Hacked Netflix: A Sort of Modest Analogy

I don’t have the patience to sit on the couch and just stare at the tube like a lot of people seem to enjoy doing. I do however watch movies while exercising or doing chores. The result is that I start and stop whatever I am watching frequently, and there are times it might take me a week or more to watch a movie. That makes Netflix perfect for me.


A couple of weeks ago my Netflix account was hacked. The first indication was that the default language for my account kept changing from English to Portuguese or Spanish. Since I am almost as likely to watch a foreign language movie than an English language one, it took me a few days to realize what was going on. And what was going on was that people were accessing my account from Brazil, Peru, Mexico, Columbia, Spain, etc. It got a bit irritating – occasionally my son or I (the two authorized users on the account) had trouble getting on. Eventually one of the unauthorized users helpfully went into my account selections and upped the number of screens that can be on simultaneously from two to four (for an added $2 a month charged to my credit card).


So I changed my password… and it didn’t stop. I changed the email address associated with my account… and it didn’t stop. I am trying to isolate the problem scientifically now, first to determine whether the problem is on my end, and if so, where the leak is happening. I am running an experiment to try to determine whether somehow, someone can read information off of my computer/router/etc. After all, if that is the case, I have bigger problems than people messing with my Netflix account.

Nevertheless, should Netflix choose to do so, it can prevent people from accessing other peoples’ accounts. It would require a few changes to their process, but nothing particularly revolutionary. Credit card companies, for instance, will call their customers and ask questions if there are charges in odd geographic locations. Requiring users to enter a code that is texted to their phone or otherwise transmitted as a second factor before allowing a new device to be added would also be nearly foolproof.


If the will to eliminate unauthorized usage was there, however, there might be some moral quandaries for Netflix to consider. For example, perhaps some of these unauthorized users simply cannot afford a Netflix account of their own. Having Netflix look the other way allows these people to enjoy the service while imposing relatively small costs – mostly in terms of inconvenience – on authorized users. There is also an additional cost to Netflix in terms of infrastructure requirements, but that gets passed on to the subscribers as well. Since we have already established that those who signed up for accounts are probably more able to afford those costs than the unauthorized users, this is probably a Pareto efficient outcome.


Another moral issue for Netflix is that many of the unauthorized users have gotten accustomed to not having to pay to watch. It may be all they know. For instance, many of them are, no doubt, under age. Very few of the unauthorized users would have independently figured out how to hack Netflix themselves. Instead, they would have been introduced to that habit by others. Cutting off their access to a service to which they have become dependent (through no fault of their own) might seem callous.


There is also the not so insignificant matter that any crackdown would definitely be racist. To judge by those accessing my account, unauthorized users are disproportionately native Spanish or Portuguese speakers. That isn’t to say there aren’t similar people from other backgrounds, mind you, but they haven’t been the ines accessing my account.


Additionally, I am sure that the right person at Netflix could point out several other reasons why regularizing unauthorized accessers would be good for the Netflix community as a whole. For instance, the existing process provides the paying customers with a bit of sorely needed cultural enrichment. My account, for example, has been used to watch (America by other things) Season 2 of Fuller House as well as several different Japanese Anime shows. I may have been vaguely aware of the existence of Fuller House, but having (blessedly, as I understand it) never seen the original series and being from the wrong demographic, I had little concept of the reboot. As to the Anime shows, they are definitely outside my experience. Now, I am fortunate to see information about these shows crop up on my account regularly, and I even get viewing recommendations based on my supposedly having enjoyed those shows. So even if I have not yet broken through the mental barriers it would take to actually watch these programs, I am being exposed to a more diverse set of options and suggestions. Perhaps there is hope that one day I will be strong enough to overcome my mental shackles and actually watch Season 2 of Fuller House. I may not like it, but I will be a better person for it.


Another potential benefit of regularizing unauthorized Netflix users is that every one of them has the potential to become tomorrow’s paying customer, and tomorrow’s paying customer is the one who will keep the whole system viable in the long run. He/she/ze is, after all, the future of Netflix, at least as some might tell it. And depending on the choices Netflix makes, for better or worse, that may be true.


Looking at the situation more broadly, one can only hope Netflix makes the right decision. It would serve as a model to how other companies, as well as the rest of us, could act to de-stigmatize what I like to call Semi-voluntary Asymmetrical Transactions (sVAT). These are a very large group of unidirectional exchanges in which one party to the process gives something up, usually in the course of being subjected to deceptive or threatening behavior, without receiving anything in return. Sadly, sVAT enthusiasts are often treated like criminals in our society. I think we can all agree this is unfair and has to stop.