Your browser is not supported. Please update it.

28 July 2022

GeoComply targets 700m casual pirates, via VPN hijack headache

Canada’s pirate-preventing outfit GeoComply has claimed an industry first, using a list of some 200 million compromised IP addresses to help video services cut down on piracy. Consumer virtual private networks (VPNs) have opened a door that hurriedly needs closing, and the streaming services must move swiftly before the looming recession ramps up the rate of piracy.

Faultline approached incredulously, but GeoComply does appear to be the first vendor to offer this as a service – in a product which is essentially data.

James Clark, GM for GeoComply’s Media and Entertainment wing, outlined the scope of the problem, and how the industry thinking has shifted in the year since Faultline first checked in on the company. The commercial launch of this new feature for the GeoGuard product should help video services block users trying to cheat the system, and coincides with an apparent escalation in the rate of piracy.

Clark pointed to UK broadcaster ITV’s soccer match between England and Denmark, during the UEFA Championship of summer 2021. “ITV had over 26 million viewers, and had data to show that up to 10% of requests were being effectively blocked by the system. Previously, those would have been pirate sessions, and would have eaten into the CDN and distribution costs – as well as impacting the advertising partners.”

The growth of VPN usage has fueled this new headache, as consumers become more aware of the extent that websites and services harvest user data, in the post-Snowden world. VPNs used to be somewhat expensive, with hard data caps. Now, there are many free options, which are monetized by the VPN provider by essentially using that person’s IP as an exit node.

This is how the IP address comes to be hijacked. GeoComply has a very dim view of these VPNs, which hide this capability in the terms and conditions, such that the user is unaware that their internet connection is essentially being resold to premium users of the VPN service.

Clark pointed to data from GWI, which claims 51% of VPN users, equivalent to 700 million people, have used a VPN to access content not available in their country or that was cheaper in another territory. On first impression, this figure feels far too high, but Clark pointed to GeoComply’s list of 200 million known ‘hijacked’ IP addresses as supporting evidence.

GeoComply’s research has found 17 companies that sell residential IP addresses. These include Luminati’s Bright Data, which has a list of 72 million for sale, as well as Oxylabs and SmartProxy. Clark said that at least 18 of the most popular VPN providers exclusively use these IP addresses.

To this end, a video service cannot simply block all suspected VPN traffic, as you will catch a lot of innocent users in the process. Clark outlined how GeoComply curates its list of compromised IP addresses, pointing to the problem of dynamic IP addresses and the different types of devices that require the list to be updated on a six-hourly basis. This is the minimum latency that GeoComply is comfortable with, and it usually targets an hourly cadence. Clark said there are some customers that choose more frequent options.

As for the accuracy, GeoComply prides itself on being the most precise, but Clark could not be drawn on the details here. He noted that of the 300 million end-users that GeoComply supports daily, the false-positive rate is perhaps a handful of cases.

There have been examples of rights owners suing in court to make fixed-line operators block the domains of known pirate websites, such as Foxtel and Roadshow Films in Australia, or the more recent UK case brought by the major studios. These are essentially working in the reverse fashion to GeoComply, by blocking the services from the end-users, but Netflix kicked off a wave of comments in the piracy-sphere after it began blocking a lot of VPN traffic in August 2021. However,

Clark could not talk finances, as GeoComply is still privately held, but the customer list has swelled to include Amazon Prime Video, BBC iPlayer, beIN Media Group, Foxtel, ITV, Telstra, Viacom, with commercial distribution partnerships with Akamai and AWS CloudFront.

It stands to reason that a golden age of piracy would also be a golden age of anti-piracy services, but it appears that the industry framing of the problem has shifted.

“It has always been a constant battle with piracy, but in the heyday of massive subscriber growth in SVoD, as long as the numbers were going in the right direction, piracy was somewhat nice to have – as it proved global interest. Now that we are seeing some of those growth numbers wobble, it has become apparent that this plethora of pirate viewers could be converted into legitimate viewers, or blocked to cut operating costs, and now the streaming services and their shareholders are motivated to hunt them,” said Clark.

Thankfully for GeoComply, the return on investment for these customers is very quick. The aforementioned CDN and cloud savings are obvious and usually quite immediate, but as these customers are usually required to have some sort of VPN blocking function in place via the contracts they have with the rights owners, in some ways they are a secondary benefit.

This is the point that Faultline usually launches into its spiel about piracy being a supply-side problem, and that claims of billions of lost dollars are misguided – as these pirates were never legitimate potential customers in the first place. Clark agrees that there are a vocal minority of pirates that would never part with money, but warns that the element of casual piracy is growing.

But over the past year, inflation has begun to be felt, and now with that pool of 700 million users looking for an easy way to cut their household expenditure, the global streaming services need to be on the lookout for those trying to cheat the system. This contingent is much larger than the hardcore pirates that are politically motivated to never pay for content, and given the proliferation of VPN usage, have become more difficult to deal with. “These are average consumers, thinking twice about their entertainment budget,” said Clark.

In many ways, a more stringent sign-up process would alleviate many of the headaches for the video service providers. Mandating payment methods that could be used to help guarantee a confirmed identity, and then tying a content library to that identity rather than basing it entirely on the IP address requesting videos, could have nipped this problem in the bud. Allowing payments via gift cards and temporary debit cards is a prime example, in hindsight. But Clark stressed that there are still ways to spoof such processes, and that with all approaches in piracy, it is a matter of how many layers you place in front of the users.

The pricing of GeoComply’s new VPN product varies a bit by region, but is generally agreed on a per-customer basis and the number of territories it is served in. GeoComply is trying to reach a price point available to all, and has a one-size-fits-all price available via the AWS marketplace. However, Clark admitted that there are deals to be made for the larger customers.

Currently, there is not a mechanism to tie this list of known-bad IPs into the video services’ own account data – to potentially automate security mechanisms that would prevent hijacked IP addresses from accessing content. Clark said there was one customer that had access to the entire 200 million list, but it sounds like trying to marry a list of approved customers against the list of bad IPs would be a major undertaking.