Neutral Net Neutrality
Yiannis Yiakoumis, Sachin Katti, and Nick McKeown
Stanford University
ABSTRACT Alexa ranking 1 10 100 1000 >5000 Should applications receive special treatment from the network? And if so, who decides which applications 10 are preferred? This discussion, known as net neutral- 8 ity, goes beyond technology and is a hot political topic. 6 In this paper we approach net neutrality from a user’s # of users 4 perspective. Through user studies, we demonstrate that 2 users do indeed want some services to receive preferen- tial treatment; and their preferences have a heavy-tail: skai.gr nbc.com cnn.com hulu.com cucirca.eu netflix.com abc.go.com a one-size-fits-all approach is unlikely to work. This speetest.net facebook.com starsports.com mail.google.com usanetwork.com espncricinfo.com ticketmaster.com suggests that users should be able to decide how their intercallonline.com ondemandkorea.com tra c is treated. A crucial part to enable user prefer- Figure 1: If given the choice, which websites would home ences, is the mechanism to express them. To this end, users prioritize? The preferences have a heavy tail: 43% of we present network cookies, a general mechanism to ex- the preferences are unique, with a median popularity index press user preferences to the network. Using cookies, of 223. we prototype Boost, a user-defined fast-lane and deploy it in 161 homes. programs promise that certain tra c is free from data caps (aka zero-rating). Similarly, others have proposed CCS Concepts giving some tra c a fast-lane over the last mile. How- Social and professional topics Net neutrality; ever these proposals have raised concerns [23, 13] that • ! Networks Network architectures; Network proto- the consumer will ultimately be harmed. The fear is • ! cols; Cross-layer protocols; Middle boxes / network ap- that ISPs and content providers will decide which ap- pliances; Network economics; Network manageability; plications get the best service, squeezing out new ser- Home networks; vices, and creating an insurmountable barrier to entry for innovative new applications. Consequently, to pro- 1. INTRODUCTION tect users, net neutrality has devolved to “don’t do any- thing”, i.e., treat all tra c the same. Net neutrality is currently a charged debate. The core We believe the debate is backwards. While many of the argument is about which applications should re- arguments are made in the name of protecting users, ceive special treatment from the network, and whether those very users do not seem to have a say in the mat- special treatment is in the best interest of users. Several ter. Specifically, if we are nervous that ISPs and content examples of special treatment already exist, for exam- providers will make decisions detrimental to users, why ple Facebook Zero [3] and T-Mobile’s Music Freedom [8] Permission to make digital or hard copies of all or part of this work for personal not let users decide for themselves how their tra cis or classroom use is granted without fee provided that copies are not made or treated? Done right, this could potentially benefit ev- distributed for profit or commercial advantage and that copies bear this notice eryone: Users get what they want, ISPs provide more and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is value to their customers, and popular content gets pref- permitted. To copy otherwise, or republish, to post on servers or to redistribute to erential treatment, even if the service is small and new. lists, requires prior specific permission and/or a fee. Request permissions from We are not the first to propose involving users more [email protected]. closely and ask them what they want—others have SIGCOMM ’16, August 22 - 26, 2016, Florianopolis , Brazil pointed out the importance of users during the recent c 2016 Copyright held by the owner/author(s). Publication rights licensed to ACM. ISBN 978-1-4503-4193-6/16/08. . . $15.00 update in FCC’s Open Internet rules [31, 1]. In this DOI: http://dx.doi.org/10.1145/2934872.2934896 paper we try to advance the net neutrality debate by resolving two open questions related to users’ prefer- desired outcome [1]. ences. To tackle this challenge we present network cook- First, do users want a say over how their tra cis ies—a mechanism for users to express their preferences treated by the network? After all, users might prefer to the network and to content providers. A network not to be bothered with such details, and just have the cookie—similar to HTTP cookies—is a small piece of network treat all their tra c the same. To answer this data, that users can attach to their packets. A net- question, we conducted two studies of user behavior. work with appropriate information can lookup the state We prototyped a service—a user-defined fast lane called associated with this cookie and apply the desired ser- Boost and deployed it in 161 homes, during an inter- vice. Network cookies provide a simple yet expres- nal “dogfood” test of OnHub, a commercial home WiFi sive mapping abstraction to users: we can use them router built by Google. With Boost, users can decide to boost, zero-rate, or arbitrarily map any tra cto which tra c gets higher priority (or decide to not give any state in the network, not just a few popular pre- higher priority to any tra c). They can express their configured applications. Cookies facilitate the tus- preferences through a web browser extension, either by sle between users, applications and ISPs, and respect prioritizing a specific tab, or by always prioritizing the the trust relationships between di↵erent parties. They tra c from a specific website. Figure 1 summarizes the provide built-in authentication so that only authorized behavior of a fairly homogeneous1 group of users: 43% users can use a given service; revocability for users to of expressed preferences were unique, i.e., the preferred easily change their preferences or completely withdraw website was picked by only one user, while the median from a service; they respect user privacy, as