Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Says 97% Of Connections To YouTube Are Now Encrypted (techcrunch.com)

Posted by msmash on from the to-a-more-secure-world dept.

Google said Monday that HTTPS now accounts for 97% of all connections to YouTube. In a blog post, the video portal made the announcement, also underscoring the challenges it faced making the site more secure. TechCrunch reports:Given its massive scale, YouTube obviously presents some extra challenges for Google. But the company argues that its Global Cache content delivery network is able to handle encrypted connections relatively easily, in large parts because hardware acceleration for AES, the algorithm at the core of the HTTPS protocol, is now ubiquitous. Google also argues that using HTTPS connections has improved the user experience on YouTube. "You watch YouTube videos on everything from flip phones to smart TVs," the team writes today. "We A/B tested HTTPS on every device to ensure that users would not be negatively impacted. We found that HTTPS improved quality of experience on most clients: by ensuring content integrity, we virtually eliminated many types of streaming errors."

8 of 46 comments (clear)

  1. Irrelevant by johannesg · · Score: 2

    The biggest spy of them all is running the backend...

    1. Re:Irrelevant by Anonymous Coward · · Score: 2, Funny

      Verisign?

    2. Re:Irrelevant by swillden · · Score: 2

      The biggest spy of them all is running the backend...

      Even if we grant your premise about Google (which I don't, but am not interested in arguing it), that doesn't make it irrelevant, not at all. We generally think of encryption as a tool to ensure that no one can read data, but in this case it's more important that it prevents anyone from manipulating the data. Data sent to you unencrypted (and unauthenticated) can be modified by any party sitting between you and the server, which means that anyone sitting on that path can inject malware to exploit vulnerabilities in your local system.

      TLS encrypts all of the streams, yes, but for most web traffic it's actually far more important that it MACs the streams. And of course that it authenticates the server before doing the key exchange which enables the MACing and verification.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  2. Re:How is it not 100%? by TFlan91 · · Score: 3, Informative

    The summary links to a summary of the original post.

    In the original post:

    > 97% for YouTube is pretty good, but why isn't YouTube at 100%? In short, some devices do not fully support modern HTTPS. Over time, to keep YouTube users
    > as safe as possible, we will gradually phase out insecure connections.

    I suspect TV's are a big perpetrator

  3. Re:...except for the biggest one. by lgw · · Score: 2

    I had 2 kinds of problem now. The forst is what you mention - some videos just won't play past a certain point, regardless of quality settings. When I can stream other videos just fine in HD, but this particular one won't play even at 240p, it's your CDN Google, it's not my connection.

    The other I'm getting more and more frequently is the "static screen", where my client can't even start playing the video. Mostly on IE, but also on FF and Pale Moon (old FF, really), and on machines with Flash and without. I was hoping that was a Flash vs no Flash problem that would sort itself out, but no. Refreshing the tab sometimes helps, but it really seems like a client-side issue. OK Google, it's starting to be obvious that you want non-Chrome browsers to have occasional playback issues.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  4. Re:...except for the biggest one. by swb · · Score: 2

    I've run into this with old, very low-view count videos, including the only one I've ever uploaded to YouTube.

    My assumption was always some kind of cache miss thing, as even Google wouldn't possibly cache a video from 2007 with 12 views close enough for seamless streaming.

  5. Re:How is it not 100%? by swillden · · Score: 3, Insightful

    what does a responsible employer do for enforcing acceptable use policies, and ensuring they do not create "hostile workplace" issues with employees looking at porn... or whatever?

    Address these issues with people, not with technology. Make sure everyone understands what the requirements are, and make sure everyone understands there's an open door for reporting issues that will have zero negative consequences for the reporter. And then institute a careful process for reviewing and investigating complaints... and hammer proven offenders.

    Yeah, it's a lot harder and a lot more work than just monitoring network connections, but it also addresses a lot more issues. Frankly, you need good people management policies and processes in place whether you're monitoring network connections or not... and if you have them, you don't need to monitor network connections.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  6. Re:...except for the biggest one. by AmiMoJo · · Score: 2

    The static screen is often because YouTube failed to play an ad, due you your ad-blocker. Just hit refresh and it will play most of the time.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC