In message <op.yinof8sotfhldh@rbeam.xactional.com>, "Ricky Beam" writes:
On Sun, 05 Jun 2016 19:35:27 -0400, Mark Andrews <marka@isc.org> wrote:
It is a attack on HE. HE also provides stable user -> address mappings so you can do fine grained geo location based on HE IPv6 addresses.
They may be "fine grained", but they are still lies. One's tunnel can be terminated from *anywhere*, at *anytime*. HE doesn't publish the IPv4 address of the tunnel endpoint, nor do they update any public facing registry w.r.t. the "address" of that IPv4 address. (which is 99% voodoo as well.)
What lie? Truly who is lying here. Not the end user. Not HE. There is no requirement to report physical location.
Also despite what the content cartel say using a VPN to bypass georestrictions to get movies is not illegal, nor is it "piracy". Individuals are allowed to import content from other countries. It is commercial importing that is banned.
While the end user may not be violating any law (other than their "contract" with Netflix), Netflix certainly is. They signed a contract that says they cannot send X to Romania / X is only allowed in the USA. In the end, they are allowing content to go where they agreed to not send it. They are legally required to do something about that. (or at least, *look* like they are.)
Are they legally required to go to this level? I actually doubt it. I would love to see this tested in a court because I suspect the content cartel would loose as they were well aware that the geoip databases are imperfect and no one in the world can accurately determine from the IP address where a machine is located. There is a difference between knowingly sending to a different region and incidentally sending to another region. The courts understand this.
Netflix (and their licensees) know people are using HE tunnels to get around region restrictions. Their hands are tied; they have to show they're doing something to limit this.
No, they do not know. The purpose of HE tunnels is to get IPv6 service. The fact that the endpoints are in different countries some of the time is incidental to that. I have a HE tunnel. It terminates at the topologically closest point which is in California. There is a physically closer endpoint in Hong Kong but it would require a double trip across the Pacific to get to it. Unless you are crazy you don't put the topological tunnel endpoint further from you than you can. When HE finish getting their Sydney pop set up (it wasn't the last time I looked) I'll set up a new tunnel to it and tear down the existing tunnel. It's going to be a few years more before I can get native IPv6. The NBN really put the breaks on IPv6 deployment in Australia as ISP's don't want to invest in the existing technology they are using knowing that the customer is going to be switched to using the NBN in a couple of years.
All you can tell about a HE tunnel is the tunnel broker server that's hosting it. (it's in the hostname -- eg. ash1) Beyond that, you have absolutely no idea where in the universe the other end actually is. Plus, it can move in an instant... one DDNS update, and it's somewhere else.
Garbage. You have to establish the tunnel which requires registering a account. It also requires a machine at the other end. Virtual or physical they don't move around the world in a DDNS update. The addresses associated with a tunnel don't change for the life of that tunnel. It's not like you get new IPv6 addresses everytime you reconnect. The tunnels are designed so you can run services at the end of them. They are not a typical VPN service where you get a new IPv4 address from a local pool each time you connect to them. They are setup so you can delegate nameserver to serve the reverse addresses for the namespace being allocated. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org