Private Internet Access Leaves Russia, Following Encryption Ban And Seized Servers

from the yikes dept

A few years ago, I got to travel to Moscow to present some of our research at an event. Having heard more than a few stories about internet access issues in Russia, before going I made sure that I had three separate VPNs lined up in case any of them were blocked. I ended up using Private Internet Access -- which was already quite well-known and reliable. That's my regular VPN, but I had been worried that maybe it wouldn't work in Moscow. I was wrong. It worked flawlessly. But apparently that's no longer the case. Just after Russia's new surveillance bill passed, complete with mandates for encryption backdoors and data retention (along with a demand that all encryption be openly accessible for the government within two weeks), apparently Russian officials seized Private Internet Access's servers in Russia, causing the company to send an email to all its subscribers, announcing what happened, what it was doing to fix things... and also that it was no longer doing business in Russia.

To Our Beloved Users,

The Russian Government has passed a new law that mandates that every provider must log all Russian internet traffic for up to a year. We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process. We think it’s because we are the most outspoken and only verified no-log VPN provider.

Luckily, since we do not log any traffic or session data, period, no data has been compromised. Our users are, and will always be, private and secure.

Upon learning of the above, we immediately discontinued our Russian gateways and will no longer be doing business in the region.

To make it clear, the privacy and security of our users is our number one priority. For preventative reasons, we are rotating all of our certificates. Furthermore, we’re updating our client applications with improved security measures to mitigate circumstances like this in the future, on top of what is already in place. In addition, our manual configurations now support the strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096.

All Private Internet Access users must update their desktop clients at https://www.privateinternetaccess.com/pages/client-support/ and our Android App at Google Play. Manual openvpn configurations users must also download the new config files from the client download page.

We have decided not to do business within the Russian territory. We’re going to be further evaluating other countries and their policies.

In any event, we are aware that there may be times that notice and due process are forgone. However, we do not log and are default secure against seizure.

If you have any questions, please contact us at helpdesk@privateinternetaccess.com.

Thank you for your continued support and helping us fight the good fight.

Sincerely,
Private Internet Access Team

Of course, the end result of this is going to make Russian internet users a lot less safe. The war on encryption is a really dumb idea, and kudos to PIA for taking a stand.

Filed Under: backdoors, encryption, russia, servers, vpn
Companies: private internet access

Netflix CEO Says Annoyed VPN Users Are 'Inconsequential'

from the you-mean-nothing-to-me dept

When Netflix recently expanded into 190 different countries, we noted that the company ramped up its efforts to block customers that use VPNs to watch geo-restricted content. More accurately, Netflix stepped up its efforts to give the illusion it seriously cracks down on VPN users, since the company has basically admitted that trying to block such users is largely impossible since they can just rotate IP addresses and use other tricks to avoid blacklists. And indeed, that's just what most VPN providers did, updating their services so they still work despite the Netflix crackdown.

Netflix's frankly over-stated "crackdown" is an effort to soothe international broadcasters, justly worried about licensing content to a company that is demolishing decades-old broadcasting power centers. But even superficial as it may be, Netflix's crackdown on VPNs still managed to erode user privacy and security, since obviously there are countless people using VPNs for reasons other than engaging in global Netflix tourism.

With that in mind, Netflix CEO Reed Hastings probably didn't win any new friends this week when stated on the company's latest earnings call that VPN users are loud but, ultimately, "inconsequential":

There was uproar from customers, some of which simply use VPNs to protect their privacy, with a petition calling for the ban to be lifted attracting over 40,000 signatures. But it seems Netflix, which generally cherishes its user experience, doesn’t seem fussed by this uprising.

“It’s a very small but quite vocal minority,” CEO Reed Hastings said during this week’s earnings call. “So it’s really inconsequential to us, as you could see in the Q1 results.”

And, if looking solely at growth, he's not wrong; the company reported that it now serves 81.5 million members, 42% of whom are now outside of the United States. That's 44,740,000 TV subscribers in the States alone, double Comcast's latest tally of 22,347,000 TV customers. While investors are worried about growing competition from Amazon and grandfathered customers' reaction to next-month's price hike (actually announced two years ago), most customers, VPN or otherwise, aren't leaving.

And while Netflix may be annoying some VPN users now, the company has repeatedly stated that its ultimate goal is to eliminate geographic broadcast restrictions entirely. That not only makes it so Netflix tourism is unnecessary, but it should reduce piracy -- something Netflix Chief Product Officer Neil Hunt reiterated earlier this year at CES:

“Our ambition is to do global licensing and global originals, so that over maybe the next five, 10, 20 years, it’ll become more and more similar until it’s not different”... “We don’t buy only for Canada; we’re looking… for all territories; buying a singular territory is not very interesting any more.... When we have global rights, there’s a significant reduction in piracy pressure on that content. If a major title goes out in the U.S. but not in Europe, it’s definitely pirated in Europe, much more than it is if it’s released simultaneously,” Mr. Hunt says.

In other words Netflix's long-term vision may be to eliminate fractured broadcast licensing so users don't need to use VPNs. But in the short term Netflix should probably try a little harder to avoid alienating its more technically savvy customers. They may be "inconsequential" now during Netflix's heyday, but may prove important once Netflix's streaming battle against Amazon, Hulu, Apple, and countless other companies starts to heat up.

Filed Under: customers, geo blocking, geo restrictions, reed hastings, security, vpn, vpns
Companies: netflix

Daily Deal: 2-Yr Subscription For Private Internet Access VPN

from the good-deals-on-cool-stuff dept

It's time for another great VPN deal. If you're not using a VPN and don't know why you'd want to, check out this post from 2013. Basically, if you want to be anonymous on the internet, you should use a VPN service. Get a 2-year subscription for Private Internet Access VPN service for just $59.95 and start browsing anonymously. Private Internet Access has some good reviews and has publicly answered TorrentFreak's serious questions about its privacy policies and logging practices.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Filed Under: daily deal, privacy, vpn
Companies: pia

Netflix's Assault On VPNs Is Stupid, Annoying And Erodes User Security

from the international-charade dept

Earlier this year Netflix surprised everybody by announcing it was expanding into 130 additional countries, bringing its total footprint to 190 markets. But alongside the announcement came the less-welcome news that Netflix was also planning to crack down more on "content tourism," or the act of using a VPN to trick Netflix into letting you watch content specifically licensed for other countries. If you take a look at what's available per country, the motivation to use a VPN to watch content not available in your market becomes abundantly obvious.

And while the press and public engaged in a lot of hand-wringing about Netflix's decision to crack down on VPN use, it really wasn't much of a problem for most VPN providers to bypass Netflix's restrictions. And indeed, if you'd been paying attention, you would have noticed Netflix basically admitting that this "crack down" wouldn't be much of one, since even the company realized it was largely futile:

"We do apply industry standard technologies to limit the use of proxies,” (Netflix chief product officer Neil) Hunt says. “Since the goal of the proxy guys is to hide the source it’s not obvious how to make that work well. It’s likely to always be a cat-and-mouse game. [We] continue to rely on blacklists of VPN exit points maintained by companies that make it their job. Once [VPN providers] are on the blacklist, it’s trivial for them to move to a new IP address and evade."

So why is Netflix engaging in a practice it realizes is largely pointless? To try and calm global broadcasting partners terrified by the fact that Netflix is re-writing the rules of global television and eroding the power of global media empires unchallenged for the better part of a generation. Netflix still needs to strike licensing deals with many of these companies, and to do so these broadcasters need to see Netflix as a partner, not a threat. So to keep these companies' executives calm, Netflix is basically giving a used-car-salesman-esque wink and saying "sure, we'll make sure your outdated regional restrictions still hold," even though Netflix's publicly-stated goal is demolishing region restrictions completely.

All of that said, Netflix's "crack down" on VPNs still has a notably negative impact on global user privacy and security. And as Dan Gillmor at Slate noted this week it's just downright annoying for the millions of paying customers that use a VPN everyday as a part of their routine security and privacy arsenal:

"No doubt this pleases the Hollywood studios, the control freaks of copyright. From this video watcher’s perspective, it’s beyond annoying. I don’t download Hollywood movies or TV shows from torrent sites. I pay, willingly, for streaming and DVD rentals and, for some special films, an outright DVD purchase. Yet I’m being punished when I stream video because I also want security. So are countless others who want to do the right thing. Tens of thousands have signed an online petition asking Netflix to reconsider."

It's unlikely that Netflix plans to do much about this in the short term. It knows most VPN providers will continue to provide workarounds for customers who know better, and is apparently willing to alienate and annoy customers unwilling or unable to switch VPN providers for the temporary, artificial benefit of its broadcaster relationships. If Netflix continues to be successful the good news will be that regional restrictions will die; the bad news is it's relatively clear the company doesn't give a damn about the repercussions as we wait the decade or longer it's going to take Netflix to actually accomplish this.

Filed Under: copyright, geoblocking, security, streaming, vpn
Companies: netflix

VPN Providers Laugh Off Netflix's New Futile War On VPNs

from the Whac-a-mole dept

Last week, we noted that the press spent much of the week hysterically claiming Netflix was waging a massive new war on VPNs and proxies to crack down on out-of-region viewing. Of course if you bothered to actually read Netflix's blog post on the subject, you'd note that Netflix wasn't actually implementing anything new. It was simply taking the same, modest attempts to block VPNs it has been using for several years into the 130 countries it just expanded into. These are, it should be noted, the same systems that Netflix's Neil Hunt just got done telling CES that they don't actually work:

"It’s likely to always be a cat-and-mouse game. [We] continue to rely on blacklists of VPN exit points maintained by companies that make it their job. Once [VPN providers] are on the blacklist, it’s trivial for them to move to a new IP address and evade."

So yeah, Netflix knows a war on VPNs and proxies is futile, it's just trying to placate broadcasters in new partner countries. Those broadcasters are (quite correctly) nervous about Netflix coming to town and utterly demolishing the kind of power and influence they've enjoyed for a generation or more. As we saw in Australia, many of these companies aren't really familiar with what competition looks like and don't really understand how technology works, so they've been pressuring Netflix and governments to wage war on VPNs -- as if this is going to somehow save them from the looming Internet video revolution.

And, right on cue, VPN providers are noting that what Netflix is doing may be annoying, but it's relatively trivial to bypass, since they can simply switch IP ranges and avoid Netflix blacklists:

"TorGuard is monitoring the situation closely and we have recently implemented new measures that can bypass any proposed IP blockade on our network. VPN users who encounter Netflix access problems are encouraged to contact us for a working solution,” he adds.

SlickVPN takes a similar stance and says that the static IP-addresses they offer are less likely to be blocked.

“We work tirelessly to ensure our customers have access to the entire internet. If we find that our IP addresses start to become blocked we’ll migrate to new IPs as needed. We also offer the option of static IPs which eliminates the problem entirely,” SlickVPN’s Greg Lyda says.

So in short, Netflix isn't really engaging in a massive new war on VPNs. It would be more accurate to say it's making a token effort to thwart VPNs it knows won't work, to appease necessary broadcast partners who don't really understand the technology they're whining about. None of this is to say that what Netflix is doing is good for the Internet or for its users, but it's a temporary hiccup on the path toward Netflix's eventual goal: uniform, consistent content licensing that looks the same in every country, instead of the bizarre, fractured content availability many of the new Netflix launch countries experience today.

Filed Under: geoblocking, proxies, streaming, vpn
Companies: netflix

Juniper Reveals 'Unauthorized Code' That Decrypts VPN Connections

from the let-the-speculation-begin dept

Well, well, well. Yesterday morning, Juniper Networks announced that it had discovered some "unauthorized code" in its ScreenOS that would allow "knowledgeable" attackers to decrypt VPN traffic on Juniper's NetScreen devices:

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.

