Google is sending more and more of its traffic over HTTPS, according to a new announcement by the company. The announcement adds specific numbers on encrypted traffic for Google Calendar and YouTube, with the video service sending more than 97 percent of its traffic over encrypted connections.
Google began reporting on HTTPS usage in March, reporting roughly 75 percent encrypted traffic across all services, although neither Calendar or YouTube were included in that report. Google also recently implemented strict transport security (or HSTS) for all Google.com domains, which prevents HTTPS connections from reverting to unencrypted HTTP.
HTTPS is most often used to protect sensitive information from being intercepted over the web, as in banking or email services, but it also protects against a number of more complex attacks. Cybercriminals and intelligence agencies can inject malware directly into video streams if traffic is unencrypted, with more intricate injection attacks sometimes reaching thousands of sites at once. A 2015 survey found roughly one in three web requests were made over HTTPS, although that number has increased significantly in the months since.
HTTPS is a more complex protocol, and many sites have held off on adopting it out of concern for users with older devices. But in the case of YouTube, Google says devices able to stream videos can usually handle the extra business of encryption. "Encryption and decryption are just really fast, even on top of video decoding, which is the most difficult workload most devices handle," said YouTube product manager Jon Levine. "I think our results show that if we can switch to HTTPS, anyone can."