Artificial regions, real risks

In my last encounter with what I call “artificial regions” that I talked about, I was complaining about the problems with ping-ponging between US and Italy, and then moving to Dublin. Those first-world problems are now mostly (but not fully) solved and not really common, so I wouldn’t call them “real” for most people.

What I have ignored in that series of posts was, though, the region-locking applied by Big Content providers, particularly in regards to movies, TV series, and so on. This was because it’s a problem that is way too obvious already, and there isn’t much that one can add to it at this point, it has been written about, illustrated and argued for years by now.

The reason why I’m going back to this now, though, is that there has recently been news of yet another scam, at the damage of the final consumers, connected to a common way to work around artificial region limitations. But first, let me point out the obvious first step: in this post I’m not talking about the out-and-out piracy option of downloading content straight from The Pirate Bay or anything along those lines. I’m instead going to focus on those people who either pay for a service, or wants to pay for content, but are blocked by the artificial region set up for content.

I’ll use as my first example Comixology of which I’m a customer, because I like comics but I travel too much to bring them with me physically, and more importantly would just increase the amount of things I’d have to move with me if I decide to change place. Unlike many other content providers, Comixology uses multiple regional segregation approaches: your payment card billing address tells you which website you can use, which actually only changes how much you’re paying; the IP you’re coming from tells you which content you can buy. Luckily, they still let you access paid content even if your IP no longer match the one you can buy it from.

This is not really well documented, by the way. Some time ago they posted on their G+ page that they opened a deal with a manga distributor so that more content was available; I took the chance to buy a bunch of Bleach issues (but not all of them) as I have not finished watching the anime due to other issues in the past, and I wanted to catch up on my terms. But a few weeks later when I wanted to buy more because I finished the stash… I couldn’t. I thought they broke off the deal, since there was no reference to it on the website or app, so I gave up… until they posted a sale, and I saw that they did list Bleach, but the link brought me to a “Page not Found” entry.

Turns out that they admitted on Twitter that due to the way the rights for the content go, they are not allowed to sell manga outside of the States, and even though they do validate my billing address (I use my American debit card there) they seem to ignore it and only care on where they think they are physically located at the moment. Which is kinda strange, given that it means you can buy manga from them if you’ve got an European account and just so happens to travel to the United States.

Admittedly, this is by far not something that only happens with this website. In particular, Google Play Movies used to behave this way, where you could buy content while abroad, but you would be stopped from downloading it (but if you had it downloaded, you could still play.) This was unlike Apple, that always tied its availability and behaviour on the country your iTunes account was tied to, verified by billing address of the connected payment card — or alternatively faked and paid with country-specific iTunes gift cards.

One “easy” way to work around this is to use VPN services to work around IP-based geographical restrictions. The original idea of a VPN is to connect multiple LANs, or a remote client to a LAN, in a secure way. While there is some truth about the security of this, lots of it is actually vapourware, due to so many technical hurdles of actually securing a LAN, that the current trend is to not rely on VPNs at all. But then again, VPNs allow you to change where your Internet egress is, which is handy.

A trustworthy VPN is actually a very useful tool, especially if what you’re afraid of is sniffers of your traffic on public WiFi and similar, because now you’re actually only talking with a single (or limited set of) points-of-presence (POP) with an encrypted protocol. The keyword here is trustworthy, as now instead of worrying of what people in your proximity could do with your non-encrypted traffic, you have to worry what the people who manage the VPN, or in proximity to the VPN provider, would do with that information.

Even more important, since VPNs are generally authenticated, an attacker that can control or infiltrate your VPN provider can easily tie together all your traffic, no matter where you’re connecting from. This is possibly the sole thing for which Tor is a better option, as there isn’t a single one manager for the VPN — although recent discussions may show that even Tor is not as safe from following a single user as some people kept promising or boasting.

