youtube icon indicating copy to clipboard operation
youtube copied to clipboard
verified publisher icon code-charity

The new popup is intrusive and breaks layout

Open HanabishiRecca opened this issue 2 years ago • 11 comments

Bug Report:

BUG: The new popup (introduced in 4.580 I guess?) is intrusive and breaks layout. HOW: See the screenshot. ImprovedTube Version: 4.581

Screenshot

screenshot

Current popup is very intrusive, please make an option to disable advertising. I get it, it does not need to be there all the time.

It also breaks layout of the extension itself, making bottom menu items inaccessible in the list mode. On top of that, it does not follow the current theme.

Browser: Firefox 121.0 OS: Linux

HanabishiRecca avatar Jan 04 '24 04:01 HanabishiRecca

I actually realized that it pulls online content from https://improvedtube.com/wishes Now I'm also conerned about potential tracking and privacy issues.

HanabishiRecca avatar Jan 04 '24 04:01 HanabishiRecca

  • [x] 1. List view bug: Horizontal scrollbar. after moving blocklist&analyzer in our menu/styles.css. got to apply it to bubble view only.
  • [x] 2. The contributor / contribution frame is covering them, and can be reduced in height a bit.

hi,

I get it

yay!

pulls online content

an iframe is used to isolate the Github API call from the extension context.

Current popup is very intrusive

not very. (and can be revised/polished.)
more importantly, there should be donations (none currently) and more contributions. The current ~580000 users are comparably collectively ignorant though about that project.

Advertising

The term advertising is often associated with "little context" (or "spam which can finance itself, because media owners are pessimistic/greedy enough to sell their user's attention for $0.0..)

Yet our thread-list is essential, visually non-instrusive content, informing whats going on. (and reminding we are active). (No authors, no app.)

And if i'd chos, for me, it would raise my productivity, if we would move the box in the header and maybe the project would be better overall. - Everybody should reconsider(?) what they are doing If more people came here to type something like you, that would be exciting. Where are they?

  • On top of that, it does not follow the current theme.

    • you can make suggestions. (A bit transparent it blends in. Different font makes it is easy to distinguish form features)

Thanks

ImprovedTube avatar Jan 04 '24 08:01 ImprovedTube

Description explicitly claims that the extension runs offline.

image

The current behavior definitely not conforms with that. Not even talking about privacy and security concerns it raises.

But I'm not here to debate. I just stated facts I see.

HanabishiRecca avatar Jan 04 '24 08:01 HanabishiRecca

hi @HanabishiRecca, it can be fixed /switched off. and technically you can suggest the best possible alternative

Yet our conversations are essential content of the project, informing whats going on.

...in other words /update: We have 2800 stars on Github. So right now we have more than 200 times more users than stars. I will sleep deeper if the ratio goes down already, so that the product will be better sooner. You see the chart turning up quickly in the last few days (justifying the step taken yet).

Once it slows down again, then we will have a justification to shrink/reduce the content.

concerns

Please specify which, so that it doesn't sound like fud? Our features with extension permissions run offline. 99.99% of internet users are fine with an iframe. Else they might use [noScript] (to block JS and/or iframes) (https://chromewebstore.google.com/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm)
so they wont see our GitHub frame by default, unless they already whitelisted the domain. (and these 0.00X% might not use YouTube and btw all browser stores track usage of extensions (we can see anonymized statistics in the developer dashboards (cant be switched of). So a user who has tracking-panic is virtually not-existent 🤔

sorry for any vebosity! i think both of us could have published a fix by now. thanks

ImprovedTube avatar Jan 04 '24 14:01 ImprovedTube

it can be fixed /switched off.

It would be good. Can't say for other users, but for me personally the popup is irritating. Especially considering that it slaps on top of the interface, blocking actual menu items. Feels like an annoying ad popup.

and technically you can suggest the best possible alternative

At this point I can only suggest:

  1. Fix the layout for it not to interfere with the menu.
  2. Make an option to opt-out from it.

So right now we have more than 200 times more users than stars.

I understand what you are trying to accomplish. But that is overly-aggressive promotion in my opinion. Most regular users will be ignorant about it anyway, but I think it may became a negative factor for techy users like me, i.e. your actual stargazers and contributors.

Please specify which, so that it doesn't sound like fud?

Isolated iframe still can be used for tracking/fingerprinting on the server side. Even if you never do so, the website can be hacked and a malicious actor will be able to render arbitrary content in it.

Also new 0-day browser exploits are being found constantly, allowing to escape the sandbox and run arbitrary code in the system. Yes, such exploits are usually being patched quickly, but not all users are concerned to update the browser immediately.

I.e. it adds a new risk factor, which is not really justified / not required for the extension to run.

Else they might use [noScript] (to block JS and/or iframes)

I would prefer to trust the extension and not being forced to use an ad/script blocker for it. 🙂

HanabishiRecca avatar Jan 04 '24 15:01 HanabishiRecca

Also new 0-day browser exploits are being found constantly, allowing to escape the sandbox and run arbitrary code in the system.

i mean extensions run's JS at yours already

website can be hacked

we can host the iframe in the github repo instead.

ImprovedTube avatar Jan 05 '24 08:01 ImprovedTube

i mean extensions run's JS at yours already

Extension is open source and also verified by addons marketplace, so it is less likely to be compromised.

we can host the iframe in the github repo instead.

Yeah, that sounds better. It will be way more transparent.

HanabishiRecca avatar Jan 05 '24 10:01 HanabishiRecca

So nothing changed since. No option to disable it and the page has not been relocated to some transparent place. I'm not saying it being malicious, but it is simply not right. Blocking improvedtube.com is the best course of action for me.

HanabishiRecca avatar Jun 13 '25 12:06 HanabishiRecca

hi! :) oh, just came here to see the date of the thread. You can make a PR to host the iframe in the repo. While to be security advocates, we would rather / first suggest people to separate critical keys from daily online or entertainment activity. Thanks

ImprovedTube avatar Jun 14 '25 04:06 ImprovedTube

You can make a PR to host the iframe in the repo.

If you want someone else to do that, shouldn't you share the source code of it first?

HanabishiRecca avatar Jun 14 '25 08:06 HanabishiRecca

But actually looking into it, it's a rather simple html page. How about just shipping it with the extension instead? Why even bother loading an external resource?

HanabishiRecca avatar Jun 14 '25 08:06 HanabishiRecca