[HTTPS-E Rulesets] YouTube rule and embedded video
Seth David Schoen
schoen at eff.org
Fri May 6 15:58:03 PDT 2011
Osama Khalid reminded me that enabling the YouTube rule could do a lot
of good. I was reluctant because I think users might be misled about
the level of protection they get, but that's really true for a lot of
our rules (like the Wikimedia rule!).
Previously the rule was turned off by default, not because of the
possibility that users could be misled, but because it was reported
to break embedded videos. There was a later report that it doesn't
break embedded videos, so I decided to test it in my browser to see
which is right. Apparently, both are right!
I went to Boing Boing to look at some embeded YouTube videos and the
first one on the page failed, while the second and third ones worked.
Looking at Boing Boing's HTML, the method used to embed them was
quite different. The one that failed is
<object width="600" height="371"><param name="movie" value="http://www.youtube-nocookie.com/v/A5lEMIf7_FM?fs=1&hl=en_US"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube-nocookie.com/v/A5lEMIf7_FM?fs=1&hl=en_US" type="application/x-shockwave-flash" width="600" height="371" allowscriptaccess="always" allowfullscreen="true"></embed></object>
while the ones that worked look like
<p><p><iframe width="600" height="371" src="http://www.youtube.com/embed/XznibGFPGHk" frameborder="0" allowfullscreen></iframe></p>
The first one (embedded by Cory Doctorow) shows an attempt to protect
users' privacy by using the youtube-nocookie.com feature. The second
one is using an iframe. Unfortunately, the more privacy-protective
embed is the one that gets broken by the YouTube rule.
Does anyone happen to know enough about YouTube video embedding to
diagnose what's going wrong and suggest a fix?
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-Everywhere-Rules
mailing list