On Fri, Jun 3, 2016 at 3:05 PM, Spencer Ryan <sryan@arbor.net> wrote:
There is no way for Netflix to know the difference between you being in NY and using the tunnel, and you living in Hong Kong and using the tunnel.
No way, really? Come now. The latency difference between New York and Hong Kong are very different. If your minimum/bottomed-out RTT is less than 100ms away from a Netflix server, which can be measured using TCP protocol-based metrics, then you are not using a VPN. This could be used as a filter to reduce false positives. Also, if you are using a tunnel service, then it is Unlikely your only connectivity is IPv6, therefore, when they suspect an IPv6 VPN, they could use methods of figuring out your IPv4 address.... it could be an option simply do something along the lines of a background HTTP request along the lines of $.ajax({type: "GET", url: "http://ipv4onlyhostname.netflix.example.com/x.cgi"}, data: { timestamp:blah, action: 'get_proof_of_IPv4_address', blahblah_sessionid: blah } ) Then analyze the IPv4 connection before returning a proof of IP address as a signed token. Within the main page or system, allow the connection. This method proves your device is not merely circumventing region controls through a simple VPN. You at least have access to a computer in the allowed region a few seconds before initiating the connection. Or you know.... just redirect the IPV6 tunnel-provider connections at Netflix' end to an IPv4-only hostname period, so V6 is not used for these users. Furthermore, they could make a USB dongle with a GPS receiver on it that will answer a location-based challenge request, that you're expected to hook up to your computer feed from an outside antenna. I don't let them off the hook, too easily.
*Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com -- -JH