Endangered Privacy: Large-Scale Monitoring of Video Streaming Services

Abstract

Despite the widespread adoption of HTTPS, encrypted network traffic may still leave traces that can lead to privacy breaches. One such case concerns MPEG-DASH, one of the most popular protocols for video streaming, where video identification attacks have exploited the protocol’s side-channels. As previously shown, the distinctive traffic patterns generated by DASH’s adaptive bitrate streaming reveal streamed content despite TLS-protection. However, these earlier studies have not shown that the vulnerability can still be exploited in large-scale attack scenarios even under strong assumptions about network details.

This talk presents a recently accepted paper at USENIX Security 2025 (joint work with Romaric Duvignau).

In this work, we present a protocol-agnostic system capable of identifying videos independent of network layer information, and demonstrates a practical attack over the largest dataset to date, comprising over 240k videos covering three entire streaming services. By leveraging a combination of k-d tree search and time series methods, our system achieves over 99.5% accuracy in real-time video identification and remains effective even in scenarios involving victims behind VPNs or Wi-Fi eavesdropping. Since large-scale video identification compromises user privacy and may enable potential mass surveillance of video services, we complement our work with an analysis of the vulnerability root cause and propose a mitigation strategy. Recognizing the lack of open-source tooling in this domain, we publish an extensive dataset of video fingerprints, network data and tools to foster awareness and prompt timely solutions within the video streaming community to address these privacy concerns effectively.

Link to the datasets, binaries and source code of all our tools: https://doi.org/10.5281/zenodo.14676526