Privacy concern #344
Comments
|
You can't. And there is no way to solve it either (well, giving everyone admin rights to all infrastructure would solve it). |
|
maybe we can add an advanced option so it only fetches dislikes for the videos you want (by the click of a button) if people are concerned they can just enable this and check dislikes for videos they dont trust, which should be pretty less compared to all the videos you watch. |
that would be one way to solve it. But then again - it would still expose all videos that you requested (and people would request most of their videos) |
|
You can also block it in firewall, and only unblock when you want to see dislikes . |
|
or disable it, and only enable when you need it. you get the idea. |
It's harder to be sure of someones viewing habits by less videos fetched |
yep, but imagine flipping the switch every time you want to see dislikes |
it will probably be a button on the youtube page itself, shouldnt be much of an inconvenience to those using this |
|
Should have kept this open instead of immediately closing it, atleast so we can have an open discussion about possible implementations of what I think its a pretty good idea. |
|
It was never opensource. |
Ah. I'm sure the community will be very happy to use a tool that is not creepy. Google is already creepy we shouldn't make the thing creepier. Don't worry we will solve this problem over Christmas break. Be it with this software or another 😉 |
|
So, making a request to a server is creepy now? You shouldn't be using github then either.
Good luck. |
|
By the way - a bunch of copycat-extensons died today once I enabled IP rate limiting. They were just calling my api in their backend - no own DB, no caching - nothing. Just pretending to provide a service while in reality they didn't. Now imagine they had a DB dump and server code - what good would it make - more userbase fragmentation, less reliable votes? And all while using my work for free. |
|
As the OP, I'd like to mention to @Anarios that in no way I'm claiming malicious intent. I am very grateful for your work. I suppose a few options would be possible:
I think discussing options here, like mentioned above, would be a great idea. Perhaps we will come to a conclusion that nothing can be done. But at least we explored all options. |
100% Agree, But youtube is still selling your data, so whats the point ? Also in order for this extension to be alive, it requires user data. Thus proving it useless without such data |
That's the reason there is a separate domain. YT removed the ability to get dislikes from YT API.
Agreed. Many people had already suggested this.
It is in plan. Just the thing is that, right now, the focus is on making the data meaningful
I probably didn't get this one. Can you explain why? |
public api doesnt return dislikes anymore
didnt know that existed, people can easily do that
that would only be archived counts, after a while it will get outdated and youd have to keep syncing the database
technically the host can modify the backend to collect your data and sell it while the open source code doesnt show the modifications I don't think theres anything you can do instead of |
|
Now imagine worst case scenario - say, I was as evil as it gets - what could I track? A random ID that you can regenerate at any time and an IP that can be dynamic\behind NAT\behind VPN. So if you use a dynamic IP or a VPN - there is nothing I can track. This would be a real solution to privacy concern. Unlike a non-solution of posting server sources. |
|
I'd suggest making this a public company |
I don't see what it solves. You can build extension from sources and replace my API with your own even today. Or I didn't understand this point. |
Here in Europe we are forbidden to track IP-addresses without consent, they are being anonymized to 0.0.0.0, I run security for our company, so I deal with this a lot. But I do see your point, the incoming data would be an IP-address, some headers, perhaps a browser user-agent and the video ID. Theoretically you could build up a user profile on this information, for example a table that stores videos watched by certain IP's in a database. However this would be a tiny drop compared to what Google/Youtube is tracking about us. I wonder if the "risks" here are actually overstated... What you do guys think? |
I doubt you could even sell it. If I could attach a cookie so that ads can be shown to you based on your watch history - that would be a gold mine. But you see that I don't do it in the frontend code. |
That would be what youtube already sells about you :) |
|
So instead of buying it from me - it's much more logical to just use google adds. |
|
There is a similar discussion in #45 , I cross-post some messages because general sentiment is very similar. Could I close this one and we continue there? what do you think? |
|
I have one last question, you mentioned other people using your endpoint.
I think a lot of people would be happy to just have a tool that allows them to easily look up dislikes on certain videos. Without altering the Youtube page itself. Of course the regular users of this extension would prefer the Updated Youtube page, but this extension could be an add-on for technical users, or perhaps a separate extension. You mentioned above that people already started using your endpoint, is this a problem? Traffic for example? or people abusing your work? I'd love to hear your thoughts. |
|
i checked by myself the devtool of the extention, and first off, i didnt seen any extra header meaning than im actually being tracked, second off, there is not cookies about youtube, google or anything related, the only thing wich is your user id (maybe used to detect spam or anything like this). |
The issue is that videos are being sent and perhaps logged with user-agent & ip addresses. Now of course this is a drop in a bucker of what Youtube/Google is collecting about us. But the the privacy issue remains interesting. We can't use a direct Youtube connection since the Youtube API stopped working so we're relying on the owners back-end application to store the actual dislikes. I think the best solution would be to implement a toggle, that only when hit retrieves dislikes for that video. That way we limit the calls to the back-end and we accept the risk of our view habbits beings 'logged'. Although the owner already adressed that he can barely log anything, let alone sell this data in #344 (comment) By the way there already is a way to toggle the extension per video, people can theoretically always put the Extension on 'Active on Click mode'. That way the extension does nothing until clicked upon and it will refresh the page. |
|
So you think than the solution could like like: |
Your user-agent is not sent, this information is written in the post request headers. Which are open source. You can see no such information is sent to the server. The IP addresses are not unique enough to identify you as an individual, as was said before, if this is a concern, consider using a proxy or a VPN because every website you browse will see your IP. I'm sorry, but these are entirely non-issues. |
It is. Why would you write that?
It is.
It is.
But they usually have no capability to track my YouTube history.
They are issues.
I have just realized that "Contributor" appears next to anyone who contributed to the codebase in a repository. I still believe that it's dangerous to write stuff like this (hell, I interpreted it that way!), but it's not as serious as I thought it was. Previous commenter most likely has no write access to the repo. |
A "Contributor" is merely someone who has contributed to the project at least once. That means just having a single commit in the repo makes you a contributor. You're probably mistaking this role for the "Collaborator" role, which is given by the repository owner directly and does give these exclusive rights such as write access. "Contributor" is simply someone who forked the repo and got their pull request merged by someone with actual write access. Other than that though, I agree with the comment about IPs though and these are in fact issues, it's just that there isn't really that much you can do about them. The IP address will always be sent, and there's absolutely no way to prevent that, most people use dynamic addresses so they change every now and then, still though, this change usually doesn't happen between countries, so the least an IP could provide is some geolocation info, but if someone has a static IP, this issue obviously gets much worse, still though, there's absolutely nothing this project can do about it, best you can do is use a VPN on your side. As for the user-agent though, I don't believe it's being sent since as pointed out, the client-side is open sourced and you can see the headers which are being sent, and they do not contain user-agent, so that should probably be safe (though I'm not hugely familiar with this code-base and there may be something that does send these, but I doubt that.) |
Indeed, I realized that a couple minutes after posting the comment. Not sure who posted the clarification first, but thanks :)
There is! It would overcomplicate the backend for relatively negligible benefit, but this thread contains some solutions. Unfortunately any effort to solve the issue would need to be orchestrated by the project's leadership.
Folks, there's no need to be familiar with the codebase. Install the extensions, open Dev Tools, open an YT video and watch XHR requests in the network tab. Search for
|
That is correct. And it's default fetch behavior in browsers. On the other hand - user agent is pretty far from a device fingerprint. |
@pzduniak
@Anarios |
|
Dedicated issue for K-anonymity: #452 |
|
I wouldn't. Since the extension itself is open source, we would be able to see and make sure that nothing gets sent over network until a specific button is clicked. Period. The request could start when you click a button say "view dislike count", which is separated from the dislike button as well. CONCEPT: EDIT: Another idea would be a minimal option for this setting which would just show the dislike button (with the "DISLIKE" text hidden except when you hover over it, the popup toast message would say "Shift click to view dislikes on this video" instead of "I dislike this". Again, this could be an OPTIONAL toggle in the config options for this extension so people aren't confused about this and users that are searching for more privacy would be able to get it. TLDR: Optional toggle to send nothing over the network unless specific button is clicked on which views the dislike ratio This would help me ensure that I only am sending network requests when I request (or need) it. If I don't want to view video dislikes, I don't click the view dislikes button or the dislike button (although clicking the dislike button is when I would want to view the dislike ratio anyway since I sent a packet to the server anyways). Pure and simple. Also, please release your compiled extensions on GitHub. I don't like using Chrome Web Store and I like updating my extensions from source manually. Using the Web Store is just tedious when sorting and naming extension versions and sorting through the random hashed folders. |
