Are VPNs getting useless against geo-restricted services?

On 11/29/2019 5:59 PM, nospam wrote:
In article , Cameo
wrote:

My GV number looks like any phone company provided number and the voice
quality is better than what I get through my cell carrier T-Mobile. I
also get SMS texting and voice mail. All for the huge price of zero. One
big downside is that Google can terminate that service any time.

it's very easy to tell whether a number is google voice, voip, mobile
or pots.

Really? How? Each gets a block of numbers to assign from?

yep.

there are numerous web sites that can tell you what type of number it
is and who owns it.

https://freecarrierlookup.com
https://www.phonevalidator.com
https://www.searchbug.com/tools/landline-or-cellphone.aspx

there is also an api for a more automated solution:
https://www.twilio.com/docs/lookup/quickstart
€ To perform a Lookup, we'll be making a HTTP GET request to the
lookup subdomain. lookups.twilio.com/v1/PhoneNumbers/{PhoneNumber}
...
You may also want to do a lookup to determine the phone number
type and carrier for your phone number. Note that this costs $0.005
per lookup.

Thanks. This is good to know, though so far none of the financial
institutions objected when I gave them my GV number. It works great for
two-factor authentication. In fact, I usually get the SMS messages with
it faster than via the mobile network.

In article , Cameo
wrote:

it's very easy to tell whether a number is google voice, voip, mobile
or pots.

Really? How? Each gets a block of numbers to assign from?

yep.

there are numerous web sites that can tell you what type of number it
is and who owns it.

....


Thanks. This is good to know, though so far none of the financial
institutions objected when I gave them my GV number.

most don't, but i did encounter one who gave me **** because they said
the number didn't show up as registered to me in any of the databases
they have access to. i told them that's because it's a google voice
number, but that didn't matter.

It works great for
two-factor authentication. In fact, I usually get the SMS messages with
it faster than via the mobile network.

sms for 2-factor is an incredibly bad idea and isn't actually 2-factor.

it's much better to use totp.

a u2f key is even more secure but that's a lot less convenient.

Carlos E.R. wrote:
On 29/11/2019 09.30, Chris wrote:
Carlos E.R. wrote:
On 28/11/2019 21.34, Chris wrote:
Carlos E.R. wrote:
On 27/11/2019 19.19, Cameo wrote:
On 11/26/2019 9:13 PM, Kenny McCormack wrote:
In article , default
wrote:
On Tue, 26 Nov 2019 09:06:11 -0500, Wolffan
wrote:

On 25 Nov 2019, Cameo wrote (in article
):

I just tried a free subscription to Hulu and it wants me to
enable the location service in the Chrome browser. Apparently
Hulu got smart and does not rely on the US IP provided by the
VPN. Chrome location would probably provide my true location
in EU. Is there a way to defeat that, too?

Don’tuse Chrome. Use Brave. Or Vivaldi. Or Firefox. Or... there
are a _lot_ of alternatives. Brave is faster than Chrome
talking to the same sites via the same network and on the same
hardware, and _doesn’t_ blab your location.

I've often thought with a pint of Abby Ale, and some Vivaldi on
the stereo, cares seem to melt away.

That's just two of the Holy Trinity. (wine, women and song)

Hulu? Who needs it? Curl up with a good book.

If you had said (as I was expecting you were going to) "Curl up
with a good woman", then you would, indeed, have all 3.

What I find amusing in this thread is that usually, on any online
forum, when somebody is trying to do something illegal (as is
clearly the case here),

Technically it's illegal and I wish there was a legal way to receive
US broadcast channels in Europe. I would not mind paying for it. In
fact I am paying Hulu a pretty hefty price, even "illegally." Frankly
I don't see what's the harm in what I am doing. If anything I am
contributing to the revenue of Hulu (which is paying some of that to
the content providers.) If I stay "legal", that would be a lost
opportunity cost to them, wouldn't it? So I think with this stupid
geo-restriction the broadcasters only shoot themselves in the foot as
it hurts them financially. So they should be thankful for my helping
their bottom line, and I'll be thankful to keep me up-to-date on US
politics better than what I could gain from the local European TV
broadcasts. This is especially important now with the US election
season in full swing.