At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.

Not surprisingly, speculation is running rampant concerning how this happened. Since this isn't just using some sort of zero day exploit, but rather "unauthorized code" -- it's pretty clear this isn't just some random security folks having fun. The most obvious possibilities here are nation-state level actors -- with a lot of finger pointing in the NSA's general direction. I would imagine, whether or not it's the NSA, there was a lot of freaking out at Ft. Meade yesterday as this came out. Either their own handiwork was exposed... or their own failure.

You may recall that, almost exactly two years ago the German newspaper Der Spiegel had a fairly revealing article about the NSA's Tailored Access Operations (TAO) unit, that focused on figuring out how to get into basically any computer or network. The article also discussed another group, Advanced or Access Network Technology (ANT) which focused on creating exploits in equipment. In the accompanying article about the "catalog" that ANT produces for the NSA to "purchase" exploits, it discusses targeting Juniper equipment:

In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."

Of course, if the code is already directly in the OS, that explains why the code can "survive 'across reboots and software upgrades'." In other words, while the original article suspected malware, perhaps the malware was already in the OS itself.

And, remember, this is the same government/NSA that now wants tech companies to share even more information with it via CISA...

Filed Under: decryption, encryption, feedthrough, network, nsa, screenos, surveillance, unauthorized code, vpn
Companies: juniper, juniper networks

BBC Blocks VPN Access To Its On-Demand Service, Even From UK

from the bad-for-everyone dept

The BBC is a rather odd organization. Unlike commercial broadcasters, or those given money directly by national governments, it is mainly funded by a public licensing fee that must be paid by anyone in the UK who watches or records TV programs in real time, using:

TVs, computers, mobile phones, games consoles, digital boxes and DVD/VHS recorders.

To justify the £145 (about $220) annual fee, the BBC takes the line that many of the programs available through its iPlayer service are only available to UK viewers. Of course, that's easy to circumvent using a VPN that allows those outside the UK to access content as if they were in the country. The BBC has finally woken up to this fact, and drawn exactly the wrong conclusion about what it should do, as TorrentFreak (TF) reports:

Over the past several days TF has received several reports from VPN users who can no longer access iPlayer from UK-based VPN servers.

"BBC iPlayer TV programmes are available to play in the UK only," is the notice they receive instead.

Instead of gracefully accepting the reality that geoblocking makes no sense in a world where VPNs allow users to appear to be more or less wherever they wish, the BBC has decided to try to block such access, including VPNs used by UK license-payers:

The BBC informs TF that the VPN ban was implemented to keep iPlayer 'pirates' at bay. The company is doing its best to keep company and school VPNs [in the UK] open but advises regular users to disconnect their VPN service in advance if they want to access iPlayer.

In our post-Snowden world, where the use of a VPN is becoming ever-more prudent, the BBC has just provided a strong disincentive for doing so in the UK. That's really shabby treatment for BBC license-payers, who ought to be allowed to access content in a secure manner. It's also bad news for everyone online, since the more widely VPNs are deployed, the less using one marks you out for special attention by government intelligence agencies. What the BBC should have done here is see the desire of people outside the UK to view its programs as a great opportunity to meet an evident need -- and to generate extra income.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: bbc, blocks, copyright, iplayer, licensing, piracy, security, uk, vpn
Companies: bbc

Paramount Pictures Thinks A Discussion Of GhostVPN Is Really A Pirate Link To The Movie Ghost

from the dmca-all-the-things!! dept

As you may remember, Viacom once sued YouTube for $1 billion dollars over video clips on the site. Right before the case was set to start, Viacom had to scramble and remove some of the alleged infringements from the complaints, because the company realized that Viacom employees had uploaded the clips as part of their marketing campaign. Suing YouTube over clips that you yourself uploaded is not a good look, and it's a big part of the reason why Viacom's arguments fell flat in court. Viacom owns Paramount Pictures, and it would appear that the "level of care" that the company takes in sending DMCA notices has not improved much over the years.

