[jdwithit]

It has benefits for the ISP, too. I used to work at a small-medium regional ISP. Something like 50-70% of ALL traffic was streaming video and specifically Netflix. We weren't big enough to get into their version of this program at the time and have boxes dropped at our head ends. But it would have been very helpful. We literally had to upgrade gear and buy bigger pipes from our upstream ISP's to handle the volume of traffic from Netflix. Having the bulk of that content come out of a box already on net would have meant significant savings.

[_bxg1]

What's to stop them from caching arbitrary content in the same way, for their own benefit, without the involvement of a partner? Is it because of SSL?

[acdha]

ISPs used to do that more commonly before HTTPS killed it but it's an expensive service to operate: very high traffic and if anything goes wrong your customers have a bad experience on the entire internet. The only way to do it is by intercepting TCP connections to port 80 so that system has to be as close to 100% uptime as you can manage.

Site owners generally hated it, too, since tampering proxies were a perennial source of compatibility bugs and protocol violations even before you had things like the ones which tried to “optimize” images by recompressing them, giving everyone on that ISP a bad experience which you don't know about. Stack Exchange has a number of threads where someone was trying to figure out why only some customers had complained months-stale content (Hi, Telemundo!), low-quality images (Hi again, Telemundo!), mismatched languages or truncated/corrupted contents, etc.

[acdha]

Ah, it’s been too long: everywhere it says “Telemundo” above I meant “Telefonica”

[danceparty]

Many ISPs do exactly this for high traffic content that is not served via TLS (which prevents it as you suspected)

[lathiat]

SSL is exactly the problem. Has pretty much killed caching proxies.

[unethical_ban]

Yes, SSL.

That makes me wonder... I wonder if there is a process by which providers would sign certs to individual ISPs and providers to let them intercept low/medium security content like streaming.

Like, if Netflix is going to serve streams over TLS for philosophical/privacy-from-government/privacy-from-wifi reasons, but wants to lets ISPs cache data, they could create a certificate for each ISP/organization and provide the keys to that org.

Then, if NF can identify you are coming from a particular ISP, they can have your content served from the ISP's netflix subdomain, and the ISP could intercept/cache/re-encrypt the data.

Just a thought.

[_bxg1]

Could be, but it would be terrible if it went beyond impersonal data like Netflix content. One of the main benefits of SSL is that you don't have to trust your ISP or anyone else in-between with your data. I'm not a crypto expert, but your proposal sounds like a backdoor that could be abused.