|
You can already configure extensions to only run when you press its icon, which is sort of similar
|
|
The problem also isn't really solved by making it manual. I want the functionality the addon provides; else I wouldn't have installed it. Having to press a button on every video doesn't help privacy in any way. |
|
I don't understand why this thread is still going on: If you want to stay anonymous, why do you use Youtube? Every time you watch a video you make a request that is equivalent to: Go to your local video rental store and pay by cash. Wear a ski mask. |
For me, I don't care what the dislike counter is on most videos. When I find a video that looks like clickbait or a scam, I want to view the amount of dislikes. Then I click the button, and it send a single network request of the video ID, retrieves the data, and displays it to me. Much less tailored info that the extension gathers by sending a request every single time I click on a new video. Basically, the extension is completely offline until click the button to send the request. This can also reduce the server load I am hearing issues about depending on how many users use this feature As for the extension, I load them manually. I would rather have an extension straight from the source in case google does anything with it or something (this is probably silly and they probably don't do anything with it, but still, why not release extension builds on GitHub?) I am still for #452 to be added as well to strengthen this. |
|
@ItsDrike |
|
I've created https://github.com/TeamPiped/RYD-Proxy, an open-source non-logging proxy that utilizes rotating Tor instances to avoid rate limiting while issuing requests. You can use it like so for example: https://ryd-proxy.kavin.rocks/votes/dQw4w9WgXcQ People interested in self-hosting it can use the docker-compose provided in the repository itself. |
That was never the goal, The goal was to avoid the API server's rate-limiting mechanism, for which I initially requested to be whitelisted for. (on the discord, to no response)
Had you read the repository's readme:
|
|
We should ban Tor origins in order to maintain the quality of the database. Anyone can write a code to (1) register as a new account with a new IP and (2) vote like/dislike for any number of videos, containing a list of targeted ones and many other randomly selected ones. The result is obfuscated spam data but with targeted videos being attacked. As a consequence, the like/dislike data is highly skewed due to human intention, and the quality is compromised. The above free open-source program just provided half of the evidence: The API server cannot distinguish whether a user is on a Tor network and hence there is no way to stop bad intentions. Now we only need some person-hours to complete the other half. This concept is hard to implement as any single person. However, as soon as one apprehends a list of vulnerable and/or compromised systems around the world, the program can be loaded on victim computers and make concurrent requests over Tor. Each computer needs to establish a new Tor circuit, register as a new user with a new random user ID, solve the bitcoin puzzle locally, and start voting for the targeted video list. After completion, the same victim computer can start another Tor circuit and make the same requests. This is comparable to DDoS attack in its format, but it does not require a very high level of amplification; One just needs to overcome the regular video audience and channel fans. (Or maybe fans can make use of this) This is not a new concept; I realized this a while ago but did not elaborate. Now that a half proof of concept is available, I think it's time to raise the concern. |
|
#399 was also closed that reported the code that posts all suggested videos on every video to the backend. Issue still exists: return-youtube-dislike/Extensions/combined/ryd.background.js Lines 52 to 61 in 752edcc |
|
@a-kriya - the code is not called. It was only active during first weeks when dislikes were still available. As you can see in the network tab - this call is never made. |
I know I am already giving Google data. I don't feel like giving data to another party if I don't need to. I still normally leave this script disabled until I feel like seeing dislikes for one specific video. |
I have probably requested only a dozen or so of videos since I first started using this script in December of 2021 . It would be higher if it wasn't as tedious as it is for my workaround of just manually enabling the script each time I want to check a single video. |
Just out of curiosity, I want to ask you a couple of things If RYD's backend (not the open source extension) ever gets compromised by malicious actors -
|
|
Skimming through this page it doesn't seem that we have privacy paranoids here. To any privacy paranoid I encounter in future: You seem to be kinda new to this privacy thing or maybe you are in 'hardcore privacy' related filter bubble. First get out of that bubble. TLDR: Privacy is important but anything in excess is harmful. Try to balance out things. from: https://www.privacyguides.org/basics/threat-modeling/
I have some suggestions for you -
Since this is for future reference, I might edit/update it. |
|
This #344 (comment) can be implemented with #452 iff the owner wants to take it seriously. |
and others
Browser
Brave
Browser Version
Latest
Extension or Userscript?
Extension
Extension/Userscript Version
Latest
Video link where you see the problem
Every
What happened?
How can we be sure our viewing habbits are not being tracked if every video I watch is being sent to your domain:
Can we solve this question to market/make this plugin even more popular and trusted by everyone?
The text was updated successfully, but these errors were encountered: