HN2new | past | comments | ask | show | jobs | submitlogin

True, but that redirect service can be stupid simple if the URL has all the information it needs to do the redirect encrypted in the URL. So no new DBs.

The URL gets a little longer, but a format-preserving encryption scheme might be able to help a bit.

Not that I want to give them any ideas.



Can't keep encryption keys around forever, and that means encrypted URLs have a time limit on them.


Sure you can. Even if the key is rotated monthly for 20 years, we're talking ~4 KB of memory for all the keys.

But remember that this isn't being done for security; it's just adding a minor barrier to casual removal of the tracking information. And if users really want to circumvent it on the links they generate all they'd need to do is copy the regular URL instead of using the Share button.

(Again, not that I want to see them do any of this.)


Rotating a key involves retiring the old one.

If 20 year old keys remain valid and URLs encrypted with them still work, you’re not getting any value out of key rotation. If an old key leaks or is cracked, the entire system is useless.

Remember the point of encryption here is basically integrity - to verify that the parameters were generated by the site’s own share capability.


I only claimed a minor barrier to unmotivated tracker stripping. By that I mean a hurdle, not tamper resistance. So in the worst case you're no worse off than what the existing unencrypted system affords you.

Indeed, rotating the key here serves very little benefit.

Thinking out loud: I suppose if they strayed further from the light and started restricting timestamp linking to share button URLs they might want to rotate the key to frustrate anyone looking to generate anonymous timestamp links. In that case, you could do something like include some indicator of which key was valid on the day it was uploaded. That limits the blast radius of a leaked/cracked key to the ability to generate timestamp links for all videos created during that period. Still low stakes, but now we need care more about integrity. Also, I wouldn't be surprised if updating the video ID scheme is a huge ask, so at that point a new DB might be the easier solution.


> And if users really want to circumvent it on the links they generate all they'd need to do is copy the regular URL instead of using the Share button.

At that point, why even replace it with something common? Just use the uniqe urls always.


You can stop giving them ideas while YouTube is still a service I genuinely like.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: