Netflix Moving To Encrypted Streams, As Mozilla Moves To Deprecate Unencrypted Web Pages As Insecure
from the yay-encryption dept
We’ve been pretty vocal about supporting the encryption of more and more web traffic. It’s important for a variety of reasons, not the least of which is your privacy and security. A few months back, we were excited to see the Chrome security team suggest that it should start marking unencrypted web pages as non-secure. It appears that Mozilla is now joining in on the fun, proposing deprecating unencrypted HTTP web pages to encourage more web developers to go full on in support for encrypted HTTPS:
In order to encourage web developers to move from HTTP to HTTPS, I would like to propose establishing a deprecation plan for HTTP without security. Broadly speaking, this plan would entail limiting new features to secure contexts, followed by gradually removing legacy features from insecure contexts. Having an overall program for HTTP deprecation makes a clear statement to the web community that the time for plaintext is over — it tells the world that the new web uses HTTPS, so if you want to use new things, you need to provide security.
It’s a clever setup. Basically, if you want to take advantage of new features on the web, you’ll have to encrypt.
Meanwhile, it appears that Netflix has separately announced that it is moving forward with plans to encrypt all of its infrastructure with HTTPS to better protect your privacy as well:
with our existing server infrastructure and the up to 50% capacity hit we had observed, driven by our traffic mix.
At that time, we were uncertain of the gains we could achieve with software and hardware optimization and of the timescale for those. I’m pleased to report we have made good progress on that and we presented our FreeBSD work at the Asia BSD conference. We now believe we can deploy HTTPS at a cost that, whilst significant, is well justified by the privacy returns for our users.
So, as we mention today in our investor letter, we intend to roll out HTTPS support over the coming year – for both our site and the content itself – starting with desktop browser tests at scale this quarter.
In short, yes, deploying HTTPS at that scale is expensive, but the benefit to users is tremendous and worth it.
It’s still going to take a while, but we’re getting closer to reaching that tipping point where an unencrypted web is a historical anomaly and that’s a very good thing.