One of the main reasons is that the stations have not paid the content
owners for the right to distribute outside of the USA.

That's a regulatory issue.

They pay also
considering how many people are expected to watch the programming.

Why do they pay?

It is agasint the law to not pay. They are taken to court and they
impound the business. Their license to air is cancelled.

Sorry. Typo. That should have been "who do they pay?" And what do they pay
for?

To the owners of the content.

Say they air a movie; well, they have to pay Warner, Sony, whoever. If
it is a program they create, it still has music: the music has owners;
they have to pay them. If the programing is to be published to a target
of 1 million it has a price; if it goes to 100 million possible
watchers, then another. USA and Europe, much more.



On another aspect, the commercials are tailored for the USA, so they
make no revenue from airing on Europe.

They've already paid for the advertising slot so getting extra people
seeing the ads - even outside their target audience - is a bonus.

They don't see it that way. They want comercials customized as much as
possible to the people seeing it, and charge as much as possible for the
advertising.

Who are you talking about here? I'm talking about the advertisers. They
want as many eyes seeing their ads as possible regardless of whether it's
in country or not.

The advertisers have paid the station for a program that airs on
California only: that's a price. To Florida: another price. To all the
USA, another price. Include Mexico: another price. Include Europe:
another price.

Ah, but if it unintentionally gets seen in Europe via VPNs then it's a free
extra bonus.


To them, airing a commercial for the Ford Mustang and show it in Spain
is a loss of air time and money.

Maybe, but it's at no extra cost.

Who cares? They want the money.

Who's "they"?


"at no extra cost" is a concept they don't comprehend. Everything has a
cost. Not making revenue is a loss.

Same as piracy: they say that each pirated copy is a loss of so many
euros. They don't care that the person that got that pirated copy would
not buy it if they can't get the free copy, that no actual money is
lost. To their accounts it is a loss.



It is similar reasoning to using regions on DVDs.

No. That is purely a marketing ploy to artificially stage releases and
avoid grey imports. There is no good reason for region coding other than to
extract more money from customers.

Again, they don't see it that way :-P

It is always about they getting your money, as much as they can, not
threading on other wolves shoes.

That's an interesting idiom. Not sure i get what it means?

I invented it :-p

All the multimedia bussiness people are wolves. Each one has his area or
his clients, or his items to sell.

On 29/11/2019 23.29, nospam wrote:
In article , Carlos E.R.
wrote:


I did not say POTS, I said classic telephone number. That includes a
mobile phone, but not VoIP.

mobile phones are relatively new and not what anyone would call
'classic'.

Me, yes, because they are part of the switched telephone network.

so is voip, which is how it can call and be called by landline and
mobile phones.

No no. Pure voip is not part wof the switched network, but it can be
connected to it with an appropriate gateway. VoIP uses packet switching.

voip is almost always terminated to pots.

To me, that is not VoIP. The technology doing the transport may be VoIP,
but the user does not see it, can not use its features. The user sees a
plain phone as a century ago, and the company supplying it charges the
usage, like on the previous century - whereas real VoIP usage is free. A
trick.

As long as my bank sees a "normal" phone, it works. Real VoIP, doesn't,
they don't have a VoIP phone, like the Cisco phones mentioned later.

Even if some use internally VoIP phones with a gateway to outside. They
want an authority assigning numbers.

....

Ok to the rest.


There is a gadget connected to the fibre and to the mains which outputs
a plain copper line.

that's called an ata. i have those too.

ONT here.

I don't use the name because nobody knows them, or use different ones.


--
Cheers, Carlos.

On 11/30/2019 2:09 AM, nospam wrote:
In article , Cameo
wrote:

it's very easy to tell whether a number is google voice, voip, mobile
or pots.

Really? How? Each gets a block of numbers to assign from?

yep.

there are numerous web sites that can tell you what type of number it
is and who owns it.

...


Thanks. This is good to know, though so far none of the financial
institutions objected when I gave them my GV number.

most don't, but i did encounter one who gave me **** because they said
the number didn't show up as registered to me in any of the databases
they have access to. i told them that's because it's a google voice
number, but that didn't matter.

