logoalt Hacker News

8organicbitsyesterday at 11:48 PM0 repliesview on HN

This is an important point, private videos should not be impacted by this as knowing the URL isn't enough to access the video. Unlisted videos are indirect-object reference by design. It's poor security, but the user is expected to understand the tradeoff (if they actually do is questionable).