Netflix dealt a blow to many Australians earlier this year by blocking their workaround access to its US service, says Stephen Dawson, but was it effective and what are the consequences?
Netflix looks like the bad guy. Its subscription streaming service operates in 190 countries, but what you can see depends on where you are. If you’re in Australia, you can see a good range of material. But once you get an idea of the much larger range that’s on offer from Netflix in the US, you feel gypped.
So thousands of Australians (and others from around the world) used VPN services to get around Netflix’s geographical blocking. To Netflix, you look like you’re located in the US. You buy a US subscription. You get the US content.
Except this year Netflix announced that it was introducing new measures to stop this, somehow peering electronically at subscriptions to stop those using VPNs from accessing its services.
I don’t see Netflix as the bad guy. It has contractual responsibilities to its content providers – note that the self-produced Netflix Originals are available in all its markets (except House of Cards in Poland… go figure!). It is those providers who are living in the world of the 20th Century, which the British and American publishing giants had divided between themselves, an example followed by the movie distributors. Netflix’s restrictions are akin to Panasonic and Samsung and Sony (and all the rest) releasing DVD and Blu-ray players that respect the region code restrictions on discs.
David Fullagar, the VP of Content Delivery Architecture at Netflix, wrote earlier this year that it is “making progress in licensing content across the world… but we have a ways to go before we can offer people the same films and TV series everywhere”, although “[t]hat’s the goal we will keep pushing towards”.
Getting around it
The principle method by which an Australian could pretend to be in America in the eyes of Netflix was to use a Virtual Private Network (VPN) service.
A VPN is like having a private network, complete with its own private cables connecting the parts. Except the whole thing is faked over the normal internet infrastructure. To keep things private, all the traffic is encrypted so only authorised devices are able to use this virtual network.
The main purpose of this is nothing to do with Netflix, but to allow organisations to securely operate networks over large geographical areas – even internationally – without spending the millions that would be required for a single-purpose physical network.
Another use is providing secure remote support to network-capable equipment (including home automation systems) by equipment vendors.
Importantly, those who find themselves needing to use public WiFi networks frequently use a VPN to protect their communications from prying electronic eyes. They do all their emailing and web surfing via an encrypted VPN link. Unprotected use in such networks can be very risky. A few hundred dollars is all that is required for hardware ostensibly intended for ‘WiFi auditing’, but which serves equally well for ‘man in the middle’ attacks. You may think that you’re connected to the public access point, but are in fact connected to the interceptor. It in turn is connected to the public access point and passes all the traffic both ways, reading everything it as it goes, unbeknownst to you.
But, of course, pretending you’re American is the topical use. In this case, one would sign up with a VPN provider with a US presence. The VPN exists between the Australian home and a computer in the US. The link between the two is over the internet, of course, but secure thanks to encryption. That US computer then talks to the internet and as far as anyone can tell (in theory) you’re actually located in the United States.
So your home’s connection to Netflix via this VPN-connected computer looks like it’s from one of its local customers.
You will note that of this list, only the last is to do with convenience and entertainment. All the others are for protection and security. This is where the problems with Netflix’s new policy arise. But first…
Does the Netflix change work?
Quite a few years ago some friends asked me how one could copy a DVD. You can’t, I announced confidently. CSS (Content Scramble System) on the then new DVD system was impenetrable I thought. Months later I was proven thoroughly wrong.
Clearly, where there’s a potential mass market for a product which is software protected by its producer, it’s only a matter of time. How Netflix went about blocking access to its products via VPN is not a matter of public knowledge, but would probably involve such things as counting the number of logons from the same IP address, along with deeper traffic analysis.
So, in January access to US Netflix started going down for Australian customers. And in January and February, access to US Netflix promptly started going back on for Australian customers. What people want, the VPN providers can offer. Their workarounds to Netflix’s enhanced geoblocking seems to be working these several months later.
How far Netflix is prepared to escalate this remains to be seen. It’s reasonable to think that its efforts will be not be unlimited. It has made a good faith effort to stop access that is outside its content licensing authority. Does it need to do more?
Clearly, if Netflix could have its way it would be able to provide all content to all paying subscribers anywhere in the world. That’s what it is working towards (and if that day comes, then presumably DVD and Blu-ray region coding will also come to a long-awaited end). The continued inability to restrict access can only help it in that endeavour.
Meanwhile, to the extent that its enhanced geoblocking is effective, there are fears of an uptick in the use of peer to peer services. With no legal way to get content that everyone’s talking about overseas, there’s an increased temptation to go illegal.
The VPN services people use for Netflix hide the origin of the user which leads to another problem: what if you use a VPN for security reasons. It’s quite possible that Netflix will block your access, thinking that you’re a foreigner trying to get around its rules.
That could happen even if you are an Australian, in Australia, with an Australian Netflix subscription, trying to access Netflix in Australia.
Solving such problems might not be as easily solved, since the principle concern in these cases is the security of the system, and the administrator of a corporate network may not be so interested in providing employees with Netflix access.
Systems integrators providing remote support via a VPN connection can be in the very different position where the client’s demands come first. Unless the customer requires VPN for some other purpose, they should look to configure the customer’s VPN to support ‘split tunnelling’, wherein the remote support functions are connected via the VPN, but otherwise the customer accesses the Internet in the normal way via their ISP. That will avoid any Netflix blocking that might otherwise come into play.
It seems inevitable that eventually the old geographically defined boundaries for entertainment content distribution will break down, and Netflix and others are working actively towards that end.
Meanwhile, as always with networking, care must be taken to ensure that all the different demands of the customer are met even as new functions are being added.