seeing as they have several premium payment arrangements with various ISPs so that their content can get delivered faster.

[pip08456]

Quote:

Originally Posted by qasdfdsaq

They've already said they're perfectly happy blocking "legitimate" users sharing the same VPN. And Netflix aren't exactly glowing beacons of net neutrality, seeing as they have several premium payment arrangements with various ISPs so that their content can get delivered faster.

Looks like they've changed their mind on that one.


But Netflix says there’s nothing new about its strategy, and maintains that it’s OK for subscribers to use virtual private networks (VPNs) as long as they can be verified as accessing the service within the country they’re authorized for.

(scource http://variety.com/2015/digital/news...rs-1201392527/)

[qasdfdsaq]

That's not really changed their mind - they're being forced by content providers to block VPNs that are "created for the primary intent of bypassing geo-restrictions". If a legitimate user is using a VPN the media companies have determined to be "created for the primary intent of bypassing geo-restrictions" then they're gonna* get blocked.

*Probably.

[Ignitionnet]

Quote:

Originally Posted by pip08456

But Netflix says there’s nothing new about its strategy, and maintains that it’s OK for subscribers to use virtual private networks (VPNs) as long as they can be verified as accessing the service within the country they’re authorized for.

Easy enough - a swift cross-reference of billing address against the Netflix localisation the subscriber is trying to use.