I’m sorry to say, Blair, that there are, in fact, many who do use HE tunnels for Geo Fence evasion. Sure, it doesn’t represent even a significant fraction of tunnel users, but they exist and they’ve been vocal, thus spoiling it for the rest of us. Owen
On Jun 6, 2016, at 8:27 PM, Blair Trosper <blair.trosper@gmail.com> wrote:
Right, but I think we know what Netflix is implying when they say "proxy unblocker" or "VPN" -- they mean people are deliberately going around GeoIP. In this case, I don't know anyone who uses TunnelBroker that way. They're using it for V6. That is to say, everyone I know with this issue could simply solve it by disabling IPv6 (and TunnelBroker) -- meaning they're already in the US (or $region) -- and the IPv6 detection on the CDN/web is what's wrong.
I think I will go further here and say that the message sort if implies the user is acting in bad faith, which may raise some animosity towards Netflix.
On Mon, Jun 6, 2016 at 8:25 PM, Spencer Ryan <sryan@arbor.net> wrote:
The tunnelbroker service acts exactly like a VPN. It allows you, from any arbitrary location in the world with an IPv4 address, to bring traffic out via one of HE's 4 POP's, while completely masking your actual location.
*Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com
On Mon, Jun 6, 2016 at 11:22 PM, Blair Trosper <blair.trosper@gmail.com> wrote:
It should be pointed out that -- the SPECIFIC accusation from Netflix -- is that people on TunnelBroker are on a VPN or proxy unblocker.
The data does not bear that out. Hash tag just saying.
</soapbox>
On Mon, Jun 6, 2016 at 7:53 PM, Ricky Beam <jfbeam@gmail.com> wrote:
On Mon, 06 Jun 2016 19:41:14 -0400, Mark Andrews <marka@isc.org> wrote:
What lie? Truly who is lying here. Not the end user. Not HE. There is no requirement to report physical location.
The general lie that is IP Geolocation. HE only has what I tell them (100% unverified), and what MaxMind (et.al.) tell them (~95% unverified.) They know my IPv4 endpoint address, but that doesn't give them a concrete street address -- they're guessing in exactly the same way everyone else does. And more to the point, HE doesn't share that information with anyone. (whois is populated with your account information. they don't ask where your tunnels are going.)
Are they legally required to go to this level?
Possibly, but Netflix isn't going to push this. Win or Lose, they still lose distribution rights.
Netflix (and their licensees) know people are using HE tunnels to get
around region restrictions. Their hands are tied; they have to show they're doing something to limit this.
No, they do not know. The purpose of HE tunnels is to get IPv6 service. The fact that the endpoints are in different countries some of the time is incidental to that.
YES. THEY. DO. There have been entire COMPANIES doing this. (which is likely what sparked this level of response.) Neither HE nor Netflix are naming names, but a short walk through the more colorful parts of the internet should be enlightening.
Garbage. You have to establish the tunnel which requires registering
a account. It also requires a machine at the other end. Virtual or physical they don't move around the world in a DDNS update. The addresses associated with a tunnel don't change for the life of that tunnel.
True. 'tho, you can list any nonsense address you want. They do nothing to validate it. (Use my favorite BS address: Independence MT -- pop: zero. It's a dirt road across a mountain in the middle of absolutely nowhere. Google it!)
The tunnel endpoint (your IPv4 address) is known only to HE, and not exposed to ANYONE. That's not going to EVER change. Once your tunnel has been setup, that address ("Client IPv4 Address") is not set in stone. People have dynamic addresses, and HE recognizes this, so there are numerous methods to change the tunnel endpoint address. (tunnel configuration page, update through an http(s) request, etc.) THUS, a tunnel can move; it can be terminated anywhere, at anytime. Not only can one update the endpoint to a different address on the same box, but to a completely different box entirely.
Furthermore, one account can have several tunnels through different servers that present addresses from different regions. Where I appear to be in the world, thus, depends on which tunnel I have enabled. (and in which countries HE has prefixes, which currently appears to be 4)