This write up is a great answer to the often-asked question “how do I learn to be a hacker?”. It does a great job of demonstrating the thought process and painstaking work that goes into any exploit.
> In fact, the YouTube app is zippier because fewer connections are made to ad URLs in the first place.
I swear on LG TV that webOS runs at a smooth 60 FPS when it's not connected to Wi-Fi and slows down as soon as it phones home for whatever telemetry and ads LG intend to serve me...
In a previous role I was tasked with increasing the lighthouse/pagespeed score across some web properties. After some iterations and very little improvements we would be asked what else we could do. Did we need to speed up the backend? Could we lower latency, etc…
The solution: I set up a query param that would disable google tag manager. All of the crazy tracking and telemetry stuff we didn't control was the biggest issue.
For LG TVs, if you set the region to "Other," it completely disables all the ads, recommended content, and telemetry [1], presumably because they can't keep track of all the changing laws for every nation on earth.
In my experience, there was a noticable performance improvement as well. Bootup times alone are probably 2x-3x faster.
You're not imagining it! The ads slow down webOS a lot, and blocking them with pi-hole made my TV much more usable. I highly recommend setting up pi-hole or similar, and blocking all the LG domains it tries to hit.
that's not really a "flaw" in protobuf; the protobuf is Working As Intended by decoding the field in a different place when you modify it.
i am not sure how one could possibly characterize that as a "flaw," since protobuf is a field-numeric length-prefixed protocol in the first place. it makes a (reasonable) assumption that bytes won't be messed with over the wire, leaving integrity to the reader, so even if this _was_ a flaw, it would be a flaw in the YouTube app for iOS, not in protobuf...
since it isn't a flaw, it isn't an "exploit," unless you are referring to the fact that youtube's protobuf exchange on their iOS app isn't checking hashes for returned payloads.
Yeah, that's some weird editorializing on behalf of the author. The "flaw" is mentioned only in the headline, the text just explains how the format works. It's not a flaw, just working as designed.
There's also this bit:
> Google makes it computationally expensive to decode, alter, and re-encode without the C++ source proto files
Yeah, it's computationally expensive if you use unoptimized Python code to do it. If you write your code in C (or another compiled language) then scanning 1.8MB of protobuf code should be trivial, with or without the proto source files.
I'm pretty sure that making Protobuf files hard to decode without sources is not a design goal. If it was, they did a pretty lousy job.
The author seemed to have parsed the protobuf data by converting it all to a huge hierarchy of thousands (millions?) of Python objects. Of course that is slow and takes a few seconds. That's so many allocations!
But if you are just looking for a specific tag, there's no need for that, I'm pretty sure you can parse protobuf in place without allocations, which would be a million times faster. You could maybe even do it in Python with reasonable speed.
I don’t know how mandatory fields work in Protobuf, but to mitigate the attack, Google’s YouTube client could treat the field as mandatory and refuse service when it finds the field to be missing or having a default value.
Protocol buffers don't always support "default" values, because certain types will include a protocol-default value. For example, a `bool` which is not present will return `false` instead of say, a nil type.
Required fields were a feature of Proto2. In proto3 syntax (latest), the required field concept was dropped because it caused issues with protocol evolution and was easy to misuse.
In essence, because of the backward and forward compatibility guarantees supported by protobuf, a "required" field must be required for the entire lifecycle of the protocol.
For these reasons and others, protobuf takes a stance where unrecognized fields are not necessarily errors. If it took a strict stance and failed in this condition, the presence of new fields in an "evolved" protocol would be an error which would break forward compatibility; old clients would not be able to communicate with new servers, and vice versa.
Protobuf guarantees that new fields will not break forward or backward compatibility.
This is why parsing unknown fields in protobuf is a feature, working as intended, not a flaw. In some language SDKs for protobuf I believe you can customize this behavior but it really isn't a good idea.
This is also why the app authors might want to consider a hash instead. Tampering with the payload would break the hash, and without the schema, the author would not necessarily know where the hash was situated in the payload to fix it, or even that one is present at all. The complexity of recalculating the hash (assuming they find it) vastly multiplies the attacker's burden at little cost to the application; adding a few rounds and a salt, for instance, would make this kind of attack significantly harder to pull off.
It's not perfect security, but it would certainly be better.
Well, for the field in question, I imagine that it should be easy to distinguish meaningful content from whatever it defaults to when the field is missing.
In this case since he mentions it's a "tree" of data (he means a "message"), it would be a sub-object that would become an initialized default. So there would be an "object" there, but it would have no "ads" array in it, or what not.
Protobuf does this so you can do `deep.dotted.paths` and you won't get null exceptions (probably a side effect of starting partly in Java). The leaf fields end up as empty strings, `0`, `false`, or an empty array for repeated fields.
It's a neat trick to get it to ignore a field, just not a "flaw." It's actually a compatibility feature in disguise.
(So it might be pretty hard to detect, versus the potentially-legitimate case of just not having any ads to show.)
It would be like receiving `{ads: []}`. How do you distinguish between the case of having no ads to show, and someone tampering with the data?
Is it ever reasonable to assume you have a properly decoded empty array because a user tampered with it, instead of that being what the server gave back to you?
If you have to choose between (a) the app shutting down or (b) the user not seeing ads bc the ad array is empty, you are probably going to pick B.
Very nice writeup. I was kinda hoping to find a way to MITM devices that don't allow the installation of custom CA's. I have some IoT devices that do not expose a local API and only exposes the data through the cloud, and would like to capture the device to cloud traffic...
I guess the only way to do that would be to dump the flash memory, replace the CA and reupload the dump to the device?
