back to article Bandersnatch to gander snatched: Black Mirror choices can be snooped on, thanks to privacy-leaking Netflix streams

Boffins have found a side channel to observe the choices netizens make when viewing interactive streaming videos. In recent years, computer scientists have demonstrated how they can determine the movie titles people watch over HTTPS connections on Netflix and YouTube. At least at one point in history people worried about such …

  1. Anonymous Coward
    Anonymous Coward

    That explains why I keep getting adverts for sugar puffs and ash trays.

  2. Bloodbeastterror

    Oh for god's sake...

    ... I appreciate that this may have further-reaching consequences than I can imagine, but seriously who gives a flying F how I voted in The Great Cereal Debate? I can't think of any time apart from Bandersnatch that I used my Frank(*) to choose anything other than settings, sound level or channel.

    And although I have boundless admiration for Charlie's astonishing imagination, Bansdersnatch suffered from this interactivity, so I shan't be repeating the experience.

    (*) Frank Zappa - remote...

    1. Pascal Monett Silver badge

      Re: Oh for god's sake...

      Seconded. I would really like to see how, in a unique scenario where choices are predetermined, somebody could guess that I like zapping zombies and I don't like brussels sprouts. It's not like the film director integrated that significance in the choices, now did he ?

      Okay, they can detect what choice was made. From there to deducing "significant" things about anyone, I think they're pushing it a bit too far.

    2. Anonymous Coward
      Anonymous Coward

      Re: Oh for god's sake...

      Really not thought this through, have you. Let's take either religion or sexual preferences. Many countries are still not as liberal as the UK, for example, when it comes to either sexuality or religion. If your viewing habits can be intercepted, there's a chance you can infer an awful lot about a person, even to the point of how they'd likely vote, which religion they are, and their sexuality.

      Given this, this could have negative repercussions on a person, even to the point where it could be damaging, even ending someone up in jail

      Now, take this a step further: Google have their own ISP: If Google can infer things about you.... well, we know how that ends....

      1. Simon Harris

        Re: Oh for god's sake...

        If your viewing habits can be intercepted, there's a chance you can infer an awful lot about a person... even to the point where it could be damaging, even ending someone up in jail

        Maybe Charlie Brooker should write an episode of Black Mirror about how someone's Bandersnatch choices turned them into a social pariah.

        1. Rob

          Re: Oh for god's sake...

          Or perhaps he wrote Bandersnatch knowing full well that this would happen and this alone is the point of the Black Mirror episode?

        2. Frumious Bandersnatch

          Re: Oh for god's sake...

          I'm already a social pariah.

  3. jmch Silver badge

    "Our experiments revealed that the packets carrying the encrypted type-1 and type-2 JSON files can be distinguished from other packets by their SSL record lengths which are visible even from encrypted traffic,"

    So surely it's easy to defeat by enforcing a standard packet size for encrypted packets, stuffing with dummy bits if required? Sure it reduces network efficiency but that shouldn't be a major problem.

    I'm not sure exactly how encryption on video streaming works, but one thing that might happen is that if the user is sending binary choice JSON files, and each user session uses the same encryption key, then would identical JSON source data result in identical encrypted packets that could be identified? Or is teh encryption a bit more clever than that?

    1. Olivier2553

      Sure it reduces network efficiency but that shouldn't be a major problem.

      You can stuff 256 choices inside the same packet size (basically: have you made choice 0, choice 1, etc., choice 255). I am yet to see any interactive movie that will offer 256 options to any given question at a point in time.

    2. Rajesh Kanungo Bronze badge

      Initialization Vector: In general, "Hello World" would encrypt to a different cipher string if you add a constantly changing Initialization Vector (IV) in front of the real message. Most IV's are at least pseudo random or monotonically incrementing counters. (simplifying here)

      M = "Hello World"

      Key = k

      IV1 = "bwbwebvw"

      Ciphertext1= Encrypt ("bwbwebvw" + "Hello World", k)

      IV2 = "bcebbewbb"

      Ciphertext2 = Encrypt (IV2 + "Hello World", k)

      Ciphertext1 =/= Ciphertext2

      After decryption you strip out the IV.

      In your, if the protocol uses CBC, the last encrypted block would be fed into the encryption engine as IV for the next block; only the first IV would be a real IV. I am skipping over some obvious vulnerabilities reported especially where padding is concerned.

  4. Anonymous Coward
    Anonymous Coward

    Oh no!

    ... Anyone worried about this needs some perspective!

    1. Olivier2553

      Re: Oh no!

      Actually, it is way more worrisome than knowing only the title of the movie you have been watching as it gives pointers to what you have in mind, how you react to things.. Would you agree to run an EEG and share the data with the world while you are watching a flick? That's what you say is not important.

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh no!

        Heh, I see you had to jump to the wild exaggeration quick ENOUGH. EEGs now? We are taking reality here pal, not boundless paranoia.

        I mean, what's the endgame you're so terrified of? Oh no! They know I like Robocop 2!

        1. Robert Helpmann??

          Re: Oh no!

          We are taking reality here pal, not boundless paranoia.

          From recent history, we have seen the paranoid among us proven right. While there may be no apparent use for this - malevolent or otherwise - at this time, we have seen that what initially seems trivial can be blown up into something major. For example, most people didn't realize how invasive Facebook and similar would become, how corrosive to privacy, but we continue to see that play out to the detriment of many. Finally, I truly enjoy the irony of someone posting anonymously arguing against privacy at any level. Well played!

          1. Blazde Bronze badge

            Re: Oh no!

            For years and years almost all internet traffic was unencrypted and for almost all of us, nothing really bad ever happened. Now a tiny data leak from an encrypted video stream has potential to blow into something major? The web may be more dangerous than in the innocent days but it's not *that* much more dangerous.

            Facebook is invasive because it controls what we see, not just because it knows what we want to see. If there's anyone to be paranoid about here it's Netflix, not the 3rd party scrounging for a few bits of leaked data in the middle of the connection.

        2. Jamie Jones Silver badge

          Re: Oh no!

          They don't care that you like robocop. They are more interested in your sheep-porn fetish...

          1. P. Lee Silver badge

            Re: Oh no!

            And your popcorn fetish.

            It's a protocol issue and protocols need to be properly maintained.

    2. Blazde Bronze badge

      Re: Oh no!

      By coincidence we're shortly publishing research detailing similar side-channel analysis on movie theatres. Briefly there are two main leaks: 1) The screening room a cinema-goer enters can be correlated with published screening lists to reveal their personal movie choices, and 2) more seriously, many users discard their tickets when leaving the theatre and all but one of the chains we tested displayed the movie name in plaintext on those tickets. Recommended workarounds include watching Netflix instead, and living in the cinema watching ALL of the things, once, in premiere order.

      Future work will include analysis of popcorn kiosks in cinemas, with the potential to uncover sensitive personal information about users including disposable income, price sensitivity, and whether they like popcorn or not.

    3. P. Lee Silver badge

      Re: Oh no!

      And there's the general point that ssl-type encryption can't be relied upon in all scenarios.

      I think an updated standard is required which enforces padding.

  5. Dan 55 Silver badge


    "Interestingly, the choices made and the path followed can potentially reveal viewer information that ranges from benign (e.g., their food and music preferences) to sensitive (e.g., their affinity to violence and political inclination)," they explain.

    Or, in my case, it'd show how I OCD my way through all the possible paths.

  6. Anonymous Coward
    Anonymous Coward


    Wasn't that the point?

  7. mark l 2 Silver badge

    To be honest my ISP can barely keep the internet online for 24 hours without some drop outs, so I am not particularly worried they are going to start monitoring my online video habits by analysing encrypted traffic.

    1. phuzz Silver badge

      Or to put it another way, to do this someone would need access to your internet connection somewhere between, your device, and Netflix, which realistically is going to be at your ISP.

      So (hypothetically) someone has access to your connection via your ISP, and people are worried about their netflix choices being spied on?

  8. Anonymous Coward
    Anonymous Coward

    I'm guessing that part of the "interactive" is to prevent piracy ....

    I wonder how long before we get pirate servers that handle the content switching ?

    Incidentally, content switching/user-driven content was around in the 1990s, when we signed up for *cable* (Videotron) and part of the package were some 1970s-style US quiz shows (obviously driven from Laserdisc!!!!). So maybe there needs to be some older folk in the mix to keep the "Gee-Whizzers" grounded.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm guessing that part of the "interactive" is to prevent piracy ....

      It didn't work, a version was out after a couple of days with all options and all endings in order.

  9. Version 1.0 Silver badge

    All your data belong us

    So the ISP can snoop on the user data ... that's hardly surprising is it? Is it a risk? At this level it's a small risk- but small privacy risks grow, and the money flows through them (hello Facebook) they spread and grow. Behind the scenes Netflix knows everything - do you seriously think that Netflix isn't busy assembling user profiles and marketing then as anonymized (hello Facebook) to advertisers? Scraping user data and marketing it is the business model in the entertainment industry these days.

    1. ibmalone Silver badge

      Re: All your data belong us

      So the ISP can snoop on the user data

      Should read: "So the ISP can snoop on the supposedly encrypted user data."

  10. sitta_europea Silver badge

    The world wonders...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021