Researchers fret over Netflix interactive TV traffic snooping

No sooner has Netflix made an interactive TV show than people are pulling apart its privacy implications and fretting about its potential to leak private information. Research published last week said that it is possible to deduce viewers’ choices from the platform’s interactive TV shows, like Bandersnatch.

After a couple of smaller projects, Bandersnatch was Netflix’s first big foray into interactive TV. Based in 1984, the episode in Charlie Brooker’s Black Mirror series lets the reader control the actions of a young video games programmer Stefan Butler, who idolises established games programmer Colin Ritman. Throughout the episode, the viewer gets to control his actions, including seemingly innocuous choices such as which cereal to eat. The choices guide you down a range of paths concluding in one of several endings for the story.

It’s an idea that anyone who grew up on the Choose Your Own Adventure and Fighting Fantasy book series will warm to. Unlike the books, Netflix records your story choices digitally, and the researchers believe that could pose a privacy problem.

According to their paper, although Netflix uses end-to-end encryption to send those choices from your viewing device to its servers, communication flaws still make it possible to snoop on what you choose. The paper says:

Recent advancements in the domain of encrypted network traffic analysis make it possible to infer basic information about the preferences of Netflix viewers.

The researchers realised that viewers’ devices indicated their choices by sending a JSON file (JSON is a human-readable text file commonly used in cloud-based software queries). It would send one of two different JSON files for each choice, based on what the user chose. By working out the JSON file type and the point in the program when it was sent, they could work out the users’ choices.

Netflix encrypts those JSON files using the SSL encryption mechanism, but they got around that by looking at the record length of each SSL request in bytes. The lengths almost always fell into distinct ranges, meaning that they could identify the two types of JSON files – and therefore the viewer’s choice – 96% of the time.

The problem is readily fixable, the researchers concluded:

An easy fix for the problem would be to either split the JSON file or to compress it so that it becomes indistinguishable.

Does it matter?

So, that’s the technical bit done with. The real question is: who cares? The research team thinks that it’s a potential issue:

The choices made and the path followed can potentially reveal viewer information that ranges from benign (e.g., their food and music preferences) to sensitive (e.g., their affinity to violence and political inclination).

True, the choices you make in Bandersnatch could identify you as a Thompson Twins or a ‘Now That’s What I Call Music’ fan (that’s one of the choices you get to make). Some would argue that this doesn’t matter all that much. However, the paranoid may worry that future shows – and Netflix is planning more – could get you to reveal more about yourself.

While it’s possible that third-party network providers could slurp your SSL packets to work out your choices and use them to try to infer things about you, it’s more likely that Netflix itself would use this data to understand the choices its audiences make at an aggregate level – and of course it doesn’t need to snoop on its own data.

This could enable its production partners to factor that feedback into their writing. Are more people choosing confrontational or peaceful paths? What percentage of its audience choose the romantic ending rather than the sad one?

The best comment on the whole affair comes from one Register reader in the comment section:

Maybe Charlie Brooker should write an episode of Black Mirror about how someone’s Bandersnatch choices turned them into a social pariah.

What do you think? Are you worried about Netflix – or anyone else – monitoring your interactive TV choices?