Maybe their old scheme, when divided by the number of videos, was getting to the point where it was feasible you could brute force finding unlisted videos.
The old scheme had 7.3 x 10^19 ids (11 chars, base 64, thanks Tom Scott!). Suspiciously close to the max value of a 64-bit int, hmmm …
Assume a billion videos and you’re down to 10^10 - a one in a 10 billion chance isn’t much chance, but it’s far from secure.
(I’m ignoring the fact that only a small %age of videos are unlisted I guess, but I think the point still stands.)
The old scheme had 7.3 x 10^19 ids (11 chars, base 64, thanks Tom Scott!). Suspiciously close to the max value of a 64-bit int, hmmm …
Assume a billion videos and you’re down to 10^10 - a one in a 10 billion chance isn’t much chance, but it’s far from secure.
(I’m ignoring the fact that only a small %age of videos are unlisted I guess, but I think the point still stands.)