Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
62,978
29,709



Google yesterday posted an entry on its YouTube Engineering and Developers Blog, detailing the increased encryption achieved by the company for its video streaming site. Over the past few months, Google has slowly bolstered the encryption for YouTube, and now 97 percent of the service's traffic is encrypted using HTTPS.

The encryption-enforcing protocol provides "critical security and data integrity" for any website that uses it, and all of its visitors. YouTube said that three reasons it took the company so long to reach this high level of encryption was because of the heavy traffic the site receives daily, the breadth of devices that HTTPS needs to work on due to YouTube's ubiquity, and "mixed content" that leads to lots of potentially non-secure requests.

Youtube-HTTPS-chart.jpg
We're also proud to be using HTTP Secure Transport Security (HSTS) on youtube.com to cut down on HTTP to HTTPS redirects. This improves both security and latency for end users. Our HSTS lifetime is one year, and we hope to preload this soon in web browsers.

In the real world, we know that any non-secure HTTP traffic could be vulnerable to attackers. All websites and apps should be protected with HTTPS.
YouTube also pointed out that its website isn't at a full 100 percent encryption rate yet because "some devices do not fully support modern HTTPS." It's doing its best to support the widest number of smartphones, tablets, and browsers with the new security protocol, but admitted that down the line, to ensure the safety of all its users, it plans to "gradually phase out insecure connections."

Article Link: Google Announces 97 Percent of YouTube Traffic is Now Encrypted
 

ike1707

macrumors 6502
Jan 20, 2009
404
831
So, what, is the other 3% people on a list? I love arbitrary numbers, they make me feel so much safer.
 
  • Like
Reactions: Avieshek

ArtOfWarfare

macrumors G3
Nov 26, 2007
9,523
5,988
Yeah, but people have found vulnerabilities in HTTPS. At the very least, a man-in-the-middle can get the full URL (including the path, which has nothing to do with making sure the packet gets to the proper server.)

So we need something more secure than HTTPS already. That or we need to make it so the path is worthless (right now a lot of password reset links or account activation links rely on the path being a secure and randomly generated thing.)
 
  • Like
Reactions: autrefois

0007776

Suspended
Jul 11, 2006
6,473
8,170
Somewhere
Out of curiosity what is the need for encryption on Youtube? Should I be worried that someone is spying on what movie trailers or cat videos I'm watching?
 
  • Like
Reactions: kdarling

miknos

Suspended
Mar 14, 2008
940
793
That's good.

Now only Google and US gov knows what videos I watch on Youtube. I should stop watching those twerking videos. I don't want Uncle Sam thinking I have the same profile as Michael Douglas.
 
  • Like
Reactions: badNameErr

69Mustang

macrumors 604
Jan 7, 2014
7,895
15,043
In between a rock and a hard place
I would rather put up with ads while watching YouTube on mobile than pay $10/month for the red tube plan..
BeefCake... listen bud. What you do when you're having "special time"... yeah, we really, really don't need to know. Personally, I'd rather skip the ads and get right down to business. :oops::D:p;)

As for Youtube Red, hey to each his own. It's definitely a better consumption experience. It's even better for me since I never had to pay for it. Play Music subscribers get it gratis. YR subscribers get PM for free as well. Bang for buck, it get's no better imo.
 
  • Like
Reactions: CarpalMac and hagar

BeefCake 15

macrumors 68020
May 15, 2015
2,037
3,113
BeefCake... listen bud. What you do when you're having "special time"... yeah, we really, really don't need to know. Personally, I'd rather skip the ads and get right down to business. :oops::D:p;)

Lol sorry, I meant YouTube Red..Marketing guys should've known better than making it so closely named
 

ke-iron

macrumors 68000
Aug 14, 2014
1,529
1,015
Sorry but if your device doesn't support https then you need a new device. For as long as I can remember every iPhone or iPad I've ever purchased supported it. How old are these devices that doesn't support it? 15 or 20 years old???
 

Manderby

macrumors 6502a
Nov 23, 2006
500
92
Why is the one field which deserves encryption the most being the one falling behind in such a significant manner?

Finance, really?
 

Alenore

macrumors 6502
Apr 7, 2013
423
426
So, what, is the other 3% people on a list? I love arbitrary numbers, they make me feel so much safer.
(Number of request served through HTTPS) / (Number of request served through any means) = 97%

OH BUT I FORGOT, IT'S GOOGLE, IT'S A CONSPIRACY, DON'T BELIEVE THEM !!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.