Posts Tagged‘vpn’

Australian Copyright Amendment Vague, Ineffective.

For us Australians the reasons behind our high rates of piracy are clear: we want the same things that people are able to get access to overseas at the same prices that they receive them for yet we are unable to get them. Our situation has been steadily improving over the past couple years with many notable international services now being available on our shores however we’re still the last on the list for many things, fuelling further piracy. Of course this has prompted all sorts of reactions from rights holder groups hoping to stem the tide of piracy in the misguided hope that it will somehow translate into sales. The latest volley comes in the form of the Copyright Amendment (Online Infringement) 2015 which, yet again, attempts to address the issue in the dumbest way possible.

original vpn picture

Essentially the amendment would empower rights holders to get an injunction against Carriage Service Providers (a broader term that encompasses all telecommunications providers) to block access to a site that either infringes on copyright or enables infringement. The amendment starts out by saying it’s prescriptive however the language used in it is anything but, often painting broad strokes which could conceivably be construed as being applicable to a wide range of sites and services, even VPNs in some cases. Whilst there are provisions in there that are supposed to prevent misuse and abuse much of it is left up to the discretion of the court with very little recourse for sites that find themselves blocked as part of it.

To be clear the legislation targets foreign sites only but makes no strict provisions for the site being targeted to be notified that they are facing an injunction. That’s left to the party seeking the injunction to do, something which I’m sure no rights holders will attempt to do. Whilst the law does say that this law isn’t meant to target sites that are mostly based on user generated content however it’s clear that the intention is to go after index sites, many of which are primarily based on user submissions. This puts the legislation at odds with the current safe harbor provisions which could see a site blocked due to a number of users submitting things which put it in the realms of “aiding infringement”.

Of course whatever blocking method is used will be readily circumvented, as it has always been in the past.

The rhetoric that’s surrounding this amendment is worse still, with the CEO of ARIA saying things like “We’ve made the content available at a reasonable price [but] piracy hasn’t diminished”. Funnily enough that’s a pretty easy thing to verify (or rebuke, as the case is) and last year Spotify did just that and found that music piracy, in Australia specifically, has been on the downward trend ever since the music streaming services came to our shores. Strangely enough Australians aren’t a bunch of nasty pirates who will repeatedly pillage the rights holder’s pockets, we’re just seeking a legitimate service that’s priced appropriately. If the rights holders spent as much money on deploying those services here in Australia as they did lobbying for copyright reform they might find their efforts better rewarded, both monetarily and in the form of good will.

Hopefully this amendment gets shot down before it becomes reality as it would do nothing to help the rights holder’s situation and would just be another burden on the Australian court system. It’s been shown time and time again that providing Australians with the same services that are available overseas will reduce piracy rates significantly and that draconian ideas like this do nothing to stem the tide of illegitimate content. The companies that are realising this are the ones that are killing the old media giants and things like this are just the last death throes of an outdated business model that is no longer relevant in today’s digital economy.

Using a VPN? That’s a Paddlin’.

There are few industries that can claim to have been disrupted by the Internet as much as the media industry has. In the span of a couple decades they’ve gone from having fine grained control over what content goes where to a world that’s keenly aware of what’s available and will take it if it’s not given to them at the right price. At the same time however we’re far more likely to spend more than we would have done in the media world of the past, just that now we’re asking for much more value for our money. This back and forth battle between the Internet’s innate ability to break down geographical barriers and the rights holder’s business models that rely on them ultimately leaves both sides feeling hard done by, but it doesn’t have to be this way.

That's a Paddlin

The latest shot fired in this battle comes in the form of Netflix cracking down on subscribers that use VPN services to circumvent their geographical restrictions. For countries where the Netflix service is available this is usually done to access the broader catalogue but for places like Australia it’s necessary just to access the service at all. Indeed the user figures for Australia are pretty strong, enough so that a blanket ban on VPN users would see Netflix lose millions of dollars per month in subscriber revenue. The rights holders don’t seem to be to phased about this however likely thinking that we’ll revert to the other, far more expensive, options when our Netflix is taken away from us.

However that’s likely to be the last thing that any of the current Australian Netflix subscribers would do. You see setting up a VPN to get Netflix to work is, whilst not exactly hard, a non-trivial affair, requiring just as much technical know how to set up as your average piracy enabling client. Thus when their legitimate source of media is cut off from them they’ll likely turn to the illegitimate sources, either their old haunts of Usent and Bittorrent or the new world of media piracy provided through Popcorn Time. I honestly don’t know how you’d expect anything different especially considering that Australia consistently rates as the highest consumer of illegitimate media worldwide.

These kinds of idiotic decisions are driven by business models that are simply no longer viable in the Internet driven world. Sure, back in the days when physical media was king there was an argument to be made for this style of business however now, when digital media reigns supreme, it just doesn’t make any sense. It’s not likely consumers are unwilling to pay for it, indeed the hundreds of thousands of Netflix subscribers in Australia is testament to that, it’s that the companies that hold the rights to that media are simply unwilling to provide it. It’s been shown time and time again that should no reasonable cost alternative be provided users will simply turn to other sources and won’t stop until such a service materializes.

Not that it really matters what Netflix, or any other service for that matter, does to try and block people it’s only a matter of time until someone figures out how to defeat the detection methods used, allowing everyone to use it once again. This is a game of cat and mouse that no service provider can win as there are far more individuals out in the Internet’s ether working to crack such schemes than Netflix has to create them. I’m sure eventually the rights holders will come around and give up this crusade to protect their outdated business models but until then things like this are just going to cost them paying consumers and swell the ranks of those filthy pirates who won’t give them one red cent.

The BBC Thinks all VPN Users are Pirates.

If you want Netflix in Australia there’s really only one way to do it: get yourself a VPN with an endpoint in the states. That’s not an entirely difficult process, indeed many of my less tech savvy friends have managed to accomplish it without any panicked phone calls to me. The legality of doing that is something I’m not qualified to get into but since there hasn’t been a massive arrest spree of nefarious VPN users I can’t imagine it’s far outside the bounds of law. Indeed you couldn’t really do that unless you also cracked down on the more legitimate users of VPN services, like businesses and those with regulatory commitments around protecting customer data. However if you’d ask the BBC users of VPNs are nothing but dirty pirates and it’s our ISP’s job to snoop on them.

BBC Derp

In a submission to the Australian Government, presumably under the larger anti-piracy campaign that Brandis is heading, the BBC makes a whole list of suggestions as to how they should go about combating Australia’s voracious appetite for purloined content. Among the numerous points is the notion that a lot of pirates now use a VPN to hide their nefarious activities. In the BBC’s world ISPs would take this as a kind of black flag, signalling that any heavy VPN user was likely also engaging in copyright infringement. They’d then be subject to the woeful idea of having their Internet slowed down or cut off, presumably if they couldn’t somehow prove that it was legitimate. Even though they go on to talk about false positives the ideas they discuss in their submission are fucking atrocious and I hope they never see the light of day.

I have the rather fortunate (or unfortunate, depending on how you look at it) ability of being able to do my work from almost anywhere I choose, including my home. This does mean that I have to VPN back into the mothership in order to get access to my email, chat and all other corporate resources which can’t be made available over the regular Internet. Since I do a lot of this at home under the BBC’s suggestion I’d probably be flagged as a potential pirate and be subject to measures to curb my behaviour. Needless to say I don’t think I’m particularly unique in this either so there’s vast potential for numerous false positives to spring up under this system.

Worse still all of those proposed measures fall on the ISP’s shoulders to design, implement and enforce. Not only would this put an undue burden on them, which they’d instantly pass onto us in the form of increased prices, it would also make them culpable when an infringing user figured out how to defeat their monitoring system. Now everyone knows that it doesn’t take long for people to circumvent these systems which, again, increases pressure on the ISPs to implement even more invasive and draconian systems. It’s a slippery slope that we really shouldn’t be going down.

