Widespread Use of Location Spoofing to Circumvent Territorial Content Restrictions
Is the image below relatable? According to the description, the service is a VPN desktop application and proxy browser extension that helps viewers mask their physical location, circumvent censorship, and restore access to blocked content.
2020 was an interesting year for the Media and Entertainment industry. As more people got confined within their homes to adhere to social distancing practices, this resulted in a significant increase in viewership of digital content. Online content piracy also surged during the pandemic -- as viewers at home started using several options at their disposal (VPNs and DNS-based proxy services being the most popular) to circumvent territorial restrictions in order to access content not available in their regions.
In an interview, BeIN Media Group CEO, Yousef Al-Obaidly, opens up about trying to keep a US$15 billion portfolio of sports rights from the clutches of a state-backed piracy operation: "We really relish the competition, [but] the worst thing for our whole industry is to have illegal competition, and by illegal competition, I mean piracy. It's not fair competition."
He goes on to say, "We should quadruple the investment into the anti-piracy infrastructure. We need to ensure that piracy is a top, top priority for the top management, and really engage the government on that issue, and of course, prosecute pirates."
There is a visible trend around the increasing use of VPNs and DNS proxies to spoof a user's location in order to access geographically restricted content. According to the Global Web Index survey, the top motivation for VPN usage is "Accessing Better Entertainment Content" and figures suggest that 51% of all internet users are using VPNs for "Accessing Better Entertainment Content."
Geopiracy Impacting Rights Holders Obligations and Impacting Revenue
This widespread use of location spoofing undermines the territorial business model that rights holders implement. Consumers of premium over-the-top (OTT) and traditional pay TV use geopiracy to access the services of foreign broadcasters that offer the same or better content at cheaper prices and with earlier release schedules.
Broadcasters and studios consider the use of VPNs and similar services to evade geoblocking by online viewers a violation of copyright laws for their online video services, as these services do not hold the rights to make their content available in the viewer's country. This results in media companies that license the content being unable to meet their contractual obligations with their rights holders.
Blocking Illegitimate Geoviewership to Meet Contractual Obligations
Measures to block users who are trying to access online video services from outside the legitimate territorial boundaries become critical to enable media companies that license the content to meet their contractual obligations with their rights holders.
Viewers today have several options at their disposal to access content outside of their home territory; the most popular ones are IP Geolocation-based VPN and DNS proxy services.
As many of these VPN and DNS proxy providers aggressively target major OTT platforms, a possible solution to block the illegitimate users circumventing georestrictions could be to screen the viewer's IP address against a highly accurate and up-to-date database of known IP addresses used by the VPN and DNS proxy services. If the IP address is recognized as one belonging to a known data center that hosts the VPN connections, the viewer could be blocked, or another appropriate action could be taken. This database should be refreshed and updated frequently, and the OTT service site may want to collaborate with the vendor to ensure that the scale and scope of tackling the geopiracy requirements are met and the OTT services can maintain their contractual obligations with their rights holders.
Enhanced Proxy Detection to Prevent Access for Unauthorized Viewers
Akamai Enhanced Proxy Detection feature allows customers to determine whether a requesting IP address is associated with a VPN service or an anonymous proxy to help them take necessary actions on users who are trying to access content from illegitimate regions.
Akamai has partnered with GeoGuard to incorporate its market-leading VPN/Smart DNS Proxy detection solution. GeoGuard's premium VPN/Smart DNS Proxy detection is now fully integrated with Akamai to offer Enhanced Proxy Detection for online streaming services. GeoGuard's solutions are based on the award-winning geolocation compliance and geoprotection technologies that are trusted by leading content owners and studios and owners across the globe.
Akamai keeps checking the GeoGuard database at a specific frequency and, when an end-user makes a request for a specific piece of content, Akamai matches the requesting IP information to the GeoGuard database information. If a match is found, the request can be allowed, denied, or redirected at a category level based on the local database lookup.
Enhanced Proxy Detection -- Features and Other Details
The Enhanced Proxy Detection workflow consists of an application that is responsible for retrieving IP data from GeoGuard, performing some safety checks (to avoid the risk of blocking legitimate traffic based on third-party data), and converting the information into an input format for distribution within the Akamai Intelligent Edge Platform.
GeoGuard maintains a list of categories that are assigned to each illegitimate IP address. This list includes four Best Practices categories (Anonymous VPN, Public Proxy, Tor Exit Node, and Smart DNS Proxy) and two Advanced categories (Hosting Provider and VPN Data Center). This behavior leverages these categories to recognize that a request is coming from a proxy.
When an incoming IP address is mapped to one of the identified categories three types of action can be taken:
- Allow: This lets the request through, and the action is logged; the logs can be audited later to determine if setting a different action may affect the traffic
- Deny: This blocks all matching requests
- Redirect: This sends the requests to an alternate URL. This sends the requests to an alternate URL; provided in the redirect URL field.
Some of the Enhanced Proxy Detection features include:
Allowlisting Specific IP Addresses
There may be instances when an IP address is misidentified as illegitimate, or even cases in which a legitimate user is on a network that the customer wants to block. In these cases, allowlisting helps the customer enable content access for these specific IP addresses.
Show My IP
In order to detect whether a VPN provider is selectively tunneling traffic to specific viewer endpoints in an effort to evade detection, the Show My IP" feature would help provide visibility into a specific endpoint IP address in a customer domain that normally would be undetectable due to the use of a VPN.
Header Enrichment includes an additional header on requests that go forward to the origin that carries information about the category of the connecting IP address (e.g., anonymous proxy or not).
Support for Hosting Provider Category
This category specifically includes IP addresses associated with Cloud and CDN providers to enhance the ingest workflow.
Support for IPv6 Datasets
Enhanced Proxy Detection supports both IPv4 and now, IPv6 addresses for all the Enhanced Proxy Detection categories under Best Practices and Advanced categories.
Combatting the Hijacked Residential IP Threat
Many VPN providers have recently launched a new tactic to circumvent the detection of a VPN's datacenter IPs. By enticing users to download a "free" VPN, millions of people worldwide have unwittingly had their residential IP addresses hijacked by the "free" VPN provider (through complicated terms of service agreement) and sold to the highest bidder -- usually other VPNs that offer these addresses as a premium "undetectable" service.
Enhanced Proxy Detection works to combat this hijacked residential IP issue. The integration of GeoGuard's VPN/Smart DNS Proxy database with Akamai enables the broadcaster to do a secondary check on a viewer's IP address when the stream starts and to detect the change from the hijacked residential IP that was used to access the stream to the VPN's datacenter IP that was used to deliver the stream. Once the change is detected, the stream can be stopped.
Summary and Way Forward
Almost 30% of internet users have used a VPN or proxy server in the past month, with the likely predominant purpose of circumventing content geofiltering restrictions. Akamai Enhanced Proxy Detection provides a simple and effective method for customers to just "turn on" geolocation restrictions and benefit from an enhanced level of content security to combat geolocation fraud and geopiracy.