When video streaming started gaining momentum online, the geo-restrictions that existed for traditional distribution were carried over to their streaming counterparts.
However, it was trivial to bypass them. All one had to do was connect to a VPN server located in the country where the desired content was available and boom, the geo-restrictions were gone.
Because of that, certain streaming services, such as Netflix, started banning VPNs from their service.
Since the ban started, many commercial VPNs have devised ways to circumvent the Netflix ban. Some of them work, while others do not.
Private Internet Access doesn't claim to be able to unblock Netflix, but we thought we’d still give it a try.Visit Private Internet Access (save 73%)
So, Does Private Internet Access Support Netflix?
No, Private Internet Access does not unblock Netflix.
I was able to access the site and log in.
But when I tried playing something, I would invariably get the black error message pictured above, stating that Netflix has detected that I’m using an “unblocker or a proxy”, read: VPN.
But to be fair, PIA does not claim to be able to bypass the Netflix VPN ban. And many providers (though not all) take the stance that they are selling privacy and security services, not access to streaming sites.
And I’d agree.
Some VPN services that we’ve tested and do work with Netflix are:
The Netflix VPN Ban
January 2016 is when the Netflix VPN ban came into effect. Many VPN users were understandably disappointed by the move.
But, to be fair to Netflix, they are legally obliged to enforce the geo-restrictions content creators and distributors impose on their content.
They probably didn’t need to take such an extreme step. But that’s the decision they made. It does “fix” their problem in one big swoop.
Since then, dozens, if not more, of VPN providers began looking for ways of unblocking Netflix.
How Does Netflix Ban VPNs?
There are different techniques used to detect VPN use. And they all employ traffic analysis in some shape or form. Let’s look at a few.
Encrypting your traffic is a VPN’s main purpose.
But in order to achieve this, certain operations need to be performed, such as key negotiation (and re-negotiation) and key exchanges.
And it just so happens that these operations are performed at fixed intervals and generate the same number of data packets in the same sequence, every time.
This pattern is highly predictable and can be used to infer VPN use.
Fully Encrypted Traffic
Another way VPNs can be detected is, ironically, also what makes them secure: fully encrypted traffic.
Normally, when you browse the Web without a VPN, upon accessing a site, your browser starts downloading resources from the server you’re connected to.
Some of these resources are typically encrypted these days, such as your main connection to the website you queried. But other elements – usually downloaded from a third-party server – will be unencrypted. These can be images, .css scripts, fonts, etc.
This contrasts with using a VPN, where every single packet coming out of your device is fully encrypted. And it is this contrast that can be used to infer VPN use.
Most VPN protocols have a default port assignment, which they use to create the VPN tunnel.
Here’s a list of the default ports of the three most secure VPN protocols:
- IKEv2 – ports 500, 4500
- OpenVPN – port 1194
- WireGuard – port 51820
Looking at the port your traffic is coming from can be a giveaway that you’re using a VPN.
This is admittedly a weaker detection method. It’s weaker because OpenVPN and WireGuard, however, are capable of running on arbitrary ports. But IKEv2 cannot.
It will definitely be worth using OpenVPN or WireGuard on arbitrary ports over IKEv2 if you’re trying to unblock Netflix.
IP Address Identification
Your public IP address is always visible to any website or online service you connect to – a VPN or not.
The difference when using a VPN is that your public IP address is replaced by the public IP address of the VPN server you’re connected to. And so the public IP address the website or service will see is the VPN server’s IP.
But VPN server IP addresses are public.
What does that mean?
It means that it’s possible to compile lists of VPN server IPs. I say “it’s possible”, but it’s not just possible, it’s real.
Once the lists are compiled, it’s a trivial matter to blacklist the IP addresses they contain. And once a server IP is blacklisted, you can forget about watching Netflix over that server.
Also bear in mind that Netflix won’t be using just one of these techniques. They will very likely use many of them together – plus a bunch of homegrown solutions they’ve (presumably) put together.
But however they do it, the end result is that VPNs are officially banned from Netflix.
Can the Netflix VPN Ban be Bypassed?
The VPN providers which bypass the ban and enable you to access Netflix don’t want to reveal too much about how they do it. And understandably so.
They are, after all, in a cat and mouse game with Netflix and they don’t want to weaken their position by revealing their tactics.
However, the main way this is achieved is likely by regularly updating (changing) their server IP addresses, in order to stay ahead of the blacklisting. They probably also use arbitrary ports.
This also explains why the VPN providers that do support Netflix warn their users that a working server will eventually fail (i.e. be blacklisted).
The solution is as easy as it is obvious: switch to a different server.
So Private Internet Access doesn’t support Netflix. Not all VPN providers do.
But as VPNs have really gone mainstream in the past few years, more and more VPN users are getting on the VPN train specifically for reasons like this. It’ll be interesting to see how this trend affects the VPN market.
And if you’d like more information on PIA, check out our Private Internet Access review.Visit Private Internet Access (save 73%)
Does Private Internet Access Work With Netflix?
By Marc Dahan
Last updated: June 18, 2020