----- On Jun 26, 2020, at 3:39 PM, nanog nanog@nanog.org wrote:
On 6/26/20 1:42 PM, Sabri Berisha wrote:
I'm also sure that in the past, enough people have abused their trust.
I question the veracity of that statement.
I for one, have been guilty of that. Using VPN when I was traveling abroad to access the series I was following.
... to the best of their abilities.
I highly doubt the agreements that Netflix's has with content owners state that Hurricane Electric (et al.) must be blocked. Maybe I'm wrong. It wouldn't be the first time today.
I believe that Netflix is choosing the lower / easier road and simply blocking Hurricane Electric's IPv6 tunnels as an easy / low hanging fruit option to achieve the contractual requirements.
In order to enforce geographical content restrictions, the origin of a request must be determined. If that origin is a known tunneling address, you are unable to determine the true geographical position of that particular client. In that case, it is impossible for Netflix to determine that the viewer is in a location authorized to view the content. Since they know that HE's IPv6 broker range is most likely being tunneled, and they know that there is no way to accurately determine the true origin of the client, the must prevent it from accessing the content. It's not like HE can insert an X-Origin-GEOIP: x.x.x.x or something.
False positives (meaning, people being denied while being in-region), are going to be an unwelcome side-effect.
Without seeing actual licenses to support "you must block Hurricane Electric", I'm going to choose to disagree with the license scapegoat.
We'll never be privvy to those license agreements. All we'll know is that they'll most likely include geographical restrictions. Thanks, Sabri