Many of the internet’s biggest media sites operate a system of region locking. The BBC iPlayer for example blocks access to anyone outside the UK, similarly the US website Hulu blocks access to anyone located outside the USA. Virtually all the media web sites do this, including video sites like Youtube which controls what videos can be seen depending on your location. Fortunately there is a way around this, and millions of people across the world use VPNs to hide their physical locations.
These work by obscuring your real IP address by redirecting your connection through the VPN server. If the VPN is located in the correct country then you’ll be allowed access, so people would use a UK VPN to watch the BBC online and a US server to watch American content. Most of the web sites try to block access from these VPN servers however none have been very successful, except for one company – Netflix.
Here’s How Netflix Block VPN Programs
Most of the previous methods for blocking VPNs and proxies simply involve detecting and blacklisting the IP addresses of individual VPN servers. This works to some extent but is relatively simple for the VPN providers to bypass. When specific IP addresses are blocked they would simply replace them with alternatives, it ends up something of a cat and mouse game with the web providers. Many companies such as the BBC do this periodically so the blocks are normally fairly intermittent.
Mostly though people were unaffected, most of the decent VPN services have many servers which they rotated IP addresses when unaffected. Netflix however adopted another tactic, which proved to be more effective. What they did was instead of blocking individual IP addresses of VPN servers, they blocked a whole classification – commercial based addresses.
All IP addresses are classified into two types – residential and commercial. Residential IP addresses are allocated to domestic customers via their ISPs well companies and data centres receive commercial addresses instead. Netflix solution worked instantly by blocking access to all commercial addresses, the region locking was enforced and none of the VPN services worked.
Currently there are only a couple of VPN services which still work, these have managed to incorporate residential addresses into their network. One of the oldest companies, Identity Cloaker has built this capability into it’s software so that if anyone tries to connect to Netflix they will automatically be redirected to a server assigned with a residential IP address range. It works perfectly although these addresses are expensive and difficult to obtain so you should check if you require them as most VPN services won’t have access to them.
It’s cunning, it’s sneaky and has caused much sadness among movie fans across the world, I’m referring to Netflix suddenly blocking virtually every single VPN and proxy service. Slowly it’s become harder and harder to find a reliable proxy service to access the wonders of USA Netflix and last month became pretty much impossible. However on the internet it’s very difficult to block everyone and when the secret is out, you’re back to square one.
How to Bypass the Netflix Block
Well first it’s important to understand the method, how does Netflix block VPNs is the question but also the solution too. In fact it’s actually not as sophisticated as you might have thought, but it’s definitely pretty effective.
Netflix had previously followed the standard route of big media company wanting to block people like you and me trying to get round their region locks so they could watch the best movies with their NETFLIX SUBSCRIPTION. This was a combination of picking out the high profile VPNs – the services who advertise on social media and PPC plus manual identification of IP addresses with multiple streams. It works to an extent but is very time consuming and the VPN/proxy services simply switch addresses when required so that it becomes a constant battle.
However instead of pursuing this tactic indefinitely, Netflix chose another option and decided to target the classification as well as the location of the IP address. They simply blocked all ‘commercial’ classified IP addresses – which meant that anyone using an address held by a commercial organisation would not be able to access Netflix wherever they happened to be.
So every standard residential IP address would be allowed through but all the addresses from commercial enterprises were blocked across the board. These included virtually every data center too so all the VPN suddenly stopped working almost overnight. The only addresses that now worked were the ones classified as residential which are mostly allocated through ISPs directly to home users.
For a VPN service to continue to work with Netflix in any capacity it needed access to these residential IP addresses. Without these addresses it is impossible to bypass the Netflix block at at all. Fortunately a couple of companies seem to have gained access to these and introduced them into their server infrastructure effectively regaining access – one of them is Identity Cloaker which has enabled UK and USA residential IP addresses for Netflix users only.
Surely it cannot be true! Is Netflix blocking VPNs and proxies? Are we doomed to be locked into our own crap region of Netflix or even worse are people outside the Netflix coverage locked out completely. Well the simple answer is yes, at the moment Netflix is investing a huge amount of time and resources in blocking not just proxies – they’re also blocking VPN services too!
It’s come as a bit of a shock for many, most people go through the following stages with most region locked content.
- Annoyance – tried to watch a show, video or broadcast online somewhere like YouTube, BBC or Netflix and got blocked.
- Research – learn about region locking and finding out that it’s simply based on the location of your IP address
- Solution – realising that if you hide your IP address by using a VPN or proxy will bypass all these blocks and let you watch whatever the hell you want!
Once you reach the last stage all those annoying blocks and filters simply disappear. You can watch anything from anywhere, irrespective of your location – for example I have sat in a Spanish bar watching the News on the BBC (UK IP address), then switched to an American IP to watch the US version of Netflix then watch some football on RTE (the Irish Broadcaster). Without a suitable VPN service none of these would be possible, for me it makes a massive difference to my viewing options.
Now over the years, many of these online broadcasters have made various attempts to thwart these efforts. In fact it would probably be safe to say the use of very simple proxy servers are now pretty much gone as far as bypassing region locking goes. There has been no such thing as a Netflix proxy that worked for many years, in fact the only major broadcaster who didn’t block proxies were the BBC but even they started doing this last year. The problem is that the use of a proxy can be detected very easily by all these sites which now makes them fairly useless.
No worries, for we still had VPN services, the virtual private network connections are encrypted and almost impossible to detect. Unfortunately these too started to suffer casualties and many broadcasters have waged a sort of half-hearted war on VPN servers too – individually blocking the addresses of popular ones which became too mainstream. It was never that bad though and usually you could just switch to another IP address and it would work fine.
Netflix have changed all this, they’ve really gone to war with VPN services and have actually managed to block 99% of them from working. You’ll hear many tales of woe from people who have VPN accounts set up simply to watch the US version of Netflix which no longer work. Netflix blocked VPN services every where, well very nearly all.
So how are Netflix blocking proxies and VPNs?
They have succeeded where many have failed by adopting a different tactic. Instead of trying to detect the VPN connections or individually identifying specific IP addresses, Netflix have focused on the origin of the VPN addresses. You see most IP addresses are grouped into two distinct groups –
- Commercial IP Addresses – assigned from data centers for websites and commercial servers.
- Residential IP addresses – assigned by ISPs to their customers from their internet accounts.
All the VPN and proxies came from the first category, so the VPNs all had commercial IP addresses. Netflix simply detected which group the connection was from and blocked all the commercial IP addresses whilst allowing the second category through. If you connected with a commercial IP address from a proxy or VPN to Netflix this is what you’d get this –
Suddenly almost overnight Netflix blocked VPNs, proxies and Smart DNS solutions from everywhere – they still couldn’t detect the presence of the technology – but they knew if the IP address was commercial. However there’s a solution in this video entitled Netflix Block VPN services.
Fortunately there is some hope, a couple of the most advanced VPN systems had already identified this cause and have made plans to rectify. Identity Cloaker is one of these and have introduced code to detect when the VPN is used to connect to Netflix, when it does it is relayed through a residential IP address which is allowed through. It works perfectly and should do for the foreseeable future, although the downside is that residential IP addresses like this are much more expensive so there may be some pressure on subscriptions.
Identity Cloaker is now one of the only VPN/Proxy services which is not blocked by Netflix. Try the trial here.
Many companies who operate on the internet operate an economic technique called price discrimination. This is a way where companies can sell the same goods and services for different prices in order to maximise profits rather than sell at a single price to everyone. The concept follows the idea that different people will pay different amounts for the same product.
The internet initially looked like it would change this, price discrimination relies on separating markets in order to charge different amounts. When anyone can buy from anywhere in the world the barriers seemed to fall especially for services and low weight items which can be easily distributed. Why buy something for £100 from a UK based site when it’s available from a French site for half the price, the web threatened to smash down these barriers.
Alas this didn’t last long, and in some cases the internet has made things worse with global companies setting up localised versions of their sites (and prices) using a technology called geo-location. This is quite a simple technology which looks up your physical location based on the internet address (IP) that is assigned to you by your ISP (Internet service provider). Using this technology people are redirected or even blocked based on their location, so connect from France and you get a French version of a site, from USA you’ll get a US version and so on – the idea that different prices and services can be supplied based on what the local market will support.
This behaviour is now pretty pervasive with almost all internet retailers operating to some extent. Login and check an air fare price for example you’ll probably get offered a different fare depending on where you are physically for the same flight. This of course makes it essential that you can get some sort of control back unless you want to be paying top prices for everything you buy online. To do this is fortunately very straight forward – simply use proxies to change your IP address. Here’s how you can use an English proxy – just here, to switch your location to the UK.
So whilst connected to this service you can choose out of about twenty countries to route your connection through. Use a British server and you’ll have a British IP address, an American service will give you a US IP address and so on. Using this you can check out the prices of all sorts of site based on different physical locations.
For example I always use this to watch the BBC from Ireland but I recently wanted to book a city break for my family. Funnily enough I got completely different prices for flights based on an Irish address to a British address despite the flights being identical in every sense. Unsurprisingly I have found that generally my standard UK address gives me a much worse deal than a French or American on for some reason.
A new surveillance bill giving much stronger powers to various security agencies will be introduced by Theresa May next month. November 4th will see the release of the new Investigatory Powers Bill which will force telecoms and internet service providers to retain their customers web browsing for 12 months. To blunt the complaints from the ISPs, they will be paid to cover the extra costs involved in storing and handling all this data.
The access to this sensitive data will only be granted to police, intelligence agencies, National Crime agency and the HM Revenues and Customs. So in reality it means thousands of people with links to any of these agencies will potentially be able to see what you were doing online over the last year.
The measures are fairly similar to the previous Communications Data Bill(popularly known as the Snoopers Charter) which was blocked by the Liberal Democrats. Again the new bill is far reaching and covering pretty much all web activities from email to web browsing and even Facebook and Twitter. It sounds like there will be no exceptions and all platforms and everyone of us will be included.
Remember they are just proposals.
The justification is of course fairly predictable, terrorism, espionage and criminality. The ISPs are being paid not only to retain your emails, internet usage and other electronic communication but also to organise it and make it easily searchable to the various agencies.
There are of course many people who feel this is an unjustified invasion of privacy – here’s few of my objections.
- You only spy on the innocent – people who have something to hide can and do encrypt their communications which won’t be accessible.
- Can Governments be trusted with this huge and very personal data – I suggest not.
- Is is justifiable to spy on millions of innocent in the small chance they’ll catch the odd ‘stupid’ criminal or terrorist.
- Edward Snowden has shown us that security agencies have completely ignored privacy laws to this point, how can we trust them.
In the battle to circumvent blocks, filtering and censorship – Smart DNS technology was like a breath of fresh air. It catered for people who didn’t care about security and encryption – they were just concerned that the USA version of Netflix was much better than theirs or they desperately wanted to watch the latest version of Dr Who on the BBC online. Both situations were restricted depending on your location, to watch the vastly superior US version of Netflix you had to physically be in the US and to use the BBC iPlayer you needed to be in the United Kingdom.
Clearly all couldn’t be true, and slowly we’ve all got used to being blocked and redirected depending on our location. Of course, we could all use VPNs and sometimes even proxies worked but these are expensive to run especially fast ones. Imagine the costs of thousands of people streaming video all across the world – the hardware and bandwidth requirements are substantial. Decent VPN servers cost a lot to run and hence the subscriptions had to reflect this, people tried to piggyback free servers across the world but these are generally hacked or illegal servers which carried substantial risk to your personal data.
Smart DNS threatened to change this, instead of relaying your entire connection through a server in the required country it merely redirected a few packets to fool the geotargeting of the target server. When you connected to Netflix – Smart DNS could fool the server into thinking you were in the UK, US, Australia or Japan with only a few misdirected packets of location data. This meant it was fast, and secondly it was also much cheaper as the bandwidth costs of the Smart DNS supplier were much smaller.
All looked great but, the warnings have been there for some time that Smart DNS might not be so future proof. Firstly it stopped working on many different media devices like the Chromecast or Roku where mysteriously the applications started to enforce public DNS servers. This meant that you could no longer specify your own DNS settings which effectively stopped you using Smart DNS. This caused problems however, particularly with speed where millions of devices where suddenly using public DNS servers like Google’s 22.214.171.124 server presumably without financial compensation, this issue slowly disappeared.
