Serving alcohol to minors is illegal, but bartenders don't say "you don't appear obviously over 40, so I'm not serving you alcohol even though your ID looks real to me and says you're over 21, since there's a slim chance it's a high-quality fake." Demanding 100% certainty that someone isn't using a VPN is unreasonable for the same reasons.

They do. I was refused service at a grocery store for having an out-of-state driver’s license. I tried having my 21+ sister who was with me purchase the beer with her in-state ID and they refused because they thought it was a straw purchase.

Here in Germany my older brother was once forced to show his ID at the local super market checkout to purchase (IIRC) a game/movie from the bargain bin (something with a restriction of >=12yo) while:

- being a tall bald dude (19yo at the time)

- wearing his Bundeswehr uniform (as a conscript on his way home for weekend leave)

Apparently that appearance wasn't enough to make it obvious he was a little older than 12.

Anyway, at least I didn't have to go through that conscription BS since I didn't reach 18 until after the "abeyance" in 2011. The equipment/supply problems and ever shortening training/service time for conscripts (last before the abeyance was 6 months total) make it no wonder that the Bundeswehr is sometimes mocked as "Deutschlands größter Trachtenverein" ("Germany's biggest costume club").

Complete with wooden MG'S

Nah, from what he told me the service pistol was an inaccurate POS, a pain to clean (which one would have to do often) and the G36 rifle is made in large parts (e.g. the stock) from polymer/plastic meaning they were forbidden from ever using the weapon body itself as a weapon because otherwise it would splinter and break.

The AK my father and grandfather used in the NVA instead was a real wartime weapon, rugged, dependable and able to be produced in mass quantities relatively cheaply. The G36 instead is apparently expensive, fragile and not that accurate, ie. more of a showpiece.

I am by no means an expert but even I know the story is more nuanced. https://www.youtube.com/watch?v=MfPHZFsw40M

A similar thing happened to me when I was in my early twenties but with a US passport. We were out in the country a bit and I joked with my friend at the time that the guy serving us had probably never seen one...

Large bars which draw a lot of tourists use a book like this to guide them through validating out-of-state licenses.

https://www.driverslicenseguide.com/book-us.html

Except that’s exactly how it works. Even in the U.K. where it’s 18 to legally drink, many places have a policy that anyone who looks under 25 will be challenged for ID and only driving licence or passport are accepted. Some places even have a policy that all purchases require ID irrespective of how old you look.

It’s better to pissing a few people off but still have a license, than lose your license and thus have nothing to serve your customers. Which is just as true for pubs and bars as it is for video streaming services. And content owners know this too, which is why they can place such heavy demands on 3rd party platforms.

This is false in the parts of the US where I live, where my family previously owned a bar. If an establishment is found serving alcohol to a minor, they are at fault, regardless of the ID that a minor has. A bar without a liquor license is a bar with a permanent "closed" sign.

Not only that, but you don't get to say that to a person who has already paid for the beer.

I hope each person it happens to requires a charge back. It should cause netflix enough of an issue that they go back to focusing on the customer.

One elephant in the room:

The most ubiquitous and unblockable form of VPN is international cellular roaming. (While roaming, all traffic is tunneled back to the home carrier and blends in with their traffic.)

Of course, it's the most tedious VPN. It's also the most expensive. But what subset of traffic actually needs to go over the VPN? Like authentication and bot detection, these types of checks tend to be too expensive to perform on every request to every service endpoint.

Considering every single VPN commercial I've seen on YouTube mentions bypassing Netflix region blocks, I don't think this is all that surprising.

It doesn't seem that unreasonable that they could be putting it together themselves.

Couldn't they just buy a subscription to all the largest VPN providers and just run through the server list making a note of each server?

Or find which IPs are logging in with >N unrelated Netflix accounts. Where N is sufficiently high to minimize false positives. Cases like Airbnb would still get the boot with this strategy.

They can even let VPN users map the servers for them in the data collection phase. Look at the usage graph and you'll find a cluster of accounts that jump between the same cluster of IPs.

>Cases like Airbnb would still get the boot with this strategy.

Or likely anyone on CGNAT for their home internet, I don't think this would be a reliable detection method.

There would be Airbnb traffic would look different from a VPN.

For an Airbnb you’d have the accounts change frequently but seldom multiple account from the same IP. Whereas a BPN would see the same accounts frequently but with many overlapping accounts from the same IP.

Similarly with hotels you’d see the overlapping of accounts per IP but less regularity of the same accounts.

This feels like one of those problems machine learning could help solve. Though there is a lot you can deduce just from good old fashioned rules. Eg some IP subnets are going to have a higher probability of hosting a VPN (eg those bought for AWS EC2) vs legitimate traffic over other IP subnets.

> They must be buying a database of IP address locations and VPN addresses from somebody.

There are services that can detect most commercial VPN services, e.g. https://focsec.com