> To verify accounts within the same household, Netflix said they will use information including IP addresses, device IDs and account activity from devices already signed into the Netflix account.

Source: https://www.today.com/popculture/netflix-guide-password-shar...

The idea that was floated was that they identify a device that defines the household (e.g. a TV), for example based on being always on the same SSID, or being on a wired connection, or the IP address. Then other devices need to be in the same network as that stable device at least say once a month.

So I would not be allowed to watch Netflix on my work computer during my lunch break?

Maybe, maybe not. I would think Netflix would have some distance threshold. They may be able to identify that the location you're watching from isn't far from your home. It's not like most people will commute across the country for work, so if you're within a reasonable commute distance they not view that as a problem.

But if you're using a device that's always 4+ hours drive away, I think it's fair game for Netflix to look at that with suspicion.

Also, Netflix could look at viewing habits from different devices. If you watch something from a device at home, and then watch the next episode of that show at work, that's a good indicator that you're the same person using two different devices.

You might be able to but you'd have to reauthenticate every now and then, basically as if you were in a vacation home. The details aren't clear.

Can I have my other households VPN to my local network to bypass this?

Possibly, but it seems like this this would be pretty easy to detect.

First, they should already know who has been sharing accounts. You haven't been having other households VPN to your local network for the past 5 years for Netflix. That gives them a great starting point.

They can look at SSIDs and not just your SSID, but all the SSIDs that your device is seeing. Even within a household, not all the SSIDs will be the same from room to room. For most people, there will be some overlap. Sure, maybe you live in a rural area and you're the only SSID around. For most people, it'll be hard to fake this.

Even if you make all the SSIDs look similar, have you dealt with your BSSIDs? BSSIDs can be used to geolocate most people pretty well. Almost no one has opted out of the big WiFi geolocation databases (or even knows they can).

Maybe you could have them VPN into your local network, but they could still use WiFi and other information to see that the connection is actually in a different location. Plus, as I noted, they should already know who has been connecting from multiple locations for years.

I'm surprised that Apple allows apps on its devices to spy on SSIDs. Kinda not very privacy.

Maybe we all should change our SSIDs to "FBI Surveillance Van#1".

This entire plan immediately falls over as soon as someone uses an ethernet cable.

Not if they’re looking at SSID.

But if that’s really the case you can just use the same SSID on both places, and maybe use the same IP address space and router MAC. If they’re fingerprinting the home network that should do pretty good?

Ha! We used to live with my in-laws and when moving out I setup my SSID to be the same as theirs because who wants to re-authenticate an unreasonably large number of wireless devices?

I don't think they have SSID on most devices.

Fair point. Maybe the client and server can identify the last hop on the internal network and call that the local network's gateway.

If you're using Netflix through a browser, they wouldn't have access to the SSID.

I still watch netflix over wired devices.

Possibly, unless they’re also monitoring latency to player.

I was going to write "Why not have them ssh directly into your tv instead?" as a joke, but now I kind of wonder if that would actually work...

Yeah.

I pay for 2 devices so a friend can use my subscription, though he does not live with me. I watch Netflix once a week for an hour or two, maybe, unless I'm actually binging something. He watches it non-stop pretty much as background noise. I wonder if they will assume he is the main user, even though I pay for it. Will they compare my IP address location with my billing address?

I guess I should have just kept it at 1 device and not tried to pay for my friend's usage.

Previously i read that the device must connect to your home WIFI connection every N days.

Not all of the devices I watch netflix on are connected to wifi at all. I've got DVD and bluray players that don't even have wireless cards in them.

It shouldn't be that hard to figure this out using a variety of metrics - and remember, they can be pretty cautious in their enforcement and the enforcement doesn't have to be real-time.

For example, Netflix can easily notice that a TV is connecting from AT&T Fiber with one IP and another TV is connecting from Spectrum with a different IP. Many times they're watching at the same time so it's not someone on vacation.

It's relatively easy to note mobile devices like iPhones/Android and they have device IDs. Maybe you could hook your phone up to your TV, but most people aren't going to want to do that to save $8/mo (and walk up to their phone connected to the TV to select a new show or pause it). If the phone is on a WiFi connection (rather than cellular), Netflix can easily see that it's not the same household. People aren't likely to want to pay for a cellular plan (at $25+ per month) to avoid an $8 charge from Netflix.

If you're looking to catch 99% of people and you don't need it to be real-time, this should be pretty easy. Maybe some people will set up home VPNs, but that's going to be a small number of people. Even then, Android devices will give access to WiFi SSIDs in the area and even iOS has a permission to scan for Bluetooth devices which can be used for some amount of locating.

I guess the flip side of your question would be: how would you make it seem like you were connecting from the same household? You'd probably want all devices to be connecting from the same IP address. You'd probably want all devices connecting to the same SSID - and have neighboring SSIDs be the same. You wouldn't want them to see "they're both connecting to XYZ and have the same IP address, but they're each seeing a dozen additional SSIDs and zero overlap - what are the odds of that?" You can control your own SSID, but not all your neighbors' SSIDs.

I don't think Netflix is looking for something foolproof. I'm guessing they're looking for something that will find most instances of sharing while still being cautious enough that they don't bother people who aren't sharing. Even if your IP address is dynamic or CG-NAT, it'll still be the same for all your devices at a given time. Most people have internet from a handful of companies and it isn't that hard to figure out how those ISPs are handling things and accommodate it.

In fact, Netflix doesn't really need to do this blindly. They have logs from years of our usage. They have probably already detected who is using it in multiple locations and that makes it easy to put a flag on the account for the future. This account has been used in multiple locations for the past 3 years, if something looks suspicious, throw up the validation challenge. On other accounts without such a history, they could be more cautious. Netflix probably isn't worried about one month of sharing compared to the ongoing decade-long sharing that they believe is eating into their revenue. They can bide their time.

> It's relatively easy to note mobile devices like iPhones/Android and they have device IDs.

Are those IDs separate from the advertising IDs that users can constantly change?