Hacker News new | comments | show | ask | jobs | submit login
Ask HN: Why is Youtube not https strict?
3 points by mememememememe 1456 days ago | hide | past | web | 6 comments | favorite
You can access http and https on Youtube. Youtube can handles millions of users, so the argument "encryption" takes time doesn't seem legitimate. Or is it? Maybe not... since youtube serves videos, not text.

I don't think engineers would make that kind of mistake leaving http on. There must be a good reason, right?

Any thoughts on this?

Extra hardware + extra complexity + extra work + extra costs.

Personally I'm in the camp that thinks the Internet would be a lot more secure and free if all traffic was always encrypted. But the business reasons for not using encryption when it's not explicitly required, are fairly obvious.

Because they have no reason to do so.

Hmm that's not a very good argument. Why should search page on Google be encrypted then? Youtube has search function too.

If a "google.com" request is MITM'd because it's not encrypted, then the MITM can do all sorts of extra damage, using that as a platform, to sites like "mail.google.com"

Hence when google.com is forced over SSL when you're logged in, but not forced over SSL otherwise.

Last I checked, google search can also be accessed through http. The reason why youtube's search can be http without issue is that all results are on youtube so you won't be leaking the search to another site.

Actually, Google enforces HTTPS nowadays when possible. YouTube however is entirely different, YouTube consumes too much bandwidth as-is, they would not want to enforce HTTPS and increase their overall bandwidth consumption like that.

Additionally, on Google you could be searching for confidential things you do not want intercepted, YouTube is more social and public, therefore it is not as high priority.

If you want to enforce HTTPS on sites, use an HTTPS everywhere plugin, https://chrome.google.com/webstore/detail/https-everywhere/g... https://addons.mozilla.org/en-US/firefox/addon/https-finder/...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact