Friday, December 14, 2012

YouTube Search Encrypted ...

... but streaming video not encrypted. Hmmm ... could lead to a false sense of privacy.
From Martin Sauter ... Observation: Youtube Is Now HTTPS - But The Streams Are Not

When I watched a video on Youtube today I noticed that the page's URL was https://www.youtube.com.... Interesting, I thought, it's encrypted now! If the streams are encrytped too, that would have interesting implications for video caching and compression servers in some mobile networks as they would no longer be able to compress and scale videos.

So I ran a quick Wireshark trace to see if the streams themselves were encrypted, too. However, they were not. An interesting implication of this is that the user might get the impression that the session is secure. But as the videos are sent in the clear, it's actually not secure at all. From the outside, it is no longer possible to see what the user is searching for, but which videos are streamed are still visible and can be cached or modified or simply blocked.



- Posted using BlogPress from my iPad

No comments:

LinkWithin

Related Posts Plugin for WordPress, Blogger...