SoylentNews is people
SoylentNews
from the when-does-a-video-stream-become-a-river? dept.
Ars Technica reports that Netflix is about to encrypt all its video streams with HTTPS. The feature will be rolled out in the coming year. This comes after one failed attempt six months ago.
Netflix's entry into the HTTPS party comes as privacy and security advocates are calling on all websites to encrypt all their traffic. The rationale behind the request is that continuous and complete HTTPS protection thwarts state-sponsored attacks that countries like the US and China launch from the Internet backbone. Web encryption is also useful against man-in-the-middle attacks that hijack huge chunks of Internet traffic. In both cases, HTTPS prevents the attacker from surreptitiously injecting malicious packets into the targeted data stream.
According to El Reg, this change will increase costs considerably for Netflix:
Netflix has battled with the overheads HTTPS incurs; Watson estimated a capacity hit between 30 to 53 percent thanks to encryption computational overheads and a lack of optimisations to avoid data copies to and from user space.
Such a hit would cost Netflix potentially hundreds of millions of dollars a year.
Tweaks could cut that overhead by a third while speculative advancements in the next several years could crush it by up to 80 percent.
Do we really need encrypted video streams?
(Score: 5, Insightful) by khchung on Sunday April 19 2015, @03:21PM
WRONG! The answer is YES.
Not to protect the video streams, but to add more encrypted traffic to the network, eventually to the point where the really sensitive encrypted packets will no longer stand out.
By encrypting video streams, Netflix made their sensitive traffic that actually needed protection safer.
(Score: 4, Interesting) by kadal on Sunday April 19 2015, @04:19PM
But, is it easy or hard to tell which packets are from Netflix? It won't help much if it's easy to filter out.
(Score: 2) by khchung on Monday April 20 2015, @06:03AM
Did you notice I said "*their* sensitive traffic"?
It won't help *your* traffic to your bank, but any sensitive data packets (such as containing personal information) that you use to communicate with Netflix will now be mixed with all the video packets and much harder to isolate.
(Score: 2) by quadrox on Monday April 20 2015, @10:12AM
I'm pretty sure that the destination/origin host for anything pertaining to your account or other sensitive matters is quite different from the host containing the actual videos. Thus it would be extremely easy to filter out all video traffic.
Or am I wrong about that?
(Score: 0) by Anonymous Coward on Sunday April 19 2015, @04:22PM
Not really, netflix do not offer VPNs do they? If you have access to any router along the path, you know the endpoints and can safely discern the encrypted data is comprised of a video stream.
(Score: 2, Interesting) by Anonymous Coward on Sunday April 19 2015, @05:47PM
Not really since the SSL handshake takes place clear-text, so that entire flow can be setup to be automatically ignored by the spooks. I.e., SSL cert CN=netfix.com, then ignore.
If they created a Tor hidden service, and setup their client to tunnel through Tor, they would achieve the goal you state (and would destroy Tor with the extra traffic, in the process, unless they sponsored a huge expansion of Tor entry and intermediate nodes)
Also, a nit with the summary,
Web encryption is also useful against man-in-the-middle attacks that hijack huge chunks of Internet traffic.
It absolutely doesn't help in a MiM, since state actors responsible for these attacks, at scale, have access to trusted CA root/intermediate certificates. Due to the flawed trust model of SSL/TLS certificate signing, there is nothing to prevent the US, Israel, China, Russia, UK, etc. from creating a MiM that is undetectable by most users. The only thing that sort of protects against this is extensions like certpatrol, but then there is so much turnover in certs, that even running certpatrol, you may decide incorrectly that the new cert is OK.
(Score: 2, Interesting) by Anonymous Coward on Sunday April 19 2015, @09:03PM
What if Netflix leveraged their enormous traffic and DRM/encryption experience, as well as paid subscription model, to begin offering some secure message service in addition to video using indistinguishable SSL connections? A trickle of encrypted info in a river of encrypted video, all coming from the same source, would pose a quandary for would-be eavesdroppers, as long as the service provides client-side encryption and provides no point in the middle where data is in the clear. Under a paid model, Netflix has no need to mine the data, so they're not in the same boat as Facebook or Google in terms of the profitability of not providing such client-side encryption. There's certainly a market for secure encryption, and Netflix is one of the few players who really could have the volume of encrypted traffic to provide the haystack.
(Score: 1, Insightful) by Anonymous Coward on Monday April 20 2015, @04:16AM
Would you really trust a US corporation that must comply with US laws (even the secret/illegal ones) with your private communications? Even if encryption took place on your client, Netflix and US LEOs would have the metadata about who connected to who, for how long, how often, etc.
(Score: 0) by Anonymous Coward on Tuesday April 21 2015, @02:49AM
Someone's going to have that metadata anyway. There are few situations in which no one has it. Would I rather have the US have it than the EU or RU or CN? Doesn't really matter: six of one half - a dozen of the other. The geographic location of corporate HQ isn't going to change that. As long as the message is encrypted client-side, that's the important part.