Internet Privacy

Locked Out: Accessing Geo-fenced Content

The entertainment industry has developed numerous techniques to restrict end users' ability to access digital content based on geographic location. End users trying to dodge these geographic based content restrictions have become a legitimate concern for many digital content providers. How do such organizations address this issue? And how can consumers get around the corresponding barriers used by content providers to thwart their activities?

Know Thy Enemy

There are four (4) common and effective techniques. If you strive to get around geo-fencing restrictions, be prepared to defeat all of them.

  1. Reverse-IP tracing
  2. IP blocking
  3. DNS LOC Analysis
  4. Blocking Known VPNs

Let's briefly analyze each strategy.

1) Reverse-IP Tracing

The content provider examines your network traffic and decides whether or not you are eligble to receive requested content based on your source IP address. There are two primary methods: database records and IP trace. The database method is faster and entails minimal additional network traffic load. New incoming connections first have their source IP address compared with a list of known address ranges, cross-referenced by country and/or region. A decision is then made whether to allow or disallow the connection based on the target content and physical location of the source IP address. The other method - IP trace - performs a real-time trace to definitively evaluate the source IP location. A go/no-go decision is then made.

Potential work-around: Virtual Private Network (VPN) service with outbound nodes in your target content region/country.

2) IP Blocking (Blacklist)

Database of known bad actors. These could be known VPN exit (outbound) IP address ranges or known bad actors who have violated the organization's terms of service or other requirements. Not a strong overall solution and may result in other problems for the content provider, particularly when the problem IP ranges are assigned dynamically by their respective owners. For example, a legitimate connection may be blocked where the current (new) user is not a bad actor, and the incoming source IP address was recently recycled.

Potential work-around: Try a VPN first, and if that does not work, try using a Smart DNS service.

3) DNS LOC Analysis

This is one of the better choices for a content provider. DNS LOC is a useful tool for organizations attempting to dissuade such practices largely because the DNS LOC data is assigned (or overwritten) by telecom networking equipment while a connection is in transitu, after leaving the host. This yields a very high confidence in the integrity of DNS LOC data.

Potential work-around: Smart DNS or a VPN/Smart DNS combination. Any other method is highly likely to fail.

4) VPN Blacklisting

The content provider flags a range of IP addresses as outbound VPN servers, and blocks those servers from accessing its content network. Unfortunately, this practice has the potential to arbitrarily punish legitimate customers who happen to use a VPN for various purposes, not inclusive of circumventing geographic content restrictions. This particular method is not especially common, with the exception of Netflix, who is known to be aggressive in its attempts to identify VPN server farms and block their access to its content delivery network (CDN).

Potential work-around: Smart DNS. A VPN service has a mixed chance of success against this method. If you are intent upon trying to use a VPN while connecting to the CDN, I recommend choosing a VPN service provider known to use dynamic (outbound) IP addresses. Ideally, the provider routinely rotates their IP address range allotment. Providers known for using static banks of outbound IP addresses are the most susceptible to blocking using this method.

Defeating IP Reverse Look-ups with a VPN

A Smart DNS is a service that provides various options for routing your Domain Name System (DNS) queries. It takes the place of your normal DNS server look-ups and intelligently routes them for you based on predefined criteria. Smart DNS servers allow you to perform functions you couldn't normally do, because much of the way in which the DNS system functions is built by design for speed and efficiency. Geographical-based DNS look-ups are the most common usage of a Smart DNS. By processing DNS queries via a server in another country or geographic region, you appear to the destination server as if you are located in that country. Is that an effective way to get around geo-fences? It depends on the type of restriction you're attempting to defeat. There's also more to a Smart DNS than just a DNS redirect, but Smart DNS services are particularly adept at getting around geo-fencing restrictions.

Unraveling the Mystery of Privacy Protection

You can learn more about Smart DNS, VPNs, protecting your privacy, and getting around geographic content restrictions by checking out some of my other related articles, including these: