Update, November 6th, 2010:

The method in this post no longer works. But, I’ve found a new workaround.

Disclaimer: The method described below almost certainly violates Hulu’s Terms of Use. I do not know the legal ramifications of breaking these TOU. I am not suggesting that you actually follow my fictional instructions.

---

I’ve finally cracked the nut on watching Hulu in Canada. At the time of writing, this method is 100% successful; I’m confident the method also works internationally, but I have not been able to get any corroboration. Before you read on, let me warn you that these instructions require basic tinkering skill on OS X, Linux and routers; advanced tinkering skill on Windows. At the bare minimum, you’ll need to know how to open a command prompt/terminal window in your operating system.

Instructions:

1. Open Firefox. The workaround requires a Firefox add-on, so unfortunately the method is Firefox-only at this point in time.
2. Install the “Modify Header” add-on, download it here: http://addons.mozilla.org/en-US/firefox/addon/967
3. Configure the add-on using the instructions I previously posted for watching Comedy Central in Canada. Here’s a quick reference image: http://imgur.com/Feb4 VERY IMPORTANT NOTE: The IP address referenced in the instructions “12.13.14.15” is being actively blocked by Hulu, You’ll need to replace it with a known American IP address. Ask an American friend for their IP or see Appendix A for instructions on how to find a US IP address. The address you use should not affect the method, it’s merely being used to trick a portion of Hulu’s geo-location algorithm.
   NOTE: These settings interfere with other sites that you WANT thinking you’re from Canada. You can always disable the rule in modify headers when not using Hulu.
4. Block port 1935.
   This is the real breakthrough I came across. Turns out Hulu’s flash video player attempts a direct connection to your computer via the RTMP port to verify your real IP.  When you block this port it the falls back to HTTP allowing the video to play. Blocking ports is fairly straightforward on Mac and Linux, but looks to be somewhat difficult on Windows. See Appendix B for complete Port blocking instructions for all OSes.

Notes:

• If you are able to navigate Hulu.com, load a video and watch the commercial but then get a blank player or an error message afterwords, then you have not properly blocked the port.
• If you are not even able to navigation Hulu.com, you have misconfiguration the modify headers plugin, or you are using an IP address Hulu is actively blocking.
• This work-around also works for other sites that have video players powered by Hulu on the backend. Discovery Channel for example.
• It’s likely that non-Hulu-related restricted video websites may use a similar RTMP verification method will not function. You may want to disable the Port block when not watching Hulu. See Appendix C for instructions.
• It’s unclear whether the holes that allow this workaround are a bug or a feature. My guess is that closing them my results in certain IP on US soil to be blocked inadvertently.

Thanks to Jason Pollock, who’s slashdot comment pointed me in the right direction; and the Reddit /r/Canada community – especially MarshallX and got_milk4 – who helped me out with my initial instructions.

---

Thoughts about Hulu:

In the past I’ve had some limited experience checking out Hulu in hotel rooms on trips to The States, I’ve generally been impressed by it and I’m sure I’ve written about my impressions in previous TV posts. After a few days of “real world” usage, I’ve changed my mind a little. I no longer see Hulu as this Holy Grail of online TV watching experiences that Canadians could only dream of. It’s not a real alternative to torrenting and it’s only somewhat better than Rogers On Demand or the various individual Canadian network TV experiences.

The selection of available shows is (I hesitate to say “terrible,” Hulu has a metric tonne of content) not great, I was not able to find full episode of any recently aired show I wanted to watch. As far as I could tell, if the show is new Hulu only has short clips. On the other hand, I was able to find full series of shows I’d have difficulty finding in torrents or elsewhere online – like Sliders and Firefly. Hulu’s movie selection is not even worth mentioning.

Aside from the selection, I was astonished by the amount of ads. Full length shows typically have a 15-90 second pre-roll ad, plus network ID, plus 15-60 second interstitial ads during the show at broadcast TV; due to the heaps of praise Hulu generally receives in the Tech media, I was under the impression that they served little to no advertising. Granted it’s less than regular TV, but more than I’d accidentally watch on a PVR and it’s more than the 0 I’d see in a torrent.

The TV industry needs to find a better way to make money.

---

Appendix A. How to find a US IP address.

As I mentioned above in step 3, the X-Forwarded-For header requires a valid US IP address. It’s best if you use a unique-ish IP address, instead of the ones listed in my example. There are 2 simple ways to find a US IP address.

Method 1)
Ping a known US domain name, record the result. For example:

PING google.com (74.125.95.104): 56 data bytes

Downside: it’s hard to know for if the server that responds is actually located in the USA. If it works, run with it.

Method 2)
Pick a random valid IP address for a known US Organization. A few examples:
AT&T: 12.0.0.0-12.255.255.255, 32.0.0.0 – 32.255.255.255
MIT: 18.0.0.0-18.255.255.255
Xerox: 13.0.0.0-13.255.255.255

Downsides: none

Appendix B. Blocking Ports.

This is the tricky part. If you have a router or firewall that gives you a simple interface for blocking ports, I’d suggest using it, rather than OS-level configuration. Anyways, here are the instructions for various OSes:

Mac OS X:

sudo ipfw add 0 deny tcp from any to any 1935
sudo ipfw add 0 deny udp from any to any 1935

Third-party firmware routers (Tomato, DD-WRT, OpenWRT):

iptables -t nat -A PREROUTING -p tcp --dport 1935 -j DROP
iptables -t nat -A PREROUTING -p udp --dport 1935 -j DROP

Windows XP, Vista, 7:
See section 3 of MarshallX’s stellar Google doc for instructions. Based on comments I’ve seen on the Reddit post, this method is a little finicky.

Linux:

iptables -A INPUT -p tcp --dport 1935 -j DROP
iptables -A INPUT -p udp --dport 1935 -j DROP

Appendix C. Undoing the Block.

Mac OSX:

If these are the only firewall rules you’ve ever added:

sudo ipfw delete 00100
sudo ipfw delete 00200

If you’ve got other rules in the firewall run:

sudo ipfw list

Output will look similar to this:

00100 deny tcp from any to any dst-port 1935
00200 deny udp from any to any dst-port 1935
65535 allow ip from any to any

Use that first number as the ID for the ipfw delete command.

Windows: Delete the policies and filters you created (the ones with “Hulu” in the name).

Linux: you’re on your on. I think you run the same commands you use to block the ports, instead of “DROP” use “ADD”. But I can’t guarantee that.