Google Says 97% Of Connections To YouTube Are Now Encrypted (techcrunch.com) 46
Google said Monday that HTTPS now accounts for 97% of all connections to YouTube. In a blog post, the video portal made the announcement, also underscoring the challenges it faced making the site more secure. TechCrunch reports:Given its massive scale, YouTube obviously presents some extra challenges for Google. But the company argues that its Global Cache content delivery network is able to handle encrypted connections relatively easily, in large parts because hardware acceleration for AES, the algorithm at the core of the HTTPS protocol, is now ubiquitous. Google also argues that using HTTPS connections has improved the user experience on YouTube. "You watch YouTube videos on everything from flip phones to smart TVs," the team writes today. "We A/B tested HTTPS on every device to ensure that users would not be negatively impacted. We found that HTTPS improved quality of experience on most clients: by ensuring content integrity, we virtually eliminated many types of streaming errors."
How is it not 100%? (Score:2)
I thought that all Google properties redirected to HTTPS now....
Re:How is it not 100%? (Score:4, Informative)
The summary links to a summary of the original post.
In the original post:
> 97% for YouTube is pretty good, but why isn't YouTube at 100%? In short, some devices do not fully support modern HTTPS. Over time, to keep YouTube users
> as safe as possible, we will gradually phase out insecure connections.
I suspect TV's are a big perpetrator
Re: (Score:1)
Re: (Score:1)
Honest question... what does a responsible employer do for enforcing acceptable use policies, and ensuring they do not create "hostile workplace" issues with employees looking at porn... or whatever? What does the responsible employer do to ensure people aren't running rogue Team Viewer sessions for remove access?
For me, I just kind of ignore the threat vectors and issues... but that is just sticking my head in the sand.
Re:How is it not 100%? (Score:4, Insightful)
what does a responsible employer do for enforcing acceptable use policies, and ensuring they do not create "hostile workplace" issues with employees looking at porn... or whatever?
Address these issues with people, not with technology. Make sure everyone understands what the requirements are, and make sure everyone understands there's an open door for reporting issues that will have zero negative consequences for the reporter. And then institute a careful process for reviewing and investigating complaints... and hammer proven offenders.
Yeah, it's a lot harder and a lot more work than just monitoring network connections, but it also addresses a lot more issues. Frankly, you need good people management policies and processes in place whether you're monitoring network connections or not... and if you have them, you don't need to monitor network connections.
Re: (Score:2)
"employees credit card numbers and government ID numbers being in semi secure corporate databases"
Most man-in-the-middle coming from corporate america is to see where you are going, not storing POST data. And if they are, they could tell you they are doing it and if you have a problem with that, use web sites that require govt IDs and credit cards at home. I can't think of a time I had to use my SSN (which was never intended to be a secret) or credit card # for work via the Internet. And realistically, if t
Re: (Score:2)
Most man-in-the-middle coming from corporate america is to see where you are going, not storing POST data.
MITM isn't necessary to see where you're going. SSL doesn't obscure the IP you're connecting to, nor the domain name your DNS client looked up to get that IP address.
Irrelevant (Score:3)
The biggest spy of them all is running the backend...
Re: (Score:2, Funny)
Verisign?
Re: (Score:3)
The biggest spy of them all is running the backend...
Even if we grant your premise about Google (which I don't, but am not interested in arguing it), that doesn't make it irrelevant, not at all. We generally think of encryption as a tool to ensure that no one can read data, but in this case it's more important that it prevents anyone from manipulating the data. Data sent to you unencrypted (and unauthenticated) can be modified by any party sitting between you and the server, which means that anyone sitting on that path can inject malware to exploit vulnerabil
Re: (Score:2)
Indeed, it would be a tragedy if your funny cat movies were altered in some way.
Re: (Score:2)
Indeed, it would be a tragedy if your funny cat movies were altered in some way.
It would be a tragedy if your funny cat movies were used to steal all of your data and add your computer to a botnet.
You should try reading posts before replying to them. Especially when they're short.
...except for the biggest one. (Score:2)
Re: ...except for the biggest one. (Score:2)
Can't say I've ever really experienced that problem.
If you have a slow connection, or poor wireless connection I could see it dropping out. But even then Youtube will switch to lower resolution streams if it notices a poor/slow connection. Perhaps this switch is where your problem is occuring?
Re: ...except for the biggest one. (Score:1)
Actually, I've been experiencing the same bug. It started when they added the auto quality setting. To work around it I have to manually set which quality I want on every video. I can pick any quality and YouTube won't get stuck buffering, but if I leave it on Auto I have a 50/50 chance that the video just stops at some point.
It doesn't happen on mobile, go figure.
I have tried Firefox and Chrome and had this happen.
Re: (Score:3)
I had 2 kinds of problem now. The forst is what you mention - some videos just won't play past a certain point, regardless of quality settings. When I can stream other videos just fine in HD, but this particular one won't play even at 240p, it's your CDN Google, it's not my connection.
The other I'm getting more and more frequently is the "static screen", where my client can't even start playing the video. Mostly on IE, but also on FF and Pale Moon (old FF, really), and on machines with Flash and without.
Re: (Score:2)
When I can stream other videos just fine in HD, but this particular one won't play even at 240p, it's your CDN Google, it's not my connection.
(Or it's your ISP, if Hulu or someone else paid them to throttle youtube traffic)
Yeah, no.
hat said, Google changed their streaming protocol years ago instead of using HTTP ranges they used some other thing and that other thing would regularly time out and refuse to reconnect if you left the video paused.
That's just normal YouTube: leave it paused too long, and you'll need to refresh and watch a new commercial, and sometimes lose your place.
This is "won't play beyond the first 90 seconds (or so) of video no matter what you do". Note that CDNs often cache the first minute-ish of videos at the outer layer, so that they can start playing instantly while they connect to layers further back to get the rest of the video ready to play.
Re: (Score:2)
That happens all the time on one of my computers with FF. Double-clicking the || (pause) button usually fixes it for me. YMMV.
Re: (Score:3)
The static screen is often because YouTube failed to play an ad, due you your ad-blocker. Just hit refresh and it will play most of the time.
Re: (Score:2)
That ... actually makes a lot of sense, thanks.
Re: (Score:3)
I've run into this with old, very low-view count videos, including the only one I've ever uploaded to YouTube.
My assumption was always some kind of cache miss thing, as even Google wouldn't possibly cache a video from 2007 with 12 views close enough for seamless streaming.
Re: (Score:2)
Use youtube-dl for reliability, no ads (Score:2)
Sometimes I will get various errors. If/when I do, I just use youtube-dl to download the video. (I wonder why my hyperlink doesn't show up in the preceding sentence? Anyway, see "https://rg3.github.io/youtube-dl/" for more info.)
Advantages:
- no ads!
- Allows me to play the video with (S)Mplayer, so I can increase the playback speed by 10% (30% in the case of instructional videos that should havve been replaced by a text article in the first place) or 100% if I'm just fast-forwarding looking for an intere
Re: (Score:2)
Am I the only one that thinks this is gibberish?
My typewriter monkey wrote it. I don't know what it means.
Re: (Score:2)
It's word salad with some punctuation.
Re: (Score:1)
It's word salad with some punctuation.
I agree. Any meanings found in those words are the products of the readers's sick, twisted minds. Let's debate the use of apostrophe s at the end of plural nouns now.
Re: (Score:2)
HTTPS? (Score:1)
Is that supposed to mean something [darkreading.com]?
Cookies have been re-branded as "Certificates"... or secure cookies
Not mine (Score:2)
I'm blocking all HTTPS traffic. I don't trust it. What are they trying to hide?
Re: (Score:1)
Re: (Score:2)
Let me be the first to say, "WHOOOOOOOOOSH!!"
Re: (Score:2)
Yeah they only started to dislike the encryption plans when the companies made it so that even they themselves can't access the communication contents.
Re: So no more caching without MITM (Score:1)
This whole thing is just PR for the business reason to stream ads without interference. Caching, efficient delivery - they don't care about it. People could flip out their ads for someone else's. Something that keeps google up at night. So everyone drinks down the cool aid of 'security'.
Even slashdot...
5 eyes still get 100% :) (Score:2)
PRISM (surveillance program) https://en.wikipedia.org/wiki/... [wikipedia.org]