Netflix Adding TLS to Protect User Privacy
In a blog post earlier this week called "Protecting Netflix Viewing Privacy at Scale,“Netflix Open Connect团队详细介绍了该公司使用的创新方法,该方法用于实现HTTPS加密向Netflix客户传输视频内容. Beyond the technical innovation described, 这篇博文揭示了视频流媒体服务和其他商业网站必须超越内容DRM,以真正保护观众的隐私.
TLS, SSL, and HTTPS
什么是HTTPS ?它与安全套接字层(SSL)和传输级别安全性(TLS)有什么关系?? Briefly, SSL 一项最初由网景公司开发的用于在网络服务器和浏览器之间建立加密链接的技术吗. Because of trademark issues with Netscape, the version after SSL 3.1 was called TLS 1.0.
In 2014, a vulnerability called POODLE (填充Oracle On降级的遗留加密)被发现渲染SSL甚至TLS 1.0 potentially ineffective against hackers. TLS 1.1的引入是为了避免POODLE,但结果是,所有版本的SSL,甚至TLS 1.0 are considered insecure. This started a major transition away from SSL and towards TLS 1.1. To complete the picture, HTTPS, or Hypertext Transfer Protocol Secure (HTTPS), is a technology that combines HTTP with SSL or TLS, though TLS 1.1 is obviously preferred over SSL or TLS 1.0 at this point.
Back to Netflix
To be clear, Netflix has long deployed DRM to prevent piracy, 它在帐户登录和通过HTTPS进行任何管理期间保护客户数据. However, the actual transfer of the movie data was not protected, 因此,服务器和客户端之间的通信中包含的任何信息都可能被黑客访问, or by network administrators or ISPs. 此信息可用于确定查看者正在观看的内容, and perhaps other details.
正是由于这个原因,信息行业一直在朝着保护网络上所有信息的方向发展. As stated on http.cio.gov, an HTTPS support forum for users with a .gov or .mil address, “每个未加密的HTTP请求都会泄露有关用户行为的信息, 对未加密浏览的拦截和跟踪已经变得司空见惯. Today, there is no such thing as non-sensitive web traffic, 公共服务不应该依赖于网络运营商的仁慈”(原文强调)。.
The problem for Netflix was scale. Over the last four years, 该公司已经将存储和服务Netflix内容的Open Connect设备的吞吐量从8Gbps提高到90gbps. 这种性能提升的一部分与将电影数据直接从文件系统传输到网络套接字的能力有关,而无需通过服务器的应用层路由数据. This is shown in Figure 1.
Figure 1. 将电影内容直接传输到网络套接字比通过web服务器的应用层路由更有效.
However, Netflix最初实现的HTTPS将数据路由到执行HTTPS级别加密的web服务器(Figure 2). In an October 2014 email to W3C public listservs, Netflix的流媒体标准主管马克·沃森(Mark Watson)报告称,最初的试验显示,容量下降了“30-53%”." Watson continued, “这不是我们短期内可以吸收的产能冲击,我们估计随着时间的推移,成本将在每年10亿到1亿美元之间. Our current rough estimates indicate that, 在接下来的一年里,我们可以实现额外的软件优化,这可能会减少大约30%的开销.“换句话说,我们希望实现HTTPS,但就目前的情况来看,它太贵了.
Figure 2. Performing HTTPS encryption in the web server was relatively inefficient.
As described in the latest blog post and accompanying papers, Netflix创建了一个混合方案,在从文件系统传输到网络套接字的过程中对电影数据进行加密(Figure 3). This eliminated the routing through the application layer of the server, "increasing performance by up to 30%," and delivering on Watson's promise. As a result of this improvement, Netflix计划继续向支持它的客户端推出HTTPS.
Figure 3. Netflix为恢复运营效率而实施的技术解决方案
Industry Support for HTTPS
Netflix并不是唯一一家使用HTTPS保护内容传输的流媒体视频服务公司. On August 1, 2016, YouTube announced that over the previous two years, 该公司“对97%的YouTube流量使用HTTPS进行加密." As with Netflix, Google reported that performance was an issue, but that with hardware acceleration for encryption, “我们能够加密几乎所有的视频服务,而无需添加机器."
The YouTube announcement links to a page titled Is TLS Fast Yet, 其中讨论了CPU和延迟等性能问题,以及如何最有效地部署TLS和HTTPS. The YouTube post also links to the Google Transparency Report, 其中讨论了HTTPS/TLS是谷歌的优先事项,并报告称该公司“一直在努力实现我们的产品和服务100%加密的目标。."
The net/net is that if you're a streaming publisher, 保护通过HTTPS传输给消费者的电影正成为留在游戏中的筹码. For example, in discussing Netflix's move to HTTPS, Ars Technica reported 此举使亚马逊成为网络加密界最引人注目的缺席者之一." If you're a video consumer concerned about privacy, 在考虑要登录哪个流媒体服务时,用于电影传输的HTTPS也应该在你的必备功能列表中, or retain.
Related Articles
加州消费者隐私法案将在短短几个月内生效, 要求公司在收集和处理个人数据方面采用全新的方法.
18 Sep 2019
When digital privacy hacks regularly make the news, 消费者担心家中的联网电视可能会被用于不良目的.
09 Jul 2018
In May 2018, 全面的消费者隐私规则将改变在欧盟开展业务的公司收集和存储数据的方式. Is this the end to viewer personalization?
26 Apr 2017
像《百家乐软件》、《百家乐app下载》和《百家乐软件》这样的热门电影都不便宜. Netflix makes a break from licensed content.
24 Oct 2016
While U.S. 用户增长正在放缓,但放缓程度并不像分析师预测的那么严重. International expansion helps boost returns.
18 Oct 2016