An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com.

February 24, 2011

HTTPS YouTube

After Google enabled by default encrypted connections to Picasa Web Albums, it started to become obvious that all Google services will soon switch to HTTPS. Probably the most unlikely candidate for this change is YouTube, Google's biggest bandwidth hog, but the unexpected happened: go to a random video and you'll notice that all the resources use HTTPS.


YouTube API's blog has recently announced HTTPS support for embedded videos. "We're planning a gradual expansion of HTTPS across other aspects of the site. The first place you may see HTTPS YouTube URLs is in our various embed codes, all of which currently support HTTPS in addition to the standard HTTP. Anyone can try HTTPS with YouTube embeds today—simply change the protocol portion of the URL from http to https." You can also enable "use HTTPS" when you generate the embedding code.


The performance doesn't seem to be affected and, if everything goes well, YouTube will probably switch to HTTPS in the coming months.

13 comments:

  1. I'm getting the red padlock indicating mixed content. Hopefully this will change in the future.

    ReplyDelete
  2. I wonder how various spying/censoring/packet-inspecting switches will stand up if Youtube & Facebook both become serious about pushing https to regular users. We might see a few interesting repercussions from this if a sizeable chunk of the internet's bandwidth becomes encrypted.

    ReplyDelete
  3. I'm also getting the red HTTPS with a strikethrough over it.

    Why is YouTube getting HTTPS?

    ReplyDelete
  4. Yup. The "random video" is getting mixed content here too.

    ReplyDelete
  5. I don't see the mixed content warning in Chrome, but it's most likely caused by ads.

    ReplyDelete
  6. If you look at the sessions by Youtube in a web debugger, you will notice that the actual video itself is not in https, it is still in Http format. Example of 'random video':
    http://v17.lscache7.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Calgorithm%2Cburst%2Cfactor%2Coc%3AU0hPSlVMVl9FSkNOOV9NRlpF&fexp=904416%2C907605%2C912600%2C901601&algorithm=throttle-
    And a bunch of other gibberish, but you get the point.

    ReplyDelete
  7. I think its happening now...I cant watch the videos but then i put an s in http so it says https in other words its secure and now I can watch them...

    ReplyDelete
  8. Don't be fooled - The video stream is still over HTTP.

    ReplyDelete
  9. Are there any plans to provide the video feed via HTTPS?

    ReplyDelete
  10. Any plans to provide the video feed itself via HTTPS?

    ReplyDelete
  11. I need the video to be HTTPS, My ISP has decided its a good idea to throttle HTTP to 512Kbps during peak hours. Suffice to say, not even 480p plays!!!

    ReplyDelete
  12. how do you get into youtube by https...

    ReplyDelete
  13. HTTPS is slower! Things are already too crappy, with abandoned new format channels, clunky Java and sluggish Windows etc.

    ReplyDelete