https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30 tl;dr -- It seems that NordVPN is routing traffic through many residential ISP uplinks in the US. In order to successfully access Disney+ content. The article speculates that it's using proxies from Oxylabs. That is, people who have installed Oxylabs apps on their devices.
One of the aspects of the streaming services - I assume it applies to Disney+, certainly to Netflix, is that they will NOT tell you their addresses or domains so that you cannot set up your router to go through to them directly rather than a VPN, even if you are a legitimate customer in the correct jurisdiction. So I have little sympathy for them, even though this alleged abuse by Oxylabs is obviously scummy.
Yeah, it's ~scummy. But it's not as dangerous to the unwitting proxies as some have argued. Because it seems that the NordVPN client only uses residential proxies for https://www.disneyplus.com and (perhaps) other mainstream content providers. But not, for example, https://www.disney.com and https://paypal.com. And not for porn and worse, which could lead to criminal investigations. Or at least, one hopes. However, the detection approach only works for some sites that use the Akamai CDN: curl -LIX GET https://foo.bar -H 'Pragma: akamai-x-get-client-ip' So far, I know that https://www.disneyplus.com, https://www.disney.com and https://paypal.com use the Akamai CDN. If any y'all know other sites that use the Akamai CDN, please share. And maybe there's a comparable "client-ip" header for other CDNs.
There is the concern that NordVPN is using its own clients as proxies. As Hola does. So how could one test for that?