Torrentfreak has the latest round of ridiculously bad DMCA takedown notices coming from a major Hollywood studio. Whereas in the old days, we'd see takedowns occur based on a single word, it appears that here, Paramount has upgraded its auto-censorbot to use two words. Here it appears that anything that is vaguely associated with a movie, plus the word "utorrent" must automatically be wiped from the internet. Take, for example, this conversation on the utorrent forums about how to configure Cyberghost VPN. It's all pretty innocuous, but Paramount Pictures apparently hired one of these fly-by-night censorship outfits by the name of IP-Echelon to take it down, because clearly any use of the word "Ghost" and "utorrent" must be infringing -- even when "ghost" isn't even written out as a separate word. The Torrentfreak article has a number of similar situations, including one where someone said "imagine that" in a comment, and another where someone used the word "clueless" and Paramount/IP-Echelon insisted they were linking to infringing copies of the movies "Imagine That" and "Clueless." But that's clueless.

And, yes, it's certain that many of the other links in these notices were to actually infringing files. But just because you legitimately take down some links, it doesn't excuse trying to censor perfectly legitimate content.

Filed Under: dmca, forums, takedowns, vpn, words
Companies: ghostvpn, ip-echelon, paramount pictures

Bell Exec Urges Public To Shame Users Who 'Steal' Netflix Content Via VPNs

from the criminal-minds dept

A growing number of consumers use VPNs to access out-of-market Netflix content, quite often because Netflix has yet to reach their market --something that's less of an issue as Netflix pushes to launch in 200 markets internationally before the year's end. However, even in launched Netflix markets, customers often still use VPNs to access the broader U.S. Netflix catalog. For Netflix competitors, the solution to this is fairly obvious (offer better service, more content, and stop using geo-restrictive licensing as a weapon), but of course many companies would instead rather focus on vilifying VPN usage itself.

Before Netflix launched down under earlier this year, Australian broadcasters and Netflix competitors had pouting over VPN usage down to a science, disparaging VPN users as the very worst sort of criminals, while attacking Netflix for not doing more to thwart VPN users from accessing the service (even though Netflix has been more than agreeable on this front). Copyright holders, as you might expect, have also pushed for new laws banning VPN use entirely, believing that makes much more sense than just getting to work competing with Netflix.

The latest example of VPN shaming comes from Canada. While Netflix launched there back in 2010, many Canadians still use VPNs to access the U.S.'s broader catalog of content. Bell Canada of course offers its own Internet video service called CraveTV, and finds any efforts to look for better content elsewhere a travesty of the highest order. New Bell Media President Mary Ann Turcke told attendees of a telecom conference last week that she had to give her 15-year-old daughter a talking to for using VPNs (after said 15-year-old daughter presumably informed mom what a VPN even was):

"To her dismay, Turcke’s younger daughter told her she had been using a Virtual Private Network (VPN) to disguise her location and access Netflix Inc.’s richer U.S. video library, which is otherwise off-limits to Canadian subscribers. "Mom, did you know that you can hack into U.S. Netflix and get sooo many more shows?” she recalled her 15-year-old daughter saying. A scolding lecture ensued, putting an end to the VPNing at the Turcke house. She says more conversations about what’s right and wrong should be had at dinner tables across Canada."

From there, Turcke (who is replacing Kevin Crull, fired from Bell after he refused to let regulators he disagreed with appear on television) proclaimed that society as a whole really needs to step up to the plate and start publicly shaming VPN users so they understand what they're doing is an atrocity of the highest order:

"It has to become socially unacceptable to admit to another human being that you are VPNing into U.S. Netflix," Turcke said in a keynote Wednesday at the Canadian Telecom Summit. “Like throwing garbage out of your car window, you just don’t do it. We have to get engaged and tell people they’re stealing." The industry can’t just rely on government and the broadcasting watchdog to police and solve this growing problem, she says. It’s up to ordinary people to tell their guilty friend, colleague or child that stealing is wrong."

