Is it just a lot of CPU-bound code and the modern JIT runtimes are simply that much faster, or is it doing some trickery that deno optimizes well?
> Currently, a new style of player JS is beginning to be sent where the challenge code is no longer modular but is hooked into other code throughout the player JS.
So it's no longer a standalone script that can be interpreted but it depends on all the other code on the site? Which could still be interpreted maybe but is a lot more complex and might need DOM etc?
Just guessing here, if anyone knows the details would love to hear more.
I mean, running some unknown highly obfuscated CPU-demanding JS code on your machine - and using its results to decide whether to permit or deny video downloads.
The enshittification will continue until user morale improves.
It's their application, yt-dlp can use whatever it wants. But they made their choices for stylistic/aesthetic reasons.
Scripts use V8 isolation, identical to Chrome. What comes to rest, we can only trust or review by ourself, but it is certainly better than nothing in this context.
But the usage of V8 means that Deno must explicitly provide the access (for V8) for networking and filesystem - the foundations for sandboxing are there.
It being a checkbox feature is a weird way to frame it too, because that typically implies you’re just adding a feature to match your competitors, but their main competitors don’t have that feature.
In what ways does it fall short? If there are major gaps, I’d like to know because I’ve been relying on it (for personal projects only myself, but I’ve recommended it to others for commercial projects).
Trusting Deno's sandboxing by itself isn't a great idea. An attacker only has to wait for the next V8 exploit to drop, probably a question of a few months at worse.
Now like I mentioned above it's probably ok in yt-dlp context, Google isn't going to target it with an exploit. It's still important that folks reading this don't takeaway "deno sandbox safe" and use it the next time they need to run user-supplied JS.
To me this is a bit alarming as IIRC most app runtime libraries that also have this in-runtime-only sandboxing approach are moving away from that idea precisely because it is not resistant to attackers exploiting vulnerabilities in the runtime itself, pushing platform developers instead toward process-level system kernel-enforced sandboxing (Docker containers or other Linux cgroups, Windows AppContainer, macOS sandboxing, etc.).
So for example, .NET dropped its Code Access Security and AppDomain features in recent versions, and Java has now done the same with its SecurityManager. Perl still has taint mode but I wonder if it too will eventually go away.
This plus what you mentioned is why I would never trust it to run arbitrary code.
Now in the context of yt-dlp it might fine, google isn't going to target them with exploits. I would still prefer if they didn't continue to propagate "DeNo iS SaFe BeCauSe It HaS sAnDbOxInG" because I've seen projets that were actually executing arbitrary JS rely on it thinking it was safe.
You're welcome
Maybe, for watching "recommended" stream without any subscriptions there are alternatives (which? I cannot name good ones, anyway), but if you watch your subscription you are bound to platform which contain this subscription. And no, content creators are not interchangeable.
Awaiting their “premium cannot be shared with people outside household” policy so I can finally cancel. Family members make good use of ad-free.
I was also a holdover from a paying Play Music subscriber, and this was shortly after the pita music switchover to youtube, so it was a last straw.
When they recently insisted by email I download any videos before they sunset the feature, their option only gave me the SD version (and it took a while to perform the data export).
While it doesn’t totally remove it, it lets me choose if I want to watch or not, and gets me past it in a single button press. All using the native app. I was surprised the first time this happened. I assume the creators hate it.
> Why not use Brave browser
We still need competition in the browser space or Google gets to have a disproportionate say in how the Internet is structured. I promise you, Firefox and Safari aren't that bad. Maybe Firefox is a little different but I doubt it's meaningfully different for most people [0]. So at least get your non techie family and friends onto them and install an ad blocker while you're at it.
[0] the fact that you're an individual may mean you're not like most people. You being different doesn't invalidate the claim.
The point is that if everyone is using a single browser (not just Chrome/Chromium) then that actor gets disproportionate control over the internet. That's not good for anyone.
The specific gripe to Chromium is that _Google_ gets that say, and I think they are less trustworthy than other actors. I'm not asking anyone to trust Mozilla, but anyone suggesting Mozilla is less trustworthy than Google probably has a bridge to sell you. Remember that being Chromium still means that Brave is reliant upon Google. That leads to things like this[0,1]. Remember, the chromium source code is quite large, which is why things like [0] aren't so easily found. I also want to quote a quote from [0.1]
This is interesting because it is a clear violation of the idea that browser vendors should not give preference to their websites over anyone elses.
> https://data.firefox.com/dashboard/user-activity
> https://brave.com/transparency/
If you're extra concerned about privacy and that's your reason for Brave, then may I suggest the Mullvad browser[2]? It is a fork of Firefox and they work with Tor to minimize tracking and fingerprinting. You get your security, privacy, and out from under the boot of Google.
[0] https://github.com/brave/brave-browser/issues/39660
[0.1] https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs...
[1] https://www.bleepingcomputer.com/news/google/google-to-kill-...
I'm telling you that Firefox is going to be out of business soon because users favor ad blocking and blocking trackers. That is the trend. Firefox isn't growing anymore.
> Honestly I have more questions looking at the Brave "transparency" report, as it seems to have more information about users than Firefox...
Metrics can be transmitted without revealing the user. This is well known.
You can't suggest anything. I am done with this conversation.
> I'm telling you that Firefox is going to be out of business soon
Regardless, I think you've ignored the root of my argument. I'm not trying to be a Firefox fanboy here but it's not like there's many options. The playing field is Chrome, Firefox, Safari. So only one of these is not "big tech".
> Metrics can be transmitted without revealing the user. This is well known.
> You can't suggest anything. I am done with this conversation.
[0] https://courses.csail.mit.edu/6.857/2018/project/Archie-Gers...
But I do think it is a far bigger problem that we let a single actor have so much control over the fundamental structure of the internet. The problem isn't Brave so much as it is Chromium. But criticizing Brave (and Opera, Edge, etc) is a consequence of this.
You must ask yourself which is the bigger concern?
- If you believe the major concern is an ad based ecosystem on the internet, then choose Brave. Especially if you believe it is unlikely that data leakage "features" implemented by Google are not likely to be captured by downstream projects.
- If you believe the major concern is the number one ad based company who's entire market is based on the erosion of data privacy, then choose *literally anything* that is not Chromium based.
But this is my opinion. There is no right answer here. It has to come down to you.
If you agree with me then I'd encourage you to look at Firefox. It is good by default and with a few easy to find options you can have strong privacy and installing uBlock is a trivial task. If you are more privacy conscious, I encourage you to look at the Mullvad Browser, which is a Firefox fork with strong privacy defaults (maintained by the Tor and Mullvad teams). If you want a WebKit then check out Orion. I use this on both my iPhone and iPad (my Macbook and linux desktop are still Firefox), as Orion allows add-ons, so you can get ad blocking on your phone (when I was on Android I just used Firefox mobile which supports extensions). If you really want to encourage a 4th player I believe LadyBird is the popular kid on the block, but I honestly don't know too much and last I knew it was not quite to a stable state.
You don't have to agree with me, but I just want to make people aware that they do have a say in the future. There's no solution that doesn't have drawbacks, but I think on a techie form we should be able to have a more complex discussion and recognize that there are consequences to our choices. I think it is also important to recognize our choices multiply as we tend to be the ones who inform our non-techie peers. If you've ever installed software for a friend or family member, then realize how our choices multiply.
I'd also encourage you to promote more conversations among techie groups so we can hear the diverse set of opinions and concerns. It's a complex world and it is easy to miss something critical.
Reddit has the answer for you: https://www.reddit.com/r/browsers/comments/1j1pq7b/list_of_b...
We're both programmers so we're both know we're talking about a one line regex...
I know quite a number of people like this and they're in high positions at big tech companies... doesn't take a genius to figure out why everything has such shitty user experiences and why all the software is so poorly written. No one even seems to care about the actual product they'll only correct you to tell you the product is the stock and the customer is the shareholder, not the user.
We fucked up...
So, after estimating the number of ping pong balls that fit on a 747, the thing to do is to go write the regexp and put that on your promo packet. Half a trillion dollars!
On my iPhone[0] calendar I imported my Microsoft (work) and Google (personal) calendars, also having the iPhone calendar. If we take last Labor day as an example, if I don't disable the Holiday calendars in Microsoft and Google, I have 3 entries for Labor Day. Holidays sit at the top of the day so if I'm on my phone I basically won't see any other events. If I'm on my macbook and my Calendar is using 60% of my vertical space I see "Labor Day +3 more". Full screen I can see 4 maybe 5 entries....
So I can save a large chunk of real estate by doing a simple fucking 1 line regex. At the same time I can effectively merge the calendars, so I get to see the holidays that are in one but not the others.
Effectively, I can ACTUALLY SEE WHAT I HAVE SCHEDULED FOR THE DAY[1]
This, of course, also affects other things. Sometimes Google will add an event because I got an email later. Fuck, now I have dupes... Same thing happens with birthdays... Or you can hit that fun bug where you have for some god damn reason duplicate contacts with the same name, phone number, and birthday, you get triplicate calendar entries and merging[2] and results in quadruple entries!
I have missed so many fucking things because I didn't see it on my calendar[3]. And someone has the audacity to ask how much money would be saved? We've spent longer discussing the problem than it would take to fix it! These aren't junior people I'm talking to (who ask dumb things like "but I can't control or merge the other calendars" not recognizing it's a display issue), but like a L6 at Amazon.[4]
> So, after estimating the number of ping pong balls that fit on a 747, the thing to do is to go write the regexp and put that on your promo packet.
[0] I've almost immediately regretted this decision...
[1] General frustration yelling, not yelling at you
[2] No, the "find duplicate contacts" option does not in fact find duplicate contacts (what fucking data are they looking for? Because it sure as hell isn't identical names. Why isn't it even trying to do similar names?!)
[3] I've also missed so many fucking things because that little scroll wheel wasn't completely finished with its animation and so saved the wrong day or switched AM to PM. I've missed so many things because I have so little control over notifications and they disappear not if I dismiss them, but if I just unlock my god damn phone. So not just that one liner needs to be done, but it would do a lot and these other one-liners would also greatly help.
[4] Dude was complaining about candidates using GPT to do leetcode problems and how he had a hard time figuring out if they were cheating or not. One of my many suggestions was "why not do in person interviews?" which was answered with how expensive plane tickets were (his interviewees were local) and contradicted his prior and later statements about how costly it is to hire/interview someone. I'm sorry, what percentage of 6 engineer's salaries to do 6 interviews for an hour is a single round trip ticket for a domestic flight? Or to have someone... drive in...
If it is free, then, what's the profile worth for a year... there's the value.
User retention is a thing.
> User retention is a thing.
That's what they're directly or indirectly being graded on. Even if they don't have to show how their work impacted the company's bottom line, their managers or their managers' managers have to, and poop just rolls downhill.
> The idea of engineers needing to justify monetary value is just... ill conceived. They should be concerned with engineering problems. Let the engineering manager worry about the imaginary money numbers.
If this was only possible in this industry. If you're in a small company, you're wearing multiple hats anyway. If you're in a big corp, well, my wife hates that I see this in everything, but - hidden inflation is a thing. As roles are eliminated (er, "streamlined"), everyone is forced to be responsible for things they're not really supposed to care about (my favorite example is filing expense reports).
As you aptly put it upthread: we fucked up...
> That's what they're directly or indirectly being graded on.
We need firewalls. One group's primary concern needs to be on the product. Another group's primary concern needs to be on keeping the business alive and profitable.
Too much of the former and you fail to prioritize the right work. Too much of the latter and you build vaporware. The downsides of biasing in one direction is certainly worse than the other...
> my wife hates that I see this in everything, but - hidden inflation is a thing.
I have a fundamental belief that there's far more complexity than we let on. That as we advance complexity only increases. What was once rounding errors end up becoming major roadblocks. It's the double edged nature of success: the more you improve the harder it is to improve. I truly will never understand how everyone (including niche experts) thinks things are so simple.
But my partner is doing her PhD in economics, so she also thinks about opportunity costs quite a lot but I think she (and a lot of her friends) were quite unaware of how a lot of stuff operates in tech[0].
Probably doesn't help that, as you know, I'm not great at brevity :/
[0] My favorite thing to at her department get togethers (alcohol is always involved) is to introduce them to open source software. Quite a number of them find it difficult to understand how much of the world is based on this type of work and how little money it makes. Not to mention the motivations behind it. The xz hack led to some interesting discussions...
Don't worry, people didn't go completely brain dead lol. And most of the economists know about it but not the scale or how it fits in the larger ecosystem. They really just know it as "there's sometimes tools on GitHub".
You can't just switch calendar/video streaming when everything else is integrated with it/everyone is exclusively posting on this network.
I suspect they aren't losing users over duplicated holidays in the calendar.
As a big tech programmer, it's almost never that simple...
Small edges cases not covered by a one line regex can mean big issues at scale, especially when we're talking about removing things from a calendar.
> As a big tech programmer, it's almost never that simple...
I did purposefully limit to holiday calendars as an example because this very narrow scope vastly simplifies the problem, yet is a real world example you yourself can verify.
You're right that edge cases can add immense complexities but can you really think of a reason it should be difficult to dedupe an event with identical naming and identical time entries, especially with the strong hint that these are holidays? Let's even just limit ourselves to holidays that exclusively fall over full day periods (such as Labor Day).
Do you really think we cannot write a quick solution that will cover these cases? The cases that dominate the problem? A solution whose failure mode results in the existing issue (having dupes)? Am I really missing edge cases which require significantly more complex solutions that would interfere with the handling of these exceptionally common cases? Because honestly, this appears like a standard table union problem. With the current result my choices are having triplicate entries, which has major consequences to usability, or the disabling of several calendars, which fails to generalize the problem and also results in missing some minor holidays. Honestly, the problem is so bad I'd be grateful even if I had to manually approve all such dedupes...
If not, I'd really like to hear. Because it really means I've greatly mischaracterized the problem and I should not be using this example. Nor the example of a failure to FIND contacts with identical names, nicknames, phone numbers, birthdays, and differ only on an email address and note entry. Because I have really been under the strong impression that the latter is a simple database query where we should return any entry containing matches (failure mode being presenting the user with too many matches rather than a lack of matches. We can sort by number of duplicate fields and display matches in batches if necessary. A cumbersome solution is better than the current state of things...).
I'm serious in my request but if I have made a gross mischaracterization then I think you'd understand how silly this all looks. I really do want to know because this is just baffling to me.
If I truly am being an idiot, please, I encourage you to treat me like one. But don't make me take it on your word.
- Maybe you want to separately invite people to the same thing and have different descriptions, now you're increasing the number of things to equate.
- Maybe a user creates one event that is simply a title and a time, and they then want to create a second one for another purpose. However, it keeps getting deduped and they don't know why. Now you have a user education problem that you have to solve.
- Now you might think: well just make it a toggle in the settings! Okay well now you have to add a new setting and that expands the scope of the project. Do you make it opt-in or opt-out? If it's opt-in, what if no one uses it? Do you maintain the feature if there's a migration? If it's opt-out, you still have the above problems.
I could go on. And this is mostly an exercise of not underestimating a "simple" change. Calendars (and anything involving time) in particular can get very complicated.
> will always have a desired behavior of being deduped.
> Maybe you want to separately invite people to the same thing
> Maybe a user creates one event that is simply a title and a time,
> And this is mostly an exercise of not underestimating a "simple" change
So what's your answer? Keep the bullshit and do not provide an option to allow merges or dedupes? Literally all the problems you've brought up can be resolved by prompting the user with a request to merge OR just giving them the ability to do so. You really think triplicate entries is a better result than allowing a user to select three entries, right click, "merge entries"? Come on...
My answer is simply: It's not a 5 minute regex change.
I'm not even saying it shouldn't be prioritized or isn't worth the effort. Just that you should give the problem a bit more respect.
> you should give the problem a bit more respect.
The very idealized trivial cases we're discussing and I've stressed we're discussing? I'm unconvinced.
I'm in a Spanish speaking country, but I want to watch English videos in English.
Auto-generated subtitles for other languages are ok, but I want to listen to the original voices!
I'd rather use auto-generated subtitles (even if flawed), but I want to hear the original voices!
The first time I saw this feature, it was on a cover of some pop song in a foreign language. Why on Earth... ?
Sames languages as you. It drives me nuts because the translations are almost always wrong.
If not, I wonder why I can still watch most videos in their original language (even though I'm in a Spanish-speaking country), and I only encountered this once so far.
I was using the browser feature that disables the mobile mode on smartphones.
The autodub feature should be disabled asap. Or at least have a way to disable globally on all my devices.
So instead of "stolen software" they distribute "patches" and a patching framework.
Legally distinct and modding is a much grayer area.
It's code you run locally to company the file, change the bytecode and repack it.
That's been a policy for a while, the sign up page prominently says "Plan members must be in the same household".
No idea if its enforced though.
I finally got so fed up, I bought a Samsung Galaxy Tab A7 off ebay for $50 and flashed it with LineageOS. I can now load whatever media I want onto the 1 TB sdcard I've installed in it. The 5 year old hardware plays videos just fine with the VLC app. And, as a bonus, I discovered that NewPipe, an alternative YouTube client I installed through the F-Droid store, is actually much more reliable at downloading videos than the official client. I was planning on using yt-dlp to load up the sdcard, but now I don't even need to do that.
The TIDAL app is absolute trash, it has this same issue all the time; not just that, but also, if a download fails it just hangs there and does not download the rest of the album/playlist.
Also, why would you want to download things in the first place? To watch them offline, right? Well, guess what happens when you open the app w/o an internet connection ... it asks you to login, so you cannot even access your music. 900k/year TOC genius work there.
The only reason why I haven't canceled is because I'm too lazy to reset my password in order to login and cancel, lol. Might do it soon, though.
There is no way to remove the stuck item if it's been pull from streaming library or you in country that -- such traveling etc -- does not have r ights to it. You simply cannot open the track to undownload it
I do wish they'd improve their CarPlay search results though. I hate asking for a well known song and getting some obscure EDM remix.
It was founded by Jay-Z and then bought by the Twitter dopey guy.
Is this another way of saying, "I will keep using it until it stops working"
Google is doing what Apple does and implementing Gatekeeper-like signature checks to ensure only apps by Google-approved developers can run on Android.
Microsoft does something similar with Windows Defender: you need to buy a developer certificate that can be revoked at any time if you want to distribute your app and have users be able to run it.
We're at a point where we need permission from trillion dollar companies to run the apps we want on the hardware we own.
Clarifying: you CAN run an unsigned app just fine on Windows. A lot of freeware/"indie" (for lack of a better term for small software) programs run just fine, the only thing that happens is the user recieves a warning they have to press "Yes" on (which 95% of people do, because That's The Windows UX[patent pending]).
https://cdn.advancedinstaller.com/img/prevent-smartscreen-fr...
In order to run, you have to click on "More info", and then a second "Run anyway" button appears.
There's way more than 5% of the Windows userbase that gets confused and can't get past this warning.
I also haven't seen any specifics on how that system is supposed to work, but have seen a lot of speculation and (perhaps not unwarranted) fearmongering.
It's time to milk the entire userbase for every cent they can get out of them by any means necessary. The future is bleak.
My point was that the threat of prohibiting libre Linux isn't from all manufacturers deciding to lock out installing Linux on their devices. But rather from remote attestation making it so that Google (et al) are able to force you to run a locked down operating system as a technically-enforced condition of interacting with their servers.
Yes, Google is doing this; but I don't believe Google is doing it to squeeze an inconsequentially small boost in YT Premium subscriptions from former-account-sharers - I believe they're doing it because they want to demonstrate that YouTube is a "secure" platform for large, Hollywood-like, production studios to feel comfortable publishing first-runs of new TV content directly to YouTube - and those production companies are famously paranoid, luddite, and comically ignorant of cryptography fundamentals (i.e. they believe DRM can simultaneously allow legal subscriber Alice but deny evil pirate Bob from watching protected content when Alice and Bob are in-reality the same person (it's you, me, us!).
..and if not Hollywood studios, then certainly the major sports leagues. [The NFL's lawyers seem like real fun at parties](https://publicknowledge.org/the-nfl-wants-you-to-think-these...).
NewPipe is so good and so useful. It can even play 4K and watch livestreams now.
Download feature on iOS always works flawlessly whenever I need to hop on a long haul flight (several times a year).
Then I have good news for you! https://lifehacker.com/tech/youtube-family-premium-crackdown
In fact, I've got an email from them about this already. My YT is still ad-free though, so not sure when it's going to kick in for real.
We are not the same.
1. Unlimited YouTube Premium
2. Unlimited drink reimbursement (coffee, tea, smoothies, whatever)
The psychological sense of loss from those two things would be larger than any 5% raise.
I recently got paused for "watching on another device" when I wasn't. I don't think that policy you mention is too far off.
So long as they are broadcasting media to the public without an explicit login system, so as to take advantage of public access for exposure, it will remain perfectly legitimate and ethical to access the content through whatever browser or software you want.
After they blitzed me with ads and started arbitrarily changing features and degrading the experience, I stopped paying them and went for the free and adblocking clients and experience.
I may get rid of phones from my life entirely if they follow through with blocking third party apps and locking things down.
You never know when the hammer can drop.
For now. I suspect this is the real reason Google is going to require a developer cert even for sideloaded apps: https://www.techradar.com/phones/android/google-will-soon-st...
until next year, when google will require real name and address for dev of side loaded apps
Feels like the app has passed the complexity threshold of what the team responsible for it can handle. Or possibly, too much AI code and not enough review and testing. And those don't have to be exclusive possibilities.
Also there is never a sensible reason to offer video speeds as a combo-box popup of all options from .05x to 4.00x. It's like three times the vertical size of my screen.
Don’t get me started on the “highest quality” account setting absolutely never selecting 4K options when available. They simply have to try to save the bandwidth money by nesting quality options a couple taps away. (A userscript fixes this on desktop and even in Safari iOS/iPadOS, but I don’t deserve the quality I’m paying for if I use their native app.) [Privileged rant over!]
Case in point (and sorry for bringing up this topic), LLM providers seem to be doubling down on automatic model selection, and marketing it as a feature that improves experience and response quality for the users, even though it's a blatant attempt to cut serving costs down by tricking users (or taking the choice away) into querying a cheaper, weaker model. It's obviously not what users want - in this space, even more than in video streaming, in 90%+ of end-user cases, what the user wants is the best SOTA model available.
At least with YouTube, I recall them being up front about this in the past, early in the COVID-19 pandemic - IIRC the app itself explained in the UI that the default quality is being lowered to conserve bandwidth that suddenly got much more scarce.
Bloomberg, March 24, 2020:
“YouTube to Limit Video Quality Around the World for a Month”
Guess it’s like a “temporary” tax… how’s a tax ever going to go away once collection starts :)
Giving you the bytes would be easy, the hard part is preventing the free flow of information. And those bugs are the side effects.
There are no files anymore. I mean, there technically are, but copyright industry doesn't want you to look at them without authorization, security people don't want you to look at them at all, and UX experts think it's a bad idea for you to even know such thing as "files" exists.
Share and enjoy. Like and subscribe. The world is just apps all the way down.
TikTok is very strange in that it actually does let you download real files.
User agents are like journalists: there's no such thing as pretending to be one.
If someone writes their own client and says, "This is a browser", then it is one.
[1]: https://choubey.gitbook.io/internals-of-deno/architecture/v8
https://github.com/yt-dlp/yt-dlp/blob/2025.09.23/yt_dlp/jsin...
Here are lines 431 through 433:
if expr.startswith('new '):
obj = expr[4:]
if obj.startswith('Date('):The submission is literally about them moving away from it in favor of Deno, so I think "never" probably gets pretty close.
Basically any publicly known method that can sip video content with doing the least work and authentication will be a common point of attack for this.
I wonder why. Perhaps because people use bots to mass-crawl contents from youtube to train their AI. And Youtube prioritizes normal users who only watch a few videos at most at the same time, over those crawling bots.
Who knows?
My point was that the large players have monopoly hold on large swaths of the internet and are using it to further advantage themselves over the competition. See Veo 3 as an example, YouTube creators didn’t upload their work to help Google train a model to compete with them but Google did it anyways, and creators didn’t have a choice because all eye balls are on YouTube.
By scraping every page and directing the traffic back to the site owners. That was how Google built their empire.
Are they abusing the empire's power now? In multiple ways, such as the AI overview stuff. But don't pretend that crawling Youtube and training video generation models is the same as what Google (once) brought to the internet. And it's ridiculous to expect Youtube to make it easy for crawlers.
PoToken - Proof of origin token which Google has lately been enforcing for all clients, or video requests will fail with a 403. On android it uses DroidGuard, for IOS, it uses built in app integrity apis. For the web it requires that you run a snippet of javascript code (the challenge) in the browser to prove that you are not a bot. Previously, you needed an external tool to generate these PoTokens but with the Deno change yt-dlp should be capable of producing these tokens by itself in the near future.
SABR - Server side adaptive bitrate streaming, used alongside Google's UMP protocol to allow the server to have more control over buffering, given data from the client about the current playback position, buffered ranges, and more. This technology is also used to do server-side ad injection. Work is still being done to make 3rd party clients work with this technology (sometimes works, sometimes doesn't).
Nsig/sig extraction example:
- https://github.com/yt-dlp/yt-dlp/blob/4429fd0450a3fbd5e89573...
- https://github.com/yt-dlp/yt-dlp/blob/4429fd0450a3fbd5e89573...
PoToken generation:
- https://github.com/yt-dlp/yt-dlp/wiki/PO-Token-Guide
- https://github.com/LuanRT/BgUtils
SABR:
- https://github.com/LuanRT/googlevideo
EDIT2: Addeded more links to specific code examples/guides
Now you know.
- AI companies scraping YT without paying YT let alone creators for training data. Imagine how many data YT has.
- YT competitors in other countries scraping YT to copy videos, especially in countries where YT is blocked. Some such companies have a function "move all my videos from YT" to promote bloggers migration.
(not debating the validity of this reason, but this is the entire reason Youtube exists, to sell and push ads)
"Everyone else" do not allow to download music in an unencrypted format, so it makes sense if YT doesn't allow also.
Like Google?
>scraping YT without paying YT let alone creators for training data
Like Google has been doing to the entire internet, including people’s movement, conversations, and habits… for decades?
Like Google competitors obviously.
> Like Google has been doing to the entire internet, including people’s movement, conversations, and habits… for decades?
Yes, but if you allowed to index your site (companies even spent money to make site better indexable), Google used to bring customers and AI companies bring back nothing. They are just freeloaders.
The reasons are similar for Cloudflare, but their stances are a bit too DRMish for my tastes. I guess someone could draw the lines differently.
It doesn't. That interferes with google's ad revenue stream, which is why YT continues to try to make it harder and harder to do so.
What? What does this even mean? Who "trusts" youtube? It's filled with disinformation, AI slop and nonsense.
it even became an interesting signal which "disinformation" they deem censorship-worthy.
The solution: have clients prove they are a legitimate client by running some computationally intensive JS that interacts with DOM APIs, etc. (which is not in any way unique to big tech, see Anubis/CreepJS etc.)
The impact on the hobbyist use case is, to them, just collateral damage.
Having no reliable feedback makes it so much harder for a viewbotter to find a workaround.
If there's a visible block on video downloads? They're not fighting viewbots with that.
Even if they hadn't done that, you can craft millions of bot-sponsored views using a legitimate browser and some automation and the current update doesn't change that.
So I'd say Occam's razor applies and Youtube simply wants to be in control of how people view their videos so they can serve ads, show additional content nearby to keep them on the platform longer, track what parts of the video are most watched, and so on.
They pay a lot of money to many smart people who can implement sophisticated bot detection systems, without impacting most legitimate human users. But when their business model depends on extracting value from their users' data, tracking their behavior and profiling them across their services so that they can better serve them ads, it goes against their bottom line for anyone to access their service via any other interface than their official ones.
This is what these changes are primarily about. Preventing abuse is just a side benefit they can use as an excuse.
I disagree with the framing of "us vs them".
It's actually "us vs us". It's not just us plebians vs FAANG giants. The small-time independent publishers and creators also want to restrict the web because they don't want their content "stolen". They want to interact with real humans instead of bots. The following are manifestations of the same fear:
- small-time websites adding Anubis proof-of-work
- owners of popular Discord channels turning on the setting for phone # verification as a requirement for joining
- web blogs wanting to put a "toll gate" (maybe utilize Cloudflare or other service) to somehow make OpenAI and others pay for the content
We're long past the days of colleagues and peers of ARPANET and NFSNET sharing info for free on university computers. Now everybody on the globe wants to try to make a dollar, and likewise, they feel dollars are being stolen from them.
Those were already public. The issue is AI bot ddos-ing the server. Not everyone has infinite bandwith.
> owners of popular Discord channels turning on the setting for phone # verification as a requirement for joining
I still think that Discord is a weird channel for community stuff. There's a lot of different format for communication, but people are defaulting to chat.
> web blogs wanting to put a "toll gate" (maybe utilize Cloudflare or other service) to somehow make OpenAI and others pay for the content
Paid contents are good (Coursera, O'Reilly, Udemy,...). But a lot of these services wants to have free powered by ads (for audience?).
---
The fact is, we have two main bad actors: AI companies hammering servers and companies that want to centralize content (that they do not create) by adding gatekeeping extension to standard protocols.
I'm not in it for the dollar. I just want the licenses I put on my content/code to be respected, that's all. IOW, I don't what I put out there to be free forever (as in speech and beer) to be twisted and monetized by the people who re in this for the dollar.
Fast forward fifty years and smell the rot. That same fiscal recklessness Congress spending like drunken sailors while pretending deficits don't matter has bled into every pore of society. Why wouldn't it? When BlackRock scoops up entire neighborhoods with Fed-printed cash while your kid can't afford a studio apartment, people notice. When Tyson jacks up chicken prices to record profits while diners can't afford bacon, people feel it. And when some indie blogger slaps a paywall on their life's work because OpenAI vacuumed their words to train ChatGPT? That's the same disease wearing digital clothes.
We're all living in Nixon's hangover. The "us vs us" chaos you see Discord servers demanding your phone number, small sites gatekeeping against bots, everyone scrambling to monetize scraps that's what happens when trust evaporates. Just like the dollar became Monopoly money after '71, everything feels devalued now. Your labor? Worth less each year. Your creativity? Someone's AI training fuel. Your neighborhood? A BlackRock asset on a spreadsheet.
And Washington's still at it! Printing trillions to "save the economy" while inflation eats your paycheck alive. Passing trillion-dollar "infrastructure bills" that somehow leave bridges crumbling but defense contractors swimming in cash. It's the same old shell game: socialize the losses, privatize the gains. The factory worker paying $8 for eggs understands this. The nurse getting lectured about "wage spirals" while hospital CEOs pocket millions understands this. The teenager locking down their Discord because bots keep spamming scams? They understand this.
Weimar happened when money became meaningless. 1971 happened when promises became meaningless. What you're seeing now the suspicion, the barriers, the every-man-for-himself hustle is what bubbles up when people realize the whole system's running on fumes. The diner owner charging $18 for a burger isn't greedy. The blogger blocking AI scrapers isn't a Luddite. They're just building levees against a flood Washington started with a printing press half a century ago.
The tragedy is that we're all knee-deep in the same muddy water, throwing sandbags at each other while the real architects of this mess the political grifters, the Fed bankers, the extraction-engine capitalists watch dry-eyed from their high ground. Until we stop accepting their counterfeit money and their counterfeit promises, we'll keep drowning in this rigged game. The gold window didn't just close in '71. The whole damn social contract rusted shut.
With the current system, they (the central bank) can just increase some people's numbers in some spreadsheets, and the effects are extremely indirect. Nominally this is in exchange for assets of equal value so the situation returns the normal after some time, but that hasn't been happening - the amount of money created this way has not been decreasing at any meaningful rate.
And corporate bailouts are downright cheap compared to the federal budget.
Well the US hasn't defaulted so changing how a default works wouldn't really affect the trajectory we took. And a default would be pretty catastrophic either way.
> nor to reuse the bonds to back money.
I don't know what you mean here.
Actually, by moving off the gold standard, it defaulted on dollars (at the time a kind of gold bond) rather than defaulting on dollar-denominated government bonds.
This choice was made some decades before the official day on which the gold standard ended. By 1971, it had already printed dollars to pay its bonds and didn't have nearly enough gold for foreign countries to be able to withdraw all their gold.
Greed and corruption absolutely festered under the gold standard. Boss Tweed embezzled a fortune from New York City coffers, Vanderbilt strong-armed railroads, and Rockefeller crushed competitors with predatory pricing. But here's the huge distinction: gold acted like a leash on a rabid dog. It didn't kill the beast, but it kept it from devouring the whole goddamn village. When robber barons got too greedy in the 1800s, their schemes imploded under gold's brutal discipline. Jay Cooke's bank collapsed in 1873? No Fed stepped in with trillions in printed cash to resurrect his corpse. Markets purged the rot, losers ate shit, and the system reset in years. Not decades of zombie corporations propped up by cheap debt. Corruption back then was like a bar fight: bloody, ugly, but contained. Tweed stole existing gold coins. He couldn't order the Treasury to mint him a fresh fortune overnight.
Vanderbilt couldn't borrow billions at 0% interest from a central bank to buy every competitor; he had to convince investors with real profits, not financialized vapor. Fast-forward to today: fiat didn't invent greed. It weaponized it. LBJ funded Vietnam and the Great Society without raising taxes because the printer go brrr. BlackRock gobbles neighborhoods with Fed-subsidized debt while renters bleed. Tyson jacks food prices 20%, blames "inflation," and pockets record profits because fiat decouples prices from real value. Banks peddle toxic mortgages knowing the Fed will bail them out. Politicians pass $6T "stimulus" bills while your paycheck buys less bread than a 1950s factory worker's. That's the cancer Nixon unleashed in '71. Not corruption itself, but its metastasis into a globalized, systemic looting operation where elites privatize gains, socialize losses, and inflation becomes a tax on the powerless. Gold didn't stop crooks. It stopped crooks from becoming untouchable gods. The 1800s proved humans will always be greedy. Fiat just gave them the universe's credit card and told your grandkids to foot the bill.
The gold standard is objectively terrible economic policy and "society was better when I was young" has been a meme for thousands of years.
It feels nice to attribute everything bad to this one weird trick, but it's fake.
Gold "terrible"? Tell that to the single mom paying 40% of her paycheck to rent a BlackRock-owned apartment. Why's BlackRock her landlord? Because fiat made debt cheaper than dirt. They borrowed billions at 0% from the Fed, bought entire neighborhoods, and jacked rents. Under gold? Interest rates would've spiked, crushing their leveraged bets. But nah. We got "QE Infinity" instead. Today's policy is literally cronyism with extra steps: print to bail out banks which causes inflated assets which squeezes workers. Rinse. Repeat.
- small content creators who want to make their content accessible to individuals
- companies that want to gobble up public data and resell it in a way that destroys revenue streams for content creators
- gatekeepers like Cloudflare who want to ostensibly stop this but will also become rent-extractors in the process
- users who should have the right to use personal tools like yt-dlp to customize their viewing experience, and do not wish to profit at the expense of the creators
We should be cautious both that the gatekeepers stand to profit from their gatekeeping, and that their work inhibits users as well.
If creators feel this type of user (often a dedicated fan and would-be promoter) is a necessary sacrifice to defend against predatory data extractors… then that’s absolutely the creator’s choice, but you can’t say there’s a unified “us” here.
Also there's a lot of misalignment between users and providers at the cultural level - the society is yet to fully process the implications of "digital revolution" (and copyright industry meddling with everything isn't helping). A big chunk of that boils down to the same thing that started "the war on general-purpose computing": producers have opinions on how their products should be used, and want to force consumers to only use them as prescribed.
Whether it's because they want to exploit the consumers through a side channel (e.g. ads), or to "protect intellectual property", or because they see artistic value in the integrity of their creation, or because they think they know better than customers - reasons are many, but underneath them all, is the core idea the society hasn't yet worked out: whether, and to what degree, are producers even morally entitled to that kind of control.
My personal answer is: they're not (nor they are to their old business models). But then it's producers, not consumers, who have all the money and control here.
This is why the DMCA will never be repealed, DRM will never go away, and there is no future for general purpose computing. People want access digital content, but the creators of that content wouldn't release it at all if they knew that it could be copied endlessly by whomever receives it.
I have heard someone trying this approach with music albums and succeeding at it. The album is more likely to go viral due to the easiness in sharing, while you'll always find consumers who volunteer to pay you. While the returns per copy is low, the large number of copies means that your profits may be higher than if it were DRM-encumbered. Musicians may also like the fact that there are no powerful middlemen that they have to contend with. In fact, this is what YouTube creators already do when they choose alternative monetization paths like Patreon.
What's really needed is for people to support and encourage this model and such creators. We used to earlier blame them saying that people choose convenience and short term savings over long term market health. But that's no longer applicable. People are so fed up with being exploited under consumerism that they've started boycotting these big players to regain their independence and self sufficiency. The real issue preventing open digital markets is just the lack of awareness of their existence. This message has to be spread somehow.
Just look at the hordes of people advocating Brave, which is a series scam company project.
... or just keep their site on the Internet. There hasn't been any major progress on sanctioning bad actors - be it people running vulnerable IoT crap that ends up being taken over by a botnet, cybercriminals and bulletproof hosters, or nation state actors. As long as you don't attack targets from your own geopolitical class (i.e. Russians don't attack Russians, a lot of malware will just quit if it spots Russian locale), you can do whatever the fuck you want.
And that is how we end up with darknet services where you can trivially order a DDoS taking down a website you don't like or, if you manage to get your opponent's IP leaked during an online game, their residential IP address. Pay with whatever shitcoin you have, and no one is any wiser who the perpetrator is.
Nowadays, producing anything feels like being the cows udder.
Oh really? Does Linus's Floatplane go to this extent to prevent users from downloading stuff? Does Nebula? Does whatever that gun youtuber's version of video site do this?
Does Patreon?
I'm sure some music creators may have, years ago, been against CD recorders, or platforms like Napster or even IRC-based file transfer for sharing music. Hell, maybe they were even against VCRs back in the day. But they were misguided at best.
People who want to prevent computer users from freely copying data are, in this context at least, part of "them" rather than "us".
I wish we could all just stop fighting the truth of the tech -- it costs ZERO to make copies of things, and adjust accordingly.
Patreon (and keep it real, OnlyFans) are roughly the only viable long term models.
The web as we knew it before ChatGPT was built around the idea that humans have to scavenge for information, and while they're doing that, you can show them ads. In that world, content didn't need to be too protected because you were making up for it in eyeballs anyway.
With AI, that model is breaking down. We're seeing a shift towards bot traffic rather than human traffic, and information can be accessed far more effectively and, most importantly, without ad impressions. So, it makes total sense for them to be more protective about who has access to their content and to make sure people are actually paying for it, be it with ad views or some other form of agreement.
Ads are coming to AI. The big AI push next will be context, your context all the time. Your phone will “help” and get all your data to OpenAI…
“It looks like you went for a run today? Good job, you deserve a treat! Studies show a little ice cream after a long run is effectively free calories! It just so happens the nearest Dairy Queen is running a promotion just for the next 30 minutes. I’m getting you directions now.”
But remember, the model is the engine.
Your ChatGPT, Claude’s, etc are products. They run on LLMs but also code and tools on the backend.
Run a local model all you want, it’ll never make a fillable PDF for you or remember your context on its own.
I laugh at people who think ActivityPub or Mastodon or BlueSky will save us. We already had that, it was called e-mail, look what happened once everyone started using it.
If we couldn't stop the centralization effects that occurred on e-mail, any attempt to stop centralization in general is honestly a utopian fool's errand. Regulation is easier.
Regulation would be great. The EU does it well. It is lacking in the US, and will be for some time. And so we have to downgrade to technical mitigations against centralization until regulation can meet the burden.
How does this prove you are not a bot. How does this code not work in a headless Chromimum if it's just client side JS?
I have a little experience with Selenium headless on Facebook. Facebook tests fonts, SVG rendering, CSS support, screen resolution, clock and geographical settings, and hundreds of other things that give it a very good idea of whether it's a normal client or Selenium headless. Since it picks a certain number of checks more or less at random and they can modify the JS each time it loads, it is very, very complicated to simulate.
Facebook and Instagram know this and allow it below a certain limit because it is more about bot protection than content protection.
This is the case when you have a real web browser running in the background. Here we are talking about standalone software written in Python.
There are a whole host of tricks relating to rendering and positioning at the edge of the display window and canvas rather than the window, which allow you to detect execution without rendering.
To simulate all this correctly, you end up with a standard browser, standard execution times, full rendering in the background, etc. No one wants to download their YouTube video at 1x speed and wait for the adverts to finish.
I recently discovered that audio codecs, frequencies, resolution, mix volume, etc. are accessible via JS in the browser and that this allows fingerprinting. Since we are talking about YouTube, the same type of technique should be possible with video codecs.
Amazing how they simply couldn't win - you deliver content to client, the content goes to the client. Could be the largest corporation of the world and we still have yt-dlp.
That's why all of them wanted proprietary walled gardens where they would be able to control the client too - so you get to watch the ads or pay up.
Yes, we have archive.org. We need more than that, though.
I’m sure there’s some distributed solution like IPFS but I haven’t seen any serious attempt to make this accessible to every day people.
It is the same reason why people just can't get off IG. Network effect and in YT case a lot of disk space and bandwidth.
I admit I haven’t looked into peertube, and I didn’t think that rumble was any better than YouTube. I don’t recognize the others. Thank you; I’ll resurvey.
And it is 2025, the HN crowd here can usually just deploy their video to CDN. Many business are also just hosting their own videos.
BTW forgot to mention Odyssey underlying protocol is https://lbry.com
And seems like there are past article about it on HN: https://news.ycombinator.com/item?id=24594663
This is a very bad standard and not indicative of the capabilities of the average small-to-medium business.
Nonetheless, I agree it's more complicated than I made it seem—YouTube is not an insurmountable problem for a determined actor.
There are many thousands of paid hosting services, feel free to pick one. It turns out hosting TB of data for free is a pretty tricky business model to nail down.
And even if the legal attacks could be mitigated most people would still use youtube because they're there for the money (or for people who are there for the money). They are not there for a video host. Youtube enables distribution of money and there's no way that any government would let any free system distribute money without even more intense legal, and indeed physically violent, attacks.
Maybe there is an opportunity for that company to expand.
I can imagine if they've added rate-limiting, e.g. 30GB per IP per week - that would've reduced amount of crap, literal white noise and spam/scam videos uploaded to Youtube in several magnitudes. Another strategy is, if a video doesn't get 1000 views after a week - it's deleted.
YouTube's economy of scale goes way beyond having their own datacenters, they have edge caches installed inside most ISP networks which soak up YT traffic before it even reaches a Google DC. It would take a staggering amount of investment to compete with them on cost.
Almost 25 years on the internet and I have not been able to download anything from IPFS. Does one need a PhD to do so?
CSAM peddlers, intellectual property violators, unconsensual sexual material ("revenge porn"), malware authors looking for places to exfiltrate stolen data, propagandists and terrorists, the list of abusers is as long as it is dire.
And for some of these abuser classes, the risk for any storage service is high. Various jurisdictions require extremely fast and thorough responses for a service provider to not be held liable, sometimes with turnaround times of 24 hours or less (EU anti terrorism legislation), sometimes with extremely steep fines including prison time for responsible persons. Hell, TOR exit node providers have had their homes raided and themselves held in police arrest or, worse, facing criminal prosecution and prison time particularly for CSAM charges - and these are transit providers, not persistent storage.
And all of that's before looking on the infrastructure provider side. Some will just cut you off when you're facing a DDoS attack, some will bring in extortionate fees (looking at you, AWS/GCE/Azure) for traffic that may leave you in personal bankruptcy. And if you are willing to take that risk, you'll still run the challenge of paying for the hardware itself - storage isn't cheap, 20TB of storage will be around 200€ and you want some redundancy and backups, so the actual cost will rather be 60-100€/TB plus the ongoing cost of electricity and connectivity.
That's why you're not seeing much in terms of democratization.
Youtube can get away with its shit service and utter lack of sensible moderation simply by being under Google's roof and the effort required to start up a competitor.
But if they decide they have to, they can do it fairly trivially.
You already need such things for certain formats.
I think we can safely assume that the only content under DRM at YouTube today is the content where it's absolutely legally necessary.
This solution looks interesting, but I am technical enough to know that this looks like a PITA to setup and maintain. It also seems like it is focused on downloading everything from a subbed channel.
As it is now, with a folder of downloaded videos, I just need a local web server that can interpret the video names and create an organized page with links. Is there anything like this that is very lightweight with a next next finish install?
"yt-dlp moves to Deno runtime"
That makes it seem like yt-dlp itself was rewritten from Python to JavaScript (for those who even know it’s Python) or that it used to use Node and now uses Deno.
What tool can I use to simply store what my browser receives anyway, in a single video file?
It's inconsistent as fuck, and even TOR exit nodes still work without a log in sometimes.
Good on Google for kicking people while they're down.
I wish content creators would think of their own good more, and start publishing on multiple platforms. Are there any terms that YouTube has for them, that reduce revenue, if they publish elsewhere as well? Or is it mostly just them being unaware?
This. I'm interested in such a tool or browser extension.
I want them to go overboard. I want BigTech to go nuts on this stuff. I want broken systems and nonsense.
Because that’s the only way we’re going to get anything better.
At this point I don't know - I still have the feeling that "they just need to make it 50% worse again and we'll get a competitor," but I've seen too many of these platforms get 50% worse too many times, and the network effect wins out every time.
It doesn't work. There aren't any collapses like that to be had. Big change happens incrementally, a bit of refactoring and a few band-aids at a time, and pushing to make things worse doesn't help.
You can step away from the world (right now, no waiting required). But the world can remain irrational longer than you can wait for it to step away from you, and pushing for more irrationality won't make a dent in that.
The basic governing principles of the economy were completely rewritten in 1971, were completely rewritten again in 2008, were completely rewritten again in 2020 - probably other times too - and there are only so many more things they can try. The USA is basically running as a pseudo-command economy at the top level now - how long do those typically last? - with big businesses being supported by the central bank.
The economy should have collapsed in 1971, 2008 and 2020 (and probably other times) as well, but they kept finding new interventions that would have seemed completely ludicrous 20 years earlier. I mean, the Federal Reserve just buying financial assets? With newly printed money? (it still has a massive reserve of them, this program did not end, that money is still in circulation and it's propping a lot of economic numbers up)
All predictions about when the musical chairs will end are probably wrong. The prediction that it'll end in the next N years is just as likely to be wrong, as the prediction that it won't. Some would argue it already has ended, decades ago, and we are currently living in the financial collapse - how many years of income does it take to get a house now? The collapse of Rome' took several centuries. At no point did the people think they were living in a collapsing empire. Each person just thought that how it was in their time was how it always was.
During the "things get worse" phase, why not make it shorter?
The year is 2003. Svn and cvs are proving to be way too clunky and slow for booming open source development.
As an ethical accelerationist, you gain commit access to the repos for svn and cvs and make them slower and less reliable to accelerate progress toward better version control.
Lo and behold, you still have to wait until 2025 for git to be released. Because git wasn't written to replace svn or cvs-- it was written as the result of internal kernel politics wrt access to a closed-source source management program Bitkeeper. And since svn and cvs were already bad enough that kernel devs didn't choose them, you making them worse wouldn't have affected their choice.
Also, keep in mind that popularity of git was spurred by tools that converted from svn to git. So by making svn worse, you'd have made adoption of git harder by making it harder on open source devs to write reliable conversion tools.
To me, this philosophy looks worse than simply doing nothing at all. And this is in a specific domain where you could at least make a plausible, constrained argument for accelerationism. Your comment instead seems to apply to accelerationism applied to software in general-- there, the odds of you being right are so infinitesimal as to be fatuous.
In short, you'd do better playing the lottery because at least nothing bad happens to anyone else when you lose.
Because it never gets better for the people actually living through it.
I imagine those in favor of the idea of accelerating collapse aren't all so purely selfless that they're willing to see themselves and their children suffer and die, all so someone elses' descendants can live in a better world.
Nah, they just aren't thinking it through.
Luckily all that is becoming a non-issue, as most content on these websites isn't worth scraping anymore.
In fact, at this point in time (it won't last), one of the most useful applications of LLMs is to have them deal with all the user-hostile crap that's bulk of the web today, so you don't have to suffer through it yourself. It's also the easiest way to get any kind of software interoperability at the moment (this will definitely not last long).
All thanks to great ideas like downloading the whole internet and feeding it into slop-producing machines fueling global warming in an attempt to make said internet obsolete and prop up an industry bubble.
The future of the internet is, at best, bleak. Forget about openness. Paywalls, authwalls, captchas and verification cans are here to stay.
Personally, when it became available, o3 model in ChatGPT cut my use of web search by more than half, and it wasn't because Google became bad at search (I use Kagi anyway) - it's because even the best results are all shit, or embedded in shit websites, and the less I need to browse through that, the better for me.
I suppose that's thanks to Google and their search algos favoring ad-ridden SEO spam. LLMs are indeed more appealing and convenient. But I fear that legitimate websites (ad-supported or otherwise) that actually provide useful information will be on the decline. Let's just hope then that updated information will find its way into LLMs when such websites are gone.
It's a bit of a gamble at this point - will the larger models, or new architectures, or training protocols, be able to reject all that noise and extract the signal? If yes, then training on the Internet is still safe. If not, it's probably better for them to freeze the datasets blindly scrapped from the Internet now, and focus on mining less poisoned sources (like books, academic papers, and other publications not yet ravaged by the marketing communications cancer[0], also ideally published before the last 2 years).
I don't know which is more likely - but I'm not dismissing the possibility that the models will be able to process increasingly poisoned data sets just fine, if the data sets are large enough, because of a very basic and powerful idea: self-consistency. True information is always self-consistent, because it reflects the underlying reality. Falsehoods may be consistent in the small, but at scale they're not.
What you want is to just download the 10-20kb html file, maybe a corresponding css file, and any images referenced by the html. Then if you want the video you just get the video file direct.
Simple and effective, unless you have something to sell.
> unless you have something to sell
Video hosting and its moderation is not cheap, sadly. Which is why we don't see many competitors.
(before you ask: Vimeo is getting sold to an enshitification company)
And a decent list here: https://ideaexplainers.com/video-sites-like-youtube/
Not actually heard of the first two, what's their USP?
Twitch has the issues the other commenter described, and both Twitch and Facebook are owned by billionaires who are actively collaborating with the current authoritarian regime. Facebook in particular is a risk space for actually exercising free speech and giving coherent critiques of authority.
Dailymotion is... maybe okay? As a company it seems like it's on life support. There's a "missing middle" between the corporate highly produced content that's distributed across all platforms and being a long tail dumping ground. I did find things like university lectures there, but there isn't creators actually trying to produce content for Dailymotion like there is on YouTube.
So, just like Youtube, then?
What we don't see is more web video services and services that successfully trick varied content creators to upload regularly to their platform.
https://en.wikipedia.org/wiki/PeerTube also must be mentioned here.
* PeerTube and similar platforms for video streaming of freely-distributable content;
* BitTorrent-based mechanisms for sharing large files (or similar protocols).
Will this be inconvenient? At first, somewhat. But I am led to believe that in the second category one can already achieve a decent experience.
2. N/A, but enough content creators on YT are very much aware of the kind of prison it is, especially in the years after the Adpocalypse.
3. Obviously, nobody should be able to monetize the copying of content. If it is released, it is publicly released. But they can use LibrePay/Patreon/Buy me a coffee, they can sell merch or signed copies of things, they can do live appearances, etc.
Soon, LLMs will be able to complete any Captcha a human can within reasonable time. When that happens, the "analog hole" may be open permanently. If you can point a camera and a microphone at it, the AI will be able to make better sense of it than a person.
That's true for static content, but much of it is forums and other places like that where the main value is that new content is constantly generated - but needs to be re-scraped.
Everyone thinks they're a master fisher, and gets up in arms about those pesky users not acting dumb fish, instead trying to eat the content bait without biting the monetization hook.
If you are just asking Siri to load a page for you, that probably gets tolerated. Maybe very sensitive sites will go verified mobile platform only and Apple/Google will provide some kind of AI free compute environment like how they can block screen recording or custom roms today.
Yes it is 100% the death of the free and open computing environment. But captchas are no longer going to be sufficient. It seems realistic to block bots if you are willing to fully lock down everything.
This seems like an awful future. We already had this in form of limited ipv4 addresses wher each IP is basically an identity. People started buying up ip addresses and selling them as proxies. So any other form of ID would suffer the same fate unless enforced at government level.
Worst case scenario we have 10,000 people sitting in front of the screens clicking page links because hiring someone to use their "government id" to mindlessly browse the web is the only way to get data of the public web. That's not the future we should want.
I can literally just go write a script that uses headless firefox + mitmproxy in about an hour or two of fiddling, and as long as I then don't go try to run it from 100 VPS's and scrape their entire website in a huge blast, I can typically archive whatever content I actually care about. Basically no matter what protection mechanisms they have in place. Cloudflare won't detect a headless firefox at low (and by "low" I mean basically anything you could do off your laptop from your home IP) rates, modern browser scripting is extremely easy, so you can often scrape things with mild single-person effort even if the site is an SPA with tons of dynamic JS. And obviously at low scale you can just solve captchas yourself.
I recently wrote a scraper script that just sent me a discord ping whenever it ran into a captcha, and i'd just go look at my laptop and fix it, and then let it keep scraping. I was archiving a comic I paid for but was in a walled-garden app that obviously didn't want you to even THINK of controlling the data you paid for.
this is absolutely not the case. I've been web scraping since 00s and you could just curl any html or selenium the browser for simple automation but now it's incredibly complex and expensive even with modern tools like playwright and all of the monthly "undetectable" flavors of it. Headless browsers are laughably easy to detect because they leak the fact they are being automated and that they are headless. Not to even mention all of the fingerprinting.
I made a web scraper in Perl a few years ago. It no longer works because I need a headless browser now or whatever it is called these days.
Web scraping is MUCH WORSE TODAY[1].
[1] I am not yelling, just emphasizing. :)
I think he means the JS part is now easy to run and scrape compared to the transition time from basic download scraping to JS execution/headless browser scraping. It is more complex but the tools haven’t been as evolved as they are now a couple of years ago.
[1] https://github.com/Marsel-marsel/youtube-premium-video-downl...
The yt-dlp contributors are not in the business of writing or finding JS runtimes, they're trying to download videos.
svn://svn.jdownloader.org/jdownloader/trunk
it's right there on the home page
It's it's always been very apparent that YouTube are doing _just enough_ to stop downloads while also supporting a global audience of 3 billion users.
If the world all had modern iPhones or Android devices you'd bet they'd straight up DRM all content
And I call that a theory for a reason. Creators can still download their videos from YT Studio, I'm not sure how much importance there is on being able to download any video ever (and worst case scenario people could screen recording videos)
also, one could assume that the remaining 5% are either watching with vlc/mpv/etc or running an adblocker. so it's not like google is going to lose ad revenue by breaking downloaders like yt-dlp. grandparent comment (legacy smart TV support) is the much more likely explanation
Those creators are what drive the the bulk of viewers to the platform.
Though, come to think of it, as YT's become increasingly obnoxious to use (the native Web client is utterly intolerable, front-ends such as Invidious are increasingly fragile/broken, yt-dlp is as TFA notes becoming bogged down in greater dependencies) I simply find myself watching (or as my preference generally is, listening) to far less from the platform.
I may be well ahead of the pack, but others may reach similar conclusions in 5--10 years. Or when a less-annoying alternative clearly presents itself.
e.g. censorship, metadata, real time society-wide trends, etc...
google is way-way more than just a company.
Its such a shithole, with no real replacement, sad state of affairs.
https://www.jeffgeerling.com/blog/2025/self-hosting-your-own...
For a while now, I've been forced to change "watch?v=" to "/embed/" to watch something in 480p on an i3 Gen 4, where the same video, when downloaded, uses ~3% of the CPU.
However, unfortunately, it doesn't always work anymore.
https://www.youtube.com/watch?v=xvFZjo5PgG0 https://www.youtube.com/embed/xvFZjo5PgG0
While they worsen the user experience, other sites optimize their players and don't seem to care about downloaders (pr0n sites, for example).
There are browser extensions like h264ify that block newer codecs but WHY??? Is nobody at YouTube caring about the user experience? It’s easier and more reliable to just download the videos.
"Other JS runtimes (node/bun) could potentially be supported in the future, the issue is that they do not provide the same security features and sandboxing that deno has. You would be running untrusted code on your machine with full system access. At this point, support for other JS runtimes is still TBD, but we are looking in to it."
> Why can't we embed a lightweight interpreter such as QuickJS?
> @Ronsor #14404 (comment)
The linked comment [2]:
> @dirkf This solution was tested with QuickJS which yielded execution times of >20 minutes per video
How on earth can it be that terrible compared to Deno?
[1] https://github.com/yt-dlp/yt-dlp/issues/14404#issuecomment-3...
