Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Youtube Google The Internet

Google Says 97% Of Connections To YouTube Are Now Encrypted (techcrunch.com) 46

Google said Monday that HTTPS now accounts for 97% of all connections to YouTube. In a blog post, the video portal made the announcement, also underscoring the challenges it faced making the site more secure. TechCrunch reports:Given its massive scale, YouTube obviously presents some extra challenges for Google. But the company argues that its Global Cache content delivery network is able to handle encrypted connections relatively easily, in large parts because hardware acceleration for AES, the algorithm at the core of the HTTPS protocol, is now ubiquitous. Google also argues that using HTTPS connections has improved the user experience on YouTube. "You watch YouTube videos on everything from flip phones to smart TVs," the team writes today. "We A/B tested HTTPS on every device to ensure that users would not be negatively impacted. We found that HTTPS improved quality of experience on most clients: by ensuring content integrity, we virtually eliminated many types of streaming errors."
This discussion has been archived. No new comments can be posted.

Google Says 97% Of Connections To YouTube Are Now Encrypted

Comments Filter:
  • I thought that all Google properties redirected to HTTPS now....

    • by TFlan91 ( 2615727 ) on Monday August 01, 2016 @02:07PM (#52623167)

      The summary links to a summary of the original post.

      In the original post:

      > 97% for YouTube is pretty good, but why isn't YouTube at 100%? In short, some devices do not fully support modern HTTPS. Over time, to keep YouTube users
      > as safe as possible, we will gradually phase out insecure connections.

      I suspect TV's are a big perpetrator

      • by Anonymous Coward
        Next thing they (browser makers, app makers, etc.) need to do is use certificate pinning so these stupid man in the middle attacks (often done at companies without the knowledge of their employees so that companies can scoop up everything everyone is doing on the internet and resulting in things like employees credit card numbers and government ID numbers being in semi secure corporate databases) can be prevented. Well, prevented is a strong word - but at least the app / browser would say that the certifica
        • Honest question... what does a responsible employer do for enforcing acceptable use policies, and ensuring they do not create "hostile workplace" issues with employees looking at porn... or whatever? What does the responsible employer do to ensure people aren't running rogue Team Viewer sessions for remove access?

          For me, I just kind of ignore the threat vectors and issues... but that is just sticking my head in the sand.

          • by swillden ( 191260 ) <shawn-ds@willden.org> on Monday August 01, 2016 @04:16PM (#52624055) Journal

            what does a responsible employer do for enforcing acceptable use policies, and ensuring they do not create "hostile workplace" issues with employees looking at porn... or whatever?

            Address these issues with people, not with technology. Make sure everyone understands what the requirements are, and make sure everyone understands there's an open door for reporting issues that will have zero negative consequences for the reporter. And then institute a careful process for reviewing and investigating complaints... and hammer proven offenders.

            Yeah, it's a lot harder and a lot more work than just monitoring network connections, but it also addresses a lot more issues. Frankly, you need good people management policies and processes in place whether you're monitoring network connections or not... and if you have them, you don't need to monitor network connections.

            • "employees credit card numbers and government ID numbers being in semi secure corporate databases"

              Most man-in-the-middle coming from corporate america is to see where you are going, not storing POST data. And if they are, they could tell you they are doing it and if you have a problem with that, use web sites that require govt IDs and credit cards at home. I can't think of a time I had to use my SSN (which was never intended to be a secret) or credit card # for work via the Internet. And realistically, if t

              • Most man-in-the-middle coming from corporate america is to see where you are going, not storing POST data.

                MITM isn't necessary to see where you're going. SSL doesn't obscure the IP you're connecting to, nor the domain name your DNS client looked up to get that IP address.

  • by johannesg ( 664142 ) on Monday August 01, 2016 @02:05PM (#52623147)

    The biggest spy of them all is running the backend...

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Verisign?

    • The biggest spy of them all is running the backend...

      Even if we grant your premise about Google (which I don't, but am not interested in arguing it), that doesn't make it irrelevant, not at all. We generally think of encryption as a tool to ensure that no one can read data, but in this case it's more important that it prevents anyone from manipulating the data. Data sent to you unencrypted (and unauthenticated) can be modified by any party sitting between you and the server, which means that anyone sitting on that path can inject malware to exploit vulnerabil

      • Indeed, it would be a tragedy if your funny cat movies were altered in some way.

        • Indeed, it would be a tragedy if your funny cat movies were altered in some way.

          It would be a tragedy if your funny cat movies were used to steal all of your data and add your computer to a botnet.

          You should try reading posts before replying to them. Especially when they're short.

  • "we virtually eliminated many types of streaming errors." - except, you know, the issue of the video stopping playback in the middle of watching because it won't buffer the remaining video. It's the *only* issue of playback I've had for years. Recently, youtube started blaming connection problems, but everyone knows that isn't the issue at all. Anyone else experience errors being fixed? Because I've only had 1 and it isn't fixed.
    • Can't say I've ever really experienced that problem.

      If you have a slow connection, or poor wireless connection I could see it dropping out. But even then Youtube will switch to lower resolution streams if it notices a poor/slow connection. Perhaps this switch is where your problem is occuring?

      • by Anonymous Coward

        Actually, I've been experiencing the same bug. It started when they added the auto quality setting. To work around it I have to manually set which quality I want on every video. I can pick any quality and YouTube won't get stuck buffering, but if I leave it on Auto I have a 50/50 chance that the video just stops at some point.
        It doesn't happen on mobile, go figure.
        I have tried Firefox and Chrome and had this happen.

    • by lgw ( 121541 )

      I had 2 kinds of problem now. The forst is what you mention - some videos just won't play past a certain point, regardless of quality settings. When I can stream other videos just fine in HD, but this particular one won't play even at 240p, it's your CDN Google, it's not my connection.

      The other I'm getting more and more frequently is the "static screen", where my client can't even start playing the video. Mostly on IE, but also on FF and Pale Moon (old FF, really), and on machines with Flash and without.

      • the "static screen", where my client can't even start playing the video...

        That happens all the time on one of my computers with FF. Double-clicking the || (pause) button usually fixes it for me. YMMV.

      • by AmiMoJo ( 196126 )

        The static screen is often because YouTube failed to play an ad, due you your ad-blocker. Just hit refresh and it will play most of the time.

    • by swb ( 14022 )

      I've run into this with old, very low-view count videos, including the only one I've ever uploaded to YouTube.

      My assumption was always some kind of cache miss thing, as even Google wouldn't possibly cache a video from 2007 with 12 views close enough for seamless streaming.

    • Comment removed based on user account deletion
    • Sometimes I will get various errors. If/when I do, I just use youtube-dl to download the video. (I wonder why my hyperlink doesn't show up in the preceding sentence? Anyway, see "https://rg3.github.io/youtube-dl/" for more info.)

      Advantages:
      - no ads!
      - Allows me to play the video with (S)Mplayer, so I can increase the playback speed by 10% (30% in the case of instructional videos that should havve been replaced by a text article in the first place) or 100% if I'm just fast-forwarding looking for an intere

  • Is that supposed to mean something [darkreading.com]?

    Cookies have been re-branded as "Certificates"... or secure cookies

  • I'm blocking all HTTPS traffic. I don't trust it. What are they trying to hide?

    • They aren't hiding anything. People talk about https and network security, but they don't seem to realize that the endpoints (Google, Apple, Microsoft, etc) are the ones with the unencrypted access to the data. And they will hand it over to whatever agency requests it, or whoever pays enough for it. No one is bothering breaking https connections to get to your data. They just ask the corporations for it.
  • That end user encryption has to stop at some point for the ads to work. The 5 nations security services, their staff and their other contractors will be waiting for all the decrypted data in real time.
    PRISM (surveillance program) https://en.wikipedia.org/wiki/... [wikipedia.org]

news: gotcha

Working...