There’s no doubt though particularly for media companies like Netflix and Hulu, Smart DNS are in their targets. Yesterday I tried my two Smart DNS accounts to try and get access to the Japanese version of Netflix (which has some great movies on it), all my attempts failed with the simple message – ‘blocked’ despite having worked fine the day before. Specific IP addresses are simply being blocked from accessing the Netflix and Hulu services, it’s blunt and unsophisticated but it works.
The reality is that these global media providers are coming under increased pressure from the movies companies to block the use of circumvention particularly Smart DNS. The reality is that it costs them money if they receive a fee for licensing the movie in a particular country and then millions of people end up watch it all over the world.
Of course they can do this with VPN and proxy servers, simply block access from specific IP addresses. Which is why it looks like staying low key and using a more discrete service is a sensible option. Some of these bigger VPN companies market very aggressively and directly promote specific TV stations, sporting events and TV channels in their advertising. This makes them instant and high profile target for IP blocking, it’s probably best to avoid these companies – particularly for long subscriptions.
Identity Cloaker, is certainly worth a look – marketed only as a security product it’s been working for many years by deliberately keeping a low profile. Is it the end of Smart DNS? Well in some ways it’s more vulnerable than VPNs but only time will tell if it lives on.
If you’re looking for a super secure, highly anonymous proxy then it can be rather confusing. After all what does constitute such a server, there are no real definitions only opinions.
The first thing to be aware of is that if someone just adds the word secure or highly secure to their description it means nothing. There are literally thousands of one page proxy servers running as default installations on some free web hosting space which describe themselves as secure – they are not. To keep a proxy secure needs time, technical skill and a very real commitment to keeping the infrastructure secure.
For instance, there are loads of people running proxies who never even consider the question of which user context the proxy should be running in. It’s actually very important but surprisingly a huge number of people run their proxy services as root.
This is a very bad idea, not only does this potentially give an attacker a very real chance of obtaining complete control not only to the proxy but the server it runs on. The slightest bug or vulnerability in the service can be exploited – there goes the server, the data, user accounts and logs.
A Step Towards a Properly Secure Proxy
Someone more security aware might run the proxy service in the context of the ‘nobody’ user. The advantage of this account is that it has no real administrative rights or privileges and there the integrity of the server is maintained even if the account is compromised. It does have some rights though and can access public directories and any other directories or services running in the ‘nobody’ user context.
But the real secure way is to create a dedicated user account specifically to run the proxy server in. It would have no other function and importantly no other rights or permissions applied. This protects the server, the logs and any users data that may be on the machine. It’s a simple point but a fundamental step in running a truly secure proxy server and giving you a secure IP address to use – 99% of the proxies you find online won’t be set up like this.
The unfortunate thing is that people tend to imagine that a proxy server that obscures your IP address adds a level of security and anonymity automatically. This is simply not the case and a badly configured proxy is far worse than using no proxy at all. Remember that when you use a proxy server all your data is diverted through that server and everything is probably logged too. It’s a huge risk using a badly configured server, whether it’s meant to be a simple porn proxy or highly secure VPN!
The security of the proxy server is really dependent on the technical expertise of the people who set it up and run it. You’ll never get a secure proxy server for nothing simply because professionals don’t work for free. Kids running proxies on free web space who have no concept of security – do however.
Updated Content and Tags – May 10th, 2013
If you search on the internet you’ll find many proxy sites including plenty of USA based proxies – usually they consist of loads of adverts and a little slot in the middle of the page where you type the website you want.
These sites promise you the following –
- ability to bypass firewalls
- ability to bypass content filters
In reality you’ll normally get none of these although to be fair there are some benefits. Here’s the truth about these proxies and the claimed benefits to help you make your own decision.
If you’re really concerned about security and your privacy then the answer is don’t use these websites. certainly never use them to access any site that requires passwords or personal credentials. These sites normally are set up quickly and easily using a proxy software called Glype. This is simply installed on some cheap or free hosting account and surrounded by adverts in an attempt to make money.
Of course there’s nothing wrong with that but be aware the server is not secured, they are also not highly anonymous and there will be no mention of what happens to the logs and you are trusting that website with whatever data you send through it. In reality all you are doing is adding another risk to your browsing. There are some malicious web sites which exist just to steal any credentials that are sent through it.
