Category: technology

The Netflix Throttling Mystery – The VPN Solution?

There is of course a big problem with the most popular sites on the internet, and that’s the amount of  traffic they generate.  As our use of media sites like Netflix, BBC iPlayer and Hulu which stream video across the net increase then so do the costs for the people who have to carry that traffic – the ISP.

IS Netflix Being Throttled

It’s kind of tough when you think about it, each time someone subscribes to Netflix, the ISP of that customer will see their traffic usage sky rocket.  Combine this with some users downloading hundreds of Gigabytes a week from BitTorrent sites and you can see there problem.  Each customer will cost more and more to support, while these other companies effectively transmit their service over your infrastructure.   If all ISPs charged a bandwidth costs, that wouldn’t matter much – but the current status is that due to competition most offer unmetered access.

The big telecoms giants in America seem to have come up with a solution, although it’s not a terribly popular one.  Comcast and Verizon are being increasingly suspected of throttling traffic to these sites, especially to the vastly popular Netflix.  This effectively means that your data is un-metered normally but the speed will be capped when you access specific sites or transmit certain data like streaming video or accessing BBC iPlayer, Netflix or Hulu for example.

On the whole, this behavior is generally denied, it’s commercially bad news to admit that you will cripple the speed of some of the world’s most popular sites.  It’s of course, extremely annoying to watch a film and wait every ten minutes for it to buffer!

The evidence is mounting and some users on Comcast and Verizon have discovered that if they stream video over a VPN connection then they see huge speed increases.  A virtual private network of course shouldn’t increase your speed at all, you are adding another hop to the journey of your data, plus a layer of encryption too.  Although the fastest VPN providers like . will normally see minimal performance impact you wouldn’t expect to see a huge speed boost.

Speeding Up Netflix Yet this is what seems to be happening to many – stream direct from Netflix and your connection will struggle.   Fire up a VPN connection and stream through that some people are getting 10 or 20 times the throughput.  This increase has been reported by many people who have repeated the test using different sites and VPNs.

There are some other potential explanations, one of the most plausible is that some network pipes are simply becoming saturated.  If Netflix traffic is normally travelling down specific links to reach these big telecom providers, then there’s going to be a huge amount of traffic there.   Watching Netflix in the USA over a VPN will provide an alternate route, perhaps one with little congestion – hence the speed boost.

The jury’s out at the moment, both these scenarios could be true.  It’s definitely the case that using a VPN not only allows you access to the different language variants of sites like Netflix (Canadian or UK users can get US Netflix for example) but also boosts speed significantly.

Using DNS to Fightback

There’s a lot of information on this site, about the various methods used to filter, block and deny access to specific websites. Content filters, geo-blocking and firewalls now form part of the internet’s infrastructure rather than existing in isolation to protect genuinely secure networks. Of course, there have always been ways around them and in reality if you had something like the portable version of Identity Cloaker stored on a USB drive, you were normally able to bypass them. But in reality most people wouldn’t want to get involved in the world of proxies, VPNs and encryption because basically they just wanted to watch stuff online.

After all if you’re faced with a big shiny flat screen Smart TV, and you find you can’t watch a video on YouTube or The Simpsons on Hulu – then downloading PC software is not going to get your far. The reality is that we access the internet in so many different ways nowadays and via a computer is just one of these. In my home just for an example, the devices capable of browsing the internet include computers, tablets, phones, TVs, an Xbox and a WiiU and probably more. The challenge is to enable those devices to have unrestricted access to specific websites, not just the computers.

There in lies the difficulty, you can’t install PC based software on your phone, TV and Games console. The most you’ll be able to control is the device’s network settings from some generic menu like this –

wiiu-networksettings

This will be the same for your phone, Smart TV and tablet – most devices will allow you access to these settings somehow. Although there are some which don’t – the annoying Roku won’t let you manually change all these network settings for some reason ( Geek Note : although you can remotely assign them through DHCP).

Fortunately now this is all it takes is to use Smart DNS – which you can see from this video demonstrating the procedure on an iPad.

So to bypass all but the most fiendish network blocks all you need to do is to be able to manually alter the DNS settings. Unlock BBC iPlayer, Hulu, Pandora and Netflix on any electronic device you need, just by using Smart DNS.

