[Nottingham] How ISP shenanigans hampers your browsing experience.

Mike Cardwell nlug at lists.grepular.com
Tue Jan 6 09:51:31 UTC 2015 

* on the Mon, Jan 05, 2015 at 02:53:51PM -0800, Michael Quaintance wrote:

> Hmmm... not an entirely fair comparison or reasoning.
> 
> Yes, ISPs are doing incredible amounts of deep packet inspection and other
> "legal but not exactly good sport" tricks, but the tests on this website
> are not comparing like with like.
> 
> From the text at the bottom of the page itself, the HTTP test is using
> straight HTTP/1.1 without compression or domain sharding [1] and comparing
> this to SPDY HTTPS (with compression and SPDY negates domain sharding).

You can temporarily disable SPDY in Firefox by visiting about:config and
toggling "network.http.spdy.enabled" to false. When you do that and repeat
the test, it actually says the following at the top of the page:

"Your browser does not support SPDY, and test results will be inaccurate.
Please use the latest version of Chrome or Firefox."

> SPDY is a great improvement for the modern Web, and if you're logged in to
> Google, and using a modern build of Firefox or Chrome/Chromium, you've been
> using SPDY for a long time now. I like SPDY as a protocol and it's adoption
> is generally a good thing, although I would prefer wider HTTP/2 adoption if
> only to stop Google being in control of too much.

My understanding is that HTTP/2 is basically going to be what SPDY is and that
SPDY is simply a transitional protocol whilst people figure out what works in
the real World. Is that wrong?

> I cannot be bothered right now to recreate this test with the correct
> comparisons (HTTP vs HTTPS, SPDY HTTP vs SPDY HTTPS, HTTP with all modern
> improvements turned on vs SPDY HTTPS) but maybe I'll get around to that one
> day.
> 
> Certainly, the overhead of HTTPS everywhere is not as much as some
> detractors claim

If a website is slow, it is almost always because of the application, not
the encryption.

> and there are many with a vested interest in slowing the
> adoption of decent quality encryption, but just as they speak with forked
> tongues to make their point more convincing, this website is also
> misrepresenting the truth for its own agenda.

I think the point is that in the not too distant future, if you visit a
website over HTTPS, then you'll probably be using SPDY/HTTPv2, but if you
visit one over HTTP you'll be stuck on HTTPv1, without all the nice
pipelining and compression stuff [1]. So, although it is not strictly a
"HTTP vs HTTPS" test, it *is* a test comparing what you will see in the
real World when visiting a HTTP website vs what you will see when visiting
an average HTTPS website once SPDY/HTTPv2 gain traction [2].

[1] Although HTTPv2 is allowed to work over non-SSL connections, Mozilla
and Google at least have said that they'll only do it over HTTPS. I assume
because of compatibility problems with transparent proxies. Ultimately,
HTTPS will be faster than HTTP because of this.

[2] It shouldn't take long for SPDY/HTTPv2 to become the majority of HTTPS
traffic. All it requires is for admins to upgrade their web servers and
for people to upgrade their web browsers.

-- 
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20150106/3eb2f91e/attachment.pgp>

More information about the Nottingham mailing list