It works great for
two-factor authentication. In fact, I usually get the SMS messages with
it faster than via the mobile network.

sms for 2-factor is an incredibly bad idea and isn't actually 2-factor.

it's much better to use totp.

a u2f key is even more secure but that's a lot less convenient.

It's two-fctor, because first you enter your user Id and password, then
the bank texts you a one-time code that you have to enter into the login
page. Sounds pretty secure to me.

On 30/11/2019 15:04, Cameo wrote:


It's two-fctor, because first you enter your user Id and password,
then the bank texts you a one-time code that you have to enter into
the login page. Sounds pretty secure to me.


Not one time; Always. Every-time you login you need a new pin number.
Otherwise it defeats the purpose of security because something that is
"One-Time" can be compromised in the hands of idiots!!



--
With over 1,000,000 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

On 11/30/2019 4:13 PM, 😉 Good Guy 😉 wrote:
On 30/11/2019 15:04, Cameo wrote:


It's two-fctor, because first you enter your user Id and password,
then the bank texts you a one-time code that you have to enter into
the login page. Sounds pretty secure to me.


Not one time;Â* Always.Â* Every-time you login you need a new pin number.
Otherwise it defeats the purpose of security because something that is
"One-Time" can be compromised in the hands of idiots!!



--
With over 1,000,000 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

The "one-time" referred to that paticular code being used one time only.
And you calling others idiot?

In article , Carlos E.R.
wrote:


I did not say POTS, I said classic telephone number. That includes a
mobile phone, but not VoIP.

mobile phones are relatively new and not what anyone would call
'classic'.

Me, yes, because they are part of the switched telephone network.

so is voip, which is how it can call and be called by landline and
mobile phones.

No no. Pure voip is not part wof the switched network, but it can be
connected to it with an appropriate gateway. VoIP uses packet switching.

voip is almost always terminated to pots.

To me, that is not VoIP. The technology doing the transport may be VoIP,
but the user does not see it, can not use its features. The user sees a
plain phone as a century ago, and the company supplying it charges the
usage, like on the previous century - whereas real VoIP usage is free. A
trick.

to me as well as the telecom industry, that is voip.

voip-voip is usually free, but that's very rare since people want to be
able to call existing phones in the rest of the world, which is why
voip providers normally offer call termination.

As long as my bank sees a "normal" phone, it works. Real VoIP, doesn't,
they don't have a VoIP phone, like the Cisco phones mentioned later.

what you're calling real voip is extremely rare.

again, voip providers offer call termination, and any voip phone or
ata, cisco or another make, can call any phone in the world.

Even if some use internally VoIP phones with a gateway to outside. They
want an authority assigning numbers.

which is the voip provider.

mine provides a list of numbers from which to choose, while others will
randomly assign one for a particular location.



There is a gadget connected to the fibre and to the mains which outputs
a plain copper line.

that's called an ata. i have those too.

ONT here.

the ont, or optical network terminal, is for connecting fibre to the
building and converting it to ethernet and/or coax internally.

i misread what you wrote because an ont has nothing to do with voip,
although voip might be carried over it, along with streaming video,
https, and many other things.

what i thought you meant was an ata, which allows for using an ordinary
pots phone with a voip provider rather than a dedicated voip phone. i
have a couple of those, with old trimline phones connected to them.

I don't use the name because nobody knows them, or use different ones.

ont is a commonly used term, which anyone familiar with networking will
understand.

In article , Cameo
wrote:

It works great for
two-factor authentication. In fact, I usually get the SMS messages with
it faster than via the mobile network.

sms for 2-factor is an incredibly bad idea and isn't actually 2-factor.

it's much better to use totp.

a u2f key is even more secure but that's a lot less convenient.

It's two-fctor, because first you enter your user Id and password, then
the bank texts you a one-time code that you have to enter into the login
page. Sounds pretty secure to me.

2-factor is two of something you know, have and are. sms is none of
those.

sms is something *sent* to you over an insecure channel, normally to a
device that can easily be simjacked, and have a *much* longer lifetime
(usually 10-30 minutes) giving the bad guy ample opportunity to use it.

although it's not possible to simjack a google voice account, it is
still possible to compromise it, although that's a lot harder than
simjacking.

sms is easy and cheap for the bank, and generates the least amount of
tech support when customers inevitably lock themselves out.

totp is *much* better since the code is generated locally at each end
without sending anything, which means it also works when there is no
cellular service, and it expires in 30 seconds.

u2f is very secure, but it's also a pain in the ass.

On 30/11/2019 17:06, Cameo wrote:

The "one-time" referred to that paticular code being used one time
only. And you calling others idiot?


What do you call someone who can't explain himself properly? "Idiot" is
the right word but what word would you use?




--
With over 1,000,000 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

On 30/11/2019 11.51, Chris wrote:
Carlos E.R. wrote:
On 29/11/2019 09.30, Chris wrote:
Carlos E.R. wrote:
On 28/11/2019 21.34, Chris wrote:
Carlos E.R. wrote:
On 27/11/2019 19.19, Cameo wrote:
On 11/26/2019 9:13 PM, Kenny McCormack wrote:
In article , wrote:
On Tue, 26 Nov 2019 09:06:11 -0500, Wolffan wrote:
On 25 Nov 2019, Cameo wrote (in article ):


On another aspect, the commercials are tailored for the USA, so they
make no revenue from airing on Europe.

They've already paid for the advertising slot so getting extra people
seeing the ads - even outside their target audience - is a bonus.

They don't see it that way. They want comercials customized as much as
possible to the people seeing it, and charge as much as possible for the
advertising.

Who are you talking about here? I'm talking about the advertisers. They
want as many eyes seeing their ads as possible regardless of whether it's
in country or not.

The advertisers have paid the station for a program that airs on
California only: that's a price. To Florida: another price. To all the
USA, another price. Include Mexico: another price. Include Europe:
another price.

Ah, but if it unintentionally gets seen in Europe via VPNs then it's a free
extra bonus.

If somebody thinks they are not doing everything possible to avoid that
distribution, they can try to sue. Specially in the USA :-P


To them, airing a commercial for the Ford Mustang and show it in Spain
is a loss of air time and money.

Maybe, but it's at no extra cost.

Who cares? They want the money.

Who's "they"?

Whoever owns the content. Whoever is distributing it. The station.
They is a variable, fill it as appropriate.

....

--
Cheers, Carlos.

On 30/11/2019 18.17, nospam wrote:
In article , Carlos E.R.
wrote:


I did not say POTS, I said classic telephone number. That includes a
mobile phone, but not VoIP.

mobile phones are relatively new and not what anyone would call
'classic'.

Me, yes, because they are part of the switched telephone network.

so is voip, which is how it can call and be called by landline and
mobile phones.

No no. Pure voip is not part wof the switched network, but it can be
connected to it with an appropriate gateway. VoIP uses packet switching.

voip is almost always terminated to pots.

To me, that is not VoIP. The technology doing the transport may be VoIP,
but the user does not see it, can not use its features. The user sees a
plain phone as a century ago, and the company supplying it charges the
usage, like on the previous century - whereas real VoIP usage is free. A
trick.

to me as well as the telecom industry, that is voip.

Certainly not to my Telephone company. They negate offering VoIP services.

They pretend it is the same old system and they charge old fares.

And they do not offer any of the features VoIP has. Because they are
free, so they will not.


voip-voip is usually free, but that's very rare since people want to be
able to call existing phones in the rest of the world, which is why
voip providers normally offer call termination.

If it is a real VoIP company, the price to call Australia will be nearly
the same as for calling your neigbour. It is always a local call to
them. At least they will be fair and charge the cost from the nearer
gateway they can use.

Whereas a traditional telco will charge an international phone call, per
minute.


As long as my bank sees a "normal" phone, it works. Real VoIP, doesn't,
they don't have a VoIP phone, like the Cisco phones mentioned later.

what you're calling real voip is extremely rare.

again, voip providers offer call termination, and any voip phone or
ata, cisco or another make, can call any phone in the world.

Even if some use internally VoIP phones with a gateway to outside. They
want an authority assigning numbers.

which is the voip provider.

Not really.


mine provides a list of numbers from which to choose, while others will
randomly assign one for a particular location.