It’s a wonderful piece of technology, designed to bypass the commercialism and control that corporations are seeking to impose on the internet user. It’s simple to use, cheap and doesn’t impact your connection, so I thoroughly recommend it. Remember the video above – Change DNS iPad settings enables Smart DNS on the tablet but it works the same on any internet enabled device, just find those network settings and change your DNS server to a Smart one.

What’s a VPN and Do You Need One?

There is no doubt that the term VPN causes much confusion throughout the IT industry never mind the public.  This is due to a number of reasons, but the confusion is largely to do with evolving technologies and how VPNs adapt with them.  The traditional definition of a VPN (Virtual Private Network) is as follows;

A private network for voice and data built with carrier services.

It’s a definition that was perfectly adequate for many years however, more recently, a VPN has come to describe the establishing of private and encrypted tunnels through the internet for transporting voice and data. So here’s some more up to date and hopefully more accurate definitions as described by the LAN Times Encyclopedia of Networking –

  • Voice VPN – a single carrier handles all your voice call switching. The ‘virtual’ in VPN implies that the carrier creates a virtual voice-switching network for use by utilising it’s own switching equipment.
  • Carrier-based voice data VPN – Packet, frame and cell switching networks carry information in discrete bundles (packets) that are routed through a mesh of network switches to their destination. Carriers can program virtual circuits into these networks that simulate dedicated connections between perhaps specific sites or locations (within a company’s control). A web of these virtual circuits can form a virtual private network over a controlled packed switched network.

The new guy on the block and the most likely technology if you see it mentioned on the internet outside the IT department is this –

  • Internet VPN – an internet VPN is similar to the previous two definitions except that the IP-based internet is the underlying network.

So in definition an Internet VPN is simply a secure way to move packets across the internet using specialised equipment. It can be done using a variety of methods using a Transport mode, encrypting just the payload and leaving the headers readable so the packet can be forwarded by any hardware across the internet. The other method is Tunnel mode, which can be used with protocols like IP, IPX and SNA to encrypt and encapsulate into new IP packets for distribution, this technique is more secure as it also hides both the source and destination of the packet as well.

A Tunnel mode Internet VPN is probably the most likely technology that is being discussed when you see and hear discussion of a VPN online. Here’s a practical example of one of the commercially popular VPN technologies available on the internet, for an individual who doesn’t want to invest in the extensive infrastructure required – this is an example of how you can buy VPN online.

Here you can see a low cost, highly secure internet VPN which can be used to provide security, hide all your online activities and obscure your exact location from any web site you visit.  It’s in my opinion the best UK VPN you can buy without moving into the high cost business market.  This particularly has become much more important over the years with the rise of geolocation, where web sites block access based on your location. Using a VPN tunnel you can change your virtual location at will, which millions now use as useful tool to watch websites that are normally inaccessible to them.

What is SSL? Is it Secure and Safe?

Most of us I hope, appreciate that very little of what we do online is private. The astonishing rise of the web over the last two decades has come at a price and that price is our privacy. The majority of our communication takes place over HTTP (Hyper Text Transport Protocol) a wonderful invention that has allowed a myriad of platforms to come together and talk to each other using the worldwide shared infrastructure that is the internet.

You see HTTP operates completely in clear text, meaning that requests, web visit and communications are instantly readable by anyone with a mind to intercept it. My next door neighbor sits next door browsing the web using his unprotected Wireless connection, completely oblivious to the fact that I can see every site he visits, and yes he does spend a lot of time on porn sites for a seventy year old !! Obviously he could put up layers of protection by using encryption on his wireless network but the fact remains that all his browsing is logged on his ISP and transmitted in clear text across lots of shared routers, switches and cables.

That in itself is worrying enough, and the reason that Governments can pretty much capture all the personal data they need with a well positioned switch or cable tap. But there’s one area that is even more worrying particularly to those using free proxy and VPN sites distributed across the internet.

That area is SSL, the little layer of security bolted onto to HTTP(S) to encrypt our most important transactions. We are told to look for the little padlock in the corner of our browser when we connect to a payment site, or need to input usernames and passwords. SSL will keep us safe so we are told, unfortunately as I’m going to show you that’s simply not the case.

