Earlier this year, Google added a new section to their Transparency Report about services adopting HTTPS. With Search, Gmail, and Drive long serving pages over HTTPS, YouTube and Calendar are the latest products to offer encryption by default.

It has been a two year challenge to encrypt YouTube. Migrating the Google Global Cache CDN to HTTPS was a huge engineering feat. Google did not have to add more resources and machines to encrypt video due to hardware acceleration for AES. The fact that only 97% of YouTube connections are encrypted is as a result of some devices not fully supporting modern HTTPS. Over time, insecure connections will be phased out and lead older YouTube clients to cease functioning.

For the most part, A/B testing has insured that HTTPS would not negatively impact device performance. Encryption has actually improved the quality of most clients by eliminating many types of streaming errors. YouTube is also using HTTP Secure Transport Security (HSTS) to cut down on HTTP to HTTPS redirects and improve latency for end users.

Google did not provide similar number for Calendar, only saying that the “traffic for both products is currently more than 90% encrypted via HTTPS.” Moving forward, more of the company’s products will likely be encrypted by default.

transparency report update

About the Author