Best way to watch Youtube videos?
- Anmelden oder Registrieren um Kommentare zu schreiben
SO I have always used the Tor Browser to access the Youtube website and watch their videos. Since many websites that I use require Javascript I usually have it on and it was never much of a deal for me. But I have been interested in looking for other ways of doing so since I have noticed that even with Tor Browser they can still usually know that it's the same user (I suppose they don't know WHO I am because of Tor, but the stuff like screen resolution and size along with the chosen video topics and time of the day will give them enough info to still build a profile).
Some options:
1. Using invideo.us website
This alleviates the issue of Javascript since the website doesn't need it, but I suppose Youtube still sees that a Tor user is watching the same topics at the same times, only through another front-end. So it might not be an ideal solution. It still, I think, eliminates some side information like screen resolution.
2. Using a desktop app like FreeTube
It will be similar to using invideo.us only that this way I avoid telling another website what I am doing.
Also, I don't find it very responding in Trisquel 8 (I tried the appimage), sliding buttons go on and off at random while not really changing settings. I don't know if other alternatives exist.
3. Using an online service to download videos and watch locally
Worse than other options, because it's using SaaSS. And I suspect downloads are still carried by direct connections to Youtube servers.
4. Not using Youtube
Would be the ideal solution if not for the fact that Youtube has the biggest collection of videos on earth and I need to access them lol.
What do you guys think?
Thanks.
The invidious option seems like the best out of those.
A similar option is using mpv (with youtube-dl) to watch a video once you have the part of the link after https://youtube.com/ from invidious, using mpv [link here] in a terminal.
However, since invidious does not require javascript, it is more convenient than copy and pasting a link to a terminal every time you want to watch a video.
Thanks for the reply.
What I am not sure is how much information does youtube collect when I use invidious.
Like... the server sees that video A is being downloaded, and can see my IP making the connection (or my Tor IP whatever). Can they see for example which browser I am using, or if I try to use a different downloader (curl for example) ?
I have actually been wondering this for a while now.
Hoping someone here knows.
YouTube will only know that a video file was requested from your IP address. You can also use `&local=true` to proxy videos through Invidious, which should limit the amount of information available to YouTube to near zero. I would very much recommend reading this comment[0] as well which I think better answers your question.
0. https://trisquel.info/en/forum/invidious-youtube-redirect-site-agplv3-no-js-required#comment-135176
I am wondering, if I use www.invidio.us to watch or download a video, can the www.googlevideo.com server still place cookies on my browser to track me?
I just watched something on Invidious and have no cookies from googlevideo.com.
I'm not entirely sure, but I don't think that a server that's merely sending a resource (a video in this case) can use cookies or see your user agent. Someone can correct me if I'm wrong. I think the only thing Google can see is your IP address in this case.
Thanks! Yeah, I also think that way. But at the same time, I know that curl has the option to provide a specific http header and user agent (fake one if needed). So I suppose a server will still see more than just "this IP wants this file". You are right however in the cookie thing, that is probably done only through a browser session.
So, FreeTube is a good option then?
> So, FreeTube is a good option then?
I've never used it, but it looks good (depending on your stance
regarding Electron). I've found youtube-viewer[1] useful as well. It has
both a cli interface and a GTK interface.
What about Electron?
I remember some controversy over that but never understood the fuss.
Thanks, I will check youtube-viewer.
> What about Electron?
It was recently discussed here: see https://trisquel.info/forum/electron-again#comment-139322 an below.
I use youtube-dl + mpv
Cheers!
Minitube is a good one, it's been around since somewhere around 2012 I believe. The GNU/Linux version is free (Win/Mac versions are not, for some reason), and the source code is publically available.
https://flavio.tordini.org/minitube
https://github.com/flaviotordini/minitube
The pre-compiled package available on the homepage should be easily installable as it's a .deb package. (sudo dpkg -i minitube.deb)
EDIT: It's actually been around for a little longer than I thought. And it's also listed on the FSF's Free Software Directory website!
youtube-dl, mpv, mps-youtube is my youtube arsenal.
Thanks everyone for the suggestions!
I still have one question though, how do these various choices operate searches?
I mean, Invidious doesn't have an index file with all Youtube videos, right? So, search queries have to be directed at the Youtube site... hum... so they record which IP uses each search query...
But how do Invidious get to read comments for example? DO they parse the html code? I think that would require Javascript, right? If so, these apps would be doing the same.
Though Invidious and apps could just use DuckDuckGo website to run the search and retrieve possible videos from there I guess?
> I mean, Invidious doesn't have an index file with all Youtube videos,
> right?
Actually, I think it does. If I understand correctly, Invidious crawls
through YouTube indexing channels and videos.
Oh, ok. I didn't know that, thanks.
But what about if you run it in your own computer then?
> But what about if you run it in your own computer then?
You mean run your own instance of Invidious? In that case, you would
scrape YouTube and the information would be stored on your server.
