UK State Surveillance - Investigatory Powers Act 2016

It's been around for years in various guises, but unfortunately it looks like the ridiculously intrusive 'snoopers charter' bill has become law in the UK.   The Investigatory Powers Act 2016 is basically a surveillance law that requires ISPs and telephone companies to store everyone's digital history for 12 months.  This data then must be supplied to a list of 'approved agencies' on demand - people like police, security services and some official government agencies.

That's worth thinking about, a democratic elected government wants access to everything you do online for 12 months.  Every tweet, every web page you view, every video you watch, every song you listen to - all available for a selection of Government departments to peruse at their leisure.  It's a completely unprecedented level of access - a level right up there with the very worst authoritarian regimes across the world.   Make no mistake though, the Investigatory Powers Act will become an excuse, a legitimate blueprint for intrusive spying and surveillance across the world.

The excuses are the usual predictable ones which are used by these same regimes, heightened security threats, safety of our citizens, essential for combating terrorism.   However remember this huge amount of data is the ordinary browsing history of millions of innocent ordinary people, our privacy completely destroyed on the slim chance of catching a particularly careless or stupid terrorist.

It doesn't stop there though, there are more powers granted to the security services.  Powers to hack into phones and computers, the power to collect data in bulk, although they've already been doing this illegally for years anyway.    Access to journalists call and web data is also allowed even if they're trying to maintain confidentiality - handy for cover ups and blocking unwelcome investigative journalism!

If the internet had been around in the heydays of the KGB and Stasi, it's probably not far off the model they would have applied.  It's basically total surveillance with a hint of respectability and privacy rights, all easily bypassed with a slight justification and a judges signature.

Is the total sacrifice worth it?  Will we become completely terror free? Terrorists picked up in their droves whilst planning attacks on innocent people?   Of course not, there are ways to avoid detection - you can use encryption and residential VPNs to hide your communications.   There are lots of inexpensive security services which will ultimately block all but the most concerted efforts.  Will the average well funded terrorist be able to afford $10 a month to use a VPN?   Of course they will, and inevitably you will be left with the security services left spying on the rest of us whilst their data passes by in a blur of encrypted gibberish.

The security services will be left spying on innocent people like you and me whilst the terrorists laugh down their encrypted channels as yet another civil liberty has been taken from us.


Downloading Torrents Anonymously

When you want the latest movie or music file, many users turn instantly to BitTorrents with good reason. If a new movie is released on DVD you can be assured that within hours someone somewhere will be starting to share it, and that's all it takes with torrents - one helpful upload and pretty soon there's thousands of people able to help distribute. Peer to Peer downloading like this also provides incredible download speeds, especially as the technology as developed. In it's infancy you were likely to get stuck for days or weeks on a file as uploaders logged off, nowadays that rarely happens especially with popular titles.

There are problems though and the major one is pretty serious - anonymity or the complete lack of it. You see when you connect to a torrent, using any BitTorrent client then you're all actively sharing the file you are downloading which means anyone can see your IP address and the client you are using. It's all readily available as you can see from this screen shot.

Everyone's IP address visible to anybody else who is in that swarm and downloading the file which makes privacy kind of a non-starter.

Now to your fellow down loader,  this is of little interest and there's no real issue. Unfortunately there are others joining these download swarms who are actively searching for your identity. They can be logged into two main sections -

  •  Anti-piracy organisations.
  •  Law firms acting for copyright holders
Both of these will go one step further as soon as they have the name of the file you're downloading and your IP address - they will look up your real identity.   It's not hard to do your ISP for example can supply the full name and address associated with each IP address very easily.  After that happens you'll either receive a DCMA notice or arguably worse a threat of legal action from one of these dodgy law firms like ACS Law which we wrote about here many years ago.

It's a very lucrative occupation, instead of simply selling copies of a movie you just track down all the people who are illegally downloading it and threaten them with huge fines or legal action. It works especially well with porn movies as the victims are usually less likely to go to court to defend their position on downloading 'sexy teen nympho nurses' - for obvious reasons. 

So although BitTorrent clients are incredibly easy to use and give you access to just about any digital content you like - it's not smart to use them without taking some precautions.  Anonymous torrenting is possible but you need to hide your IP address from both your ISP and the rest of the swarm plus hide the file you are downloading from your ISP.   The logical answer which solves all this is to use a VPN but beware not all these services allow the use of BitTorrent simply because of the huge bandwidth they tend to use.


Netflix Subscriber Growth Falls - VPN Payback

Over the last few weeks, we have covered in these pages the fact that millions of people have been blocked from accessing their Netflix account.   Although perhaps we should clarify that most have been blocked from they're preferred Netflix version rather than completely restricted.

I'm referring of course to the almost 100% ban which has been implemented by Netflix on using VPNs and proxies to circumvent the region locking which is used by the site to stop people sneaking off to use different versions.   Most people for example use these tool to view the US version of Netflix through their account despite not being in the US.   The VPNs could hide your real location and allow you access.whichever version you wanted.

The version was nearly always the US version which has thousands more movies and shows than the other versions of Netflix.  Many Canadians for example rarely logon to the Canadian Netflix instead firing up their VPN and switching to a US server before going to their account.

However then it started - the Netflix Block VPN purge where they suddenly blocked access from any non residential IP address which meant that virtually every VPN server (which all reside in commercial data-centres) stopped working and users received the now infamous error message.

Imagine literally hundreds of thousands subscribers saw this message within a few days as they fired up their faithful VPN clients.  It will have generated some serious ill will towards the media giant - imagine being half way through some US only box set when the rug is literally whipped from under your feet.