It’s called certificate-pinning if they “hard coded” a certificate, yes then you have to replace/remove it and move the same certificate to your MITM proxy to decrypt traffic.
Note for other readers: the two sentences in the parent post have nothing to do with each other. The Robert Heathon post does not describe how to break cert pinning without needing hardware/firmware modifications unfortunately.
The only relevant thing to repeat here might be this
> if you can’t get access to your IOT device’s hardware in order to add a new root CA to it, your journey mostly ends here. Don’t lose hope though. Leave your setup running for a while and see if anything strange happens. When I attempted the above process on my baby’s crib, the device refused to trust Burp’s certificate and so refused to complete a TLS handshake with my laptop. But after a minute or two of repeated failures, the crib started sending out some of its system status data over plain, unencrypted HTTP!
> Frankly I expect the days of being able to install our own trusted certificates are numbered on the few devices that do currently allow it.
For iot security reasons, namely trying to stop persistence of exploits, secure boot features on arm processors will become widely used. Think of it like TPM chips. This will make it much harder to “own your” device.
I've been MITM'ing my traffic to, among other things, strip ads and rewrite pages with things like custom CSS, ever since I discovered The Proxomitron over 2 decades ago. It does tend to get me profiled as a "bot" by CloudFlare and such, but there are not-so-trivial ways around that too. It also shows why things like remote attestation are hazardous for user freedom.
"Corporate MITM" is built into the very idea of PKI. Running your own custom PKI is a completely valid way to operate a network. This is a feature because it allows anyone to establish their own trust tree, completely outside of the public certificate trust network.
"Regimes" sounds pejorative but in truth, companies have a duty and in many cases a legal obligation to protect their networks. Prima facie, I don't see any reason at all why interception of traffic in this circumstance is "bad," except maybe a potential for political misuse like any other written medium.
I actually think the reverse would be substantially worse: if _only_ the public trust chain was valid in major browsers, we would be completely hosed and there would be no distinguishing factor at all between remote attestation and trust.
Thus, corporate TLS interception is, at worst, a necessary byproduct of a very well chosen tradeoff.
I have a minor quibble with "my network". You should have the right to intercept the traffic originating or terminating at your devices, but not to intercept any traffic going between other people's devices just because it's on your network.
Hah, remember how Amazon invented "Cyber-Monday"? They claim the Monday after Thanksgiving when people go back to work it'll be their first encounter with Internet-connected computers after the Thanksgiving vacation, and it's the time where they'll be most busy shopping for Christmas presents...
Amazon was barely a blip when Cyber Monday first came out, let alone the inventors of the term.
> The term "Cyber Monday" was coined by Ellen Davis, and was first used within the ecommerce community during the 2005 holiday season. According to Scott Silverman, the head of Shop.org, the term was coined based on 2004 research showing "one of the biggest online shopping days of the year" was the Monday after Thanksgiving (12th-biggest day historically). Retailers also noted the most significant shopping period was December 5 through 15 of the previous year. In late November 2005, The New York Times reported: "The name Cyber Monday grew out of the observation that millions of otherwise productive working Americans, fresh off a Thanksgiving weekend of window shopping, were returning to high-speed Internet connections at work Monday and buying what they liked." At the time, a lot of people had slow Internet at home. The idea for having such a holiday was created by Tony Valado, in 2003 while working at 1800Flowers.com, and coined "White Wednesday" to be the day before Thanksgiving for online retailers.
Privacy of communications is a protected right in lots of jurisdictions, not by default overridden by employer interests. From a values pov it makes sense as well, privacy is a human right and the fact that you're at work doesn't invalidate that, social interactions at work can be of a personal nature that is good to keep confidential.
> We consider an HTTPS connection to be intercepted when there is a mismatch between the expected client request signature corresponding to the browser identified by the User Agent, and the actual client request fingerprint of the request.
Sounds like something that would be "trivial" to defeat, by means of "emulating" other TLS implementations more closely?
Presumably so. You'd just need to compile the curl-impersonate for the appropriate browser you want to impersonate, and then link it in to a proxy that used libcurl for its https traffic.
99.9999% of humans won’t be decrypting protobuf traffic but a large % of bots are out of necessity to interact with the website. That’s what I’d call a good filter.
Since you’re not a Cloudflare customer, you need to think like a customer who is using Cloudflare’s bot protection. Do you want to filter people who are blocking your ads through mitm? I would guess yes.
No, actually it just needed to be well-formed. UA headers follow a certain format. Some folks like to try to "blend in" and use known headers seen in the wild but personally I like to make up new UA headers that reveal nothing, not even fake details. On the whole, I very rarely send a UA header. The number of sites that demand one is very small for me. I had just assumed Cloudflare was doing TLS fingerprinting or something more involved than just checking for presence of a UA header. But it worked. The StackExchange family of sites is one example where a UA header is needed. They will block otherwise. Not using Cloudflare to do the blocking though.
MITM is kind of a silly term for what the computer owner is doing when using a forward proxy. If the computer owner binds the proxy to a localhost address, the unencrypted requests need only go over the loopback. There need be no unencrypted requests travelling over the LAN. The computer owner, the "MITM", is on their own computer sitting in between an application and the network interface. That is exactly where they should be, IMHO. Corporations do it. They own the computer and they own their internal networks. It's no different for home users. And WFH is blurring the distinction anyway.
Once the requests leave the computer and travel onto the internet destined for another computer, then of course "MITM" makes sense as a concept. We all want to prevent that.
The computer owner controls the proxy and it's the proxy, not the untrusted application, like a "modern" web browser for example, that handles authentication of the remote peer. Compiling and fully controlling a "modern" browser is a PITA. Almost no one does it, even software developers. Instead people beg for an advertising company or their partner to make changes to a browser. That does not seem to work. Sometimes when people complain it stops the company from making undesired changes. But only temporarily.
