These days, popular services have hackers, both white hat and the more malicious variety, prying at their doors in just about every conceivable way. This means that multi-layer protection is not only far from unheard of, it's practically a necessity for some services and sites. Whether it's protecting trade secrets, protecting user privacy, or simply protecting their network from being compromised, just about everybody has a reason to do all they can to protect their services. In the spirit of that, Netflix is upping the ante on user privacy and network protection by adding in HTTPS protection to streams making their way from local servers to customers.
Netflix's server outlay consists of their own master servers, with a few scattered around their service areas boasting extremely high capacity and power, and local servers, called Open Connect Servers. Local servers are often located near ISP buildings and delivery points, and boast equipment that's slightly lower powered than Netflix's big servers. These local servers receive content from Netflix's central servers, then send it to a user's ISP, where it makes its way to the user. While in the past, speed concerns have kept the available protection options for Netflix content slim, the advent of these smaller local servers has led to a huge jump in speed and capacity for the service, allowing Netflix to add in middleman protection. Now, in addition to DRM on the content itself, Netflix is protecting its streams with HTTPS encryption at the local servers, which means that streams are now encrypted as they go between the local server and the user.
The new security measure, called Transport Level Security or TLS, not only applies to content streams, but to sensitive user data, searches, and just about any other data that goes between customers and Netflix. The switch to HTTPS streaming would normally require a massive overhaul and take weeks to roll out, but by implementing the new security measures at the level of the Open Connect Servers instead of the master server, Netflix is able to scale the operation to its 80 million some odd customers. By working together with NGINX, the vendor for the web server software used on these local servers with the FreeBSD Linux operating system, Netflix was able to find the ideal cipher for a quick and easy implementation, and tests have gone fairly well. Users should start seeing HTTPS streams rolling out in the near future. To see all of the gory tech details, as well as two white papers that get even more verbose, head through the source link.