Ask HN: How do carriers throttle streaming to 480p resolution?
I have seen that most carriers, by default, have a "stream saver" turned on, which, I am assuming detects when you're on YouTube or Netflix and automatically throttles your bandwidth to these sites. Assuming these connections are happening over SSL, how are the carriers able to modify the sites to disable users from selecting HD or 4k resolutions?
120 comments
[ 2704 ms ] story [ 419 ms ] threadWhether or not they do this, I don't know. But it is technically feasible.
Now, technically, it is probably pretty obvious that what they ought to do is just limit bandwidth or not, regardless of what it is used for. But the rest of the business, and for that matter the rest of the world, conceives of video streaming as something different than "just using bandwidth", so they'll sign contracts about how video streaming will be treated better or worse depending on this or that condition ("Free netflix as long as we can throttle it", "we'll prioritize Disney+ because they paid us and everyone else gets degraded", etc.), so even if it makes no "logical" sense, network hardware will just have to figure out what "video streaming" is to fulfill the contracts whether the engineers like it or not.
With pipelining or some other protocols the signature is going to be a sustained download that runs at a rate less than the maximum possible.
If the servers are being found through DNS that's another tool to figure out what is going on. If not, the carrier is going to want a list of IP blocks associated with video streaming.
What I don't get is customers caring a lot about whether they are getting 480p vs better. The old NTSC video was outright awful, and the difference between that and 480p is greater than that between a clean 480p and 720p, 1080p or even 4k. In the best circumstances the returns are diminishing but if you are viewing on a little phone screen in bright light what's the point?
It'll false positive and false negative sometimes but on average it'll be good enough. We're not talking cutting connections off, just throttling. If something other than video streaming briefly slows down, who's going to know to blame a false positive on the streaming throttling?
https://security.stackexchange.com/questions/172212/how-do-m...
What a great post.
This is an interesting 'answer', but how would 'tiered' unlimited plans work if it was handled by the streaming service and not the ISP? Some allow unlimited 480 while the higher priced plans allow unlimited HD.
> Do you have a reference/proof for the first paragraph about agreements?
---
IMHO, I find this hard to believe myself. The team(s) in charge of implementing this functionality likely don't have the requisite high level of lateral coordination necessary to facilitate agreements with all the major streaming services.
Practically speaking, I see this sort of thing as balancing
1) total network saturation/hard capacity limits
2) encouraging user base to use more data up to thresholds in (1)
3) customer experience (wrt data overages)
likely in that order.
This functionality isn't a first-class user-facing "generate piles of money"-center; it describes limitations and conservatism and risk balance. It isn't a "pedal to the floor" sort of subject, but more of a continuous optimization concern.
I don't really see telcos going to all the streaming services and working out agreements given this sort of status quo/sentiment. It's more the sort of thing that is kept internal.
And then of course there's the fact that this would be playing out for every telco relative to every streaming service.
At that point everyone would just throw their hands up in the air and make a global standard for cooperative ratelimiting, and we'd all know about it. For the first few years it would be obscure and you'd have to google the terms a few times to correctly identify it, and then someone would put a 43% quality JPEG screenshot of the documentation on facebook and it would go viral and get linked to 5G causing cancer or whatnot.
It's just IP ratelimiting.
[1] https://openconnect.netflix.com/en/
And if you're viewing on your phone, you probably can't tell much of a difference between 480 and 1080 (it's there, but for most things is totally unimportant on such a small screen)
Twitch: *.ttvnw.net
Netflix: *.nflxvideo.net
Hulu: *.hulustream.com
YouTube: *.googlevideo.com
Amazon Prime: *.aiv-cdn.net
Edit: This is by no means the only way to do it, just a potential way to do it.
I think its just network analysis or possibly even those caching servers that are run by ISPs which hold onto content network's most heavily used files.
1. during the TLS handshake, the domain name itself might be sent in the clear if the SNI extension is used, and if the SNI extension isn't encrypted[1]
2. if the carrier knows the IP, then they can do a reverse DNS lookup to find the domain name
[1] https://stackoverflow.com/questions/499591/are-https-urls-en...
Oh, wait, they've already been doing that for <insert Gary Oldman> EVERYONE!</insert>
For mobile ISP's like T-Mobile, they cannot tell that video content is streamed through a VPN protocol like wireguard (but they could add large public providers to the list).
As a good rule of thumb I tell people to run speedtests from both speedtest.net (which is usually whitelisted by every provider) and fast.com (which usually shows up as Netflix video traffic) to see if 'video shaping' rules are in effect.
https://community.cloudflare.com/t/is-plex-allowed/172158/5
1. try and see if accessing youtube through a vpn improves the bandwidth (in that case, your ISP is probably looking at both dns requests and connection endpoint ownership)
2. preload and buffer whole videos (es: https://www.technorms.com/35122/preload-buffer-entire-youtub...) this aims to get your traffic usage pattern not having the "usual" shape of a typical youtube session (that is: brief burst of full-speed downloads)
Maybe certain streaming services allow you to download as well though their app on the Apple TV, but most of the big ones don’t (Apple, Netflix, HBO, etc.)
I really don’t like it because, besides wanting to pre-download something for higher quality, there are often certain shows and movies my kids want to watch over and over and they might as well just live on the hard drive.
So I have a 64GB Apple TV and most of the storage is empty. Theoretically it’s for games, but ATV games are limited to 100MB and then anything else has to be downloaded after the game has installed. (In practice there aren’t any games near that big). I suppose device might also progressively download the video in the background and that would use storage, but that’s all an implementation detail and entirely up to the heuristics of the device.
I feel the same way and often click a specific rendition and then let it buffer locally.
Revenue from ricer "networkophiles", like the audiophiles before them.
Just because your connection is "gigabit" doesn't mean everything in between is gigabit
Nor does it mean that you haven't happened to have a hit a very busy sending server[farm|datacenter]
I can't count the number of times I've tried to pay for something legitimately only to have to resort to piracy because of one flaw or another. Disney (and similar) should be hosting weekly Ask HN posts to fix their cyber issues they're so obvious.
You should be proud to pirate, proud of sticking it to the assholes that want to control us and our entertainment, proud of wounding an industry that tries to wriggle out of compensating the real artists as much as it can through shifty accounting, predatory contracts. and laughably low royalties payouts.
Steal music and buy concert tickets
That's not [always] the vendor's fault (sometimes it is - often enough, however, it's varying levels of government interference)
Also: VPNs are a thing
1) What does the feature look like, screenshot-wise?
2) Can you confirm the HD/4K option actually disappears or is disabled, or if the site(s) in question just trend toward autoselecting 480p/720p over time?
Like most other comments here I suspect IP-based bandwidth limiting. Given the unbounded complexity scale of keeping the internet actually working :) I can totally see infrastructure being able to single out the activity of a single connection and track what it's doing over time. The chances are the implementation is eyebrow-raisingly impressive but still compact and approachable at the end of the day.
As per the throttling algorithm, most of the times it's a Leaky Bucket variant (https://en.wikipedia.org/wiki/Leaky_bucket). The variant usually allows short bursts of packets, then throttles down the downstream traffic for long connections to match the configured rate.
A trick to know if the operator is using DPI to extract the SNI in HTTPS/encrypted traffic: play a YouTube video, then do a speed test (e.g. iperf) while it is playing. Two things could happen: either both apps are throttled (no DPI) or only Youtube is (there's some level of DPI).
As soon as I enable a VPN (I use PIA), speeds go back to normal.
Possible otheroptions:
- agreements with the service providers to throttle users from certain netblocks (the carriers partner with the service providers to some extent e.g. to deploy CDN nodes, so such agreements would be plausible)
- throttling bandwidth (potentially selectively to/from streaming providers) and letting the service figure it out
- separate host names for high res content that can be DNS-blocked
These days most streaming providers use some form of adaptive streaming in which client-side logic decides to get bigger or smaller "chunks" of video based on how quickly prior chunks downloaded. A rudimentary solution for a carrier would be to simply implement logic like, "if throughput to device X > someLimit, add a delay in delivering packets to device X". From the client's perspective, getting the bigger (and higher quality) video chunks will take too long, so it will naturally shift to the smaller (and lower quality) chunks.
That's not really relevant because the content is delivered the same way to native apps as it is delivered to the browsers as there are huge advantages to using the same tech and the same infrastructure, so it's geared to work well with browsers even in cases where the client is not a browser (this includes things like Rokus, Apple TVs, Chromecasts as well).
> https isn't free. Especially at scale.
Actually, it's a very small premium if you use a CDN's public pricing, but if you're using a CDN's public pricing, you are almost certainly not doing anything at scale. :)
As soon as you're doing an interesting amount of traffic, every CDN out there will happily negotiate better rates with you, and the HTTPS premium is something they are happy to drop, though it's already so small that, for media streaming at least, nobody actually asks for it - the main negotiations are all about the bandwidth pricing (heck, sometimes they'll even drop request pricing altogether - it's just too small to matter to you or them).
If you're not doing media delivery at scale, the HTTPS premium is still tiny. Using Amazon CloudFront's public pricing, for example, an HTTPS request costs $0.00000025 more than HTTP. Given a media chunk duration of, say, 4 seconds, it would take over 4000 hours of streaming for that additional cost to add up to a dollar.
And do not underestimate the power of carriers. They are the reason why you can not use mobiles on a plane.
The reason you can't [reliably] use mobiles on a plane is the network is designed for terrestrial use with slow handoffs from tower to tower
The signal is shaped to keep it aimed more-or-less downward, and is intended to hand-off from tower to tower at "normal" travel speeds (say, up to ~100mph)
Could handoffs be designed to work at 500kts? Sure
Could towers be designed to aim a notable chunk of signal upwards into the emptiness of sky and space? Sure
But why? The overwhelmingly-typical use case is that of billions of people on the ground moving slowly
The number of airplanes in the air at any given time is minuscule in comparison
My provider limits me to ~1.5Mbps, but the second I connect to a VPN (WireGuard - hosted on my homes 1Gbps/1Gbps connection), it goes up to ~50Mbps.
In T-Mobile's case, this throttling can be avoided by using a tool such as GreenTunnel which can run in Termux (on Android) and works by spliting the SNI portion of the ClientHello into two TCP segments. Their DPI appliances are too dumb to reassemble the fragments and correctly categorize them as going to a streaming service.
The best part about GreenTunnel on Android is that it runs a local HTTP proxy, which you can adb forward to a PC so that you can watch 4k Netflix on your computer using your unlimited T-Mobile plan (this doesn't count as tethering, as the IP packets originate on the phone).
What I can add is that it's to do with IP or DNS monitoring from the carrier or server. My SO who uses Verizon noticed it, and so I setup a home VPN for him, and when connected to it, all throttling disappears and everything is accessible at full 5G speeds. We have gigabit internet, so it's trivial for our network to handle the VPN traffic of streaming.