One of the dominant tech stories of the year has been the Netflix crackdown on VPN users, and six months in, the story continues to rumble on. Despite widespread criticism, Netflix is still attempting to, slowly but surely, block access to its service from each and every VPN. To look at some of the media coverage of their activities, it would be easy to assume that this is a battle Netflix is winning with ease. But to believe that would be to massively underestimate the scale of the cat-and-mouse game that Netflix has got itself into. And, as I shall explain below, it is a game they cannot possibly emerge from victorious.
Motivation
Why is Netflix suddenly so determined to clamp down on the use of VPNs? Well, it is no coincidence that this new policy was announced just days after another announcement when Netflix expanded its service to nearly every country in the world. The company has a long-term goal of being able to supply a single service with the same shows and movies to everyone across the globe. Speaking earlier this year at the CES trade show where the expansion was announced, Netflix Chief Product Officer Neil Hunt stated:
“Our ambition is to do global licensing and global originals, so that over maybe the next five, 10, 20 years, it’ll become more and more similar until it’s not different.”
That aim is a laudable one but to get there, it needs to win over the support of the key rightsholders for shows and movies. This principally means the big US TV networks and Hollywood studios – and these rightsholders will fiercely protect the rights to their content.
Netflix is all too aware of the common practice of VPN users around the world subscribing to its US service, which offers the broadest range of shows and movies, and is also amongst the cheapest services, too. To win them over, Netflix needs to be seen doing something to combat a practice, which until now, they have tolerated. After all, these people are still paying for a subscription. So, the main motivation is to please the rightsholders and advance their aim of having the rights to show everything, everywhere. They need to be seen to be acting, but they don’t necessarily have to be 100% successful in their crackdown.
How are they doing it?
Much of Netflix’s PR has made it appear as if they have developed some brilliant new technology to combat VPN use. The reality is a little more mundane. The way Netflix is blocking VPNs is a slow and time-consuming process of identifying IP addresses that are from VPN users and then blocking those IP addresses. It is a very inefficient and costly technique, which is why they have shied away from doing it in the past. The reason it is so ineffective is that while you can block an IP address, most VPNs have many they can use, and the process to change them is not especially difficult. Hunt summarized the problem pretty well himself at the CES show:
“We do apply industry standard technologies to limit the use of proxies [VPNs],” he said. “Since the goal of the proxy guys is to hide the source, it’s not obvious how to make that work well. It’s likely to always be a cat-and-mouse game. [We] continue to rely on blacklists of VPN exit points maintained by companies that make it their job. Once [VPN providers] are on the blacklist, it’s trivial for them to move to a new IP address and evade.”
Ineffective blocking
As well as the issue of VPNs simply changing their IP addresses, there is also the problem for Netflix of the sheer scale of the VPN market out there. There are hundreds of VPN services large and small, and it is all but impossible to identify and block every IP address of every VPN. To date, Netflix has targeted the bigger and more established names on the market. No doubt their reasoning is that they have the most customers and, therefore, blocking them is likely to have the biggest impact. This, in turn, has been a boost for smaller VPN providers, who can market themselves on the claim that they can get round the Netflix VPN blockage. These smaller VPNs have been making considerable market gains and if they, in turn, are targeted by Netflix, there are plenty more in line behind them.
VPN as a security tool
The other issue Netflix has struggled to adequately deal with to date is the reaction of legitimate VPN users. A VPN is a widely recognized and recommended tool for ensuring privacy and security online. Most experts will say you should not use a public Wi-Fi network without one as your data is essentially open for anyone to look at. And the growing concern over government surveillance has seen a big spike in VPN use by people who simply want to be more confident that their online activity is private. Netflix itself even used to recommend VPN use, yet it has done nothing to address the concerns of legitimate VPN users who are not using their VPNs to get around their geo-blocking technology but who are being shut out of Netflix anyway. It is, of course, impossible for Netflix to discriminate between those using a VPN for legitimate and non-legitimate purposes, and they have clearly made the decision to discriminate against one group in order to be seen to be taking action against the other. Indeed, speaking during an investor call last month, Netflix CEO Reed Hastings described VPN users as "a small but vocal minority" that are “really inconsequential to us.” That may be their corporate stance at the moment, but as the number of VPN users continues to grow, and the voices of discontent against Netflix’s blockade continues to grow, it is quite conceivable that this issue will have to be addressed in the future. For now, Netflix is showing no sign of backing down, and the VPN market continues to be agile enough for those users who are determined to use a VPN to access US Netflix from overseas to be able to do so. The status quo will remain, and the game of cat-and-mouse will continue. Ultimately, though, this looks like a war Netflix will need to heavily compromise on or outright lose in the end.
About the Author: Jordan Fried is the CEO and Founder of BufferedVPN. He has travelled and worked from over 40 countries while building his online businesses. Jordan is passionate about online privacy, blogging and living a fully remote life. You can reach Jordan on Twitter (@JordanFried) or directly at buffered.com. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
