Despite the clear dominance of video streaming traffic on the Internet and the significant ramifications of disclosure of which videos users are streaming, video fingerprinting has received relatively little attention compared to other traffic analysis domains. Existing attacks are tailored to undefended traffic and mostly rely on a few manually crafted features. Meanwhile, potential defenses are ad hoc, often impractical, and typically only mentioned briefly. Drawing from progress made on website fingerprinting, we aim to improve current standards for attacks and defenses for video streaming traffic while highlighting a critical and underexplored issue on today's Internet. We show that directional and timing-based attacks that leverage CNNs are competitive with state-of-the-art video fingerprinting attacks, in many cases with far less training data. We also provide the first extensive study of potential defenses, which considers performance against attacks, overheads, and user QoE; and we present a novel defense design that boasts both broader applicability and greater efficacy than existing proposals.