Hello all-- We'd like to thank those of you who replied with concerns about our statements on URL and domain encryption in the later part of the video. Here is a correction to and clarification on what was presented in this episode. We should have said that HTTPS does technically encrypt the entire URL but unencrypted DNS can show what domain you are visiting (such as www.example.com). The remainder of the URL, including the specific page a user is visiting, would remain encrypted. It should also be noted that in addition to unencrypted DNS potentially giving away a domain the user is visiting, domains are also sent in plaintext to the server a user is attempting to access so that the server knows which subdomain the user wants - for example, en.wikipedia.org versus es.wikipedia.org - before traffic between the client and server gets encrypted. This is due to how Transport Layer Security (TLS) works - the cryptographic protocol that HTTPS uses. So, this is another way in which an attacker could potentially find out which websites a user is visiting is addition to looking at unencrypted DNS requests. There is a feature in the newest version of TLS called Encrypted Client Hello (ECH) that aims to solve this problem, but ECH is not yet widespread across the Web. HTTPS is a complex topic, and in our effort to explain it as succinctly and accessibly as possible, we accidentally misunderstood a piece of information provided by our fact-checkers. That is, of course, no excuse for making a mistake, which we apologize for. We hope this comment clarifies how HTTPS works, and we appreciate your patience and understanding as we continue to refine our processes; we strive to be as accurate as possible and do right by our viewers. Again, please accept our apologies. The first 500 people to use this link and code TECHQUICKIE30 will get 30% off their first order with Soylent: bit.ly/3qgAqNC

HTTPS is just supposed to make your connection between your computer and the site you're visiting secure. It doesn't make the site more secure. It just makes sure the information you're providing to the site doesn't get intercepted.

A couple of corrections. 1) An employer would still have to install a custom certificate authority on your computer if they wanted to put a proxy between you and the internet to monitor your traffic. This isn't exactly uncommon practice though. 2) You used the word "URL" several times when "domain" would have been correct. The difference is actually somewhat important with the topic covered at 4:10. The URL includes an awful lot of metadata that is actually encrypted by HTTPS; it's only the domain that is unencrypted

Chrome is actually considering the removal of the lock symbol for reasons that are in part detailed in this video. People misinterpret it as "everything is safe with this site" which is never the case.

I see the sponsor and all I can think is "Soylent Green is PEOPLE!"

worth mentioning: if a website gets hacked or they don't pay their domain, someone else can do phishing and it's not possible to tell from the URL or HTTPS being properly enabled.

Corrections: 4:17 HTTPS always encrypts the path of the URL, and the hostname is only sent in plaintext in the first part of the TLS handshake. 4:44 "Encrypted DNS" does not obfuscate the hostname, as the graphic suggested, and this is still sent in plain text in the first part of the TLS handshake because DNS is not part of HTTPS.

Soylent - ITS MADE OUT OF PEOPLE!!

The information at 4:11 about HTTPS not encrypting the URL is just plain wrong. The whole HTTP session is encrypted, which includes the hostname and URL. What CAN leak is the hostname through unencrypted DNS, and any listener on the way can definitely see the IP address that you are connected to. A system administrator can see your browser history, but your ISP cannot.

Anyone else notice how crappy and limited google search results have been recently?

Soylent: IT'S MADE OF PEOPLE!

HTTPS protects from man-in-the-middle attacks but not man-on-the-end attacks

2 important details missed: 1. Since it leads to a false sense of security, it may not be shown if https is being used or not. 2. Malicious websites can fake the address bar by using frames and images.

I loved the "editor says hi" traffic being sent :)

the soy ad is the most dystopian thing I've seen all year

The reason the web didn't always have https is because very little was encrypted back then, and beyond experiments, nothing at all in the transport layer. Perhaps the interesting bit is that web led the way in security, with Netscape experimenting with it in 1994, while ssh didn't even exist yet.

> Why Google Is Changing THIS Icon Mentions everything but what it's gonna be changed to in the video

Missed opportunity to put Snoop Dogg at 0:33

I've changed to Firefox a year ago, and i gotta say, its been a positive experience.

You know Soylent Green tastes different from person to person.

So.. why is Google changing the icon? You didn’t address the question in the title. Edit: the title has changed now, but it was originally something like “Why is Google changing this icon?”.

Thank you for this, would love more cyber security related content. It's more difficult to distill down, but wow does the public need better understanding.

i really wish they also explained HOW lets encrypt created a somewhat shift in how certificates was generates, going from a "manual verify domain, manual download cert, upload to site", to ACME, doing 90% of this job for you

I think you forgot about the Client Hello which transfers the domain name unencrypted, during TLS connection startup, even using "private DNS" (DNS over TLS / DNS over HTTPS). Support for ECH (encrypted client hello), which encrypts the domain is still very uncommon.

I would have found it really funny if the sponsor for this was a VPN provider.

Finally, some mid-range tech information.

I like that more and more libraries and schools are straight up blocking HTTP.

Your haircut and T-shirt keep changing. Is this confirmation of the parallel universe theory? Only Techquickie could achieve that.

EVERY job place i've worked at has had a their own authority installed so log into places at your own risk. Also implementing certs / and checking on established sites.. has always had me dumbfounded with how lax the private certs are kept - imo it's a flawed process but I can't think of anything better - absolutely hate them for how socially unaware certs are.

soylent.. REALLY? whats their best selling Meal... the Green one?!

Honestly, ever since I've discovered the Lockpicking Lawyer, that little padlock icon stopped inspiring any sense of security for me.

I'd like to suggest you do a video about USB 3.0 devices creating radio interference in the 2.4ghz range, affecting wireless devices like mice and keyboards. Apparently it's a known issue, but not really talked about.

my employer spy on the employee by proxying all web browsee and using their own certs on the laptops so it still show https but they spy on every thing you post

I'm sorry I lost track of the amount of times the color shirt changed and beard growth to clean shaven. 😂

I love how the security of HTTPS is just built around 'trust us bro', we are totally going to be secure when we sign this.

4:17 "hi everyone - editor :)"

Of all the LTT videos released since the "incident", this is the most useful. Thank you.

If you're critiquing HTTPS, I think a fair mention should be made to the fact that any one of the many certificate authorities that are pre-configured on most operating systems, many of which are ran by various state actors, can arbitrarily create fake certificates for *any* site, not just one originally registered with them, and the fact that it is a historically documented fact that a lot of the CAs have been creating fake certificates for law-enforcement agencies.

getting two version of Riley in one video is just too wholesome lol

Feel like I'm seeing a definite improvement in the accuracy in Techquickie. The fact you mentioned "may be able to see what page you visited, depending on how the server is configured" is the sort of detail you had been skimming over in the past. I hope this quality continues as its often the little details that are important.

Soylent Green is made from Humans... Loved that movie!!!

At 0:56 you say the certificate is the electronic document "used to generate the https encryption". This isn't quite right. You don't need a certificate to generate an encrypted connection. The certificate is there to establish TRUST. So that you know the server on the other end is who they say they are (as you mention later).

What is meant with the statement at 4:00? If DNS is poisoned and returns a malicious IP, the certificate won't be valid. That's one of the main features of HTTPS, because the malicious site (normally) can't provide a valid certificate for that domain

Everytime I see a Soylent add I chucke. The lack of awarness in the company name will never NOT be funny

Did the editor ever find the answer to his question as i would also like to know "how many penguins can you legally put on a unicycle"

Recently got sick and soylent was the only thing I could keep down.

Soylent makes a mint chocolate flavor. It has a green label on it.

What did Colton do that got him fired and that is the reason why he basically became an LTT meme at this point.

A crazy thing the US Government does on their defense contractor websites; *You* have to manually obtain and install the cert packages in order to display the website properly.

Gray and beige shirt, my brain went beep boop

Messed with my mind as you shaved and got a new t-shirt at times 😂

...why would a nutrient drink company call their drink soylent? do they just assume that people these ads are targeting have never heard of soylent green?

0:31 Hi editor.

My mobile network provider INJECTS ads in between content on those old http websites, and I'm not joking at all rn.

cool stuff. make a video about apple's iCloud limit IP address tracking and how secure web browsing on apple devices really is..

Soylent is wonderful! My favorite flavor is green, but the taste varies based on the person

Dude, your beard grows fast. Oh, and goes away fast too. :-)

Riley's haircut is a nice insight to how long these vids must take to make...☺

Would have been nice if you went into the issues with security certificates like antivirus programs pinning it resulting in issues when a company updates the certificate

4:37 He can't keep getting away with it!

Will there be a Soylent Green?

HTTPS is the reason you don't need VPNs for privacy reasons. Your connection is already encrypted.

HTTPS protects you from outside parties, not the server you are communicating with

The constant back and forth between Riley and his evil twin was certainly a bit off putting 😂

Administrator with DPI: Pfft, wtf are you doing? Blocked!

Here's a video suggestion, how to figure out which gpu will perform best with my cpu and how to check the bottleneck percentage?

Your boss can not just look are your stuff with only proxies.. It also has to manage your browser install (often done in companies) otherwise he's as blocked as everybody else And uh yes, HTTPS does encrypt URL, only the domain will be seen from outside

Good job explaining. Technically correct and simply explained.

Poor Colton never gets a break!

Soylent? They really named their company Soylent? Does it come in green?

I can’t be the only one that is surprised that Soylent still exists.

Soylent??? Please tell me they don't have a green variant... Just checked. They do, but they call it Mint...

I am so distracted by the switching of the lighting, shirt and the haircut throughout the video AHHHH

0:26 "Can you legally put on" What exactly was the editor planning on?

Soylent Brown is pretty good but have you tried Soylent Green?

So how many times did Riley change his shirt? Is it Gray, is it Tan? Either it was done over two days, or they made some corrections.😊

Where is actually shown what the new icon looks like? Watched the video twice and always saw only the padlock.

Thanks Riley!

The opposite of shame is pride.

Video starts at 3:26

Is this that uber expensive green screen tech Linus workshyBastian was talkin about?

Son: Did you get a haircut? 💈 Dad: Actually, I got them ALL cut....! 🤣🙄✌️

great work LMG! Rome wasn't built in a day but we can already see lots of improvements in the content. keep up the great work!

Also there are some places that don't have TLS 1.2 being used for the HTTPS connection and it will break the HTTPS from show and most browser will refuse to load that weaker pre TLS 1.2 site

Soylent is people.

Soylent is people! IT'S PEOPLE!

But why google changing this icon??

Many years have been spend dumbing the whole thing down to "green lock = safe", good luck trying to get people to check certificates

Soylent: Do they do a green one?

Wait, Soylent is a real thing? I thought it was just part of the soyjack memes

Thanks for the video!

Riley with his mid vid outfit and hair change 😂😂😂

SO . . the mint Soylent . . is GREEN!

Great video. Keep them coming

Soylent Green? I can't wait!

0:30 Hi, editor!

why did your shirt change

Lol we got this video 3 months ago but okay (“Google Chrome Is Ditching This Feature”).

Man I havent heard of soylet in forever

Firefox will warn if a site you are trying to visit doesn't have https.