How people get around the Netflix and iPlayer proxy block

The FSF thinks Netflix is wrong to protect artist’s right using DRM

Earlier this month at CES, Netflix’s chief product officer Neil Hunt stated that his company’s policy on subscribers accessing content over a VPN remained unchanged. That’s to say that they ask customers not to do it, as it can bust licensing restrictions on content. Neflix is probably the largest provider of streamed TV programmes around the world, now operating in a claimed 190 countries.

I’m not a fan of Netflix – they’re big campaigners for “Net Neutrality”, meaning that all content must be treated the same and ISPs can’t charge more or slow down particular traffic. As their content is not for the public good, and yet accounts for about  40% of the world’s public Internet traffic, they would say that, wouldn’t they? As media organisations such as the BBC (iPlayer) are in the OTT game, the fact that this is a business model where the bulk of the costs are paid for by all Internet users whereas the profits go to the streaming service is not generally mentioned in the popular press. In other words, they profit from the ISP’s investment without contributing anything back. Amazon Prime is another good example.

Anyway, the content that Netflix streams is licensed from content producers, who have good reasons for licensing it on a geographic basis. A TV programme broadcast in one country becomes harder to sell to networks abroad if it’s already available via streaming, and upsetting the status quo won’t be good for content producers. This will leading to less investment in good programming. Netflix is “campaigning” to change this, as though the public, including its customers, have some kind of rights that are being denied. It would, of course, help Netflix’s commercial interests if regional licensing didn’t exist – at least short-term.

That aside, I was amused to see that Neflix’s latest pronouncement, in a company blog post by David Fullagar (VP of Content Delivery Architecture) a week after the CES announcement, that it would now be clamping down on its customers use of proxies or VPNs to smuggle streamed data across boarders. One might surmise that the content providers, many of whom are also local broadcasters, didn’t appreciate Neil Hunt’s complacent sounding comments. The status quo he was defending was basically an weakly enforced contractual prohibition on its customers streaming through a proxy. A actual enforced ban would result in a loss of revenue to Netflix, or if you’re less cynical, would go against the company’s stated aim of “all content free to all (subscribers)”.

But in spite of the soothing words to calm the outrage of its content suppliers, what can Netflix actually do about this? How do you block your customers using a VPN?

It seems to me that it’s impossible to tell whether you’re sending UDP packets to an IP address that’s actually a VPN. It can’t be done. There can be any number of endpoints behind one IP address (an asymmetric NAT LAN), and any number of VPN connections to who-knows-where. And they’ll all appear as one IP address, and the traffic will be indistinguishable.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

So how do streaming companies block VPNs now? By having a list IP addresses used by published ones, and that generally means commercial ones. Okay, that might work for the public/commercial VPNs. I shan’t be shedding too many tears if they’re blocked, because they’re making money out of license-busting, which is wrong.

But consider this. Supposing you pay the BBC for a TV license but live abroad for part of the year. You have a moral right to view the content you’ve paid for, and could do so using iPlayer. The only problem is that iPlayer may detect you’re outside the UK by your IP address, and stop you. The solution? Put a proxy server on the network in your house in the UK and connect to it when you’re abroad. I have evidence that this happens a lot.

This can also be done immorally. People in one country with relatives living abroad can set up such a proxy for their friends and relatives to use, and Netflix will be none the wiser. Even if Netflix did suspect an IP address of having too much traffic, what could they possibly do about it? Contact the owner and investigate? How would they even find the owner?

Many ISPs use dynamic addresses in order to charge more for a static one to business customers, with the effect that you don’t know who’s using what IP address today. If you do find a suspected VPN, tomorrow it’s IP address will have changed to one of millions, all used by normal domestic customers.

Finding the many small, private VPNs is going to be impossible. One method might be to probe an IP address to see if a VPN port was open. This is no proof that it’s in use, and no proof that it’s not used for one of the many purposes that a VPN was designed for. And even if they were to try it, it’s simple to restrict access to the VPN ports to your friends abroad. And besides, probing an IP address for an open port without permission is illegal.

The only other method I can think of that would work is to examine the traffic to/from an IP address and see if there’s a correlation between outgoing packets and incoming data from one of Netflix’s servers. But Netflix can’t do that; only an ISP has the technical ability to examine traffic on a particular subscriber’s line. And those are the ISPs that Netflix is abusing by loading them with 40% of their traffic without contributing to the cost. Good luck with that.


Wii’ls come off BBC iPlayer

Those of us with suspicions about BBC’s iPlayer project have been proven correct. The corporation has once again shown its properly out of touch with those who are forced to pay for it by first pushing everyone on to using iPlayer, and then discontinuing the support for it on the most widely installed platform in the country.

When  the BBC obtained the funding for BBC3 and BBC4, part of the justification was to allow re-screening of significant programmes that were difficult to watch live in the multi-channel environment. This worked for a while, and then they stopped doing this and filled the airwaves with complete garbage, citing iPlayer as the way to catch up on everything you couldn’t see at the broadcast time. A lot of us were suspicious that this was more to plug iPlayer than anything else. Fortunately in 2009 the corporation released iPlayer for the  most popular games console – the one that more households had installed than anyone else – the Nintendo Wii.


Although they had questionable motives, it worked well enough until late last year, then they messed with it. Then it didn’t work. And a few days ago it became apparent that they were dropping the service with the jaw-droppingly arrogant excuse that it was five years old and they wanted to concentrate their efforts on newer platforms.

This is complete nonsense, of course. The Wii platform remains the most widely available, by far. The Wii is tried and trusted, appreciated by families if not hard-core games fanatics, and is hardly an obsolete product. It’s still on sale, and at a reasonable price. As a platform for iPlayer it’s an obvious choice.

So what’s the BBC thinking? Are they stymied by simple technical incompetence, having no one available to working on the Wii code base following an “upgrade” to a new iPlayer version? Quite possibly, and they’re so out-of-touch that they don’t see a problem with this.

A feeble note the BBC web site says they are concentrating efforts on producing a new player for the Wii U – the console no one wants. Hell is going to freeze over before this platform gets anywhere near the installed base of 100,000,000+ of the standard Wii consoles (worldwide, as at late 2014, based on Nintendo’s quarterly consolidated regional sales reports).

So what does this tell is about the BBC? If iPlayer is part of an important future broadcasting strategy, they’re not supporting it very well at all. All the house advertising suggests it’s important to the corporation. It’s a strange outfit – some of its R+D has always been groundbreaking whereas recently a lot of it has been laughable, and the management is notoriously well insulated from the real world. Their failure to support common platforms in the arbitrary manner makes the whole concept unstable.

In the old days you could invest in a TV set in confidence knowing that your license fee was going to keep it supplied with content for as long as was reasonably possible. The BBC acted very honorably when it came to the switch from VHF to UHF; a bit less so with DVB-T – and they’ve used the extra channels to provide constant re-runs of their lowest quality output. Dropping iPlayer now, just as families were trusting that the could invest in the equipment needed to receive the service is a continuation of a worrying trend.