Despite YouTube ’s attempts to safeguard user anonymity, intelligence agencies, hackers and online advertising companies can still determine which videos a user is watching, according to Ben-Gurion University of the Negev (BGU) research.
Ran Dubin, a doctoral student in the BGU Department of Communication Systems Engineering who is an expert in cyber security, presented this research at the Black Hat Europe meeting in London.
“We built a simple yet robust machine-learning algorithm that can identify which video you watched—within a predetermined set of videos—with a high degree of accuracy,” Dubin says. “The algorithm is based on an in-depth study of how video services work, how video content is encoded and how a video player requests information to play it.”
Dubin was able to us this algorithm to determine if someone had watched a specific video from a set of suspicious, terror-related videos. Intelligence agencies could access this technology for tracking terrorists or other suspicious individuals. Internet marketing companies could track the number and make-up of viewers watching an ad.
While this information could be helpful, Dubin warns average YouTube users to be aware that their viewing history on YouTube and other internet video platforms can be tracked.
“It’s important to know that video encryption is not as secure as we once thought,” he says.
“Google, YouTube’s parent company, is not likely to patch the gaps, since it would be prohibitively expensive to create a traffic obfuscation mechanism for every user’s every video request.”
Researchers are exploring an upside to this discovery: the ability to assess video quality without breaking an encryption. “While internet service providers want to ensure they are providing high quality streaming, encryption has made accessing information much more challenging,” says Dubin. “This tracking algorithm could help.”