On June 6, 2013, Internet privacy had a worldwide spotlight shined on it with the release of the Guardian reports on worldwide monitoring of Internet usage. As the revelations continue to leak out about privacy (or lack of) on the Internet, one would think that we would see a sharp rise in people securing more of their traffic using common security techniques like encryption or anonymity software. The Guardian even released an article explaining some of the options that can be used to increase privacy for consumers on the internet. But are they? This is a global phenomenon, not just a US or UK-based issue, so you would expect to see some increase in the use of secure technologies worldwide. Almost all websites that have any kind of “personal” data support Secure HTTP (HTTPS) or other forms of encryption today. Financial and Webmail are the obvious ones, but many sites have not been secured by default until relatively recently – Facebook for example started in late 2012 to use HTTPS by default (Twitter did so in 2011). In addition, many anonymizer solutions have popped up on the market to help “hide” consumers from the constant barrage of cookies and usage tracking. Anonymizers have expanded usage to hide from BitTorrent spies (avoiding RIAA or MPAA tracking specifically), and have also added support for location shifting for watching streaming media outside of a specific region, for services like Netflix or Hulu. Tor is the most well known anonymizer solution and was originally designed, implemented, and deployed as a third-generation onion routing project of the Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by the military, journalists, law enforcement officers, activists, and many others.
I did a worldwide analysis of what Procera saw on some of our customer networks, and I found some interesting examples of a very consistent growth in secure traffic worldwide over the past year, with some very specific cases of an explosion of secure traffic use in response to the recent privacy revelations..
First, I looked at a North American Wireless Operator to see if SSL traffic had increased recently, and it has not really moved over the past few months (there is a small spike around early June, but not very much). Considering how people use their mobile broadband, that is not really a surprise – mobile broadband users typically either use apps that always encrypt, or access sites that are normally encrypted (banking, social networking, etc.), so it is less likely that we would see a big difference in secure traffic unless people were actively trying to change their devices.
What about a North American Fixed Line operator? Homes typically contain many more devices, and people are often more conscious of what they do on their home systems than on mobile. A look at SSLv3 shows that there has been a big increase over the past few years in the use of SSL, and an acceleration of usage over the past few months (25-50% increase). Right now on this network, SSL is about 8% of the overall traffic on the network, and the peak levels are about double what they were in October of 2012.
What is even more interesting is the use of Tor on the same network. The traffic volume is about 1/10 that of the SSL traffic in terms of volume, but excluding the spike in April, the use of Tor has picked up since June (although almost as if there was someone that knew something was coming went active in April!). The background level is about 400-500% what it was in January, so although the relative volume is still low, the number of users and amount of constant traffic using Tor has increased significantly that appears to be a direct result of the ongoing privacy concerns.
But what about outside the US? Have other countries seen similar activity?
A look at a European mobile operator shows a gradual increase in the volume of secured traffic (dominated by SSL as shown), but no spikes in June. Interestingly enough, SSL volume is almost 50% of the total traffic volume on this network. This is NOT the normal traffic pattern on most mobile networks, but could be a sign of things to come, so I do think this is a significant factor to be noted. The gradual growth of SSL is is consistent with what we are seeing in many mobile networks, as more sites and applications default to SSL and other secure protocols, the amount of traffic for those protocols will increase (along with normal volume increases on mobile and fixed networks in general).
A look at Tor on the same network reveals spikes in usage before the revelations, and a higher “background” level of Tor use after early June. This level is lower than the peaks we saw earlier, so the usage pattern suggests people testing the protocol out, using it periodically, but not keeping it active constantly as we see in fixed line networks:
A look at a Fixed APAC operator also reveals some interesting statistics. A real-time view of the network recently shows that SSL is an impressive 15% of overall traffic:
How has that traffic grown over time? Over 700% at peak usage since the beginning of 2012 – a huge increase. Since April there has been a statistically significant increase, with the peaks trending higher faster than in previous months (where the growth had already begun to trend higher)
On that same operator, Tor has been a constant presence, peaking at levels as high as 1000% above the low point for 2012, but still being used inconsistently, similar to the usage patterns we saw in the European wireless operator, indicating occasional usage by subscribers, and not nearly as severe as we saw in the US in response to privacy concerns.
Conclusion: The amount of secured traffic has been trending upwards for several years, but this year has seen an acceleration of the use of security encapsulations, with some networks exhibiting spike after the ongoing disclosures from the Guardian. Tor usage has not gone through the roof, but has seen an increase in most geographies as people have begun to investigate anonymity solutions. The most severe reaction appeared in fixed line North American networks, with usage becoming more consistent rather than occasional usage that we see elsewhere in the world.Tags: guardian, PRISM, privacy, SSLv3, TOR