HTTPS has been in the news quite a bit lately; first, because of Firesheep, a program that allows users on open WiFi networks to sniff cookies and effectively hijack users’ social networking connections if they're not using HTTPS. As a result, a campaign has emerged to call on companies to offer HTTPS by default and the EFF has released a program called HTTPS Everywhere which, when installed, automatically directs users to the HTTPS version of a site.
Internet users can also bypass filtering using HTTPS, which provides another incentive for companies to implement it, as YouTube recently did. Unfortunately, from tests conducted in Tunisia (where YouTube is blocked by IP address), it appears that, while users can access https://www.youtube.com, they cannot actually watch videos; when they attempt to do so, they are presented with the following error message:
In order for Tunisians (and users in other countries where YouTube is blocked by IP address) to be able to watch videos, we suspect that YouTube will need to ensure that not only its home page, but also the embed code, are available under HTTPS. A look at the source code of an individual (HTTPS) video page shows that the code is all HTTP: