How Is NordVPN Unblocking Disney+?

https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30

Interesting way used to catch them, using the Akamai header.

Only thing left from the article would be a portscan proving that a big percentage of the listed hosts are webcams, home routers and other insecure IoT stuff. They use a backconnect to route traffic trough compromised hosts, this is common practice in the VPN industry.

I'm of course biased, but think twice before supporting with your wallet this kind of scum.

«1

Comments

  • MikeAMikeA Hosting ProviderOG
    edited November 2019

    If what is written in that article is true, isn't this pretty much highly illegal for NordVPN to do?

    I've only used a few commercial VPNs, and only stick with PIA now, and I've never seen any popular commercial VPN do this.

    ExtraVM - High RAM Specials
    Yours truly.

  • FHRFHR Hosting ProviderOG

    @MikeA said:
    If what is written in that article is true, isn't this pretty much highly illegal for NordVPN to do?

    Depends on how they gain access to the proxies. If the users (who serve as relays) agreed to run the proxies on their computer, it's probably not illegal.

    However, if they use compromised machines.... that's a whole another thing.

    SkylonHost.com High Bandwidth European Cloud KVM | AS202297

  • Yeah, it's mostly illegal and there is a whole industry constructed around the lack of public knowledge about the practice:
    https://medium.com/@xianghangmi/resident-evil-understanding-residential-ip-proxy-as-a-dark-service-dea9010a0e29

    The only "legal" service of this kind would be Hola/Luminati since they kind of ask permission from their users, as far as I am aware.

    This backconnect technique is exactly the same which has been used by carders for decades, but now there are "legal looking" services providing this for geoblocking bypass, bots buying concert tickets and limited edition sneakers, scraping... that kind of stuff.

  • MikeAMikeA Hosting ProviderOG

    @FHR said:

    @MikeA said:
    If what is written in that article is true, isn't this pretty much highly illegal for NordVPN to do?

    Depends on how they gain access to the proxies. If the users (who serve as relays) agreed to run the proxies on their computer, it's probably not illegal.

    However, if they use compromised machines.... that's a whole another thing.

    Yeah, I'm talking if they end up mostly being compromised IoT devices, that would be really bad since large commercial services would be fueling it.

    ExtraVM - High RAM Specials
    Yours truly.

  • @MikeA said:

    @FHR said:

    @MikeA said:
    If what is written in that article is true, isn't this pretty much highly illegal for NordVPN to do?

    Depends on how they gain access to the proxies. If the users (who serve as relays) agreed to run the proxies on their computer, it's probably not illegal.

    However, if they use compromised machines.... that's a whole another thing.

    Yeah, I'm talking if they end up mostly being compromised IoT devices, that would be really bad since large commercial services would be fueling it.

    The second link I provided shows context on the number of positively identified IoT devices (nearly 50%). You can't just identify every device, but gives a good idea of what is going on.

  • @Nyr said:
    this is common practice in the VPN industry.

    Damn. I regularly use a VPN. Is there a way to check if my network is being (ab)used in this way?

    It's pronounced hacker.

  • @jaquer said:

    @Nyr said:
    this is common practice in the VPN industry.

    Damn. I regularly use a VPN. Is there a way to check if my network is being (ab)used in this way?

    Generally speaking it isn't being abused from your VPN usage, except if you are using Hola, then yes.

    They source those hosts from other places, your VPN provider isn't using you as a host. A different question is if you can trust them.

  • Oh, I get it. I'm an idiot. Still not cool. I use AirVPN. I like their philosophy in general, I certainly hope they're not stooping to this level of assholisness.

    Thanked by (1)mfs

    It's pronounced hacker.

  • YmpkerYmpker OGContent Writer

    Very concerning, thanks for the share.

  • Yikes

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • Eyebrow raised
    This should be popcorn material soon.

  • maybe PIA and Ivacy do the same? :s

  • nottynotty OG
    edited November 2019

    I was confused why they needed the Akamai header thing instead of just going to whatismyipaddress.com or similar.

    Do these VPNs route your traffic via different IPs depending on the traffic destination? If so, even that is a bit shady and unexpected.

    root@notty

  • P0rnhub got Into VPNs With VPNhub

    Just dropping this here.

  • InceptionHostingInceptionHosting Hosting ProviderOG
    edited November 2019

    THIS is something I am going to read in detail with interest, this could be a huge deal if it gets blown open by the popular media.

    Someone link the Linus Tech Tips forum to here to read about it :)

    Thanked by (2)Ympker PureVoltage

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • These are actually pretty serious allegations, albeit coming from an unknown Medium author. I'd like to see some kind of independent verification before we jump to conclusions.

    Perhaps someone who has NordVPN can try out the curl command in the article and report back?

    root@notty

  • @MarkD said:
    maybe PIA and Ivacy do the same? :s

    I'm def not renewing PIA after them being acquired recently.

    Gonna try my luck running own VPN

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @havoc said:

    @MarkD said:
    maybe PIA and Ivacy do the same? :s

    I'm def not renewing PIA after them being acquired recently.

    Gonna try my luck running own VPN

    Take a look in to the NAT world, between me, @mikho and @cam you have the choice of around 16 locations world wide.

    I suppose it depends on what you use them for.

    Thanked by (1)cam

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • mikhomikho AdministratorHosting ProviderOG

    @AnthonySmith said:

    @havoc said:

    @MarkD said:
    maybe PIA and Ivacy do the same? :s

    I'm def not renewing PIA after them being acquired recently.

    Gonna try my luck running own VPN

    Take a look in to the NAT world, between me, @mikho and @cam you have the choice of around 16 locations world wide.

    I suppose it depends on what you use them for.

    Not to brag, but I got 14-15 locations on my own ;)

    Thanked by (2)cam uptime
  • InceptionHostingInceptionHosting Hosting ProviderOG

    ok about 20 then.

    MR.VPN coming soon?

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • AnthonySmith said: Take a look in to the NAT world, between me

    Yeah think I have some of your 256mbs.

    Might post something elaborate in technical section at a later stage, but getting some blog stuff up and running is priority

  • notty said: I was confused why they needed the Akamai header thing instead of just going to whatismyipaddress.com or similar.

    Do these VPNs route your traffic via different IPs depending on the traffic destination? If so, even that is a bit shady and unexpected.

    Well, not so shady in itself.

    Imagine I want to connect to a server in The Netherlands for my normal activities, but also want to watch US Netflix. They will provide the NL connection and redirect some Netflix traffic to the US residential backconnect.

    They will always try to route as little traffic as possible through the backconnects because it is slow and expensive, only whatever is needed to pass the geo checks.

    notty said: These are actually pretty serious allegations, albeit coming from an unknown Medium author. I'd like to see some kind of independent verification before we jump to conclusions.

    Perhaps someone who has NordVPN can try out the curl command in the article and report back?

    Of course that would be good (and easy to do) but I have no doubt. There is not any other way to access this kind of residential-restricted services, you can't rent a server anywhere, a real residential connection is needed and you need lots of them because otherwise they would be banned and of course they are slow and unreliable.

    havoc said: Gonna try my luck running own VPN

    Maybe you already know, but maybe try combining this:
    https://talk.lowendspirit.com/discussion/186/inception-hosting-black-friday-servers-from-2-33-p-year-30-discounts

    With this:
    https://github.com/Nyr/openvpn-install

    Lots of people will give assistance here if you need help figuring things out.

    Thanked by (1)notty
  • nottynotty OG
    edited November 2019

    Amazingly it seems there are patents covering these "methods" for obtaining the IP addresses. Maybe not be quite as bad as IoT botnets, but still extremely dodgy. I'll be thinking twice the next time I download a "free app".

    https://cdn-resprivacy.pressidium.com/wp-content/uploads/2018/08/Luminati-Networks-LTD-vs-UAB-Tesonet.pdf

    Upon information and belief, the above OxyLabs embedded code has been
    integrated in at least the following software applications that may be downloaded by any user
    located anywhere having Internet access: AppAspect Technologies’ “EMI Calculator” and
    “Automatic Call Recorder”; Birrastorming Ideas, S.L’s “IPTV Manager for VL;” CC Soft’s
    “Followers Tool for Instagram;” Glidesoft Technologies’ “Route Finder;” ImaTechInnovations’
    “3D Wallpaper Parallax 2018;” and Softmate a/k/a Toolbarstudio Inc.’s “AppGeyser” and
    “Toolbarstudio.”

    (Edit: this is not NordVPN's patent. It seems Tesonet the defendant is allegedly linked to Nord)

    root@notty

  • Yeah I would just throw a VPN on a LES " @AnthonySmith @mikho " or @cam box. In my testing they have been reliable and they do the job for so little money!

  • notty said: It seems Tesonet the defendant is allegedly linked to Nord

    A classic act done with a shell company.

  • notty said: Do these VPNs route your traffic via different IPs depending on the traffic destination?

    That's not uncommon, particularly with VPNs that advertise unblocking content located in different countries as one of their features. For example, some VPNs let you watch American Netflix, BBC (UK), and ABC iView (Australia), all without having to switch to a different VPN endpoint to change the country. In cases like that they tend to configure their routing tables so that particular IP ranges are routed differently - Traffic destined for Australian services will be routed via Australia, etc.

    Thanked by (1)Ympker
  • InceptionHostingInceptionHosting Hosting ProviderOG

    So breaking this down in to super simple terms, if all the IOT things were to universally patch their shit, the VPN providers employing this tactic are dead?

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • Interesting that they figured this out using an Akamai header that it's generally considered best-practice to block access to for security reasons.

    Thanked by (1)BusterWolf
  • @AnthonySmith said:
    So breaking this down in to super simple terms, if all the IOT things were to universally patch their shit, the VPN providers employing this tactic are dead?

    I haven't seen any proof that they are actually using compromised IoT devices. Most likely that they get access via dubious "free" apps that unwitting consumers have installed - see the quote from the legal document I posted above. Still pretty dodgy mind you.

    root@notty

Sign In or Register to comment.