Issues round-up: IPv6 drama, exposed Internet systems and a new web on the horizon?

Kia ora everybody,

Here’s some stories that we’ve seen over the last week or so that have caught our eyes. We’re talking the future of the web, Internet protocols and a new report on national Internet security weaknesses.

Netflix blocks many IPv6

Slashdot has a story, with links to some logs, saying that Netflix is blocking a lot of IPv6 access, presumably because they can't geo-locate their users with IPv6.

Look, this makes me really mad and sad and it’s bad (too much Dr Seuss over the weekend). Netflix has paying customers who are using a new, better Internet protocol to access their services and they’re getting blocked for it? Why? Most likely because the content providers are being exceptionally pushy, ensuring that the “exclusive regional rights” they sell to the likes of Sky or FoxTel are not undermined by Netflix customers accessing the same content through US Netflix. This is another arm to the current war that Netflix is waging against proxy and “unblocker” service providers. All in the name of protecting an outdated mode of content distribution and rights.

Frankly this is outrageous. If Netflix can’t figure out, based on IP, which version of the Netflix library someone should be accessing then they should be a) figuring out how to geolocate without relying on IP and b) giving those customers access to the service they paid for.
Relying on IPv6 for geolocation is dumb and it’s only really doable because IPv4 is so oversubscribed it’s relatively easy to attribute blocks of IPv4 to ISPs and therefore countries. We are constantly saying this in submissions, position papers and in conversations, so let me say it again. IP addresses are not geolocation tools. They are a technical address and do not actually correspond to location in any meaningful, technically accurate. manner (see also postboxes). 

National exposure Index

Rapid7, an information security consultancy, have produced a report they call the “National Exposure Index” and boy is it ugly - but sadly not very surprising. Rapid7 effectively scanned the public Internet seeking to identify all the public facing, open systems out there. As the researchers put it:

How much telnet, SSH, FTP, SMTP, or any of the other protocols that run on TCP/IP is actually in use today, where are they all located, and how much of it is inherently insecure due to running over non-encrypted, cleartext channels?

Essentially, Rapid7 have tested to see what stuff organisations and people are accidentally leaving exposed and on the wrong side of their firewalls. It’s a pretty sobering read in terms of the totals, but it does break things down country by country. So how does little ole NZ fair you ask? Pretty good actually. We’re not in the top 50 exposed nations while Australia (4th), Israel (41st), the UK (23rd), South Korea (18th) and the USA (14th) all feature. 

Good to see that we’re not even on the radar (although there looks like there is a GDP component to their ranking which might muddy the waters.) 

A new, decentralised web?

Last week the Internet Archive hosted the Decentralised Web Summit. Focussed on “locking the web open,” the summit was looking at how to re-engineer the web so that it can’t be monitored or controlled by governments or large corporations.

The lineup for the event was full of Internet and web leaders like Sir Tim Berners-Lee (inventor of the web), Vint Cerf (co-creator of TCP-IP), Mitchell Baker (Mozilla co-founder) and Brewster Kale (Internet Archive founder). Gizmodo summed up the agenda like this:

Topics of these discussions included new methods for distributing web pages without using a standard web server computer, adding encryption to various parts of the web, and archiving all versions of a web page… Every discussion was focused on how to distribute, process, and host data with no centralized control.

Sounds pretty awesome right? We’re keenly keeping our eyes out for what comes out of the event and what can be done to work towards a world without mass surveillance. You can watch recorded sessions at