SoylentNews is people
SoylentNews
from the when-does-a-video-stream-become-a-river? dept.
Ars Technica reports that Netflix is about to encrypt all its video streams with HTTPS. The feature will be rolled out in the coming year. This comes after one failed attempt six months ago.
Netflix's entry into the HTTPS party comes as privacy and security advocates are calling on all websites to encrypt all their traffic. The rationale behind the request is that continuous and complete HTTPS protection thwarts state-sponsored attacks that countries like the US and China launch from the Internet backbone. Web encryption is also useful against man-in-the-middle attacks that hijack huge chunks of Internet traffic. In both cases, HTTPS prevents the attacker from surreptitiously injecting malicious packets into the targeted data stream.
According to El Reg, this change will increase costs considerably for Netflix:
Netflix has battled with the overheads HTTPS incurs; Watson estimated a capacity hit between 30 to 53 percent thanks to encryption computational overheads and a lack of optimisations to avoid data copies to and from user space.
Such a hit would cost Netflix potentially hundreds of millions of dollars a year.
Tweaks could cut that overhead by a third while speculative advancements in the next several years could crush it by up to 80 percent.
Do we really need encrypted video streams?
(Score: 2, Informative) by Anonymous Coward on Sunday April 19 2015, @04:35PM
I remember this hitting hitting bsdtalk a while ago talking about all of the problems that they were encountering along the way. It's a bit egotistical for FreeBSD but that's what Netflix uses for their CND but he makes some great points about what is coming for the future from a web standpoint.
https://archive.org/details/bsdtalk249 [archive.org]
(Score: 3, Interesting) by Yog-Yogguth on Tuesday April 21 2015, @03:34AM
Thank you for posting that, very informative. And I didn't know about bsdtalk (blog [blogspot.com], downloads/torrents at IA [archive.org])
For anyone who doesn't listen to it the direct reason (but not entirely verbatim quote) from the audio (slightly rephrased/edited because he corrects himself) is:
They're aiming to publish papers on all of this next year so anyone else can do it the same way they've done. There's a lot more detail in the audio.
Snowden etc. and Google's reactions (encrypting everything) are also mentioned. Maybe it means is that some companies are starting to realize they're not in control of their own assets like capital and infrastructure unless they encrypt everything. Google and Netflix are among the first because they have more/enough people able to make the realization and whip the management into line. At the opposite end are companies like Sony who exist completely at the mercy of others, who are not actually in control of their own capital and infrastructure etc., and who still don't learn any of the lessons no matter how many times they're hit. If shareholders and investors were more clued in to that (and they will be sooner or later) then Sony (and nearly all other companies) would have junk status or be bankrupt.
I don't think SSL/TLS is a silver bullet but granted it's one of the few bullets available “immediately”. One would think the big companies should look into becoming their own CA's as an additional fairly easy step before they start fixing other flaws and weaknesses. At some point down the line they might also try to regain trust in their own equipment: 100% open hardware, processors, fabrication, the lot, it's an enormous challenge. They didn't start this war but if they want to win it that's what needs to happen.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))