edit: one of my previous attempt: https://news.ycombinator.com/item?id=35229211
I actually have made it extensible, with closely coupled source of rules and domains; but then I lost it Edge forgot all my userscripts :(
And most user scripts are so long a typical user won't be able to spot a couple of malicious lines amongst 10k lines of minified webpacked libraries.
Exactly!
That's why you should use 3 lines for it instead, that are
- inspectable
- not updateable by the Chinese/Russians
- written by you anywayFor example, if you use FreeTube with SponsorBlock to improve your privacy and block ads, in fact you are sending to Cloudflare 100% of your YouTube watch history, and to SponsorBlock ("sponsor.ajay.io").
With Piped instances it's even worse, essentially escaping Google's tracking just to give our data to random strangers.
If you are worried, just run a second Chrome session with NordVPN and uBlock Origin in a loose jurisdiction and browse YouTube unlogged.
It's easy, simple, and you have the benefits of an audited platform and that reasonably legally confirm they don't store logs unless the court forced them: "we never log their activity unless ordered by a court never log their activity unless ordered by a court", but for that, the court has to find you as a user, which can be very complicated in practice.
So much better than random strangers.
I feel like I’m on YouTube already.
It’s not like they are free of criticism either.
If you actually did this you would know that it works for all of a week or two before YouTube stops letting you watch videos until you login.
NordVPN only sees that you connect to YouTube, they do not see the pages or videos that you are looking at, and from the perspective of YouTube, they only see requests from a very popular VPN where are millions of users.
If you use the "privacy" instances, these "privacy" websites and Cloudflare knows precisely which videos you are watching.
Also IIRC for youtube, alternative frontends don't tend to rely on someone else's endpoints.
I'd much rather send random tidbits of information, that are nearly useless in isolation, to strangers than to the central tracking corporation
In the end, there is no way to reveal what information you're interested in when retrieving data, short of retrieving a ton of data and doing the filtering client-side, which is also an option with these third parties if you so desire
Tho I probably should've demonstrated first that it is possible, before advocating for it. The script I linked indeed only works for one website. Multiple websites with multiple rules, each with a list of instances (that often go offline for a time, so it is worth keeping them around, and make switching easy) indeed complicates it a bit.
> complicates it a bit
a bit of an understatement
"having to code all the rules" is not that hard, in most cases you can just pass the whole URL, and the instance accepts it.
Advantages: you don't get unwanted redirects from services, and you don't get unwanted redirects to instances. (Even tho the information about the instances will likely be concentrated at libredirect github issues. Chances are that some random person on the internet who has paranoid activities as a hobby will look into the instances, so you don't have to.)
- - -
I don't use many redirects. Nowadays I use exactly 0. But if I needed a redirect for example to xcancel, I would use my user-script as I had done it in the past before I lost it. I definitely wouldn't install a browser extension for it.
In all cases that also involves actually finding the URLs, then there are non-most cases where a slice wouldn't do it.
> Nowadays I use exactly 0
Exactly. If you ignore actual uses everything becomes trivial
Using venrable farside.link
https://sr.ht/~benbusby/farside/
Why use your offering?
Anyway, thanks for mentioning it!
Privacy Redirect was prob the first extension that introduced this idea. It did the job as well but up until bad-actors figured out they can redirect people to their dangerous sites.
Like Apple removing the "Disable JavaScript" menu option from Safari and moving it into Developer Tools, which can be detected by websites before you can disable JS >:(
Download today people https://www.torproject.org/download/
That's so fucking good. I love the cope from Apple users
Neither is viewing YouTube using Tor Browser.
One can't prove god doesn't exist either, but as someone who made some privacy-friendly front-ends, I tend to expect honest intentions. If you find one that suddenly asks for your login data or sets tracking cookie, sure, be wary, just as with any other site that asks for data they don't need (see: literally every cookie wall, because if they had good intentions, it would fall under one of the five other reasons to use personal data and they wouldn't need to fall back to asking for consent)
You could notice by closely reading the source code.
It's a little finnicky to set up, but I'm enjoying it so far. It goes beyond alternative frontend redirects. You can strip URL params, check domains against a blacklist, and choose native apps to open links that match a pattern.
I started using this last week and it's simple and useful. My main challenge was that I use YT/Reddit/X apps but I hate how the recipients I shared links to posts or videos with often couldn't access it without having to disable ad blockers or having to login first.
[1]: https://sr.ht/~jamesponddotco/awesome-privacy-front-ends/
[1] https://addons.mozilla.org/en-US/firefox/addon/redirector/
Take for example nitter - it says its using an unofficial twitter API. I'm assuming this means its using one of these third party services that provide an API to something that doesn't necessarily have an API or has limited access thereto.
If privacy is the purpose, this seems to be missing the point.
You misread that. It actually says:
Uses Twitter's unofficial API (no developer account required)
And reddit is not even close to the worst offender in that regard. Seriously, when did displaying words on a screen become so resource intensive???
Redirecting people from trusted sources to these other sites is very risky and opens up opportunities for malicous people to exploit this. That's not even considering this extension is compromised or purchased and these dangerous permissions that it has are used against you.
But most people are not going to do that. They are going to be redirected to a site with no guarantee of what is there. The domain could expire and someone else could register it, a hacker could replace one of the front ends with a phishing page, etc.
The best way to watch YouTube videos is actually to download them with yt-dlp then watch with mpv later.
I run my own instances for a few of the services they redirect to, and need to be able to point to these.
anthk•7mo ago
HelloUsername•7mo ago
teddyh•7mo ago
HelloUsername•7mo ago
jorvi•7mo ago
pndy•7mo ago
mslansn•7mo ago
CaptainFever•7mo ago
pabs3•7mo ago