Hackers, intelligence agencies and advertisers could be tracking your online video-watching habits, even when the sites in question, such as YouTube, provide encryption and promise anonymity, according to research by a Ben Gurion University cyber-security expert.

“It’s important to know that video encryption is not as secure as we once thought,” said Ran Dubin, a doctoral student at the Beersheba university’s Department of Communication Systems Engineering.

In a statement from the university announcing the discovery, Dubin described his method: “We built a simple yet robust machine-learning algorithm that can identify which video you watched — within a predetermined set of videos — with a high degree of accuracy. The algorithm is based on an in-depth study of how video services work, how video content is encoded and how a video player requests information to play it.”

Get The Start-Up Israel's Daily Start-Up by email and never miss our top stories Free Sign Up

According to the statement, “Dubin was able to use this algorithm to determine if someone had watched a specific video from a set of suspicious, terror-related videos. Intelligence agencies could access this technology for tracking terrorists or other suspicious individuals. Internet marketing companies could track the number and make-up of viewers watching an ad.”

The vulnerability is unlikely to be fixed, he said. “Google, YouTube’s parent company, is not likely to patch the gaps, since it would be prohibitively expensive to create a traffic obfuscation mechanism for every user’s every video request.”

Dubin presented the research at a recent Black Hat Europe cyber-security gathering in London.

The ability to track online video habits can have positive outcomes, Dubin noted. Besides the need for law enforcement and counter-terrorism to track suspected criminals and potential terrorists, tracking the videos being accessed can help internet service providers assess the quality of video-streaming experienced by their customers without compromising a video host site’s encryption.

“While internet service providers want to ensure they are providing high quality streaming, encryption has made accessing information much more challenging,” said Dubin. “This tracking algorithm could help.”