Instead of constantly looking towards the stick as the solution to Australia’s piracy woes it’s time for companies, and the Australian government, to start looking at the carrot. Start looking at incentives for rights holders to license content in Australia or mandating that we get the same content at the same time for the same price as it is elsewhere. The numerous Netflix users in Australia shows there’s demand for such a service, we just need it to match the same criteria that customers overseas expect. Once we get that I’m sure you’ll see a massive reduction in the amount of piracy in Australia, coupled with the increase in sales that the right’s holders seem so desperate to protect.

First Foray Into Server 2012: Setting Up a VPN.

All of my previous posts concerning Server 2012 (including those ones on LifeHacker) have been rather…high level focusing more on what you can achieve with it rather than some concrete examples. I’ll admit this can be almost wholly attributed to laziness as I’ve had Server 2012 running on my home machine for quite some time now and just haven’t bothered installing any additional features on it. However one of my close friends is in the throes of setting up his own aerial photography business (using UAVs, super cool stuff) and offered up his home server as a guinea pig for a Server 2012 install, provided I give him a working VPN in return.

Challenge accepted.

Windows Server 2012 Local Server Manager

Initially I thought that I’d install DirectAccess for him as it’s a pretty awesome piece of technology and implementing it appears to be a hell of a lot easier than it was on 2008¹. However the requirements for this were quite high for a VPN setup that would have at most a couple users, requiring a whole bunch of infrastructure that would serve no other purpose. In a rather strange coincidence one of my favourite Microsoft blogs, 4SysOps, wrote a post detailing the installation method for a SSTP VPN (one that tunnels over HTTPS) mere days before I was slated to go out and do the install for him.

Installing Server 2012 went incredibly smoothly and apart from a strange graphics card issue (the NVIDIA card he had in there didn’t seem to be able to regulate its fan without drivers, leading to it to lock up when it overheated) there were no problems. Following the guide was for the most part successful with everything going the way you’d expect it to. However there were a couple gotchas that we ran into along the way that I thought I’d detail here in case anyone got snagged on them.

We had several routing issues thanks to DNS entries taking far too long to expire, something we could have avoided with a little bit of forward planning. You can test the VPN internally by just using the local IP address however you probably won’t be able to get in as the SSL cert won’t match, but it is handy to test if all the plumbing is set up. However the most frustrating issue was that everything would seem to connect but would then immediate drop us out. Thankfully there were some events generated that allowed us to research this problem further but I’m not a big fan of the solution.

The error we were getting was something like “Error 720: The user <username> connected to port <server> has been disconnected because no network protocols were successfully negotiated”. There are numerous posts detailing this exact error and after trying many of the solutions the only one that worked was this one. Essentially it looks like, at least with SSTP VPNs, relaying DHCP requests doesn’t seem to work at all which is what causes this error. Setting up a static pool of IP addresses, and excluding it on the DHCP server, allowed us to connect in without a hitch.

It appears that this issue is a hangover from previous versions of Windows Server as the Routing and Remote Access console looks like it’s straight out of 2003 without much modification to it (apart from the Network Policies section). Now I’m not going to say that it needs a revamp, indeed once we got around that particular issue it worked perfectly, but it could use a little love.

Overall I’m pretty happy with my first real world Server 2012 install as I was able to get a technology that I had no previous experience with (VPNs) up and running in a matter of hours with little more than patience and a whole bunch of Googling. I’m now tempted to give DirectAccess a go at home as I’ve been meaning to set up a lab for a while now and being able to demonstrate some of Server 2012’s capabilities anywhere I have an Internet connection would just be plain awesome. That might be a little while off though as next week I’ll be in New Orleans, knee deep in TechEd goodness.

¹I can remember reading about it when it was first released and thinking I’d give it a go but nearly every install guide had DO NOT USE IN PRODUCTION plastered all over it. This doesn’t seem to be the case anymore as there are many production ready guides available and they’re all pretty easy to follow.