The claim for anonymity for these sites can be partially true if they are configured correctly. What they can protect from is the web site you are visiting storing your IP address in it’s logs. The main problem with trying to stay anonymous on the web is two fold – firstly your browsing is logged in its entirety at your ISP, secondly it’s all in clear text so is readable by anyone.
The proxies will sometimes stop your IP address being logged at the web site you visit – that’s it. But in exchange it will be logged on their server which may well be run by a 16 year old in his spare time.
Using Proxies to Bypass Firewalls
This can work in a particularly lax environment but in those cases you probably won’t need a proxy server! If the firewall just blocks access to specific IP addresses or URLs then this might work. However most environments are rather more sophisticated than that. Also the majority of web proxy sites are themselves blocked anyway. They can be useful in countries with basic blocks on popular sites like Facebook and YouTube for example.
Using Proxies to Bypass Content Filters
This is a complete non starter as no web proxy will have the slightest effect here. The problem is that although a content filter also looks for specific web sites, IP addresses and content to block it actually looks at the request itself. Most filters look inside the packet themselves so proxies will have no effect whatsoever apart from getting you flagged by the IT Admins for trying to circumvent any restrictions. There is only one way to bypass a sophisticated content filter and that’s to use a concealed proxy server plus encrypt all your data. The encryption means that the content filter can’t look inside the packet and work out the destination. So if you don’t want to have every thing you do online logged and recorded by your ISP and/or employer then encryption is a must. It’s often used when people access pornography online – particularly popular in the middle East where a porn proxy are standard because of the various blocks implemented by the Governments.
Well if you like to idle away those long winter nights (and days) in Reykjavik by surfing a little porn online, then you might want to consider moving away or at least invest in a porn proxy! The Iceland Government have decided they want to do something good for their citizens (as opposed to bankrupting the country with a hopeless banking system) and are going to ban pornography from the web in Iceland.
Every time I see these sort of stories my heart sinks, why can’t people just leave the internet alone and let people make up their own minds. You might think that it’s all for a good cause, banning all that nasty porn stuff and everyone will behave and be nice to each other. Who knows they might be right, but what I do know is that censoring and filtering the internet doesn’t work – it never does.
An adviser to Iceland’s interior minister- Ogmundur Jonasson who is drafting the legislation was quoted as follows –
“At the moment, we are looking at the best technical ways to achieve this…..but surely if we can send a man to the moon, we must be able to tackle porn on the internet.”
A comment that first got me thinking, can Iceland actually send a man to the moon and secondly they haven’t got a clue about how to achieve this and what sort of issues they will face.
It’s just another of these populist ideas that politicians have, the fact that when you start censoring and filtering the internet, you also start to erode people’s civil liberties. I have no idea if there is any scientific basis to the argument that no porn on internet = less rape and sex crimes, I suspect very little. However I do know that any content filtering will only work against a minority of citizens and almost exclusively on the law abiding ones.
There are so many ways to bypass these filters, that your average sexual predator will easily be able to access whatever pornography they like. The Chinese Government have invested billions in their Great Firewall of China and yet your average 12 year old Beijing schoolboy can easily bypass them using a simple VPN or high anonymity proxy. Do we have any evidence that Iceland will come up with a technical solution more advanced than the People’s republic of China – obviously it it’s not going to happen.
What will happen is that another Government will have a little more control over it’s citizens, but only the ones who follow rules anywhere. The Iceland government will also have this infrastructure installed so maybe next year they’ll think of some thing else we shouldn’t do online and will add that to the banned list. It always happens you start by banning one thing then it just get’s easier and easier to control more aspects of what people can do online.
It’s negative, oppressive and most of all it doesn’t work…..
If you’re in Iceland, Kuwait, Iran, China or anywhere else where the Governments decides whether you can watch porn, politics , sports or whatever – then try this – Identity Cloaker, it’s not just a simple porn proxy either over, but a sophisticated security product that can bypass all sorts of blocks and filters and keep you hidden whilst you do so!
The United States of America is known for its declarative stances on life, liberty and the pursuit of happiness. However, this doesn’t seem to be the case when we spend a lifetime – pursuing liberty – only to be met with the unhappiness of censorship. In today’s modern world, the battle for freedom, along with the war against freedom of expression, has shifted gears online. Repressive regimes persistently undermine global civil liberties; cunningly employing various Internet censorship techniques to appear stagnant and under the radar.
