In message <CAOZq8-g_w1+y+K0eSrVtR+MyHP_JVFCvnpmeZFLMOYL6NEd=h...@mail.gmail.com> , Damian Menscher writes: > On Sun, Jun 5, 2016 at 2:59 PM, Owen DeLong <o...@delong.com> wrote: > > > > > On Jun 5, 2016, at 14:18 , Damian Menscher <mensc...@gmail.com> wrote: > > > On Fri, Jun 3, 2016 at 4:43 PM, Baldur Norddahl < > > baldur.nordd...@gmail.com> wrote: > > >> Den 4. jun. 2016 01.26 skrev "Cryptographrix" <cryptograph...@gmail.com > > >: > > >>> > > >>> The information I'm getting from Netflix support now is explicitly > > >> telling > > >>> me to turn off IPv6 - someone might want to stop them before they > > >>> completely kill US IPv6 adoption. > > >> > > >> Not allowing he.net tunnels is not killing ipv6. You just need need > > >> native ipv6. > > > > > > This entire thread confuses me. Are there normal home users who are > > being > > > blocked from Netflix because their ISP forces them through a HE VPN? > Or > > is > > > this massive thread just about a handful of geeks who think IPv6 is > cool > > > and insist they be allowed to use it despite not having it natively? > I > > > could certainly understand ISP concerns that they are receiving user > > > complaints because they failed to provide native IPv6 (why not?), but > > > whining that you've managed to create a non-standard network setup > > doesn't > > > work with some providers seems a bit silly. > > > > What is non-standard about an HE tunnel? It conforms to the relevant > RFCs > > and > > is a very common configuration widely deployed to many thousands of > > locations > > around the internet. > > > > What *is* standard about them? My earliest training as a sysadmin taught > me that any time you switch away from a default setting, you're venturing > into the unknown. Your config is no longer well-tested; you may > experience strange errors; nobody else will have seen the same bugs.
Well the encapsulation is standardised. There are 100's of thousands of tunnels many of which have been running for over a decade now. My tunnel is 13 years old at this point. But hey, I may be venturing into the unknown. > That's exactly what's happening here -- people are setting up IPv6 tunnel > broker connections, then complaining that there are unexpected side > effects. Side effects that took 13 years to materialise. Yeah pull the other one. > Itâs not that Netflix happens to not work with these tunnels, the problem > is > > that they are taking deliberate active steps to specifically block them. > > > > [Citation needed] ;) http://www.wired.com/2016/03/netflix-discontent-blocked-vpns-boiling/ > You're taking this as an attack on Hurricane Electric, and by extension on > IPv6. But the reality is that Netflix has presumably identified HE tunnel > broker as a frequent source of VPN connections that violate their ToS, and > they are blocking it as they would any other widescale abuse. The impact > to their userbase is miniscule -- as noted above, normal users won't be > affected, and those who are have the trivial workaround of disabling > tunnelbroker for Netflix-bound connections. (I agree Netflix could > helpfully 302 such users to ipv4.netflix.com instead, but it's already > such > a small problem I doubt that's a priority for them. And it probably > wouldn't reduce the hype here anyway.) It is a attack on HE. HE also provides stable user -> address mappings so you can do fine grained geo location based on HE IPv6 addresses. Also despite what the content cartel say using a VPN to bypass georestrictions to get movies is not illegal, nor is it "piracy". Individuals are allowed to import content from other countries. It is commercial importing that is banned. > As a side note, this is a common meme: recently Tor claimed CloudFlare is > anti-privacy for requiring captchas for their users. The reality is much > more mundane -- service providers need to protect their own networks, and > Tor traffic is (according to CloudFlare [ > https://blog.cloudflare.com/the-trouble-with-tor/]) 94% abuse. HE is not Tor. HE is just a ISP that doesn't do large geographic IP blocks. > I suggest you focus your efforts on bringing native IPv6 to the masses, > not > criticizing service providers for defending themselves against abuse, just > because that abuse happens to be over a network (HE tunnel broker; Tor; > etc) you support. Netflix isn't hurting IPv6 adoption in any real way, > but > the (incorrect!) claim that IPv6 doesn't work with Netflix will (if this > thread is picked up by the press). > > Damian -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