Of course they wouldn't be "stealing" if companies like Bell were providing them with the content they want at the price consumers want it, something that fortunately doesn't entirely fly over Turcke's head:

"We, Bell Media, we, the industry, need to make our content more accessible. Just make it easy,” she said. “Viewers are demanding simplicity and they will seek it out."

Turcke should have just skipped to that conclusion without the lecture on morality.

Filed Under: copyright, geoblocks, mary ann turcke, sharing, stealing, vpn
Companies: bell canada, netflix

Australia Considers New Copyright Law That Could Be Interpreted To Ban VPNs

from the very-probably-nixed dept

Some months back, our own Glyn Moody wrote about the music industry in Australia and its attempt to basically broadly multiply copyright protections, routing around the public's representatives in government to get ISPs to act as judge, jury and executioner. Then, because Glyn Moody is a witch who turned my sister into a newt, he wondered aloud whether VPNs would be the next target in the copyright industry's crosshairs.

Well, it turns out that yes, yes they are. Only this time, the industry lobbyists are going right to the Australian legislature to act as their bullies with the Copyright Amendment Bill 2015.

If it is passed, copyright owners would be able to apply for a federal court order requiring internet service providers to block overseas sites whose primary purpose is infringing copyright or facilitating the infringement of copyright. While the bill is designed to target BitTorrent sites, such as the Pirate Bay, there are concerns other online services such as VPNs and digital storage lockers could fall victim.

The campaigns manager for Choice, Erin Turner, says at least 684,000 Australian households currently employ VPNs to bypass geoblocks and access overseas content at globally competitive prices.

No need to go half way here: if the bill is written and passed in its current vague iteration, VPNs and storage lockers absolutely will be under attack. Entertainment companies both foreign and domestic have been complaining for years about Australians using VPNs to route around geo-restrictions and get overseas content and it would be silly to pretend like infringers don't use VPNs to conceal themselves. All that said, there are a ton of legitimate reasons to use a VPN or storage locker. That's why crafting industry-specific legislation like this is so tricky, particularly when the target of the law is a widely used product of platform. There are simply going to be consequences that the public would consider unintended and that I consider specifically intended in the vagueness of the law. Copyright protection advocates always want more, never less, and they aren't exactly known for behaving reservedly when they feel they have tools at their disposal.

The enemy here is ambiguity.

Copyright expert Kimberlee Weatherall says it is difficult to predict if the bill will be used by copyright holders to argue for an injunction against a VPN service because it lacks clarity regarding services and sites whose primary purpose is not copyright infringement, although may be being used for that purpose.

Which means that the law cannot be allowed to pass as it is currently written. Legislation doesn't necessarily have to be specifically proscriptive, but a lack of clarity on a technology service so common and so tangential to the chief target of the bill means the bill sucks. Hell, it's not like I'm making this concern up, even. Already content providers are arguing for tightened screws on Aussie VPNs.

Cordell Jigsaw Zapruder managing director Nick Murray told Mumbrella the current arrangements are only benefitting international players like Netflix because under the current production deals content is sold by territories.

Asked if it should be illegal for Australians to access overseas platforms using a VPN he said: “It should be. It should absolutely be regulated somehow to make it so people in Australia shouldn’t use VPNs.”Murray defended the arrangement of selling content by territory saying “that’s how we get our money” adding: “The people people who say we should get rid of the geo-blocker, it’s just bizarre, as that is how content is sold.”

Yes, arguing that something should change is bizarre because that thing hasn't changed yet. Great argument you have there. But we can at least give Murray credit for being blatantly open and honest about his desire to take technology tools away from Australian citizens.

Filed Under: australia, bad laws, banning vpns, copyright, encryption, facilitation, vpn, vpns