The magnitude of Internet filtering and censorship in any given nation is measured by the OpenNet Initiative, or “ONI.” According their website mission statement, the OpenNet Initiative aims to “identify and document Internet filtering and surveillance, and to promote and inform wider public dialogues about such practices.” There are 5 categories of censorship magnitudes (in addition to various nations profiled on ONI’s website) that are structured upon the following bases:
1.) Lack of Evidence
In this case, there is no apparent evidence that websites are being blocked by the government, though forms of control may be employed. The biggest offending countries of proof-voided corroboration are: Afghanistan, Algeria, Bangladesh, Egypt, France, Germany, Iraq, Israel, Malaysia, Nepal, Nigeria, Uganda, Ukraine, United Kingdom, United States, Venezuela and finally, Zimbabwe.
This category alludes to suspicion of blocked websites by governmental influences, yet without tangible confirmation. A prime example is North Korea, which has a national intranet with approximately 30 approved websites. North Korea is an extremely isolated country, and this separation contributes to the difficulties posed in obtaining substantial information.
This grouping implies that a small number of websites may be blocked, and/or a small number of people may see filtered results. Countries such as Armenia, Azerbaijan, Belarus, Georgia, India, Italy, Jordan, Kazakhstan, Libya, Moldova, Morocco, Russia, Singapore, Tajikistan, Thailand and Turkey serve as the deeming nations under this category.
This category identifies nations that filter search results, while further blocking websites at a regularly-low or moderate level. Countries likely to be considered under this grouping are Burma, Ethiopia, Gaza and the West Bank, Indonesia, Pakistan, South Korea, Sudan and Uzbekistan.
Under this extreme magnitude, massive censorship is implemented by the government. Many websites are blocked and freedom of expression is severely limited. Participating nations include: Bahrain, China, Iran, Kuwait, Kyrgyzstan, Lebanon, North Korea, Oman, Qatar, Saudi Arabia, Syria, Tunisia, Turkmenistan, United Arab Emirates, Vietnam and Yemen.
In an attempt to expose cyber filtering and surveillance practices, OPI monitors and rates four areas of Internet activity, as listed below.
These websites generally centralize around taboo issues; ranging from sexually-explicit content, various forms of betting and drugs. The worst offending countries are considered to be: North Korea, Yemen, Uzbekistan, United Arab Emirates, Tunisia, Saudi Arabia, Qatar, Oman, Kuwait, Iran and Bahrain.
This area pertains to website content that opposes, refutes or negates governmental control. Additionally banned are issues regarding human rights and freedom of expression. Implied transgressing countries are North Korea, Vietnam, Turkmenistan, Tunisia, Syria, Libya, Iran, China, Burma and Bahrain.
iii.) Internet Tools
This degree interferes, monitors and tampers with e-mail; web hosting; search and translation; VoIP communications and social media. In light of the Arab Spring uprising, social media has skyrocketed as expressive platforms that convey both sentiments and information in opposition with imposed, authoritative control. The worst offending nations are North Korea, Yemen, United Arab Emirates, Tunisia, Syria, Saudi Arabia, Qatar, Kuwait and Iran.
iv.) Conflict & Security
This classification includes anything spanning a vast military spectrum, with sectors in opposition, separatist movements and militant groups. The nations assumed under this category are North Korea, South Korea and China.
In a June 2011 issue of the New York Times, the United States was chronicled as a nation engaged in a global effort to “deploy shadow Internet and mobile phone systems[in which] dissidents can use to undermine repressive governments that seek to silence them by censoring or shutting down telecommunications networks.” Additionally, internet censorship can be circumvented by utilizing a proxy server website to access banned data. A proxy server website is an un-blocked server that is outside of the censored geographic area of the user. This website tool enables retrieval of censored data. Another way to informationally-intervene is by changing a censored IP address to that of an IP from a non-censored country, for example by using change IP address software. For assistance in visualizing the above information, look at our infographic below which showcases the key points of anti-censorship data. After all, it’s only fair that a democratic nation encourages “freedom of speech” as a globally-applicable entitlement.