Whereas compiling a proxy is easy and the user can fully control it.
Having used many different applications that implement support for TLS, I actually trust the proxy's implementation more than most applications. It's arguably easier to audit one program, the proxy, than it is to check every application to make sure the developer didn't make a mistake when adding TLS support. I recall socat as one example. That mistake went undetected for a long time. Elinks was another. At the time, it was dropped from OpenBSD ports as a result.
For any gamers out there, Reshade's installer is another example where TLS istn't implemented properly. It fails to download effect/shader packages for basic setup on up-to-date Windows machines because it requires that you disable TLS 1.3 globally on Windows so it can use 1.1 or 1.2.
I never heard of reshade before but that is quite crazy. The only explanation I can think of is that the backend they connect to implements TLS 1.3 but in a broken way (because the client crypto lib would otherwise fall back to TLS 1.2 on its own) which really makes you wonder just how broken the crypto impl on their servers is and how many vulnerabilities they’re wide open to.
TLS 1.3 is IMHO still too new to have stabilised and had all the edge-cases worked out. 1.2 was first released in 2008 and only started becoming a requirement more than ~10 years later. I'm not sure how the situation with 1.2 was but I know there were several draft versions of 1.3, which do not interoperate yet had public implementations. That might be what's happening there.
Googling this, development ended in 2004? An informed summary of the current state of play would be interesting, since a lot of different "continuations" of it seem to be around. Also, is it Windows-only? (I've been casually looking for a simple proxy that would enable injection of local links into remote content.)
In this case "incorrectly" is what makes it possible to find it, search-engine-autocorrect-stupidity aside. The name is obviously a combination of privacy and proxy. There's another one called Privoxy which works on similar principles.
Adguard seems to offer blocking only, whereas Privaxy "is able ... to inject scripts as well as styles into HTML documents", which was the feature my comment expressed interest in.
The readme goes on to say: "Privaxy is also way more capable than DNS-based blockers as it is able to operate directly on URLs and to inject resources into web pages."
Yes, and this also answers the other comment about what else I MITM for: blocking devices that I can't inspect the traffic of is another reason, since the proxy is the only way out of the network.
Pardon the lay question, but is it really the only way out of the network? Can't programs initiate connections while skipping the system-wide configured proxy?
Hm, I have to see if Mikrotik has rule syntax for this. I can already force every app who thinks they will use their own DNS server to use mine but not sure how I could do the same with a proxy. Maybe just force ports 80 and 443? But what's stopping these apps to communicate on non-standard ports?
There's no reason to allow arbitrary traffic in either direction other than convenience. If you want a more secure network, you block everything by default and narrowly open as needed.
Network level ad-blocking like Privoxy and pi-hole have so many downsides like they can't handle inline adverts. My pi4 pi-hole is unplugged right now because it just didn't work well. After hours wasted trying to make it work with all the services, I've thrown in the towel. The time involved is just not worth it for a home network.
What works are browser based ad-blockers and app patchers like ReVanced. As my savings have gone up, I've relied more and more on just paying for ad-free services like YouTube Premium, Hulu, Netfix, and Max for the cases those 2 can't handle.
Likewise. My biggest tip is set your secondary DNS to something outside your networks so if your pi-hole goes down your entire network doesn’t go down you just get ads.
I’ve been using NextDNS for a few years now. I don’t have time to mess with an ‘on prem’ solution.
It works really well and is simple to manage. It runs on my mobile devices easily.
I turn it off occasionally to shop, but immediately turn it back on as the internet is a whole different place without some sort of robust ad blocking.
It’s nice to see the logs fill up with blocked telemetry and other crap all day.
I think this is an unfair critique of the PiHole and I believe you’re throwing the baby out with the bath water. The PiHole blocks DNS and that’s all it’s designed to do, and it does it well. There’s a grandiose amount of telemetry, marketing, and general unsavory traffic flying through your network that didn’t originate from a browser. The PiHole is not exactly a turnkey solution and does take some adjusting to your preferences, but once you get it set up, you basically only have to touch it to do system updates.
The problem is that unless you're willing to do surgery on a regular basis as you come across blocked sites, PiHole is going to cause more problems than it solves when you have your entire family using it. Even google stops working correctly because results for products on the front page start leading to blocked links. I like PiHole, but I had to stop using it because it was so aggravating for my wife.
I used a PiHole for a while but after a corrupted SD card I said screw it and started using NextDNS. I have very few subscriptions, in fact nothing else except Spotify, but this one was worth the time saved and hasn't required any maintenance on my end.
How heartwarming that they run such a wonderful service purely out of the goodness of their hearts, with no income from it, and no expectation of financial compensation.
It forms the backbone of their paid AdGuard apps on iOS, MacOS and Android. Those apps create a loopback VPN on your system so they can reroute the DNS requests to AdGuard DNS.
I have our PiHole set up with just ad lists, not trackers or privacy. I follow that up on my own devices with uBO with more thorough lists, but this way my whole family gets ad protection rather than nothing.
This is not my experience. Pihole works flawlessly for me and it’s sitting in my closet connected to my cable modem. Haven’t touched it in a year. No broken mainstream sites and I’m blocking telemetry and other crap from apple, Amazon, google, Netflix, Hulu, Wyze, etc. related to advertising and device analytics trying to profile my usage. Pi-hole has been a blessing in the war on privacy and targeted advertising.
