> There is nothing to stop Netflix from probing a mixture of IPv4 and IPv6
> during the same video playing session. Thus they could correlate the IPv6
> with the IPv4 which correlates with my CC which correlates with my address on
> file.
This only works in environments that have both IPv4 and IPv6. Further, with
CGN, your IPv4 address visible to Netflix is likely to represent an ever
increasing geographic area in the coming years.
They aren’t blocking all IPv6, just certain things like HE tunnels. If your
provider implements native IPv6, you shouldn’t have any issues.
If you _REALLY_ want a workaround for IPv6 over an HE tunnel, it is doable… If
you get a /48 from ARIN (dirt simple to do and currently $150/year with a $500
initial cost IIRC) and set up a BGP tunnel with HE, you’ll be all set. Those
seem to pass muster for Netflix Geolocation because the addresses don’t look
like a tunnel to them. This does require you to have at least one public
dedicated IPv4 address from your ISP, but that’s true for any HE tunnel, so if
you get stuck behind CGN, your other HE tunnel options will evaporate as well.
> I firmly believe that Netflix /could/ solve IPv6 playback, even through VPN,
> if they wanted to. I completely believe that Netflix is capable of solving
> this. I also completely believe that Netflix doesn't give a REDACTED and
> chooses to ignore this problem.
OK.. Assume the following:
1. Some users want to violate geofencing.
2. HE tunnel endpoints are easily updated (this is a fact more
than an assumption)
3. It’s quite simple to use the same tunnel registered in a
particular location in a variety of countries on several continents.
(I haven’t don this for Netflix, but I have done it for
IPv6 training purposes, I have a portable IPv6 classroom
which uses an HE tunnel for the IPv6 routing. It uses a
single IPv4 address at the site where the class is being
taught and works the rest out either through NAT (IPv4)
or HE Tunnel (IPv6).)
How, from the Netflix side of the equation, do you determine where the tunnel
actually terminates? Not where it’s registered, but
where it actually terminates.
How do you do this with sufficient reliability that studios who have lots of
money to try the same tricks can’t easily produce enough
proof that it’s easy to circumvent and you are in breech of contract and
subject to significant penalties?
> Instead, they choose to foist the problem onto other parties. Or pass the
> blame.
Again, the solutions you think easily solve this really aren’t viable. You’re
looking from the very narrow perspective of your situation. The problem is that
everyone with an HE tunnel isn’t in your situation and there’s no reliable way
for Netflix to tell them apart.
>> And too many content owners care very much where you are right this
>> instant.
>
> Nope. I disagree.
Oh, trust me, content owners are ape about this shit. They really do care.
> I can just as easily extend my IPv4 address through a VPN as I can an IPv6
> address. -- Performance may suffer, but that's a different issue.
Yes, but when you extend your IPv4 address through a VPN, that’s nearly
impossible for them to detect.
OTOH, if you use an address known to be associated with one of the many IPv4
VPN services out there, it’s not unlikely for them to block that too.
> I can use my home's IPv4 address, which is GeoIP located to the same area as
> my home which matches my CC billing address, can be used anywhere in the
> world.
Again, it comes down to detection. First, it actually requires some
sophistication to do what you’re suggesting. Not a lot, but some. It takes
almost nothing to do an HE tunnel.
In fact, several portable routers will do HE tunnels semi-automatically through
the HE API.
If the studios could figure out a way to block what you’re suggesting, believe
me, they’d foist that on to Netflix as well.
OTOH, it’s easy to detect an HE addressed HE tunnel and those have a relatively
low fraction of legitimate users compared to the numbers intent on
circumventing geofencing.
> So ... if I can use my IPv4 address outside of where Netflix thinks that I am
> at, why is my IPv6 address any different?
Because they don’t have a way to KNOW about your IPv4 address mobility. They
can’t easily detect it.
OTOH, your HE tunnel IPv6 address is easily detected.
> I completely believe that there are technical solutions to this problem. I
> also completely agree that Netflix is choosing to ignore them.
OK… Explain one that you think is feasible across the entire spectrum of
Netflix’s user base that will keep the studios off their case.
>> Because they are unreasonable luddites who think that geographic monopolies
>> make good business sense.
>
> As stated above, where the Luddites, or Netflix as their agent, thinks my IP
> is located is actually divorced from where I am really watching from. Or at
> least can be.
Yes… However, when you divorce them, you’re actually violating your contract
with Netflix. In the case of the HE tunnel, it’s easy for them to detect that
you’re using a
tunnel which is a popular method for enacting such a divorce, so they shut
those down.
When you extend your IPv4 address through a VPN on the back side of your
router, that’s much harder (nearly impossible) for them to reliably detect.
It turns out it’s also nearly impossible for them to detect MIP6 when I’m using
that, so if I really cared to violate geofencing, I could probably do it with
that tool.
It’s a numbers game.
HE tunnels represent a small perceived fraction of legitimate users and a high
perceived fraction of geofencing violators. Logical action: Block them.
IPv4 extensions via backside VPN are rare among Netflix users. Not saying they
don’t happen, but they’re a very small fraction of Netflix IPv4 users and
they're very hard to reliably detect. Thus blocking them is harder and higher
risk vs. leaving them alone.
Owen
