HTTPS Everywhere is great, but comes with its own set of headaches. Especially when we start encrypting videos.
Don’t get me wrong. Encryption and privacy are important. They are essential to our Internet at this day and age as more and more people conduct real business and larger portions of their life over this medium.
I think that Google’s initiative of HTTPS Everywhere is a really important one. They even had a whole session at Google I/O only for that:
Earlier this month, Dror Gill wrote a piece on TechCrunch, detailing the issues related to video over the internet and the battle raging between Netflix and carriers.
He gives 3 solutions to the massive amount of video going over the internet:
- Caching, where data is stored closer to the network edge – usually in the data centers of the Internet service provider
- Adaptive bit rate, where the stream is stored in multiple bit rates and the data streamed to the device can change between bitrates based on the network condition dynamically
- Compress better
Adaptive bit rates and better compression can be dealt with by the service hosting the video itself (Netflix, YouTube or others) and can also be achieved by the internet service provider.
Caching can only be achieved by the internet service provider. A close alternative is using a CDN, and a wishful thinking one is hosting your own servers inside the internet service provider’s data centers (Netflix is doing that wherever possible).
All of these 3 options can be done by an internet service provider by means of proxies in his network. Since all data flows through his data centers anyway, he can cache or modify the resulting video to optimize for his own network.
BUT – if the actual video is encrypted, then there’s nothing an internet service provider can do, besides knowing it may be a video stream:
- He can’t cache the video, as he won’t know when the same video is requested again
- He can’t apply his own adaptive bit rate mechanisms, as he can’t access the video stream
- He can’t compress something he can’t decompress in the first place
For the most part, the video flowing through the Internet is coming from large domains such as YouTube and Netflix. They already have adaptive bit rate and better compression handled. The problem is with caching of popular videos. These can’t be handled between some kind of an agreement between the content provider (Netflix, YouTube) and the internet service providers – at least not when the requests as well as the data streams themselves are encrypted.
The current focus of HTTPS Everywhere is on web pages. Once it moves on to video content, this will become a larger issue.