Re: netflix proxy/unblocker false detection

[Owen DeLong <owen () delong com>]

> On Jun 26, 2020, at 12:32 , Grant Taylor via NANOG <nanog () nanog org> wrote:
>
> On 6/26/20 12:08 PM, Brandon Jackson via NANOG wrote:
> > Correct they block HE.net's tunnel broker IP's because they practically are at least for the sense of geo 
> > restrictions "VPN" that can be used to get around said geo restriction.
>
> I want to agree, but I can't.  Move up the stack.  I pay my bill with a CC which has my billing address.  I would 
> even be willing to tell Netflix my home address directly.

Yes, but it doesn’t matter where you live… It matters where you are watching at the moment.

When I travel internationally, I guarantee you I get an entirely different Netflix experience than when I am at home. 
That’s what content creators what for reasons passing understanding.

They want control over where you can view their content, not who can view it.

> If they are willing to trust the CC information to take my money, then they should also be willing to trust the 
> information for my service address.

Not that simple. Your phone, iPad, and Laptop aren’t reliably at your service address. No guarantee that the desktop or 
television you are using is at your service address, either.

> If I want to use my Hurricane Electric IPv6 tunnel, to watch content that matches my stated address which matches my 
> CC billing address, which matches my IPv4 address (region), then why the REDACTED can't I do so over my HE IPv6 
> tunnel?

Because you might not actually be in the licensing region containing your service address at the time.

> I would even be willing to go through a physical snail mail confirmation loop.  I'll even pay a nominal fee to do so.

That’s only going to prove where you live, not where you are at the time of viewing.

> I want to watch content available in my region while I'm at the associated address.  Why can't I?

You can. But what if you’re not at the associated address? I can use an HE tunnel terminated and numbered in Los 
Angeles from Brazil or Moscow or Tokyo or…

I can even use the same tunnel from all of those locations.

Personally I think all this geofencing is stupid, wasteful, and yet another example of just how truly broken the whole 
concept of DRM is. I’m not defending it, but I can at least
(Hopefully) explain the argument that is driving this.

> I think that blindly blocking Hurricane Electric IPv6 tunnels "because they can be used as a VPN" is an old way of 
> thinking and completely fails to take other parts of the stack into account.

Not really… You can still use an HE tunnel as a VPN to get around geofencing of content so long as your HE tunnel 
address isn’t blocked.

> Netflix's blocking of HE IPv6 tunnels is preventing many people in the U.S.A. that have a non-IPv6-ISP from being 
> able to use IPv6.  I've even heard of people actively not using IPv6 because of Netflix.

That’s unfortunate and needs to be reported more widely in hopes of getting this situation resolved.

> > As much as I hate it as I use said tunnel service it is understandable
>
> I disagree.

No, really, it is… It’s awful, but unless you want even less streaming content available on Netflix, it’s the reality 
inflicted by the content producers.

The good news is that Netflix (at least so far) isn’t playing these stupid games with their own content and they’ve 
been bringing some darn good stuff under their label.

Tragically, the IPv6 tunnel blocking seems to have been implemented as an all or nothing. Personally, I think Netflix 
should offer geo-unrestricted content to IPv6 tunnel users and note that the other content is unavailable because 
tunnel locations are unreliable.

That should placate the studio jack holes responsible for this mess while still allowing studios that don’t play these 
stupid games a better foothold with IPv6 tunnel users.

Personally, I’d like to see the Netflix UI upgraded so that you could have the option of indexing all content (whether 
you could view it or not) and each time you clicked on something you weren’t allowed to view, it provided contact 
information for the responsible party setting the restriction. Unfortunately, I suspect that the majority of users 
wouldn’t enjoy this opportunity for commercial activism, so I understand why Netflix doesn’t do this.

> > I don't really blame Netflix for this,
>
> I do.

Your blame is misplaced to some extent. I agree there are things Netflix could do better here (see above), but in 
general, the root cause of this is stupid restrictions placed on content by the producers.

> > I blame the content producer/owners and the industry as a whole for mandating such restrictive practices.
>
> Are the content producers / owners mandating "Block Hurricane Electric IPv6 tunnels" or are they mandating "Block 
> playback to people that are outside of the playback region”?

Pretty much.

Netflix use to treat tunnels as local to their registered region and the studios came at them hard claiming that was 
inadequate. After multiple attempts at addressing the problem lightly, it turns out that it’s virtually impossible for 
Netflix to distinguish between a tunnel in Los Angeles that emerges on a router/host in Tokyo from one that emerges on 
a host in San Diego.

> My opinion is that Netflix is taking the low road as an easy way out while trying to shift blame to someone else.

They really aren’t. I watched this evolve over time and Netflix really did try the lightest touches they could at first 
and for several rounds. The studios really pinned them to the wall and any address which doesn’t have pretty reliable 
deterministic geolocation is going to get flagged.

Again, there are things I think Netflix could do (e.g. not completely disabling Netflix, but just removing all the 
geofenced content from the UI with an explanation of why), but again, that’s a complicated thing to try and explain to 
the average end user and it’s likely Netflix would lose that battle on both active fronts… The content producers that 
got implicated and incurred additional wrath from users would take it out on Netflix for identifying them and the users 
would probably still be pissed at Netflix even if they understood what happened.


> > Using that as an argument against Netflix for bad labeling of IP blocks at least in terms of IPv6 is not fair.
>
> I completely believe that Netflix could do a LOT better than they are doing now.

I can’t disagree with this, but it really isn’t as simple as you imply.

Owen