Tag: Cox

Resources for pfSense, Private Internet Access, Netflix, and Hulu

You've probably heard by now that the US Congress just repealed Obama-era regulations preventing Internet service providers from selling their users' browsing data to advertisers. I'll probably talk more about that in future posts. For now, I'm going to focus on a specific set of steps I've taken to prevent my ISP (Cox) from seeing what sites I visit.

I use a VPN called Private Internet Access, and a hardware firewall running pfSense. If that sentence looked like gibberish to you, then the rest of this post is probably not going to help you. I plan on writing a post in the future that explains some more basic steps that people who aren't IT professionals can take to protect their privacy, but this is not that kind of post.

So, for those of you who are IT professionals (or at least comfortable building your own router), it probably won't surprise you that streaming sites like Netflix and Hulu block VPNs.

One solution to this is to use a VPN that gives you a dedicated IP (I hear good things about NordVPN but I haven't used it myself); Netflix and Hulu are less likely to see that you're using a VPN if they don't see a bunch of connections coming from the same IP address. But there are problems with this approach:

  • It costs more.
  • You're giving up a good big chunk of the anonymity that you're (presumably) using a VPN for in the first place; your ISP won't be able to monitor what sites you're visiting, but websites are going to have an easier time tracking you if nobody else outside your household is using your IP.
  • There's still no guarantee that Netflix and Hulu won't figure out that you're on a VPN and block your IP, because VPNs assign IP addresses in blocks.

So I opted, instead, to set up some firewall rules to allow Netflix and Hulu to bypass the VPN.

The downside to this approach is obvious: Cox can see me connecting to Netflix and Hulu, and also Amazon (because Netflix uses AWS). However, this information is probably of limited value to Cox; yes, they know that I use three extremely popular websites, when I connect to them, and how much data I upload and download, but that's it; Netflix, Hulu, and Amazon all force HTTPS, so while Cox can see the IPs, it can't see the specific pages I'm going to, what videos I'm watching, etc. In my estimation, letting Cox see that I'm connecting to those sites is an acceptable tradeoff for not letting Cox see any other sites I'm connecting to.

There are a number of guides on how to get this set up, but here are the three that helped me the most:

OpenVPN Step-by-Step Setup for pfsense -- This is the first step; it'll help you route all your traffic through Private Internet Access. (Other VPNs -- at least, ones that use OpenVPN -- are probably pretty similar.)

Hulu Traffic -- Setting up Hulu to bypass the VPN is an easy and straightforward process; you just need to add an alias for a set of FQDNs and then create a rule routing connections to that alias to WAN instead of OpenVPN.

Netflix to WAN not OPT1 -- Netflix is trickier than Hulu, partly because (as mentioned above) it uses AWS and partly because the list of IPs associated with AWS and Netflix is large and subject to change. So in this case, instead of just a list of FQDNs, you'll want to set up a couple of rules in pfBlockerNG to automatically download, and periodically update, lists of those IPs.

That's it. Keep in mind that VPN isn't a silver bullet solution, and there are still other steps you'll want to take to protect your privacy. I'll plan on covering some of them in future posts.

Cox Claims to Be Unable to Revoke a DHCP Lease

I've always advocated being kind to tech support people. They have a tough job, it's not their fault you have a problem, and they spend all day dealing with abuse from people who act like it is their fault.

Well, yesterday, for the first time in my life, I cursed out a phone support rep. I'm not proud of it, but in my defense, I'd been talking to support for 90 minutes by that point, and the last 30 of that had been a conversation where this tier-2 rep talked in circles, blamed me for problems with their server, repeatedly said she couldn't help me, refused to listen to my explanations of the problem, and acted like a condescending ass.

Seriously, this is the worst tech support experience I have ever had. Beating out the previous record-holder, the guy who told me that my burned-out power supply wasn't really burned-out, I was probably experiencing a software issue. After I told him there were burn marks on the power connector.

At least that one was funny. The conversation I had with Cox yesterday wasn't funny, just infuriating.

Here's what happened: on Monday evening, when I tried to send an E-Mail, I started getting this error:

An error occurred while sending mail: The mail server sent an incorrect greeting:
fed1rmimpo306.cox.net cox connection refused from [my IP address].

I tried unplugging the modem to see if I'd get a new IP assigned. No luck. I tried turning the computer off and then on again. No luck. I tried sending mail from other devices. Same result.

So on Tuesday afternoon, I pulled up Cox's live support chat to ask for some help.

The rep eventually told me he'd escalate, and that the issue should be fixed within 24 hours.

Just shy of 27 hours later, I pulled up Cox's live support chat again, to ask what the problem was.

The rep -- a different one this time -- quoted me this feedback from the ticket:

Good afternoon, the log below shows the username can send on our servers. This may be a software, device or network issue. Please review the notes and contact the customer.

