SoylentNews is people
SoylentNews
from the when-does-a-video-stream-become-a-river? dept.
Ars Technica reports that Netflix is about to encrypt all its video streams with HTTPS. The feature will be rolled out in the coming year. This comes after one failed attempt six months ago.
Netflix's entry into the HTTPS party comes as privacy and security advocates are calling on all websites to encrypt all their traffic. The rationale behind the request is that continuous and complete HTTPS protection thwarts state-sponsored attacks that countries like the US and China launch from the Internet backbone. Web encryption is also useful against man-in-the-middle attacks that hijack huge chunks of Internet traffic. In both cases, HTTPS prevents the attacker from surreptitiously injecting malicious packets into the targeted data stream.
According to El Reg, this change will increase costs considerably for Netflix:
Netflix has battled with the overheads HTTPS incurs; Watson estimated a capacity hit between 30 to 53 percent thanks to encryption computational overheads and a lack of optimisations to avoid data copies to and from user space.
Such a hit would cost Netflix potentially hundreds of millions of dollars a year.
Tweaks could cut that overhead by a third while speculative advancements in the next several years could crush it by up to 80 percent.
Do we really need encrypted video streams?
(Score: 2, Interesting) by Anonymous Coward on Sunday April 19 2015, @09:03PM
What if Netflix leveraged their enormous traffic and DRM/encryption experience, as well as paid subscription model, to begin offering some secure message service in addition to video using indistinguishable SSL connections? A trickle of encrypted info in a river of encrypted video, all coming from the same source, would pose a quandary for would-be eavesdroppers, as long as the service provides client-side encryption and provides no point in the middle where data is in the clear. Under a paid model, Netflix has no need to mine the data, so they're not in the same boat as Facebook or Google in terms of the profitability of not providing such client-side encryption. There's certainly a market for secure encryption, and Netflix is one of the few players who really could have the volume of encrypted traffic to provide the haystack.
(Score: 1, Insightful) by Anonymous Coward on Monday April 20 2015, @04:16AM
Would you really trust a US corporation that must comply with US laws (even the secret/illegal ones) with your private communications? Even if encryption took place on your client, Netflix and US LEOs would have the metadata about who connected to who, for how long, how often, etc.
(Score: 0) by Anonymous Coward on Tuesday April 21 2015, @02:49AM
Someone's going to have that metadata anyway. There are few situations in which no one has it. Would I rather have the US have it than the EU or RU or CN? Doesn't really matter: six of one half - a dozen of the other. The geographic location of corporate HQ isn't going to change that. As long as the message is encrypted client-side, that's the important part.