This is misleading to the point where it's not really true. They can't read your email -- or anything else -- unless you click through the extremely dire security warning in your browser. They don't have some sort of CA cert. This is one of the few threat scenarios where HTTPS works exactly as designed.
They're serving a page with a mismatched certificate becaus they want to tell you why YouTube isn't loading instead of simply just blocking it. Bogus HTTPS is at least a feeble attempt to do that
They're serving a page with a mismatched certificate becaus they want to tell you why YouTube isn't loading instead of simply just blocking it. Bogus HTTPS is at least a feeble attempt to do that