users do not popularity index of prioritized websites was 223.2 While have to reveal the content, type or origin of tra c get- our sample is small, it demonstrates the diverse and ting special treatment; and they protect against replay heavy-tailed nature of user preferences, and that users and spoofing attacks preventing a third-party from re- are willing to express them if it is easy to do so. To playing an overheard cookie. Perhaps most important, strengthen our results, we surveyed 1, 000 smartphone cookies are policy-free—in fact, an ISP could use cook- users about their interest and preferences in fast lanes ies to prioritize a single content provider, all the way to and zero rating services. Given the option to select let each user choose her own. By separating mechanism which application to zero-rate, users chose 106 di↵erent from policy, they enable a wide set of policies which can applications from di↵erent categories (e.g., video, au- be easily adjusted, enforced, and verified according to dio, social, news). Both studies demonstrate that user trust relationships and regulatory frameworks. Finally, preferences have a heavy tail, and suggest that a one- cookies can be practically deployed in existing net- size-fits-all approach is unlikely to work for most users. works. They are independent from packet headers and This naturally leads to the second question we wish payload, we can match against them with high accuracy to resolve: Now that we know users have diverse prefer- and regardless of content popularity, presence of encryp- ences, we need to pick (or design) a mechanism to give tion and middleboxes, or task complexity (e.g. we can them control over their preferences. In other words, boost a webpage, or a mobile application); they can be how should users express their preferences to the net- incrementally deployed by individual ISPs and applica- work? Should users express their detailed preferences, tions; and we can leverage di↵erent transport mecha- or should they pick among popular applications short- nisms to carry them (e.g. a special HTTP header, a listed by an ISP? How can the network provide pref- TLS-handshake extension, an IPv6 extension header). erential treatment to an application, without the user This user-driven approach can enable a plethora of having to reveal what the tra c contains? How can network services in the future. A video application ISPs account and charge for o↵ered services? How can could ask for a short burst of high bandwidth when we audit that the parties adhere to their agreements? it runs low on bu↵ers (and risks rebu↵ering), while a And so on. All of these questions need to be addressed researcher could do the same to upload a large file be- if we are to make such a system practical. fore an upcoming deadline. Users can pay per burst, or As we will show, existing mechanisms (like Di↵Serv, get a limited monthly quota for free. Moreover, cookies DPI, or even new SDN-like approaches) do not ade- and user preferences are not bound to net neutrality— quately address the concerns raised above. This was we can use them in other scenarios to let individuals emphasized during the last FCC hearings, when pol- customize network services for their own needs. This icymakers rejected an AT&T proposal for user-driven paper takes no position on what these services should services, concerned that the mechanism itself (or the look like, or how to implement them in the network. lack of a proper one) could potentially undermine the Our goal is to simply enable users to express their traf- fic preferences to the network. 1Employees of the same company (Google), living in Our main contributions are: the same city. 1. Network cookies: a policy-free mechanism to express 2We use Alexa ranking as the popularity index. which applications get special treatment from the net- cational applications (Figure 2). Using the number of work in a tra c-agnostic way ( 4). downloads in Google Play Store as a proxy for popular- 2. We advocate for a user-centric§ view on net neutrality ity, some users chose applications with 109 users (e.g. and demonstrate that this is both practical and bene- Spotify, Facebook), while others chose specialized ap- ficial. Through a user study and an online survey we plications with only a few thousands users (e.g. Indie show that preferences have a heavy tail, suggesting that 103.1, an app from a radio station with < 50k users). a one-size-fits-all approach is unlikely to work for many Current zero-rating services only allow users to choose users ( 2, 5). from among a small set of popular services; our sur- 3. Prototype§ § services that use network cookies and vey suggests this is not what a majority of users want. user preferences, including a Boost fast-lane service, and For example, Wikipedia Zero covers only 0.4% of our AnyLink, a cloud-based version of Boost which provides users’ preferences, and Music Freedom just 11.5%. We slow (instead of fast) lanes that we make publicly avail- found similar results when surveying user interest in able online ( 5). fast-lanes, and a music-only zero-rating service [12]. § In summary, our results strongly suggest users are 2. WHY A USER-DRIVEN APPROACH interested in services like fast-lanes and zero-rating, but Fast lanes and zero-rating services have been de- each user would prefer to boost or zero-rate di↵erent ployed in several countries, in cellular and last-mile res- applications. A natural question to ask is how to let idential networks. For example, Microsoft and Comcast users express their preferences to the network. We start joined forces in the US to o↵er a special service for Com- with the question: Do existing mechanisms allow users cast content to Xbox consoles. Tra c went through a to correctly express their preferences to the network? dedicated, high-bandwidth and data-cap free channel. Similarly, Netflix partnered with Australian ISPs to ex- 3. EXISTING MECHANISMS DON’T empt their video tra c from a home user’s monthly WORK