In other words, they'd tested the wrong thing. The mail server was rejecting my connection, based on my IP address, before my mail client sent my username and password. And Cox's solution to this was...to confirm that my username and password were working.

I explained this to the rep, over the course of 75 excruciating minutes. I demonstrated by disconnecting my phone from my wifi network and sending an E-Mail while connected to my wireless carrier. It worked when I connected to Cox's SMTP server over LTE; the same mail app on the same phone failed when connected to my wifi.

I explained that the mail server was blocking connections from my IP address, and that they needed to either make it stop blocking my IP address or assign me a different IP address.

The rep told me that was impossible, that residential accounts use DHCP, which assigns IP addresses at random.

I told him that I know what DHCP is, and that I wasn't asking for a static IP address, I was just asking for someone to revoke my DHCP lease and assign my modem a new IP address from the DHCP pool.

He told me that the only way to get a new IP address is to disconnect your modem for 24 hours.

I told him that was unacceptable, and I asked if there was anyone else I could talk to.

He gave me a number to call.

The person who answered the phone said she'd escalate to a tier-2 tech. I said, pointedly, that I did not understand why nobody had thought to do that in the preceding 75 minutes.

As it turns out, tier-2 techs are worse than tier-1 techs. Tier-1 techs at least know that they don't know everything, and are willing to ask for help from people who know more than they do. Tier-2 techs think they do know everything, will not ask for help from someone who knows more than they do, and certainly will not listen to a customer who knows more than they do.

Well, probably not all of them. But that was sure as hell my experience with the tier-2 tech I got stuck with.

First, she had the sheer gall to tell me my modem wasn't connected to the Internet.

I told her I could connect to websites, I could receive E-Mail, and that the error message on sending mail was not a timeout, it was a Connection Refused. I added that I was doing this from a computer that was connected to my router by a cable, that I had not accidentally jumped on somebody else's wifi.

She would have none of it. She insisted "We can't see your connection here, so you're not connected." Repeatedly. When I told her that I was clearly connected to the Internet, she just kept telling me that no, I wasn't.

Finally she told me to bypass my router and plug my desktop directly into my modem. I told her that this wouldn't fix anything, because this was happening from multiple devices that all had Internet access. She got huffy and standoffish and told me she couldn't help me if I wasn't willing to do what she asked.

So I did it. I climbed back behind my computer, traced the cable to the router, and swapped it with the one coming from the modem.

Absolutely nothing changed. Except that she said. "Oh. You're running a Linux computer? We don't support Linux."

I responded, "The operating system I am using is not relevant to whether your server is accepting connections from my IP address."

But some reps aren't interested in helping. They're only interested in finding an excuse for why they don't have to help you.

I asked her if there was any way she could determine why my IP was being blocked. I noted that it seemed to be on some sort of blacklist.

She asked if I'd checked whether it was on any public blacklist. I responded that I had, and that it had an expired listing on SORBS from 2013 -- well before it was my IP address; I've only lived in this house since 2014 --, that I hadn't found it in any other blacklist, and that a SORBS listing from over two years ago should not result in my suddenly losing the ability to connect to SMTP two days ago.

She said that if I was on a blacklist, those were handled by third parties and it was my responsibility to get de-listed. I explained that I did not see my IP on any currently-active blacklists, and asked if she could look up what was causing the rejection. She said she couldn't.

I asked if she could reset my IP. She said that the only way to do it would be to shut down my modem for 25 hours. (Already I had somehow lost another hour!)

I told her that was unacceptable, and asked how I could get it reset remotely.

She told me that was impossible, that residential accounts use DHCP, which assigns IP addresses at random, and that the only way to get a new DHCP address is to disconnect your modem for 25 hours.

I told her that it is not impossible, that the same router that provides DHCP leases is capable of revoking them, and that I needed somebody to do that for me.

We went round and round like this for awhile.

At one point, she said, "We can't do that; it's done automatically."

I responded that anything a computer does automatically can also be done manually, and that there is certainly someone in Cox who has the account access to log into the router that is assigning IP addresses and revoke a lease.

She started to explain DHCP to me again -- it was about the fifth time at this point -- and I snapped.

I shouted, "I know how DHCP works; I ran an ISP, for fuck's sake!"

I feel kinda bad about that.

I finally got pushed over to a supervisor -- another twenty minutes on hold -- who tried to tell me that Cox can't help me because they don't support third-party programs like what I'm using, and that if I could send messages from webmail, that's what I should do.

I said, "Are you seriously telling me that Cox does not support sending E-Mail from phones or tablets?"

The supervisor backed off that claim and said that she didn't really understand the technical stuff, that she could send me back to tier 2.

I responded that it had been two hours and I didn't think it was in anyone's best interest for me to continue this conversation, but that if I decided to call back tomorrow, what could I do to get some service?

She said to ask for tier 2 again, and this time ask for a manager.

I'm debating whether I really want to deal with that kind of aggravation, or if I'd be happier just abandoning the Cox E-Mail address that I've been using for fifteen fucking years.

Incidentally, Cox just jacked its prices up by $7 a month. Why is it that every time the cost goes up, the quality of service goes down? I remember the first time they hiked my bill, they dropped Usenet service.

That was in 2009. Since then my bill's gone up $27. My service sucks; several times a day my connection just stops working and I have to restart the modem.

And of course I can't switch to another ISP, because there isn't one available at my address. My "choices", such as they are, are as follows:

  • Pay $74 a month for Cox
  • Steal wifi from a neighbor who's paying for Cox
  • See how far I can get using only my phone's data plan for Internet access

I'm pretty much fucked, like most Americans are on broadband access.

And the hell of it is, even if there were another provider available, all the alternatives seem to be even worse.

I mean, Christ, at least I don't have Time Warner or Comcast.

Customer Service Survey

I have no complaints about the representative who I spoke with; he was great. He was knowledgeable, professional, and responsive, and told me that they were aware of the outage and working on it.

HOWEVER, I have some pretty serious complaints about Cox's level of service.

First of all, my Internet outage lasted for over 12 hours.

Second, when I called, there was no recorded message informing me that there was a known outage in my area; I had to wait on hold for an extended period of time just to be told something that could have been handled by a recording as soon as I called in.

And speaking of recordings: you're seriously going to make me listen to the same four commercials, over and over again, on a continuous loop? Hey, kudos for finding a way to make being on hold an even MORE unpleasant experience; I didn't think that was actually possible. But I have to wonder, does Cox hate its employees AND its customers? Because this is just about the best way I've ever seen to ensure that a customer is as angry and frustrated as humanly possible before getting to speak to a support tech.

Put bluntly: Cox's Internet service is poor, rates keep increasing even as services are dropped (thanks so much for discontinuing Usenet support and then jacking up my rates five bucks), and saying that calling technical support is like pulling teeth is an insult to dentists everywhere.

Continuing bluntly: the only reason Cox has managed to keep my business is by virtue of being a local monopoly. The only other option for broadband Internet at my address is CenturyLink at 3.0Mbps, which is even more unacceptable than Cox's poor service, frequent outages, high prices, and legitimately terrible hold experience.

And, what's more, I strongly believe that Cox knows this, that the company is well aware that it has a captive audience and can therefore charge high rates for poor service and there is nothing else its customers can do but sit here and take it, because the broadband market has no competition to speak of.

In the short term, I begrudgingly admit that Cox has my business simply by default, because I have nowhere else to go.

In the long term, the market is going to change, competition is going to increase, and all the customers like myself who have spent the past decade being grossly dissatisfied with Cox's service are going to jump ship at the very first opportunity. A hard rain is going to fall.

I strongly suggest that Cox study the lessons of companies like Microsoft -- or, more dramatically, Blockbuster Video. Both of these are examples of companies that had a virtual monopoly in their respective industries. This monoculture allowed them to become bloated and unresponsive, and keep collecting money from their captive customers -- because where else were they going to go?

It didn't last. Technology changed. The markets changed. Blockbuster went bankrupt and, while Microsoft has held on to its majority share in the desktop/laptop OS and office suite markets, it has utterly failed to gain a foothold in emerging markets like phones and tablets, its browser market share has plummeted, and even companies that are using the latest version of Microsoft Office are likelier to use Google Docs for online collaboration.

Did this happen because Blockbuster didn't offer comparable, competetive services to Netflix and Redbox? Did it happen because Windows Phone is a poor operating system, or because Internet Explorer is an inferior browser?

No. Blockbuster offered very competetive prices to Netflix (no, it didn't offer streaming, but Blockbuster went bankrupt before streaming became Netflix's dominant distribution model). Windows Phone has received positive reviews, and Internet Explorer now performs comparably to other standards-compliant browsers.

So why did customers eagerly drop Blockbuster and Microsoft the first chance a viable alternative appeared?

Because that's what happens when you spend a decade taking your customers for granted, charging them a ridiculous rate for a barely-functional product or service, and generally treating them like livestock.

Yes, Blockbuster and Microsoft improved the quality of their products and services once competition started to pressure them into doing it. By then it was too late.

I know Cox is a monopoly in my area. I know there's no short-term incentive for it to improve its service or decrease its cost, because it doesn't have to in order to keep my business.

But if I were running Cox, I would think long and hard about the future. Someday, you ARE going to have a viable competitor. If you want to keep your existing customers' business when that day comes, you should probably start treating them better, right now.

The first thing you should do is stop making your customers listen to commercials when they're on hold.