Endangered Privacy: Large-Scale Monitoring of Video Streaming Services

Paper i proceeding, 2025

Despite the widespread adoption of HTTPS for enhancedweb privacy, encrypted network traffic may still leave tracesthat can lead to privacy breaches. One such case concernsMPEG-DASH, one of the most popular protocols for videostreaming, where video identification attacks have exploitedthe protocol’s side-channel vulnerabilities. As shown by sev-eral works in recent years, the distinctive traffic patterns gen-erated by DASH’s adaptive bitrate streaming reveal streamedcontent despite TLS-protection. However, these earlier stud-ies have not demonstrated that the vulnerability remains ex-ploitable in large-scale attack scenarios, even when makingstrong assumptions about network details. To that end, thiswork presents a protocol-agnostic system capable of identi-fying videos independent of network layer information, anddemonstrates a practical attack over the largest dataset to date,comprising over 240,000 videos covering three entire stream-ing services. Using a combination of k-d tree search andtime series methods, our system achieves an accuracy of over99.5% in real-time video identification and remains effectiveeven in scenarios involving victims behind VPNs or whereWi-Fi eavesdropping occurs. Since large-scale video identi-fication can compromise user privacy and enable potentialmass surveillance of video services, we complement our workwith an analysis of the vulnerability root cause when usingadaptive bitrate streaming and propose a mitigation strategyto stand against such vulnerabilities. Recognizing the lack ofopen-source tooling in this domain, we publish an extensivedataset of video fingerprints, network capture data, and toolsto foster awareness and prompt timely solutions within thevideo streaming community to address these privacy concernseffectively.