Netflix User Data Begins to Raise Security and Privacy Concerns

Like any major internet-based service these days, Netflix collects and stores user data. A lot of user data. As it turns out, Netflix tracks nearly every facet of every user’s experience ranging from what content they watch, how long they watch for, and even the choices users make in Netflix’s many “choose your adventure” interactive programs. Exactly what Netflix does with that data has come under scrutiny this week as several reports have surfaced alleging that users’ Netflix data may not be as safe and secure as we think. Who’s actually surprised?

This week, researchers from the Indian Institute of Technology (IIT) Madras reported finding several significant security flaws in Netflix’s system which could allow hackers or other intruders to monitor the data sent between Netflix and users’ computers. Netflix encrypts the majority of its data, but IIT Madras researchers were able to access data related to the choices Netflix users made when watching the interactive Black Mirror: Bandersnatch film released in late 2018.

Vitaly Shmatikov, a data privacy and network security researcher at Cornell Tech who has conducted similar studies in the past, says this recent research “confirms an important lesson that has been demonstrated time and again.” According to Shmatikov, streaming video now represents yet one more opportunity for third parties to access private data whether through legal or illegal means. “Encryption may hide content, but it does not hide traffic patterns, and traffic analysis can reveal important secrets without breaking encryption, Shmatikov said. “As video systems become more adaptive and interactive, traffic analysis will reveal more information about users’ private choices.”

The IIT Madras report was published the same week as a report which says Netflix could soon monetize and sell users’ data the same way Facebook and other social media services do. Netflix’s data collection related to Black Mirror: Bandersnatch, for example, could be sold to advertisers who could use the choices users make in Bandersnatch to launch specific, targeted ads.

Just as you should while doing anything else on the web these days, you should expect your personal data to be collected and perhaps even sold while using Netflix and other streaming services. As such monetization of personal data becomes more commonplace, how will streaming video users respond?