Every night when I put my daughter to bed, I read her a book, or we play flashlight shadow puppets, or we watch videos such as The Duck Song, or Blackbeard, Bluebeard, Redbeard. We watch netflix, youtube, etc.
Recently I noticed, that all our video streams get interrupted annoyingly frequently. Buffering every 1-15 minutes, it's infuriating. Sometimes I can dumb down the connection, switching to CC instead of HD. Sometimes it helps. Not always. So I VPN'd into work (We have a non-split-tunnel VPN available), and then we can watch it, no problem. It's the same content, being delivered over the same network, only it's encrypted and hidden from FiOS's routers. There's no other explanation, simply, caught red handed. When ISP's do something like this to Netflix, Youtube, etc, the end user perceives Netflix, Youtube, etc as being slow. "It's not my internet connection; my internet connection works fine for other things. This is just Youtube being overloaded or whatever. Well, that's what you get when you try to watch something for free. Sigh." So I got to thinking, could encryption be used to circumvent greedy ISP's systematically? If everything were encrypted and unidentifiable, then the only thing they could do would be to throttle *all* the traffic, not just the big content distributors that they want to shake down. Then, the slow service would be recognizable to end users for what it is - a crippled internet connection, and not a deficiency of Netflix, Youtube, etc. Even if everything were tunneled over https, there are two obvious counters that the ISP's could take: They could inspect the DNS traffic and/or SSL subject name to find the name of the server. And/or they could try to create a list of all of Netflix's and Youtube's IP addresses, and throttle traffic based on these factors. Recently I noticed, that a lot of time when I go to download some file from some website, the content is actually redirected to come from s3.amazon.com. My point is to say: #1 the hostname doesn't need to be recognizable as "*.youtube.com" or "*.netflix.com" ... These guys could randomize all new DNS names all the time, so the exposed servername doesn't cause a problem. And #2 Content distribution networks don't necessarily have to have small recognizable IP ranges. Especially with the expansion of IPv6. Especially if large content distribution networks aggregate all sorts of traffic - netflix, youtube, and everyone else - If the content is distributed by a content distribution network, and LOTS of services use those networks, then the SSL cert could be "*.akamai.com" (or whatever) and if the ISP's want to throttle it, their only choice is to throttle *all* of the content indiscriminantly. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
