Enormous video traffic and the myriad device types used to access service presented challenges to implementing full encryption on YouTube, according to Google.
Google has been working over the past two years to implement full encryption across all of its products, as part of an effort to ensure people using its services are better protected against online eavesdroppers, man-in-the middle attacks and other online threats.
This week the company outlined the progress it has made so far in moving YouTube, one of its most popular internet services, to 100 percent encryption.
In an update on the company's Security Blog
, Emily Schechter, Google Chrome security product manager and a self-described "HTTPS enthusiast," said YouTube traffic is close to 97 percent encrypted via HTTPS. Starting this week, users can keep track of Google's progress encrypting the rest of the service from Google's Transparency Report
on HTTPS encryption, she added.
The HTTPS protocol uses Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to perform data encryption over secure connections between client browsers and websites. Google has said it wants to move all of its services to HTTPS as part of a broader campaign to make the web safer for users.
Starting with HTTPS implementation for Gmail in March 2014, Google has expanded gradually the use of encryption to several other services including Google Drive, Maps, News, Finance and Advertising.
Data posted on the HTTPS Transparency Report shows that, with the exception of Gmail, Google still has a ways to go with achieving 100 percent encryption use across all of its services. For example, as of July 2016, Google had achieved 86 percent encryption with Google Maps, about 69 percent with Google News and 54 percent with Google Finance.
According to the company, it faces several substantial challenges in moving to full traffic encryption.
For one, many older computers and software products do not support HTTPS so Google has to make accommodations for those technologies. In some cases, certain countries and organizations degrade HTTPS traffic while some organizations do not have the resources or the interest in supporting HTTPS.
In her blog post, Schechter identified some of the challenges Google has faced so far in implementing HTTPS across YouTube. One of the biggest has been the sheer volume of traffic to YouTube. Google's Content Distribution Center, or edge nodes collectively referred to as the "Google Global Cache," currently handles truly immense amounts of video, she said.
"Migrating it all to HTTPS is no small feat," Schechter wrote. "Luckily, hardware acceleration for AES (Advanced Encryption Standard) is widespread, so we were able to encrypt virtually all video serving without adding machines," she said in her blog.
The sheer variety of device types that people use to access video content on YouTube also has presented a challenge from a HTTPS standpoint, Schecter said. The company has had to test everything from flip phones to smart TVs to ensure content integrity would not be affected on any devices because of HTTPS use.
"Some devices do not fully support modern HTTPS," she said. "Over time, to keep YouTube users as safe as possible, we will gradually phase out insecure connections."