What Netflix wants to happen is for people to stop all this geohopping and go back to using their own specific Netflix version.   However it is likely many will simply quit, switch to another media provider or perhaps just go back to downloading via torrents all the stuff on the Netflix servers and more.   There has already been a huge slowdown in subscriber growth, the simple reality is that many Netflix users aren't interested in their own geographically locked version - most want the US Netflix.

It will be interesting to see how this develops, there is little doubt that Netflix will have been under pressure from the content providers and copyright holders to lock out these VPN users.   The costs might have been seriously underestimated from the media giant though, VPN based subscribers represent a significant portion of users and many will simply go elsewhere.


Using a Proxy for Netflix

I've had a few comments with this question, so I thought since this blog has covered the use of proxies for many years I'd better try and answer.  So can you use a Proxy for Netflix?   Well the simplest answer is no, they don't work - it's kind of sad but true, the days of simply using a proxy server to bypass region locks are pretty much gone.

Of course, I've still got many proxies installed in various places across the world but unfortunately most of these are of very little use now, except for a few of my more obscure projects.
Proxy for Netflix
The problem is that all the big media sites, governments and intelligence agencies can easily automatically identify the use of a proxy now, it's then very easy to block them.  They haven't worked with Netflix for some time and in fact the only real use for a proxy was to access the BBC iPlayer which never seemed that bothered about them - but even they blocked access from a proxy last year too though.

To access these media servers from a different country you can forget using a proxy for Netflix - you need to use something more difficult to detect like a VPN.

If I can't Use a Proxy for Netflix? What Now?

Doe that mean you're stuck with the crappy localized version based on your real location, will Canadian Netflix users have to stare jealously whilst US users a few miles away pay the same price for three times as much.  Well thankfully no, but you will need to use something more sophisticated which is harder to detect such as a VPN or SSH tunnel.   These can be encrypted and are not identifiable when you visit a website, at least not if they're configured correctly.

Netflix though has gone further than all the other media companies, they have targeted VPN services heavily too.  At the time of writing about 95% of these VPN services are blocked also, if you try and use a VPN to access Netflix you'll get this message.

Proxy for Netflix

Netflix have started to block based on the classification of the IP address which is connecting. So although they can't actually identity the presence of the VPN, they know that almost all of these services use a commercial IP address. This is actually an easy block to implement and Netflix have simply restricted access to residential IP addresses. The difficulty is that these addresses are not easy to find, if you've ever looked for a residential VPN service then you'll know that they are both rare and very expensive.  This is because they're normally only available to ISPs to service home user connections, you can't normally assign these to data center server.   However one company has solved this -
Identity Cloaker are one of the VPN providers who have implemented a solution, although currently it only allows access to the US version Netflix. What the software does it to detect when a connection is made to the US version of Netflix, then it will route the VPN through a residential IP address instead of a commercial one.

This has the advantage of allowing access to US Netflix whilst minimizing the use of these residential addresses which reduces the cost. Transferring entirely to a residential IP network would involve a heft price rise simply to break even.

So forget using a proxy for Netflix now, but you can always use Identity Cloaker - test the trial here.  It works for all the other media sites too but only uses residential addresses for US Netflix currently.


Residential VPN Services and Netflix Blocks

So what exactly are residential VPN services and why are they so hard to find?    Well millions of  us have been using VPN services for many years for a variety of  reasons usually involving online privacy, security and bypassing all these stupid region locks that appear all over the internet.

It is probably region locking which is the important factor here because if your focus is simply anonymity there is little difference between a residential VPN and an ordinary service.  In truth, anonymity is probably best served by establishing a connection to a server housed in a secure non-residential data center.

The difference between residential VPN services and a standard one is simply the type of IP address that is assigned to your connection.

There are in fact two distinct groups of IP addresses -

  • Standard Commercial IP address assigned from a Datacentre
  • Residential IP address assigned normally from your ISP

For many years this distinction was unimportant, you needed an IP address to get online and it didn't much matter where it was assigned from.  But in the last few months this has begun to change and there's every indication that it's going to get more and more important.

What do you mean Netflix doesn't work anymore!!!
The first indication has been in the ongoing war between the online media giants who are determined to use region locking to control our viewing.  It's why you can't watch the BBC iPlayer outside the UK, Hulu outside the USA and use your Netflix account in a country where it's not supported - all these companies actively block such connections.

This has been a problem easily circumvented though simply by hiding your real IP address and instead connecting through a VPN/proxy service.  Unfortunately the companies are fighting a real war against these services - proxies are now pretty much useless as most of the media giants can detect and block them easily.

VPNs have survived longer because the encrypted connections are much more difficult to identify.  However these too have now begun to be blocked particularly by the media giant - Netflix.   Nearly all VPN services are now blocked by Netflix, see Netflix Blocking VPN and you'll get this warning message if you try and use one -

What Netflix is doing is not trying to detect the VPN or proxy itself but merely  the source of the IP address.  If it originates from a standard data center then it is deemed to be a proxy or VPN service and blocked. Netflix now only allows access to residential based IP addresses assigned from an ISP.

Almost overnight every single VPN service became useless for accessing Netflix - which was quite upsetting to many of us!  Fortunately the services are beginning to fight back and a couple of the most advanced services like Identity Cloaker are already bypassing these blocks again.

What they are doing is using residential IP addresses assigned to their VPN servers.  For example Identity Cloaker now assigned a random residential IP address to any connection made directly to any Netflix website - this ensures that the connection is never blocked.

There are not many of these residential VPN services available yet simply because the technology to assign them is quite new and these addresses actually cost much more than standard IP addresses.   It is expected though that many of the other big media sites will follow Netflix's route in the future and block all non-residential traffic.

You can try the 10 Day trial for Identity Cloaker here - but please note that you'll only get a US residential IP address when connecting to US Netflix as they are not yet required for the other media sites.