Netflix will start encrypting its streams to block prying eyes and internet providers

Stopping snoops.
Stopping snoops.
Image: Reuters/Chris Wattie
We may earn a commission from links on this page.

Netflix says it will start encrypting its video streams to prevent other people and companies from snooping on what its subscribers are watching—or that they are watching Netflix at all.

While the change will protect Netflix users from surveillance, its greatest effect will likely be on internet service providers, obscuring their view of a large swath of traffic crossing their networks. Internet providers will have a harder time determining if data heading to their customers are coming from Netflix or some other source, though that information could be available in other ways.

The exact implications of the change aren’t immediately clear, but it’s wrapped up in issues like net neutrality and limitations on data usage imposed by internet providers. During evening hours in the United States, Netflix can account for more than a third of traffic heading into homes. And, in fact, that oft-cited statistic may be one victim of the change, if others are less able to discern what traffic is Netflix’s.

This is how Netflix explained the move toward encryption in its first-quarter earnings report (pdf):

Over the next year we’ll evolve from using HTTP to using Secure HTTP (HTTPS) while browsing and viewing content on our service. This helps protect member privacy, particularly when the network is insecure, such as public wifi, and it helps protect members from eavesdropping by their ISP or employer, who may want to record our members’ viewing for other reasons.

HTTPS is a more secure method of transferring data to a web browser or app. It assures the user that what she’s receiving is actually from Netflix and prevents “man in the middle” attacks that could allow other people to snoop on or even change the data being sent. Transferring data over HTTPS is more technically complex, and Netflix didn’t offer a precise timeline for the change.

In an email to a public email list today, Mark Watson, Netflix’s director of streaming standards, said the cost of switching to HTTPS was “significant” but “well justified by the privacy returns for our users.”

Netflix is famously unwilling to disclose information about the popularity of its programming. It previously began anonymizing the file names of videos streamed to subscribers in order to prevent third parties from estimating viewership levels.