I’m a novice, and figured it out and have zero maintenance. Unless you count occasionally updating pihole every now and then. I have a word file with all my exceptions (mostly white lists for Microsoft gaming stuff my kids want) in the event I ever need to reload (ever since I switched to a better SD never have had corruption issues). I understand the spouse issue, mine loves clicking ads on her phone. Easiest workaround is to pop off WiFi click link then go back to WiFi.
Fair enough, but I've been super happy with the ability to do network level blocking; if you're willing to decrypt your own traffic, you can even do things like strip advertisements from getting embedded in Smart TVs and whatever else you have connected to your insecure network partition. I like it that I can hook up some random Roku and I won't get ads. Or my kid can connect his school laptop to our network and it wont get ads.
It’s $18.99 a month for an individual, I agree with your sentiment but really don’t feel like it’s that inexpensive. Then again I don’t consume large amounts of YouTube as most people seem to do.
I haven't thought about Proxomitron in about two decades - are you still using it? I never used it for anything you described, but it was great to use as a proxy with our company firewall. Many programs back in the day couldn't connect with the Internet because our firewall back then required login information to make outbound connections.
I am assuming it would completely prevent ads (so no need to figure out how to filter/block them) as the name of this field suggests that it might be used by YouTube to figure out if someone has a premium subscription or not. Toggling this field would not have led the author to the later protobuf rabbit hole as there would have been no need for it.
From personal experience, we programmers/hackers sometimes like to make things more complicated than they need to be just for the fun of it (and learning experience too!).
This is one of the many things that make it _exactly_ like malware. Ads are delivered the same way malicious code or artifacts would be delivered to your device.
Weird-ass random subdomains, obfuscated query params -- no legitimate service that works for the user's benefit should behave like this.
Which is besides the point and a minor nitpick at best.
The fact of the matter is these techniques are well established black hat ways of preventing the user from discovering what you're doing on their device.
Discovering what exactly? To bad they don't use a subdomain called "adplayback" I guess, but the query parameters are obviously only useful for YouTube internal, not the users.
And I won't even call them "obfuscated" -- it's just a batch of switches and plain IP and ID hash.
But it's googlevideo.com, how could it be a video of some shyster pimping get-rich-quick investment schemes that are convincing enough to appear totally legit to anyone below the half-way point of the bell curve?
But it's a google ad, how could it link to a scam that looks exactly like my bank's website?
Back when YouTube wasn't owned by Google, replacing /watch?v=... with /get_video?video_id=... in the URL would immediately give you the video file (in FLV format, of course.)
There was also a relatively brief time when YT was owned by google but ads were delivered from a separate (sub)domain so DNS adblocking would work wonders.
Those days are gone as the distinction between ads and malware becomes a technicality.
On a side note, I noticed a rare tracking consent banner. You may want to update it to track users and respect GDPR correctly. It should be possible to refuse as easily as accepting to be tracked, with the same button size and colour, for example. The tracking should start after consent is given. Also, GDPR isn’t so much about accepting cookies but giving consent to be tracked. So many websites get it wrong, and the likelihood that you will have issues is very close to zero, but since it looks like you implemented your banner yourself, you may be interested.
I interpret this as an opt-in as you can just scroll past the banner and not be tracked. If the site starts tracking without clicking the consent the banner is useless, or maybe even worse than useless, from the legal point of view.
It's maddening how people just refuse to understand the GDPR. This is likely partly due to intentional misinformation campaigns from the spyware (i.e. advertisement) industry. And then the cargo cult takes care of the rest.
The general gist of GDPR is that if you're not doing some shady shit that your visitors wouldn't want you to do, you don't need a consent. As you said, it has nothing to do with cookies.
And yes, Google Analytics etc are shady shit that your visitors wouldn't want you to do.
Also most of the nags you see all the time are illegal for any sane intepretation of the law. But the regulators just don't care to enforce the law at all. So if you want to do shady shit, just do it without adding to the insult with having to bother with your illegal nag.
This reminds me of a now-dockerized Privaxy, which is a UBlock-origin blocklist compatible MITM proxy. It’s crazy to see how many ads and tracking scripts are on smart products, especially my TV where so far in my testing it’s over 40% unnecessary traffic. Its been pretty fun to try and strip out ads on my smart-tv apps.
It would not surprise me if most TVs don't check. I remember LG or Samsung using unencrypted FTP to upload viewing data a few years back, so unverified TLS would be an improvement >_<
Definitely should be checking certs, though I always worry about the flip side of these device security decisions. if there is no way to update the trusted root certs, your TV becomes terminally ill with software ewaste disease when the manufacturer updates stop coming.
I really don’t like hardware becoming waste because we don’t have a better iot cert pool update story
I trust YouTube to know how to bake their own cert and trustworthy tls libraries into their apps but I’m not sure if that’s common in other apps
At that point, cut all its connections from the Internet and use it as a dumb panel. Many people will say you should have never connected it in the first place anyway.
You can alway use a streamer box (custom Linux one, Apple TV, Fire Stick, etc) to give it "smarts".
I'm pretty sure they don't check certs. If they did, there would be many corporate networks and even entire countries where they wouldn't work, because they use DPI on all inbound/outbound connections with SSL stripping.
I have asked this question repeatedly every time someone mentions inspecting TV meteor requests via a LAN proxy and never received a satisfactory answer..
If there are known exploits for the TV (a bunch are now running old and unpatched Android), the answer is easy enough (root it and do what you want - though that opens different and maybe easier options for ad stripping), but I’ve heard of it on Apple TV where jailbreaking isn’t so easy. Perhaps MDM deployments?
TL;DR it involves using Apple Configuration to make a custom mobileconfig profile to point to your proxy and then also installing the certificate with the same method.
