return-youtube-dislike
return-youtube-dislike copied to clipboard
Anarios
Privacy concern
Browser
Brave
Browser Version
Latest
Extension or Userscript?
Extension
Extension/Userscript Version
Latest
Video link where you see the problem
Every
What happened?
How can we be sure our viewing habbits are not being tracked if every video I watch is being sent to your domain:
fetch(
`https://returnyoutubedislikeapi.com/votes?videoId=${getVideoId()}`
).then((response) => {
response.json().then((json) => {
Can we solve this question to market/make this plugin even more popular and trusted by everyone?
You can't. And there is no way to solve it either (well, giving everyone admin rights to all infrastructure would solve it).
maybe we can add an advanced option so it only fetches dislikes for the videos you want (by the click of a button) you wouldnt need to see dislikes of a creator you trust a lot and entertainment videos.
if people are concerned they can just enable this and check dislikes for videos they dont trust, which should be pretty less compared to all the videos you watch.
maybe we can add an advanced option so it only fetches dislikes for the videos you want (by the click of a button) you wouldnt need to see dislikes of a creator you trust a lot and entertainment videos.
if people are concerned they can just enable this and check dislikes for videos they dont trust, which should be pretty less compared to all the videos you watch.
that would be one way to solve it. But then again - it would still expose all videos that you requested (and people would request most of their videos)
You can also block it in firewall, and only unblock when you want to see dislikes .
that would be one way to solve it. But then again - it would still expose all videos that you requested (and people would request most of their videos)
It's harder to be sure of someones viewing habits by less videos fetched
that would be one way to solve it. But then again - it would still expose all videos that you requested (and people would request most of their videos)
It's harder to be sure of someones viewing habits by less videos fetched
yep, but imagine flipping the switch every time you want to see dislikes
that would be one way to solve it. But then again - it would still expose all videos that you requested (and people would request most of their videos)
It's harder to be sure of someones viewing habits by less videos fetched
yep, but imagine flipping the switch every time you want to see dislikes
it will probably be a button on the youtube page itself, shouldnt be much of an inconvenience to those using this
Should have kept this open instead of immediately closing it, atleast so we can have an open discussion about possible implementations of what I think its a pretty good idea.
It was never opensource.
Ah. I'm sure the community will be very happy to use a tool that is not creepy. Google is already creepy we shouldn't make the thing creepier.
Don't worry we will solve this problem over Christmas break. Be it with this software or another 😉
So, making a request to a server is creepy now? You shouldn't be using github then either.
Be it with this software or another 😉
Good luck.
By the way - a bunch of copycat-extensons died today once I enabled IP rate limiting.
They were just calling my api in their backend - no own DB, no caching - nothing. Just pretending to provide a service while in reality they didn't. Now imagine they had a DB dump and server code - what good would it make - more userbase fragmentation, less reliable votes? And all while using my work for free.
As the OP, I'd like to mention to @Anarios that in no way I'm claiming malicious intent. I am very grateful for your work. I was just wondering if we can provide some sort of way to guarantee privacy, to improve the extension and see it succeed like we all want.
I suppose a few options would be possible:
- Calling a public Youtube API instead of a custom domain (if possible)
- Having a toggle added to the extension and only when requested the calls are made to the back-end to request dislike info (although people can theoretically always put the Extension on 'Active on Click mode' to achieve similar results.
- Having the backend code also run opensource so it can be verified by others.
- Allow people to host their own servers who handle the JS calls. (Too technical for most people, but the option would be interesting for developers)
- ... many others?
I think discussing options here, like mentioned above, would be a great idea. Perhaps we will come to a conclusion that nothing can be done. But at least we explored all options.
As the OP, I'd like to mention to @Anarios that in no way I'm claiming malicious intent. I am very grateful for your work. I was just wondering if we can provide some sort of way to guarantee privacy, to improve the extension and see it succeed like we all want.
I suppose a few options would be possible:
- Calling a public Youtube API instead of a custom domain (if possible)
- Having a toggle added to the extension and only when requested the calls are made to the back-end to request dislike info (although people can theoretically always put the Extension on 'Active on Click mode' to achieve similar results.
- Having the backend code also run opensource so it can be verified by others.
- Allow people to host their own servers who handle the JS calls. (Too technical for most people, but the option would be interesting for developers)
- ... many others?
I think discussing options here, like mentioned above, would be a great idea. Perhaps we will come to a conclusion that nothing can be done. But at least we explored all options.
100% Agree, But youtube is still selling your data, so whats the point ? Also in order for this extension to be alive, it requires user data. Thus proving it useless without such data
@brace110
Calling a public Youtube API instead of a custom domain (if possible)
That's the reason there is a separate domain. YT removed the ability to get dislikes from YT API.
Having a toggle added to the extension and only when requested the calls are made to the back-end to request dislike info (although people can theoretically always put the Extension on 'Active on Click mode' to achieve similar results.
