Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Netflix to Roll Out HTTPS on Video Streams

posted by martyb on Sunday April 19 2015, @02:19PM   Printer-friendly
from the when-does-a-video-stream-become-a-river? dept.

kadal writes:

Ars Technica reports that Netflix is about to encrypt all its video streams with HTTPS. The feature will be rolled out in the coming year. This comes after one failed attempt six months ago.

Netflix's entry into the HTTPS party comes as privacy and security advocates are calling on all websites to encrypt all their traffic. The rationale behind the request is that continuous and complete HTTPS protection thwarts state-sponsored attacks that countries like the US and China launch from the Internet backbone. Web encryption is also useful against man-in-the-middle attacks that hijack huge chunks of Internet traffic. In both cases, HTTPS prevents the attacker from surreptitiously injecting malicious packets into the targeted data stream.

According to El Reg, this change will increase costs considerably for Netflix:

Netflix has battled with the overheads HTTPS incurs; Watson estimated a capacity hit between 30 to 53 percent thanks to encryption computational overheads and a lack of optimisations to avoid data copies to and from user space.

Such a hit would cost Netflix potentially hundreds of millions of dollars a year.

Tweaks could cut that overhead by a third while speculative advancements in the next several years could crush it by up to 80 percent.

Do we really need encrypted video streams?

 
This discussion has been archived. No new comments can be posted.
Netflix to Roll Out HTTPS on Video Streams | Log In/Create an Account | Top | 50 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Grishnakh on Sunday April 19 2015, @02:51PM

    by Grishnakh (2831) on Sunday April 19 2015, @02:51PM (#172837)

    Why on earth do they want to encrypt Netflix movie streams? What is there to protect here? What is a man-in-the-middle attack going to do to someone watching a Netflix movie, show them a commercial or something?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1, Insightful) by Anonymous Coward on Sunday April 19 2015, @02:55PM

    by Anonymous Coward on Sunday April 19 2015, @02:55PM (#172839)

    In both cases, HTTPS prevents the attacker from surreptitiously injecting malicious packets into the targeted data stream.

    • (Score: 1, Interesting) by Anonymous Coward on Sunday April 19 2015, @03:11PM

      by Anonymous Coward on Sunday April 19 2015, @03:11PM (#172847)

      yes, and what the hell is a malicious package in a video stream supposed to do? other than fightclub inspired people injecting porn into family movies...
      it's a video stream. the only thing you can do to it is corrupt it.

      • (Score: 2) by mhajicek on Sunday April 19 2015, @04:17PM

        by mhajicek (51) on Sunday April 19 2015, @04:17PM (#172860)

        They're packing hay around the needle.

        --
        The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek

      • (Score: 4, Insightful) by Anonymous Coward on Sunday April 19 2015, @04:39PM

        by Anonymous Coward on Sunday April 19 2015, @04:39PM (#172868)

        > yes, and what the hell is a malicious package in a video stream supposed to do?

        Exploit bugs in the player software. Perhaps there are edge cases in the decoder that a specially crafted mpeg packet can use to do stack smashing, etc.

        Besides, maybe I don't want anyone figuring out what shows I am watching. [wikipedia.org] I can totally see Comcast snooping that and use it to profile their ISP customers as a way to extract revenue from cord-cutters.