Aha it’s awesome to see you here on HN too! Thanks for bringing up that filter list pinging. Been meaning to change the fork to stop using the hardcoded address of 0.0.0.0 on the front end so we can truly isolate the docker container but life gets in the way. Have you tried this on an Apple TV?
Of course! I’ve been wanting to run this for my Apple TV devices for a while now. tvOS itself doesn’t really have ads, but the third-party tv network apps have a lot of ads and tracking services which is what I wanted to work on stripping out.
I have it working for a few TV Everywhere compatible apps, but some are proving to be more difficult than others. I may have to do some other TLS inspection with mitmproxy and figure out what needs to be removed with the custom uBlock filter syntax option.
Fwiw I’m familiar with docker and I certainly wouldn’t have understood it that way if you hadn’t said so. I wonder why they can’t just upstream the web gui either in addition or instead of the existing one.
Fork author here. It’s a bit more nuanced than that. The original version originally came with a webui that was removed upstream and replaced with a desktop app. The way it was written, there was some modification required to make with docker which was a popular request from the users. The desktop app isn’t dockerizable so this can’t be merged upstream.
The only alternatives to a service like youtube showing people ads are for its users to pay for it, for it to be funded through donations, for it to be run by the government and paid for through taxation or for it not to exist. I prefer the first or second approaches and Youtube is unusual among social media sites in actually giving me the first option. So I happily pay for premium and while I'd rather that were the only option (I think ad supported content is an inherently socially corrosive model) I dislike the attitude of those who reject ads but also refuse to pay.
(Some people are unable to afford it but that's an entirely separate social problem, and it would be unusual for somebody with the skills demonstrated in the article to be struggling to earn a living wage.)
What I would be interested in this protobuf inspection approach for would be implementing some decent parental controls. I would very much like to be able to enable/disable individual youtube channels. Currently all I can do is switch the whole site on and off. I have all the necessary infrastructure already, so I might give it a try.
I’m in the exact same mindset as you; youtube allows you to pay to rid yourself of ads (which is ironic because the more free you are with money the more attractive you must be to advertisers)- so I think they are better than most.
but if I must take an alternative position: the last time I used youtube without premium (which happens sometimes because its not so smooth to log in if its a temporary session); the number and length of the ads was absurd, multiple levels of unskippable ads, minutes long, with volume that is much higher than the content itself. Awful experience and I can see why people who don’t have the free money want to lower it a little.
Thats of course not including sponsored content which contains an ad inside the video itself- even YT premium users get those.
Very well put. I have tried to argue the same point here and on reddit in past. The only real argument against I get is from the privacy perspective. That people tend to use alternative youtube clients or other such hacks to be able to consume ad free content anonymously and with the current state of google are not very keen on providing it with more information about them.
Personally I am trying to degooglify my life including working my own open source alternatives for some services I don't find much other good alternatives for- google keep and google books. But my youtube usage pattern being the data shared with google is quite low on the priority list for me but reasonable minds can differ.
On the other hand, if enough do start to pay for youtube premium then we would be able to much more fruitfully present our demands including for privacy when we are actual customers and not the product as in the current dynamics.
yes, absolutely, but only inasmuch as it only decreases their producer surplus so it doesn't actually cost them anything. If the monopolist allowed competition, then I'd evaluate and choose, but I don't have that choice till then.
"you can believe in the benefits of law and order, and just walk away any time you encounter a thief who doesn't". Yes, or I can steal my stuff back which gives me pleasure.
"anyway, you can switch from the high end monopolist to the low brow monopolist so I don't see what you're complaining about" Yes, you don't.
the right to wear hair-shirts is not the only principle that counts.
I use Youtube through Piped (https://github.com/TeamPiped/Piped) to preserve privacy, block ads, and prevent getting sucked in by the algorithm.
The only part of Youtube that I find valuable is the content. Not the UI, not the comments, algorithm. Free content hosting is nice, but it's not the only platform hosting videos for free.
If I wanted to pay for a streaming service, it'd be Nebula (https://nebula.tv/), because I know it benefits creators.
But I'm never turning off the adblocker, thank you.
> it's not the only platform hosting videos for free.
You're only looking at this from your own point of view. The content producers are looking for monetization options, and youtube is the only game. Nebula might be sufficient for some small amount of content producers, but it's unlikely to hit mainstream, and not enough people want to pay.
It's unfortunate, but ads are the only game in town on the internet atm.
Piped is a great web-based service, but since tvOS does not support web browsers on the Apple TV, to block YouTube ads, you either have to stream Piped videos to the Apple TV from another Apple device using AirPlay screen mirroring or use a workaround like the one described in TFA.
I'm using NewPipe (https://newpipe.net) on Android TV which provides an ad-free YouTube experience just like the Android phone version of NewPipe. Piped would also work on an Android TV browser like TV Bro (https://github.com/truefedex/tv-bro).
The legitimacy of ad blocking is well-established. People have been using DVRs, VHS players, and tape recorders to capture and consume ad-free broadcasts for decades.
On top of that, in my experience both CuriousityStream and Nebula's search functionality is pretty bad: I got fed up of the number of times I searched for something mentioned in a spoken "advertisment" by users like Mustard on youtube who said they have extra content on those services and then I can't find it or find out how to list all videos by those users, I stopped my subscription to them...
Maybe it's just my bubble, but it is often I hear that "Our Nebula subscribers fund this show, we couldn't do this with youtube revenue alone" or "Signing up to Nebula with my link gives me a steady source of income that youtube just cannot provide".
I dislike the attitude of those who reject ads but also refuse to pay.
How is this any different from changing the channel, leaving the room, or just hitting the mute button and closing your eyes in the scenario of "regular" TV when adverts or any other content you don't want to see appears? Compelled consumption should be illegal.