But first an interlude, have you ever wondered about how your request gets to a web site? What route does it take, how many points physically does it touch before it reaches the intended server. Well it’s east to find out – just look at this. Start a command prompt, type ‘command’ in the search box in most windows versions then type the command ‘tracert’ and a web address.

Tracert CommandYou should see something like this, a series of steps that your web request takes.  The first ‘hop’ will be my router, then through my ISP and then out onto the internet via a host of switches and gateways owned by a wide variety of individuals, companies and organisations.  Any of which have complete access to my data if they wished to intercept it for whatever reason.  The example is to Paypal so my username and account details are also being trusted to the owners of those devices.

This is of course, very concerning and why SSL (Secure Socket Layer) was developed to at least provide some protection to the most sensitive data transmissions.  We use SSL a lot now, and that little key we are told to look for is becoming increasingly important to maintaining some privacy and security especially if we’re conducting any sort of financial transaction online.  Buying Christmas presents from Amazon, checking out bargains in EBay or paying our bills through online banking – all use SSL to encrypt the data we send.  You can see the security being implemented on any site now that needs to process payments or usernames, here’s me logging into Paypal.

HTTPS Protected SSL

In the top left you can see, the familiar padlock and the fact the web site begins HTTPS, the S denoting the secure layer protecting your login.  So we’re all safe and protected?

Well no not quite – let me introduce a neat little program from a company called Komodia who provide a series of security applications and development platforms.   Available on their site is a free SSL sniffer which can sit and sniff all the traffic that travels through your connection and decrypt it on the fly – including all  that super secure traffic protected by your HTTPS connection.

Here’s me running it whilst logging into check my Paypal account –

SSL Sniffer

Using Komodia’s sniffer program I can look at all  the data flowing through  my connection, what’s more it decrypts the SSL connection too.  All the encrypted data is unencrypted and is visible in clear text, in the example above my paypal password and login details were perfectly visible.  Anyone with those details could have logged on to my account and made payments linked to my debit and credit cards!

Obviously I have blanked this out to protect my account details but it’s very easy to check for yourself.   You can download the sniffer for free from Komodia here.  It requires little technical knowledge and is very easy to use – using it you can harvest any usernames and passwords that are supposedly  protected by a HTTPS connection.  All you need is access to the data.

This is one reason that you should never, ever use those free proxies, dodgy wireless connections in Coffee shops and anywhere else you feel your data may be at risk.    Only use proper well run and secure ones even to just access things like the BBC like this, and don’t access any accounts from untrusted devices and networks.

IN truth there is little security available by default online, but common sense can go a long way to stopping the misery of becoming a victim of identity theft and online crime.

Your Digital Identity

Sounds like a stupid thing to say doesn’t it – I mean who has a digital identity? But alas we all have nowadays, at least if you participate in 21st century life at all.

 So when you think about it, the reality is a little more worrying. It’s really about everything you do online being monitored. Now that’s does scare me – mainly because it happens. How much of your life happens via a phone or the internet?

Anyway the worry I have is this – most Western Democracies have access to everything you do online for the last couple of years.  Of course there’s some vague idea that it’s all about catching terrorists but frankly that’s a load of rubbish.   I’ll take my chances on any plane if the terrorist has been thick enough to post his plans online on Facebook or Twitter – chances are they’ll blow themselves up on the way to the airport or at the car park ticket machine.  After all it’s not difficult to fix yourself up with a false IP address!

Not going to happen – so what our agencies and governments are really interested in is all the other information …..like this……………………

From my ISP logs dated 21/12/11 when I returned home from the Cross Lanes Hotel ( Geo location enabled on my Iphone).

My location established from my phone.
After drinking one bottle of South African Shiraz and paying my bill – (via internet enabled till) I watched the Kylie Minogue Agent Provocateur Video several times in a row.  When I go for that high powered Government job – it could be a difficult interview question,

or perhaps I could just show them the video ……..

All red blooded and nothing to be ashamed of? Sure but remember they have every web site you visited …in the last two years..