No need for -nocookie

The ability to transact and communicate privately and anonymously online, through the use of encryption software and other tools, is a necessary requirement for the full realization of the rights to freedom of expression and privacy, particularly when speech may be socially taboo or critical of those in positions of power.

—Human Rights Watch

For several months, intermittently, I’ve been seeing 404 errors in my Firebug console that have to do with ‘youtube-nocookie.com.’ That was a special format YouTube used to use for encrypted HTTPS protocol that was meant to give visitors better privacy. In my case it was legacy code I knew was ineffective, as it was https embedded within an http iframe—an example of “mixed protocols” that undoes at least one layer of privacy by exposing a referring IP address. 

My guess, and it’s only a guess, is that YouTube is following the trend towards HTTPS everywhere. Many others noticed -nocookie URLs broken, and I learned today that YouTube URLs work better in all browsers if you keep the https:// but lose the -nocookie.

In summary, if it isn’t needed take it out. We can now assume native mp4/m4v support exists by default in most browsers. Sites that serve the public are adopting “privacy by design” and public facing websites are adopting https for everything. 

Encryption in the surveillance age

Today encryption isn’t simply a technical issue—to many it’s a human rights issue. Freedom House says,

The ability to transact and communicate privately and anonymously online, through the use of encryption software and other tools, is a necessary requirement for the full realization of the rights to freedom of expression and privacy, particularly when speech may be socially taboo or critical of those in positions of power. [PDF]

In their Comments Submitted to the UN Special Rapporteur, 2015, Human Rights  Watch said,

In the digital age, strong encryption is essential for the enjoyment of the right to communicate anonymously and privately. Online communications flow over Internet networks that are inherently vulnerable to covert and unwanted monitoring by state and non-state actors. […] …unlike our many private, face-to-face conversations, a conversation on the Internet is at high risk of collection and monitoring by both government and private agents if it is conducted unencrypted. This is not a theoretical but an actual risk, as we now know following the cascading revelations of the extent of state signals intelligence efforts. Strong encryption is essential to safeguarding privacy online. … Privacy online in the twenty-first century hinges entirely on strong encryption. 

§

Learn more

Wong (2015) The human rights case for encryption

YouTube HTML5 ready for primetime blog post

Human Rights Watch (2015), Comments Submitted to the UN Special Rapporteur on the Protection and Promotion of the Right to Freedom of Opinion and Expression On the Use of Encryption and Anonymity in Digital Communications
[PDF]

Let’s encrypt

Privacy by Design Privacy by Design (PbD) is an approach to protecting privacy by embedding it into the design specs of a site or application.

Leave a Reply

Your email address will not be published. Required fields are marked *