Agreed. Many people had already suggested this.
Having the backend code also run opensource so it can be verified by others.
It is in plan. Just the thing is that, right now, the focus is on making the data meaningful
Allow people to host their own servers who handle the JS calls. (Too technical for most people, but the option would be interesting for developers)
I probably didn't get this one. Can you explain why?
- Calling a public Youtube API instead of a custom domain (if possible)
public api doesnt return dislikes anymore
- Having a toggle added to the extension and only when requested the calls are made to the back-end to request dislike info (although people can theoretically always put the Extension on 'Active on Click mode' to achieve similar results.
didnt know that existed, people can easily do that
- Allow people to host their own servers who handle the JS calls. (Too technical for most people, but the option would be interesting for developers)
that would only be archived counts, after a while it will get outdated and youd have to keep syncing the database
Having the backend code also run opensource so it can be verified by others.
technically the host can modify the backend to collect your data and sell it while the open source code doesnt show the modifications
I don't think theres anything you can do instead of Active on Click mode honestly.
Now imagine worst case scenario - say, I was as evil as it gets - what could I track? A random ID that you can regenerate at any time and an IP that can be dynamic\behind NAT\behind VPN.
So if you use a dynamic IP or a VPN - there is nothing I can track. This would be a real solution to privacy concern. Unlike a non-solution of posting server sources.
I suppose a few options would be possible: Calling a public Youtube API instead of a custom domain (if possible)"
- there is no public youtube api for dislikes.
Allow people to host their own servers who handle the JS calls.
I don't see what it solves. You can build extension from sources and replace my API with your own even today. Or I didn't understand this point.
an IP that can be dynamic\behind NAT\behind VPN.
Here in Europe we are forbidden to track IP-addresses without consent, they are being anonymized to 0.0.0.0, I run security for our company, so I deal with this a lot.
But I do see your point, the incoming data would be an IP-address, some headers, perhaps a browser user-agent and the video ID.
Theoretically you could build up a user profile on this information, for example a table that stores videos watched by certain IP's in a database. However this would be a tiny drop compared to what Google/Youtube is tracking about us.
I wonder if the "risks" here are actually overstated... What you do guys think?
Theoretically you could build up a user profile on this information, for example a table that stores videos watched by certain IP's in a database
I doubt you could even sell it. If I could attach a cookie so that ads can be shown to you based on your watch history - that would be a gold mine. But you see that I don't do it in the frontend code.
that would be a gold mine.
That would be what youtube already sells about you :)
So instead of buying it from me - it's much more logical to just use google adds.
There is a similar discussion in #45 , I cross-post some messages because general sentiment is very similar. Could I close this one and we continue there? what do you think?
I have one last question, you mentioned other people using your endpoint. Since I don't need my dislikes added to the Youtube page itself, I just want to be able to lookup the dislikes on videos. Would you be open to allowing others to use your endpoint? (or even for me to fork this project and create an extension that doesn't need the current requirements:
- "Alle youtube.com sites"
- youtube.com
- www.youtube.com
- m.youtube.com
I think a lot of people would be happy to just have a tool that allows them to easily look up dislikes on certain videos. Without altering the Youtube page itself. Of course the regular users of this extension would prefer the Updated Youtube page, but this extension could be an add-on for technical users, or perhaps a separate extension.
You mentioned above that people already started using your endpoint, is this a problem? Traffic for example? or people abusing your work? I'd love to hear your thoughts.
Might I suggest doing what Sponsorblock is doing? They got around the privacy issue somehow.
@Anarios
There is a similar discussion in #45 , I cross-post some messages because general sentiment is very similar. Could I close this one and we continue there? what do you think?
I think the is concerned with "privacy" but issue #45 is concerned with "Backend source code" This one covering a broader topic My suggestion is - let this remain open or start a discussion on this
I have one last question, you mentioned other people using your endpoint. Since I don't need my dislikes added to the Youtube page itself, I just want to be able to lookup the dislikes on videos. Would you be open to allowing others to use your endpoint? (or even for me to fork this project and create an extension that doesn't need the current requirements:
- "Alle youtube.com sites"
- youtube.com
- www.youtube.com
- m.youtube.com
I think a lot of people would be happy to just have a tool that allows them to easily look up dislikes on certain videos. Without altering the Youtube page itself. Of course the regular users of this extension would prefer the Updated Youtube page, but this extension could be an add-on for technical users, or perhaps a separate extension.
You mentioned above that people already started using your endpoint, is this a problem? Traffic for example? or people abusing your work? I'd love to hear your thoughts.
why not make a website for this tbh?
Might I suggest doing what Sponsorblock is doing? They got around the privacy issue somehow.
we are dealing with way more requests than sponsorblock and that would cost us a lot of extra bandwidth and cpu power which is costly 😑