data-caps. MusicFreedom and BingeOn are services of- Ideally, an existing mechanism would let users express fered by T-Mobile in the US to exempt a handful of their preferences and meet our requirements. Unfortu- music and video services from monthly data caps. Spo- nately, none of the commonly used mechanisms pass tify has similar partnerships with European mobile op- muster. Let’s look at the three most common ones. erators. Facebook-Zero and Wikipedia-Zero allow users Deep Packet Inspection (DPI). DPI is widely used in emerging markets to access Facebook and Wikipedia to identify a subset of tra c (e.g., tra c coming from a without a data-plan. The incentives for such services specific content provider) and then apply a special ser- vary—some ISPs absorb the cost for special treatment vice to it (e.g., higher bandwidth or zero-rating). DPI to di↵erentiate from competition and satisfy their cus- sits in a middlebox and typically matches tra c at line- tomers, others (especially in emerging markets) do it in rate, by examining IP addresses, TCP ports, SSL’s SNI an e↵ort to familiarize their users with the Internet, and field, and packet contents. Typically, a new set of rules in some cases ISPs directly charge content providers for is added for each application and web-service. special treatment. DPI su↵ers from what we call a high transaction These services are considered controversial as they cost—adding a new preference (i.e., a new set of rules) limit user choice to a few pre-selected applications. is hard, particularly if the service is hidden inside https They often lead to regulatory complaints and even with- (which is increasingly common) or is hosted on a third- drawal of the service due to public backlash [22, 4]. party CDN (e.g., video services hosted by Akamai). As So, what do users really want? We asked 1,000 smart- a result, current DPI tools support only the most pop- phone users their preferences on zero-rating through an ular applications, and often require manual coordina- 3 online survey. 65% of users expressed interest in a ser- tion between content providers and ISPs. For example, vice that lets them choose one application that does nDPI [17], a publicly available DPI system, recognizes not count against their monthly cellular data cap, or only 23 out of 106 applications that our surveyed users not even require a data plan, which explains why these picked for zero-rating. MusicFreedom, an existing zero- services are being deployed. But when we asked them to rating service implemented using DPI, works with only choose a particular application, responses were heavy- 17 out of 51 music applications mentioned in our sur- tailed, and many users preferred websites and applica- vey [12]. Even when DPI detects an application, its tions not available for special treatment by existing ser- view is very di↵erent from a user’s view. Take cnn.com vices. Users expressed preference for applications rang- as an example. Loading its front-page generates 255 ing from social networks, video, music streaming, mes- flows and 6741 packets from 71 di↵erent servers. nDPI saging and VOIP, news sites, maps, games, and edu- marked only packets coming from CNN servers, which 3Users are aged 18-65 in the USA, surveyed via Survey- summed up to 605 packets (less than 10%)—everything Monkey in August 2015. else came from CDNs, advertisers, etc. But perhaps ti”aentcvrda all. at covered not are “tail” w ed.Ee hn h ml ubro available cus- of own number their define small cannot the restricting—ISPs is then, classes Even at di re- iii) or a needs. and use respect own marking, to to DSCP the networks path alter quire the not least in very element impractical), the proven every been for expect has meaning ii) (which pre-defined code systems a DSCP at operating each agree networks, to all applications for require Di and room i) with little would preferences Serv leaving user Expressing purposes, own customization. their for works (2 classes 64 Di we make bits, that DSCP limitations insu the deeper are mark there to believe APIs necessary ex- not the and/or posing respecting not for developers application tra their mark to websites or SDK) developers Android’s allow or not do browser re- popular Chrome and even the boundaries, the (like or network platforms to across ignore bits preferences often DSCP express set operators Network to used network. practically Di be systems, not high operating and (e.g., routers network modern the and implemented in widely in header) Although class IP latency). low specific the bandwidth, a in to bits them DSCP map 6 the (using packets the in applications Di meantime, the long in a and take high add, applications Their to new time privacy. means user costs respect transaction not low have do applications, and many accuracy, recognize to requesting struggle tools are privacy. user they hurt service might which the for, ISP prepared treatment is their special user to a reveal if popularity. works to and only type DPI in problematic, vary most they and total), in apps (106 heavy-tail a have Preferences popularity. adata-plan),whichonewouldyouchoose?” 2: Figure
is,telmtdsto SPbt uprsonly supports bits DSCP of set limited the First, or operators network blame to common is it While DPI deployment, wide their despite summary, In # of users 10 15 20 ↵ 1 5 Serv. ~ ~50
in o omnctn srpreferences. user communicating for cient facebook netflix instagram I o ol hoeasnl plcto eg aeok ontcutaantyu aacp o o vnrequire even not (or caps data your against count not to Facebook) (e.g. application single a choose could you “If
Di google maps 6 n sarayue nenlyb net- by internally used already is and ) ↵
evalw npit omr their mark to endpoints allows Serv google music whatsapp reddit is fun amazon music
↵ nine rn ehns o their for mechanism erent wikipedia tunein radio beats
hulu nyt epne rm10 mrpoeues n plcto radw ytp and type by breakdown application and users, smartphone 1000 from Responses
trivia crack ↵
evcan- Serv candy crush flipboard viber ↵
Serv soma.fm