Google Announces 97 Percent of YouTube Traffic is Now Encrypted

[MacRumors]

Google yesterday posted an entry on its YouTube Engineering and Developers Blog, detailing the increased encryption achieved by the company for its video streaming site. Over the past few months, Google has slowly bolstered the encryption for YouTube, and now 97 percent of the service's traffic is encrypted using HTTPS.

The encryption-enforcing protocol provides "critical security and data integrity" for any website that uses it, and all of its visitors. YouTube said that three reasons it took the company so long to reach this high level of encryption was because of the heavy traffic the site receives daily, the breadth of devices that HTTPS needs to work on due to YouTube's ubiquity, and "mixed content" that leads to lots of potentially non-secure requests.

We're also proud to be using HTTP Secure Transport Security (HSTS) on youtube.com to cut down on HTTP to HTTPS redirects. This improves both security and latency for end users. Our HSTS lifetime is one year, and we hope to preload this soon in web browsers.

In the real world, we know that any non-secure HTTP traffic could be vulnerable to attackers. All websites and apps should be protected with HTTPS.

YouTube also pointed out that its website isn't at a full 100 percent encryption rate yet because "some devices do not fully support modern HTTPS." It's doing its best to support the widest number of smartphones, tablets, and browsers with the new security protocol, but admitted that down the line, to ensure the safety of all its users, it plans to "gradually phase out insecure connections."

Article Link: Google Announces 97 Percent of YouTube Traffic is Now Encrypted

 

[Zirel]

And 50% are advertisements.

 

[69Mustang]

And 50% are advertisements.

Someone must not have Red.

 

[ike1707]

So, what, is the other 3% people on a list? I love arbitrary numbers, they make me feel so much safer.

 

[ArtOfWarfare]

Yeah, but people have found vulnerabilities in HTTPS. At the very least, a man-in-the-middle can get the full URL (including the path, which has nothing to do with making sure the packet gets to the proper server.)

So we need something more secure than HTTPS already. That or we need to make it so the path is worthless (right now a lot of password reset links or account activation links rely on the path being a secure and randomly generated thing.)

 

[imas145]

Someone must not have Red.

It would help if it was available in more than three or so countries...

 

[BeefCake 15]

It would help if it was available in more than three or so countries...

I would rather put up with ads while watching YouTube on mobile than pay $10/month for the red tube plan..

 

[0007776]

Out of curiosity what is the need for encryption on Youtube? Should I be worried that someone is spying on what movie trailers or cat videos I'm watching?

 

[miknos]

That's good.

Now only Google and US gov knows what videos I watch on Youtube. I should stop watching those twerking videos. I don't want Uncle Sam thinking I have the same profile as Michael Douglas.

 

[69Mustang]

I would rather put up with ads while watching YouTube on mobile than pay $10/month for the red tube plan..

BeefCake... listen bud. What you do when you're having "special time"... yeah, we really, really don't need to know. Personally, I'd rather skip the ads and get right down to business.

As for Youtube Red, hey to each his own. It's definitely a better consumption experience. It's even better for me since I never had to pay for it. Play Music subscribers get it gratis. YR subscribers get PM for free as well. Bang for buck, it get's no better imo.

 

[BeefCake 15]

BeefCake... listen bud. What you do when you're having "special time"... yeah, we really, really don't need to know. Personally, I'd rather skip the ads and get right down to business.

Lol sorry, I meant YouTube Red..Marketing guys should've known better than making it so closely named

 

[Zirel]

Someone must not have Red.

I couldn't care less about Red, I have an Ad-Blocker.

But the vast majority of people don't.

 

[ke-iron]

Sorry but if your device doesn't support https then you need a new device. For as long as I can remember every iPhone or iPad I've ever purchased supported it. How old are these devices that doesn't support it? 15 or 20 years old???

 

[Manderby]

Why is the one field which deserves encryption the most being the one falling behind in such a significant manner?

Finance, really?

 

[Alenore]

So, what, is the other 3% people on a list? I love arbitrary numbers, they make me feel so much safer.

(Number of request served through HTTPS) / (Number of request served through any means) = 97%

OH BUT I FORGOT, IT'S GOOGLE, IT'S A CONSPIRACY, DON'T BELIEVE THEM !!

 

[FieldingMellish]

For maybe over half the content on YouTube, the operative work is encraption.

 

[Parasprite]

So, what, is the other 3% people on a list? I love arbitrary numbers, they make me feel so much safer.

Devices that don't support modern standards, usually because they are too old.

 

[myemailisjustin]

Why is the one field which deserves encryption the most being the one falling behind in such a significant manner?

Finance, really?

I think that's google finance..you know for stock quotes. not your banking website.