> On Jun 26, 2020, at 12:32 , Grant Taylor via NANOG <nanog@nanog.org> wrote:
>
> On 6/26/20 12:08 PM, Brandon Jackson via NANOG wrote:
>> Correct they block HE.net's tunnel broker IP's because they practically are
>> at least for the sense of geo restrictions "VPN" that can be used to get
>> around said geo restriction.
>
> I want to agree, but I can't. Move up the stack. I pay my bill with a CC
> which has my billing address. I would even be willing to tell Netflix my
> home address directly.
Yes, but it doesn’t matter where you live… It matters where you are watching at
the moment.
When I travel internationally, I guarantee you I get an entirely different
Netflix experience than when I am at home. That’s what content creators what
for reasons passing understanding.
They want control over where you can view their content, not who can view it.
> If they are willing to trust the CC information to take my money, then they
> should also be willing to trust the information for my service address.
Not that simple. Your phone, iPad, and Laptop aren’t reliably at your service
address. No guarantee that the desktop or television you are using is at your
service address, either.
> If I want to use my Hurricane Electric IPv6 tunnel, to watch content that
> matches my stated address which matches my CC billing address, which matches
> my IPv4 address (region), then why the REDACTED can't I do so over my HE IPv6
> tunnel?
Because you might not actually be in the licensing region containing your
service address at the time.
> I would even be willing to go through a physical snail mail confirmation
> loop. I'll even pay a nominal fee to do so.
That’s only going to prove where you live, not where you are at the time of
viewing.
> I want to watch content available in my region while I'm at the associated
> address. Why can't I?
You can. But what if you’re not at the associated address? I can use an HE
tunnel terminated and numbered in Los Angeles from Brazil or Moscow or Tokyo or…
I can even use the same tunnel from all of those locations.
Personally I think all this geofencing is stupid, wasteful, and yet another
example of just how truly broken the whole concept of DRM is. I’m not defending
it, but I can at least
(Hopefully) explain the argument that is driving this.
> I think that blindly blocking Hurricane Electric IPv6 tunnels "because they
> can be used as a VPN" is an old way of thinking and completely fails to take
> other parts of the stack into account.
Not really… You can still use an HE tunnel as a VPN to get around geofencing of
content so long as your HE tunnel address isn’t blocked.
> Netflix's blocking of HE IPv6 tunnels is preventing many people in the U.S.A.
> that have a non-IPv6-ISP from being able to use IPv6. I've even heard of
> people actively not using IPv6 because of Netflix.
That’s unfortunate and needs to be reported more widely in hopes of getting
this situation resolved.
>> As much as I hate it as I use said tunnel service it is understandable
>
> I disagree.
No, really, it is… It’s awful, but unless you want even less streaming content
available on Netflix, it’s the reality inflicted by the content producers.
The good news is that Netflix (at least so far) isn’t playing these stupid
games with their own content and they’ve been bringing some darn good stuff
under their label.
Tragically, the IPv6 tunnel blocking seems to have been implemented as an all
or nothing. Personally, I think Netflix should offer geo-unrestricted content
to IPv6 tunnel users and note that the other content is unavailable because
tunnel locations are unreliable.
That should placate the studio jack holes responsible for this mess while still
allowing studios that don’t play these stupid games a better foothold with IPv6
tunnel users.
Personally, I’d like to see the Netflix UI upgraded so that you could have the
option of indexing all content (whether you could view it or not) and each time
you clicked on something you weren’t allowed to view, it provided contact
information for the responsible party setting the restriction. Unfortunately, I
suspect that the majority of users wouldn’t enjoy this opportunity for
commercial activism, so I understand why Netflix doesn’t do this.
>> I don't really blame Netflix for this,
>
> I do.
Your blame is misplaced to some extent. I agree there are things Netflix could
do better here (see above), but in general, the root cause of this is stupid
restrictions placed on content by the producers.
>> I blame the content producer/owners and the industry as a whole for
>> mandating such restrictive practices.
>
> Are the content producers / owners mandating "Block Hurricane Electric IPv6
> tunnels" or are they mandating "Block playback to people that are outside of
> the playback region”?
Pretty much.
Netflix use to treat tunnels as local to their registered region and the
studios came at them hard claiming that was inadequate. After multiple attempts
at addressing the problem lightly, it turns out that it’s virtually impossible
for Netflix to distinguish between a tunnel in Los Angeles that emerges on a
router/host in Tokyo from one that emerges on a host in San Diego.
> My opinion is that Netflix is taking the low road as an easy way out while
> trying to shift blame to someone else.
They really aren’t. I watched this evolve over time and Netflix really did try
the lightest touches they could at first and for several rounds. The studios
really pinned them to the wall and any address which doesn’t have pretty
reliable deterministic geolocation is going to get flagged.
Again, there are things I think Netflix could do (e.g. not completely disabling
Netflix, but just removing all the geofenced content from the UI with an
explanation of why), but again, that’s a complicated thing to try and explain
to the average end user and it’s likely Netflix would lose that battle on both
active fronts… The content producers that got implicated and incurred
additional wrath from users would take it out on Netflix for identifying them
and the users would probably still be pissed at Netflix even if they understood
what happened.
>> Using that as an argument against Netflix for bad labeling of IP blocks at
>> least in terms of IPv6 is not fair.
>
> I completely believe that Netflix could do a LOT better than they are doing
> now.
I can’t disagree with this, but it really isn’t as simple as you imply.
Owen