Yes, but in that case my machine would have to run Javascript to get the comments from the Youtube page right?
Why do you suppose that?
Well, because when I disable javascript I can't read the comments. I think in mobile for example you can only read the first comments, if you want to "scroll down the comments" you need Javascript again.
I might be mistaken of course :P
> Well, because when I disable javascript I can't read the comments.
> think in mobile for example you can only read the first comments, if you
> want to "scroll down the comments" you need Javascript again.
Invidious uses JavaScript to load more comments without having to leave
the page, so it's true that you can only see the first page of comments
when JavaScript is disabled. However, this JavaScript is free software
from Invidious, being used to load comments stored on Invidious's
server. It is not the proprietary JavaScript on YouTube that loads
comments stored on Google's servers.
In order to get comments and other information from YouTube, Invidious
does scrape YouTube's Javascript, but I don't think that it actually
executes the JavaScript, so you shouldn't have to run any proprietary
software to run your own Invidious instance.
What is the difference between "scrapping content" and "executing it"?
Thanks
> What is the difference between "scrapping content" and "executing it"?
As I understand it, scraping means reading the page/code to get
information, whereas executing means actually running the software.
For comments, search, and most other parts of the site Invidious sends a request to YouTube on the users's behalf. It strips out the user's IP, User-Agent, Cookies, etc. so all YouTube should see is a request from the server's IP.
> DO they parse the html code? I think that would require Javascript, right? If so, these apps would be doing the same.
You can parse HTML using any language.
I'm having a little trouble understanding some of your questions, so you'll unfortunately have to clarify what you mean if you don't believe I properly answered it.
Also, one very important question... How many of you use Tor when accessing Youtube?
Because if not, then it's really not important what way you do it, they know that YOUR IP, and by definition YOU, watched that and that video and they can infer a lot about you and your life from there, aside from selling you to ad companies.
You Tor ;)
(yeah, just preaching something I think is really important!)
> Also, one very important question... How many of you use Tor when
> accessing Youtube?
I do encourage using Tor, even at times you don't need it, because more
people using Tor improves the anonymity of the Tor network. However,
watching videos or downloading large files slows down the network for
others, so I don't encourage using Tor for these activities except
unless you really do need it.
In situations where anonymity is not vital, I recommend using a VPN for
streaming videos and downloading large files, and reserving Tor for
low-bandwidth tasks.
chaosmonk - how do you feel about the fact that the government was so heavily involved in creating and financing Tor?
I know the question was not for me but I will try to clarify:
USA Gov did not create Tor. Roger Dingledine created it. It was a small proof of concept project, that yes was at the time paid for by the USA Gov (army or air force or navy, one of them I guess). But it was not thought for public distribution and it was never intended as being used by millions of people around the globe, so there were no dark schemes behind the scenes. After that, they realised it would not work as a private project and they threw the project away. Roger took it and kept working on it, later created the Tor Project which received money from various sources one of them being the USA Gov. All the code was always Free and Open, so no chances of dark schemes. Many volunteers took the code and studied it and made improvements also correcting bugs, so any chance a bug-door was ever introduced was eliminated in the process. Right now there are other ways to attack the network without even an Agency having to run multiple nodes. So, yeah, there is no real risk in using it, unless you are a very high profile target.
Hope this helps
chaosmonk - how do you feel about the fact that the government was so heavily involved in creating and financing Tor? I've always been wary of it - wondering what your opinion is.
> chaosmonk - how do you feel about the fact that the government was so
> heavily involved in creating and financing Tor? I've always been wary of
> it - wondering what your opinion is.
Are you implying that it could be a honeypot of some kind? If so, that's
something I worry about a lot with many VPNs, but less so with a
decentralized network running on free software. I would guess that the
US military funds Tor because they use it themselves. Their involvement
is not something to ignore, but it is also not a reason to reject Tor
any more than it is a reason to reject the Internet. If the Tor network
did not provide effective anonymity and privacy from the US government,
I think that things likely would have gone differently for Edward
Snowden.
I understand your fears and a few years ago it was so that the network was unstable and it couldn't reach high speeds, not even handle a too large number of users. There was a lot of work put into making the network more sustainable and resilient and it turned out that when a bot-net tried to work inside the Tor network, they could sustain the traffic for a few days without major issues. So, after that a lot of new nodes came into the network, and the Tor Network is now fast enough to handle modern connections in most places of the world and scales to as many users as needed. There is no reason NOT to use it to high-bandwidth tasks, especially because like you said that increases the anonimity of the network A LOT.
Trust me, right now there is no problem using Tor for youtube videos and Facebook pictures of funny cats. I would maybe suggest not using HD content and the like. Other than that, go ahead!
Interesting. Some years ago there was concern that you couldn't trust the node administrators. And there were several nodes that were suspected of being run by government operatives. If I recall, the biggest risk was at the node where your data was leaving the Tor network. Any updates on that situation? I know this is several years old, but that was a big concern for awhile.
