How is Netflix able to detect a private VPN?

networking vpn openvpn

Solution 1:

Okay, mystery solved. As someone suggested in the comments, I tried to access Netflix directly from my VPS (I had to setup VNC for that) and got blocked!

The positive thing is that Netflix is clearly not using any dark magic to reveal that you are hidden behind a VPN (because in this particular case, I was not and got blocked anyway).

The negative thing is that Netflix is apparently very aggressive when it comes to blocking IP addresses.

Until now, I was under the impression that Netflix blocks IP addresses based on the suspicious traffic going through those IPs. In the case of this particular VPS provider, I find it very unlikely. I seriously doubt that anybody has built a public VPN which was heavily used to access Netflix because the provider is located in a country where Netflix gets only around 10% of the US content. It would make no sense at all to tunnel to this country to watch Netflix.

My guess would be that Netflix uses some kind of smart algorithm to distinguish between IPs belonging to ISPs (those are good) and to VPS providers (those are bad as they are likely to be used for VPNs). My IP is registered to a company whose name actually contains the word "hosting" which means that the algorithm didn't have to be really smart in this case.

So to answer my original question, I'd say that even though nothing suggests that it is actually possible to detect a VPN, the source IP address can reveal enough information about itself to make it clear that this is no Jon Doe browsing from his home computer.

Solution 2:

The way they are blocking in particular seems to be done through blocking routes coming from data centers who may be hosting VPNs (Not likely to be legitimate traffic at all) and even going as far as working with ISPs who actually have stuff like this to provide to homes and businesses: https://openconnect.netflix.com/en/ - Guaranteeing their routing is going to be quite strict (Check the deployment guide which goes somewhat into this: https://openconnect.netflix.com/deploymentguide.pdf ).

The proposed solution I've heard so far to this is to use a VPN method which works 'peer to peer' - Essentially something like a ghetto version of tor without the onion routing aspect of it. Think kind of like Hola, which was that crazy one which faced a lot of controversy years ago because it had nasty security vulnerabilities (And which may be a deciding factor in you not using this particular circumvention). There's some solutions here which may work for you:

https://www.freelan.org/

https://peervpn.net/

And given a couple of google searches more, this is even being talked about in Forbes magazine:

http://www.forbes.com/sites/thomasbrewster/2016/06/29/netflix-vpn-block-responsible-bypass/

You may also have luck setting up openvpn PROPERLY (with dns leaks etc taken care of, of course - a fun learning exercise and skill to have) at an obscure data center, but that approach may be hit-or-miss and/or costly.

Related

How to determine how dead a HDD is from SMARTCTL report
How to take a screenshot of an entire scroll element?
How do I make a USB partition so no one can erase it
Java Regex Replace with Capturing Group
Subversion: Can I checkout, modify, and then make it a branch?
How to force update Single Page Application (SPA) pages?
When to use Application_Start vs Init in Global.asax?
Can an Android device act as an iBeacon?
Why is reflection called reflection instead of introspection?
import from another java project in eclipse
Directly accessing an instance variable vs. Using an accessor method
Concatenate Numpy arrays without copying