These VPN services end up being advertised as either privacy tools, for the reasons just noted, or as tools against censorship. In the latter case the usual scare is the Great Firewall of China, without considering that there are very few websites that suffer what I’d define “censorship” on a country level — The Pirate Bay does not count, as much as I think it’s silly and counterproductive to ban access to it, censorship is a word I’d reserve for much more venomous behaviour. Region-locking, on the other hand, as I’ve shown is pretty heavy, but just saying out loud that you work around region-locking is not really good for business, as it may well be against all terms of service that people say they accepted.

Here comes the bombshell for most people: yes, VPN services are (for the most part) not managed by angels who want all information in the world to be free. Such “heroes” are mostly created by popular culture and are much rarer than you would think. Painting them as such would be like painting MegaUpload and Kim Dotcom as generous saviours of humanity — which admittedly I’ve seen too many people, especially in the Free Software and privacy-conscious movements, doing.

VPN services are, for many people, quite profitable. Datacenter bandwidth is getting cheaper and cheaper, while end-user speeds are either capped, or easily capped by the VPN itself. If you make people pay for the service, it’s not going to take that many users to pay for the bandwidth, and then start making profits. And many people are happy to pay for the service, either because it’s still cheaper than accepting the geographical restrictions or because they go for the privacy candy.

On the other hand there are free VPN services out there, so what about them? I’ve been surprised before by self-defined privacy advocates suggesting to the masses to use free VPN services, while at the same time avoiding Dropbox, Microsoft and other offerings with the catchphrase «If you’re not paying for it, you’re the product.» Turns out for free VPN providers, you most definitely are a product.

To use the neologism I so much hate, it’s always interesting to figure out how these providers monetize you, and that’s not always easy because it may as well be completely passive: they could be siphoning data the same way I described in my previous post, and then use that to target you for more or less legal or ethical interests. Or they could be injecting referral codes when you browse websites with affiliate programs such as Amazon (similarly to how some Chrome extensions used to work, with the difference of being done at the router level) — this is, by the way, one extremely good reason to use HTTPS everywhere, as you can’t do that kind of manipulation on protected pages without fiddling with the certificate.

Or, as it became apparent recently, they may be playing with your egress so that sure, you are now going to the Internet through some random US person’s address, but at the same time, your address is being used for… something else. Which may be streaming a different version of Netflix – e.g.: the Big Bang Theory is available on French Netflix, but not in the US one – or they may be selling stolen credit card data, or browse for child porn, or whatever else they care to do.

What’s the bottom line here? Well, it seems obvious that the current regime of rights that imposes region-locking of content is not only unlikely to be helping the content producers (rather than distributors) much – The Pirate Bay content never was region-locked – but it’s also causing harm to people who would otherwise be happy to pay to be able to access it!

I’m not advocating for removing copyright, or that content should be free to all – I may prefer such a situation, but I don’t think it’s realistic – but I would pretty much like for these people to wake up and realize that if I’m ready to give them money, it would be a good thing for them to accept it without putting me at risk more than if I were not to give them money and just pirate the content.

And now go, and uninstall Hola, for universe’s sake!

3 thoughts on “Artificial regions, real risks

  1. I guess that from the moral and logical point of view regional restrictions are very stupid but I think they affect too few people for the companies to care: I would love to use Netflix in German or French to improve my language skills, or some Italian could want to watch more sitcoms in English but I guess we are talking about a fraction of the market, so I am afraid companies will just not care. And also people travelling a lot internationally (as you are) are not so many.I think the only hope is the EU: I expect them to make illegal to restrict services to one European nation, so at some point I think we will have European-wide content but I do not expect it go further than that (BTW, I am living Dublin in 2 weeks and I am spending them in an apt in Barrow street, just in case you want to meet for good-bye pizza!)


  2. I’m a bit annoyed with same stuff on Steam. When I lived in Russian, I bought some games there, but after I moved to Germany I’m forced to install and play them only when I’m connected through VPN. That’s really annoying and sometimes make me think that if I own those games, it’s ok to download them from piratebay, just not to bother with vpn stuff.And also I think that this problem became more and more important because nowadays it’s easy to move to another country, especially if you are an IT guy (even Junior).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s