Well the fact that the exit node can tamper with the traffic will never change. It's inherent to the way the internet works. BUT these days most websites have some basic form of HTTPS which prevents most tampering from happening, and there are more and more services available as Onion Services (which don't have the issues mentioned above since the traffic never exits the network). So for Facebook or DuckDuckGo use the corresponding Onion Service. And using HTTPS Everywhere will prevent most issues. Also, is you use the Tor Browser just set the security slider to medium and you will disable Javscript in non-https sites. That handles most problems just fine.
On the other hand if you are using a public wifi, there could be tampering and the local level, which only Tor or some similar software will prevent (because it encrypts the traffic before leaving your machine). So yeah, use Tor ;)
Yes very interesring. Very useful. Thanks very much.
Ok, I have been looking into Invidous again and I noticed that while you don't need Javascript to watch videos, you DO need to enable cookies if you want to have persisten Preferences used (things like which video resolution to watch, whether you want Dark Theme or not, etc). So, I wonder, if I allow cookies will they be able to "track" which videos I have watched? I tried looking into the cookie but I guess it is not a plain text file that I can read. Someone with more experience might be able to tell.
Thanks.
The PREFS cookie is URL-encoded JSON and fairly straight-forward, I would recommend looking here: https://github.com/omarroth/invidious/wiki/Preferences for how it works and a list of available options.
There are several tools online that will decode it for you so you can understand how it works and allow you to make your own.
Invidious also supports adding most options as query parameters, for example https://invidio.us/?dark_mode=true.
Ok, so according to the wiki page you recommended the only cookie that Invidio.us stores in the browser is to the preferences and not for tracking which videos were seen correct? If I allow cookies that will never allow the server to check which videos I have seen before correct?
That's correct. Invidious does not store any identifying information in the cookie, and also does not log any information that could be used to identify a client, although I would recommend reading the privacy policy[0] for more info, notably the section "Data stored in your browser".
The ability to log in and store my watch history is very useful. You've thought this out well omarroth. Where did you get the ideas for this project?
Watch history is a feature available on YouTube. Other features are inspired by several other extensions I use for YouTube that I wanted to integrate into one project.
I just noticed that they also have an Onion Service available even as a V3 Onion Service! Which is great but I wonder... they are actually proxying the videos through their Onion Service, I checked. So, won't Youtube eventually get fed up and try to kick them out of bussiness??
Well, anyway I think this closes the matter for now... If you use the V3 Onion Service you don't even need cookies enabled in order to get the "proxy" option. You can also simply click the Dark Theme button at the top and use it. Only thing that is annoying is to have the need to lower each video's resolution individually. So, yeah, annoying but HIGHLY usable.
I will let you guy know that there are also other instances of Invidous running and at least one of them is running an Onion Service. You can use them randomly and avoid that Invidious get's all the information that Youtube gets even when you use Tor (that is "a "a Tor User usually watches topic XXX at HH hour of the day", this is still relevant, especially when you add to that the Javascript fingerprinting your browser and machine).
Nice! The official onion service instance of Invidio.us is running great. This is certainly a new way to listen to music. When I tried some years back, you could not stream videos on Tor without constant buffering issues. So now google has no idea I'm listening to my music - how cool.
Yes, that goes to show how much the Tor Network evolved the last couple of years.
But hold on, I am unsure if the Onion Service is actually the only connection you make. While the page is loading Tor Browser says in the bottom left "connecting to" and it shows a lot of different addresses. I fear somehow the Onion is merely acting as a mirror and still allows some connections to google servers.
As for videos themselves, I tried downloading one and the download link was this
So, I the video seems to be hosted in the onion server but at the end it says "host...googlevideo.com" So I don't know again if some connection is made. Of course it is still hidden by Tor, but the way I see it the Onion should allow me to NOT make ANY connection to Google servers. Unsure about this...
There's a "Default quality" option in preferences so you don't have to change it manually. You can also use `&quality=medium` as an option if you'd prefer not to use cookies.
Ok, I think I found a bug in Invidious but I don't have a GitHub account to report it, if someone would be so kind please report it. The bug is as follows:
When accessing the official Invidious Onion Service V3 (the one with 32 characters) if you have Javascript enabled and try to jump ahead in the video (video still hasn't loaded and you click to go to near the end of the video for example) it will make a direct connection to googlevideo.com and retrieve the piece of the video that you asked, instead of retrieving it from the Onion service as well.
It was tested in a mobile Android device, but I suspect the issue will happen regardless of which device you use.
Try writing to invidio.us' creator through https://trisquel.info/users/omarroth/contact
Hi everyone! There's a lot to respond to. I did my best but feel free to mention anything I missed or if you have any other questions I'd be happy to answer them.
- Anmelden oder Registrieren um Kommentare zu schreiben