[2] https://github.com/yt-dlp/yt-dlp/issues/14404#issuecomment-3...
QuickJS uses a bytecode interpreter (like Python, famously slow), and is optimised for simplicity and correctness. Whereas Deno uses a JIT compiler (like Java, .NET and WASM). Deno uses the same JIT compiler as Chrome, one of the most heavily-optimised in the world.
That doesn't normally lead to such a large factor in time difference, but it explains most of it, and depending on the type of code being run, it could explain all of it in this case.
QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
[^1]: https://v8.dev/blog/jitless
[^2]: https://docs.deno.com/runtime/getting_started/command_line_i...
In my mind, an acceptable time for users might be 30 seconds (somewhat similar to watching an ad). If QuickJS is taking >20 minutes, then it is some 40x slower? Seems very high?
> QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
Interesting, not come across it before. Running C code seems like an insane workaround from a security perspective.
Serving a niche is a very good way to start with many products. It is even common gospel in startups. With the rest I agree.
Once upon a time (around 2000) they tried to fix this by making cameras illegal except for licensed photographers.
https://github.com/TheFrenchGhosty/TheFrenchGhostys-Ultimate...
We have an old SCSI scanner, so it took about as long to scan it as it did to write it.
Then you open it up to third party businesses and get them tied to your platform, making money off your users.
Once locked in you turn the screws on the businesses to extract as much money from them as possible.
Finally you turn the screws on the users to extract every last bit of value from the platform before it withers and fades into irrelevance.
I have learned so much from YouTube - I wish it was more open and friendly to its creators and users :(
In the meantime, all we can do is support smaller alternatives like https://nebula.tv/
A huge thank you to the yt-dlp folks. They do amazing work.
https://github.com/yt-dlp/yt-dlp/tree/master/yt_dlp/extracto...
It's also common to have the non-Python (here, Rust) source in source distributions ("sdists"), but this project's sdist is only a few kilobytes and basically functions as a meta-package (and also includes no license info). It "builds" Deno by detecting the platform, downloading a corresponding zip from the GitHub releases page, extracting the standalone Rust executable, and then letting Hatchling (a popular build tool in the Python ecosystem) repackage that in a wheel.
Update: It turns out that the Python package is published by a third party, so I submitted an issue (https://github.com/manzt/denop/issues/1) to ask about the licensing.
But it’s a real mess it keeps crashing, something I might too humbly put down to me having too many files, but passive aggressively put it down to YouTube on iPad not having a limited amount of storage space.
On the other hand there’s a number of amazing videos I’ve downloaded to watch which have been remotely wiped. Grrr
I don't promote piracy, but it seems that it's easier to download music from youtube than using torrents, which is quite surprising.
Who expected that such a big company would contribute to piracy?
My wife was interested in the idea that I was running "Netfix from home" and enjoyed the lack of ads or BS when we watched any content. I never really thought I would be an "example" or anything like that - I fully expected everyone else to embrace streaming for the rest of time because I didn't think those companies would make so many mistakes. I've been telling people for the last decade "That's awesome I watch using my own thing, what shows are your favorites I want to make sure I have them"
In the last 2 years more family members and friends have requested access to my Jellyfin and asked me to setup a similar setup with less storage underneath their TV in the living room or in a closet.
Recently-ish we have expanded our Jellyfin to have some YouTube content on it. Each channel just gets a directory and gets this command ran:
yt-dlp "$CHANNEL_URL" \
--download-archive "downloaded.txt" \
--playlist-end 10 \
--match-filters "live_status = 'not_live' & webpage_url!*='/shorts/' & original_url!*='/shorts/'" \
-f "bv*[height<=720]+ba/b[height<=720]" \
--merge-output-format mp4 \
-o "%(upload_date>%Y-%m-%d)s - %(title)s.%(ext)s"
you are missing [vcodec^=avc1] ?
I struggled with that myself (yt-dlp documentation could use some work). What's currently working for me is:
yt-dlp -f "bestvideo[width<800][vcodec~='^(avc|h264)']+bestaudio[acodec~='^((mp|aa))']"you can also skip the match filters by running the /videos URL instead of the main channel url.
if you want 720p, use -S res:720
Let's make sure that when all those people come looking for solutions, they'll find ones that are easy to set up and mostly "just work", at least to the extent this can be done given that content providers are always going to be hostile.
Not surprised to see yt-dlp make a similar choice.
Wow, this is equal parts fascinating and horrifying.
Edit, after looking into it a bit: It seems like a self-contained build of deno weighs in at around 40 MB (why?), so I can see why they tried to avoid that and appreciate the effort.
[1] https://github.com/yt-dlp/yt-dlp/blob/2025.09.23/yt_dlp/jsin...
Plenty of devices have YouTube players which are not being capable of being updated and which must work, exploit those APIs.
But to answer your question, no, there aren't any suitable APIs (I've looked into it). They all either require JavaScript (youtube.com and the smart tv app) or require app integrity tokens (Android and iOS). Please let me know if you know something I don't?
Also what kind of environments are executing the JS? If Google begins to employ browser fingerprinting that may become relevant.
More concretely, the additional Deno dependency is quite problematic for my music player, especially after I did all that work to get a static, embeddable CPython built [2].
Ideally for me, yt-dlp would be packaged into something trivially embeddable and sandboxable, such as WebAssembly, calling into external APIs for things like networking[3]. This would reduce the value delivered by the yt-dlp project into pure DRM-defeating computation, leaving concerns such as CLI/GUI to a separate group of maintainers. A different project could choose to fulfill those dependencies with Deno, or Rust, or as in my case, built directly into a music player in Zig.
Of course I don't expect the yt-dlp maintainers to do that. They're doing something for fun, for free, for pride, for self-respect... in any case their goals aren't exactly perfectly aligned with mine, so if I want to benefit from their much appreciated labor, I have to provide the computational environment that they depend on (CPython[4] and Deno).
But yeah, that's now going to be a huge pain in the ass because now I either have to drop support for yt-dlp in my music player, or additionally embed deno, as well as introduce Rust as a build dependency... neither of which I find acceptable. And don't even get me started on Docker.
[1]: https://www.youtube.com/watch?v=SCLrNqc9jdE
[2]: https://github.com/allyourcodebase/cpython
https://news.ycombinator.com/item?id=45314055
Just like git! This is the present and future. :(
"yt-dlp needs a copy of your digitized prefrontal cortex in order to bypass Youtube's HumanizeWeb brain scanner"
NewPipe will probably need to add a JS runtime too.
The Android app uses an API which does not require a JS runtime, but it does require a Play Integrity token. The iOS app uses an API which is assumed to require an App Attest token.
Also, neither API supports browser cookies, which is a necessity for many users.
https://github.com/yt-dlp/yt-dlp/issues/14404#issuecomment-3...
When i started getting 100,000's of downloads a day, google updated their html and blocked me from their search engine. I did the cat and mouse a few times but in the end it wasnt worth it.
Glad to see the legacy still lives on :D
> Yeah, you can just extract the zip and put deno.exe in the same folder as yt-dlp
I hope they just make this automatic if this truly becomes necessary. yt-dlp not having requirements, or having them built-in, isn't something just "convenient", I think there's users that wouldn't use the tool without that simplicity. Most people really don't like and try to avoid having to fight dependencies.
To solve, just upgrade on linux using:
pip install -U "yt-dlp[default]"
Just a few weeks/months ago, gogol search was blocked to noscript/basic (x)html browsers (I have witness gogol agenda about this unfold over the last few years).
Will use yt-dlp(zero whatng) until it breaks for good I guess.
The US administration failed to regulate the market domination of youtube with enforced simple and stable in time technical standards (what Big Tech hates). I don't blame them, since those nasty guys are smart border-line crime lords (and for sure serial offenders in EU).
Is there any other ways, non Big Tech ways, to access Sabine H. content? Or should I said good bye right now?
How could you miss the point that much?
I'm merely telling you that you can do exactly that.
?????
Are you ok?
This is insanity and exactly not the right thing to do.
eth0up•4mo ago
tomalaci•4mo ago
VladVladikoff•4mo ago
bontoJR•4mo ago
adzm•4mo ago
pluc•4mo ago
jumpocelot•4mo ago
https://wiki.archiveteam.org/index.php/YouTube/Technical_det...
sphars•4mo ago
eth0up•4mo ago