09 July 2014

HTTPS YouTube Streams



Most Google services use HTTPS and Google wants to switch the entire Web to HTTPS. YouTube uses encrypted connections for signed-in users and even video streams use SSL. You can check this by right-clicking a video, selecting "Stats for nerds" and reading the "stream type" value for the HTML5 player or the third line for the Flash player.






More than 6 billion hours of video are watched each month on YouTube. A study from 2013 concluded that YouTube video streaming accounted for more than 18 percent of all downstream traffic in North America.



5 years ago, SSL was mostly used for online banking and logging in to various sites. Few online services offered HTTPS as an option and one of them was Gmail back in 2008. HTTPS access for Gmail was enabled by default in 2010. Google released Secure Search in 2010 and made it the default option last year.



While protecting against man-in-the-middle attacks makes sense, what's the point of delivering hundreds of megabytes of publicly available videos though HTTPS? Privacy is a good reason. Traffic is encrypted, it can't easily be decoded by third parties between your computer and Google's servers.



Back in 2009, Microsoft didn't use SSL by default for logging in and now YouTube uses SSL to stream videos.

No comments:

Post a Comment