Despite Netflix’s move to encrypt all its video streams in order to better protect user privacy, hackers may still get to know what interactive content you watch on the popular streaming service, new research from the Indian Institute of Technology (IIT) Madras suggests.
The researchers said that they can analyse Netflix’s encrypted interactive video traffic to find clues about the viewing habits of users, and which choices they have made in their movie journeys, the WIRED reported on Sunday.
The interactive content on Netflix allows users to make choices for the characters and shape the story. Each choice leads to a different adventure, so users can watch again and again, and see a new story each time. Black Mirror: Bandersnatch and You vs. Wild are some of the interactive titles that Netflix has.
“I work on the analysis of encrypted network traffic, and when we stumbled upon this Netflix movie Bandersnatch it was something very new,” Gargi Mitra, a Ph.D. student at IIT Madras was quoted as saying by the WIRED.
“But when I was looking at the choice-making interactions it turned out that they are similar to other kinds of interactions in web applications and web sites I study. So I tried out some of my techniques and we were able to determine which options the viewer chooses,” Mitra added.
While Netflix contended that carrying out such an attack would not be easy as it requires access to network traffic for analysis, the IIT Madras researchers pointed out that tricking users into connecting to rogue routers or access points is quite possible for hackers.
Analysing the choices that 100 viewers made, the researchers were able to determine the decisions correctly 96 percent of the time, the report said.