There is a gadget connected to the fibre and to the mains which outputs
a plain copper line.

that's called an ata. i have those too.

ONT here.

the ont, or optical network terminal, is for connecting fibre to the
building and converting it to ethernet and/or coax internally.

In my house, it also provides the connector for the phone.


i misread what you wrote because an ont has nothing to do with voip,
although voip might be carried over it, along with streaming video,
https, and many other things.

what i thought you meant was an ata, which allows for using an ordinary
pots phone with a voip provider rather than a dedicated voip phone. i
have a couple of those, with old trimline phones connected to them.

I don't use the name because nobody knows them, or use different ones.

ont is a commonly used term, which anyone familiar with networking will
understand.

Hah! When mine broke and I told my ISP robot that gaves access to client
service, it said "I do not understand". At the third try, it hung up on me.

I had to call again and say "I have no service", and had to choose one
service. "phone". Not "all". They did not fully understand, but they
made (the robots did) a test on my line which failed, of course, and
then they decided to create a ticket with the repair people - all of
this the robot. I had to wait the weekend till the service person called
and I could finally say "the ONT doesn't even power up" and be
understood by a human. And not the first time, either, I think I had to
explain what the ONT was.

--
Cheers, Carlos.

On 11/30/2019 6:17 PM, nospam wrote:
In article , Cameo
wrote:

It works great for
two-factor authentication. In fact, I usually get the SMS messages with
it faster than via the mobile network.

sms for 2-factor is an incredibly bad idea and isn't actually 2-factor.

it's much better to use totp.

a u2f key is even more secure but that's a lot less convenient.

It's two-fctor, because first you enter your user Id and password, then
the bank texts you a one-time code that you have to enter into the login
page. Sounds pretty secure to me.

2-factor is two of something you know, have and are. sms is none of
those.

sms is something *sent* to you over an insecure channel, normally to a
device that can easily be simjacked, and have a *much* longer lifetime
(usually 10-30 minutes) giving the bad guy ample opportunity to use it.

It doesn't have to be SMS, though that seems to be the dafault. It can
be an email, challenge questions or a live phone call, too. In fact they
tend to give you a choice at each transaction.

In article , Cameo
wrote:

It works great for
two-factor authentication. In fact, I usually get the SMS messages with
it faster than via the mobile network.

sms for 2-factor is an incredibly bad idea and isn't actually 2-factor.

it's much better to use totp.

a u2f key is even more secure but that's a lot less convenient.

It's two-fctor, because first you enter your user Id and password, then
the bank texts you a one-time code that you have to enter into the login
page. Sounds pretty secure to me.

2-factor is two of something you know, have and are. sms is none of
those.

sms is something *sent* to you over an insecure channel, normally to a
device that can easily be simjacked, and have a *much* longer lifetime
(usually 10-30 minutes) giving the bad guy ample opportunity to use it.

It doesn't have to be SMS, though that seems to be the dafault. It can
be an email, challenge questions or a live phone call, too. In fact they
tend to give you a choice at each transaction.

that just changes the path.

it's not something you know/have/are, but instead is something *sent*.

sms/email/phone is easy to implement and explain to people, which
greatly reduces tech support costs. banks don't want to spend money for
good security.

nospam wrote:
[...]
2-factor is two of something you know, have and are. sms is none of
those.

What Cameo describes is indeed 2-*step* authentication, not
2-*factor*.

"Two-step verification or two-step authentication is a method of
confirming a user's claimed identity by utilizing something they know
(password) and a second factor OTHER than something they have or
something they are. An example of a second step is the user repeating
back something that was sent to them through an out-of-band mechanism."

(Emphasis mine (FS).)

Most people will not know the difference, so you shouldn't argue a
straw man when you (should) full well know, what was *meant* instead of
what was *said*.

In any case, even Wikipedia can't get the story straight, so cut
people some slack.

"Many multi-factor authentication vendors offer mobile phone-based
authentication. Some methods include ... and SMS-based verification."

"As of 2018, SMS is the most broadly-adopted multi-factor authentication
method for consumer-facing accounts."

https://en.wikipedia.org/wiki/Multi-factor_authentication