Most active commenters

    ←back to thread

    LibRedirect – Redirects popular sites to alternative privacy-friendly frontends

    (libredirect.github.io)
    424 points riffraff | 12 comments | 22 Jun 25 06:07 UTC | HN request time: 0.002s | source | bottom
    Show context
    bmacho ◴[22 Jun 25 09:08 UTC] No.44345300[source]
    A web extension is an unnecessary security risk. A userscript will do it just fine.

    edit: one of my previous attempt: https://news.ycombinator.com/item?id=35229211

    I actually have made it extensible, with closely coupled source of rules and domains; but then I lost it Edge forgot all my userscripts :(

    replies(6): >>44345337 #>>44345619 #>>44345836 #>>44346890 #>>44348908 #>>44349239 #
    londons_explore ◴[22 Jun 25 09:14 UTC] No.44345337[source]
    User scripts have super wide permissions. For example a user script scoped to YouTube.com can make payments from any cards you have saved in Google pay.

    And most user scripts are so long a typical user won't be able to spot a couple of malicious lines amongst 10k lines of minified webpacked libraries.

    replies(2): >>44345369 #>>44345394 #
    1. rvnx ◴[22 Jun 25 09:26 UTC] No.44345394[source]
    You also have to weight the benefits versus the "risk".

    For example, if you use FreeTube with SponsorBlock to improve your privacy and block ads, in fact you are sending to Cloudflare 100% of your YouTube watch history, and to SponsorBlock ("sponsor.ajay.io").

    With Piped instances it's even worse, essentially escaping Google's tracking just to give our data to random strangers.

    If you are worried, just run a second Chrome session with NordVPN and uBlock Origin in a loose jurisdiction and browse YouTube unlogged.

    It's easy, simple, and you have the benefits of an audited platform and that reasonably legally confirm they don't store logs unless the court forced them: "we never log their activity unless ordered by a court never log their activity unless ordered by a court", but for that, the court has to find you as a user, which can be very complicated in practice.

    So much better than random strangers.

    replies(6): >>44345469 #>>44345751 #>>44346149 #>>44346190 #>>44346234 #>>44347476 #
    2. latexr ◴[22 Jun 25 09:43 UTC] No.44345469[source]
    > If you are worried, just run a second Chrome session with NordVPN

    I feel like I’m on YouTube already.

    It’s not like they are free of criticism either.

    https://en.wikipedia.org/wiki/NordVPN#Criticism

    3. HK-NC ◴[22 Jun 25 10:42 UTC] No.44345751[source]
    I'm happy to give my watch history to some unknown in exchange for never ever seeing an ad.
    4. hashiyakshmi ◴[22 Jun 25 11:57 UTC] No.44346149[source]
    >If you are worried, just run a second Chrome session with NordVPN and uBlock Origin in a loose jurisdiction and browse YouTube unlogged.

    If you actually did this you would know that it works for all of a week or two before YouTube stops letting you watch videos until you login.

    replies(1): >>44346846 #
    5. heavensteeth ◴[22 Jun 25 12:06 UTC] No.44346190[source]
    SponsorBlock doesn't send video IDs to the server.

    https://github.com/ajayyy/SponsorBlockServer/issues/25

    replies(1): >>44347502 #
    6. lvass ◴[22 Jun 25 12:12 UTC] No.44346234[source]
    Terrible advice. Not only youtube will precisely fingerprint you, nordvpn/tesonet/oxylab will also get data on you.
    replies(1): >>44346287 #
    7. rvnx ◴[22 Jun 25 12:19 UTC] No.44346287[source]
    Way better than the recommended "privacy" instances.

    NordVPN only sees that you connect to YouTube, they do not see the pages or videos that you are looking at, and from the perspective of YouTube, they only see requests from a very popular VPN where are millions of users.

    If you use the "privacy" instances, these "privacy" websites and Cloudflare knows precisely which videos you are watching.

    replies(1): >>44346467 #
    8. lvass ◴[22 Jun 25 12:45 UTC] No.44346467{3}[source]
    Recommended by whom? I'm just saying your advice is terrible in general and takes no regard to how easy and powerful fingerprinting is nowadays, in google's perspective the only difference to using that VPN if you're "just" running chrome is that it also knows when you use a VPN, in other words, just giving one more data point. Also the average user is likely to install some nordvpn app if following your advice, which is a security nightmare, remember that company sells residential proxies.

    Also IIRC for youtube, alternative frontends don't tend to rely on someone else's endpoints.

    replies(1): >>44346713 #
    9. ◴[22 Jun 25 13:17 UTC] No.44346713{4}[source]
    10. Devorlon ◴[22 Jun 25 13:34 UTC] No.44346846[source]
    I found that hopping to different VPN servers is a mildly inconvenient workaround for that.
    11. lucb1e ◴[22 Jun 25 15:03 UTC] No.44347476[source]
    > worse, essentially escaping Google's tracking just to give our data to random strangers

    I'd much rather send random tidbits of information, that are nearly useless in isolation, to strangers than to the central tracking corporation

    In the end, there is no way to reveal what information you're interested in when retrieving data, short of retrieving a ton of data and doing the filtering client-side, which is also an option with these third parties if you so desire

    12. lucb1e ◴[22 Jun 25 15:07 UTC] No.44347502[source]
    (*anymore, as of late 2020 from a quick look. The parent comment may not have been wrong about that, just outdated info)