The assumption is that not many people would leave the room, close their eyes or mute the ads.
If you created a painless, super easy way to remove all ads, i'm sure that TV channels will also find it hard to sell to advertisers, and thus, their revenue would decrease.
Over here volume boosting is illegal, so instead they DSP ad audio to maximise envelope across all frequency bands.
Since ad sections are your typical break from a program to get to the fridge or toilet or whatever, the DSP transform makes sure you still hear the ads and pick up dialog even when far away from the TV.
Downmixing audio so that you can both hear dialogue and not lose eardrums to music and 'splosions seems to be an intractable decades old problem for the movie industry but it sure as hell been solved a dozen times over by the ad biz.
If you don’t hugely care about the quality it’s easier. Movies also want to use the dynamic range for effect but they sometimes rely on people have better home audio systems than they actually do.
My grandparents did that, it was one of the principle annoyances I had with visting them as a kid
It was very shocking to go from 75dB to an ambient 30dB or something like that out in the countryside. I'd have much preferred to talk over or zone out over the commercials without the suddenly shocking lack of auditory stimulus!
That always felt counterproductive to me. I knew people who did this and they still stared at the adverts. In fact, without the sound, you are probably focusing more on the ads, trying to figure out what is going on.
I would agree, the whole point was to enable conversation without the distraction of the ad sounds. If you're gonna watch the damned things anyway I'm not sure it helped
My last CRT TV had a picture in picture mode. When ads started I pressed the PiP button on the remote, placed the channel I was looking at in the PiP window and started watching something else. When the ads were over I came back to that channel or stayed on the other one if I found something more interesting.
I watch TV on my tablet now, streamed from a Raspberry PI with a TV Hat. Again, I activate the popup player, start browsing, maybe checking HN or whatever. I put the volume off. Maybe I start doing something else. The advantage of a tablet is that I can bring it with me wherever I go in my house. The TV, not so much. I rarely switched on my TV in the past two years.
Serious question here. What's the difference between not responding to the ad in any meaningful way vs blocking the ad entirely? Does youtube know when you've blocked the ad and therefore the content creator earns less ad revenue?
It's different becaue regular broadcast TV pay a fee to get the channel out of a limited amount of available spot, and then use that limited available spot to have higher ad price.
Of course on cabled channels, they get part of the fee of your package.
There is no "compelessed consumption", there is available package "this for free with ads", or "this for a fee", you're free to chose the one you want or neither.
I'm certain your company whichever it is would have an issue if I wanted to use its services but then run away when it came time to pay the bill.
We need to differentiate a little more here. Instead of me having to watch another f*ing viagra ad, since I'm male and above 40, we should instead talk about substituting ads with getting actual fecal matter thrown at us. Your argument still applies. I should accept this because it is in my interest to support advertisers, since, really, I work for one. (In that I work for a private company that also pays for ads.)
Now before you dismiss this as childish and/ or obnoxious: please consider the point. We cannot gloss over _what_ we "have" to watch and not just that it's an ad.
It is true that things have to be paid for and I am 100% for this. But if you want me to basically degrade myself in order for me to get to watch your content, then wtf?
There are so many reasons to block ads. Aesthetics alone. Protecting your valuable time. Consenting to watching an ad is not the same as consenting to your entire life being tracked and monitored.
Given that neither Facebook nor Google can appropriately police the content of their own ad networks (to the extent that they're the two biggest purveyors of malware and scams on the internet - in this rando's opinion), there is no moral argument against blocking ads.
In fact, not blocking internet advertising is a security risk.
If they get their house in order my opinion may change, but there's currently no business reason for them to change their existing lax systems; no pressure or threat from regulation to hold them liable for what they allow on their advertising networks.
The issue with paying for youtube premium is that you are still left with tons of ads. Until YouTube themselves doesn't tackle this issue as it should I refuse to pay to see sligtly less ads.
Half of the content on YouTube could be considered to be an ad by itself.
Also sponsors are being advertised regularly within videos which I would consider to be ads too
A lot of the videos I see have ads in them, section whith "this video is sponsored by this and that". That's definitely an ad. I would say most new (past few years) content by established channels has these. Some more obnoxious than others.
> So I happily pay for premium and while I'd rather that were the only option (I think ad supported content is an inherently socially corrosive model)
Still doesn't protect you from in-video sponsorships (skullshare, OstVPN, etc.), product placements, etc. Some creators especially do these because it protects them from platform demonetization risk.
Same shit with paying for cabletv & movie theatre tickets. If anything, people that pay are their most valuable targets for ads.
Even a newspaper that I sub to runs ads and a zillion trackers against me. Ugh.
I get where you're coming from, but the platform could more to protect paying members from this. E.g. creators with over $x revenue must tag promos so the platform ships them for paying users
To me at least the sponsorblock extension is completely ethical when you are using youtube premium. The creators get paid extra for a premium view anyway, plus I don't think advertisers for in video ads pay per view of that segment (if there are even tools to detect that metric) or anything like that so you're not even hurting the creator.
But I agree that something built in by youtube for premium users would be nicer. Would get youtube more premium users too I think because I was e.g. initially hesitent too of buying premium because I knew I would still be getting in video sponsors.
It doesn’t, but Nebula does. Creators don’t put sponsorships in their Nebula videos. And they had a lifetime subscription recently so personally I jumped on it and don’t have to deal with Yet Another Subscription…
By that logic we shouldn't be even a allowed to look away or mute our sound when the ads are playing, after all if enough people did it it would be just as "damaging" as people with ad blockers.
Also, YouTube is a video streaming monopoly, if it didn't exist there would be a significant chance of new streaming platforms to succeed, but given that it captured the marked such chance is unlikely to exist, monopoly that they achieved hosting videos free of ads (or very light on these) and now that they have the control want to force people to pay or watch a ridiculous amount of ads.
I can be a petty individual at times, and the thing that convinced me to never pay a cent to youtube was their removing the ability for the app to continue to play the clip in the background when switching to another app or locking the phone.
I listen to news and podcast-esque things in the car going to work or school drop-off / pick-up, on the way to sport etc. I'd begrudgingly tolerate the ads if the app background-played but it doesn't without paying for premium. I'm somewhere on an "entitlement" scale here, but background-play being a premium feature really feels like it's stretching the friendship.
So... alternative front-end it is. Great experience and no ads to boot.
The said ability also exists in a premium subscription. So what you effectively saying is that YouTube offers you a valuable feature, but you refuse to pay for it.
No but you have to agree on the enshitification part. Youtube turned to one of the worst UX apps I have on my phone, I hate paying them for such a shitty product and I'm waiting for the time they're off this planet
YouTube is not offering a valuable feature here. It's an OS feature. YouTube is going out of its way for you not to have this feature, unless you pay them (even though it wasn't them who brought you the feature to begin with).
I understand why this upsets people.
Imagine Youtube preventing you from adjusting the volume unless you paid. This is similar.
> removing the ability for the app to continue to play the clip in the background when switching to another app or locking the phone.
Do you know that the paid version has this exact feature? This is a limitation of the ad-supported version, because advertisers are paying to actually have people watch their ad.
They removed it from in front of the paywall to behind the paywall. The non-paid version used to do it. It was a memorably jarring experience working out WTF happened when background-play was rugged.
That's a way to look at it, and another way to look at it is this:
I already pay Google much more than I care to and am willing to in the form of my privacy and personal data because of the ubiquitious surveillance that Google performs on as many people as they possibly can.
If I could cut Google out of my life I would do it in an instant, but I can't because they won't allow it. In lieu of that I take whatever I can from them.
“To steal from a brother or sister is evil. To not steal from the institutions that are the pillars of the Pig Empire is equally immoral.” -- Abbie Hoffman
> I dislike the attitude of those who reject ads but also refuse to pay
And I dislike YouTube's hostile ad escalation in recent years. One ad - fine, two ads - hmmm, three ads - what the hell. Unskippable ads. Inappropriate ads. Loud-ass eardrum ripping ads. Ads even on Premium.
I find this a false proposition, there are plenty of other ways to to support a video streaming platform. There is nothing that suggest a platform like youtube has to exist in it's current form either. If a monetizing strategy does not work it is not the users holding it wrong. People consumed videos online before youtube and will be consuming after youtube just fine. It is not like Google is the creative mind behind the content either, in fact, the streaming part is by far the most boring problem.
I really dislike the attitude of defending megacorps and worrying about their bottom lines, especially anti customer ones like Google.
You claim that there are plenty of other ways to support a video streaming platform yet fail to mention even one of them.
Things cost money. Every monetizing strategy involves users paying for it or the company making money from the users indirectly. OP mentions both of these. So tell me, what's a monetizing strategy other than these that works?
People consumed videos online at a very limited scale before YouTube, and those videos were usually hosted by few, generous individuals. Even if every user in the world decides to contribute 50% of their device storage for a decentralized streaming platform, I doubt it would even fit a small part of all videos in YouTube's catalog right now.
I really dislike the attitude of hating megacorps without really proposing any viable alternatives.
Nitpicking alternatives is not the main point. There is nothing that suggest a platform like youtube has to exists in its current form.
Consider a freemium model without the threat of adxtortion, obviously this would require youtube to offer a significant value add and/or premium content besides trying to be a monopoly and gatekeeping eyes. Make it purely subscription based (e.g. Netflix before ads). Ask creators to pay for the blue checkmark. Make it a loss leader. Plenty of adult streaming sites manages to do just fine without youtube style invasive ads. I'm sure much smarter people can name countless other ways as well, it also does not need to be a 1-1 alternative either.
By the same logic, it's irresponsible to watch ads and not buy the products. That's after all what keeps the wheels turning.
I remember I had this discussion after a school political debate in the 90s, with (adult) actual politicians. Textbooks at the time were not publicly funded, and naturally the textbook companies jacked up prices for their captive audience forced to buy their books.
This one party had the "brilliant" idea of ad-funded textbooks. I asked, if the textbook companies currently take $50 for the book, if it was instead funded by say McDonalds ads, how many extra burgers would each student have to buy that year? They didn't have any good answer to that.
None. The textbooks would then be subsidized by McDonalds' advertising budget, reducing their profit margin.
It's the same as blocking YouTube ads; Google still pays the creator as if you had watched the ads, so your video playback is being subsidized by Google's ad business profits.
When you choose not to block ads, you aren't "supporting creators", you are supporting Google shareholders.
Point is, McDonald's wouldn't do that for long. They don't have that big margins.
Google's shareholders might, for a while, for the sake of "control". But either way, it's not sustainable. The anti-adblockers are right about that part. They're just wrong that watching ads without spending a ton of money on the products help matters.
This happened for real, actually, at least some german science fiction publishing houses did that. They would "insert" a page into the book, which picks up the story in some really cheesy way and then bends in within two sentences towards the main character needing a quick soup now (the advertise was for soup always, they just had that one sponsor apparently).
The introduction goes like: "Only Kirk kept helping himself, because he was convinced he would need strength for the upcoming events." and then below the black bars the actual ad: "The reader should do same bla e.g. soup bla takes just 5 minutes etc"
> I dislike the attitude of those who reject ads but also refuse to pay.
What about fair advertising? The main problem here nobody dares to talk about because dealing with it would undermine the very essence of capitalism: unlimited growth, is that there is no way to have fair advertising exactly as there's no way to have a fair use of any resources. Once you allow anything to be used for profit, it will be abused from the strongest players at the expense of the others until the last drop. It would be extremely easy to put well defined limits on how much advertising can be shown, and make the Internet a better place, but no way, it's anti capitalistic and therefore a no-no. Ad blockers weren't born the same day advertising came to the Internet, and many years passed until someone realized we needed them; that was the day surfing became such a horrid experience thanks to unlimited, pervasive and ever growing advertising.
edit: and, by the way, I still have to see some company going bankrupt because of ad blockers.
Incidentally, this is probably the best getting started guide for pfSense. When I set mine up last year, all tutorials were lacking. It was usually just installing pfSense, or some random settings that anyone would probably go through anyway. Took me awhile to collate the relevant information and set up my pfSense. I did eventually removed it and installed OPNSense, which has similar issues.
Actually, YouTube as a service holds quite a bit value for me, so I am happily paying for premium subscription, which removes ads and also gives access to YouTube Music.
I just subscribe to YouTube premium to support my favorite application out there.
I learn so much from the people who spend hours and hours making videos every month that I am more than happy to pay a measly $13 or whatever it is every month to YouTube.
No, paying Nebula as an alternative to paying Youtube doesn't work for many viewers because most creators who create good content are not on Nebula. E.g. Many popular channels with worthwhile info such as Applied Science, Technology Connections, 3Blue1Brown, etc are not on Nebula.
Also, many people who use Youtube for learning DIY repair, hobbies, coding, etc and Nebula doesn't really cater to those genres. E.g. I watched some videos about configuring Unifi networks and then some tutorials on installing some flooring. These types of videos are not on Nebula's platform.
There is a huge variety and scope of educational material on Youtube and platforms like Nebula/CuriosityStream only have a fraction of that.
Nebulas Android app is insultingly poor quality and pretty much unusable on tablets/foldables (it locks in portrait - who the heck still does that on a VIDEO app?!)
I've had college students build better apps for homework. It's insulting considering the rather high price of a service.
I would not mind paying for "ad free Youtube" if it was like 5 - 10 bucks. I don't need or want Youtube Music. There was a YouTube Premium Lite at some point for some countries.
Plus paying for youtube premium does not remove the sponsor ads inside videos.
Also I feel like the algorithm has gotten worse and worse? I personally don't like to support that.
I pay for Youtube Premium, but still I have to run Sponsorblock to block the in-video embedded sponsorships and one uBlock origin scripts to remove Shorts from my Subscription.
If the ads were silent banners changing the aspect ratio of the videos, I wouldn't mind them.
30 second un-skippable advert to see a 7 year old 45 second clip? I press "back" and watch neither.
Thinking of supporting creators: I looked at Nebula a while back as an alternative; I think there was some UX issue back then, but they've likely improved it and I should look again.
If the ads were silent banners changing the aspect ratio of the videos, I wouldn't mind them.
This is an interesting idea. It is already used to some extent in live football matches broadcast on TV. The sidelines have their ads replaced. I think your idea is a good one and deserves some testing by Google/YouTube.
I do that too when I really want to support someone. YouTube premium is a way to support each producers videos, not only the few that I might patronize on Patreon.
There are dozens and dozens of different creators of videos that I watch each month, so if I only used Patreon most wouldn't get anything from me.
If you continue to give Google money you'll continue to get things like AMP, Manifest V3, Web "Integrity", and whatever else they think up to track you across the web.
They're an ad company. They pay the creators per impression even if you block the ads. Blocking ads harms Google, not the content producers.
No that's what you get when you're the product by being a free user. Paid service relationship works just fine for me - Google isn't ideal but YouTube is one of my main content sources + YouTube music for my family for slightly more than the price of Spotify family subscription - yeah it's an easy choice.
Spotify suggestions and playlists weren't a seller feature for me for years. Maybe I'm missing out on a few podcasts.
No, Google will keep fucking you over and destroying the Internet, whether you pay or not. Not to mention the fact that what they pay out to creators is absolutely pathetic. Go find their Patreon, their Ko-fi, hell their paypal, anything but giving Google 13 bucks.
“Consume” ads? That is a quaint 1960’s take that is long dead.
Ad companies have been tilting the agreement attention for content ever more in their favor in aggressive and privacy harming ways. They long ago broke any moral standing.
The content creators need to seek a better deal, they’re getting screwed by Google too.
I'd rather use their services and block their ads, if I'm honest.
Ad supporters talk like blocking ads is literal theft, which is absolutely laughable. It's further away from theft than piracy, which is also in no way literal theft.
If I'm watching traditional non-demand television, and I go to the bathroom or change the channel during an ad, am I stealing from the network or the show? Hell no, that's ridiculous.
Theft? Of course it's theft, if I reduce to what is happening - you're using their services for free with no compensation. That is the definition of theft.
I would agree with you it's ok if there was no way to _otherwise_ pay for the service. If they push a only ads-supported version, and I have no choice but see ads, and I don't consent to the impact of ads on my brain, it makes a case for blocking ads being ethically correct.
But since there is a choice on how to pay, I find reasoning is no longer ethically right. You can choice to pay with your attention and brain, or to pay with hard cold cash, so the argument of ads being shoved down your brain no longer holds. You can choose to not see ads and pay for the service, and you chose to steal.
And you can make the argument that stealing is ok since you steal from the bad guys, but then you don't get to complain when others may steal from you - we're all "the bad guy" for somebody else
No. Theft would mean they no longer have the service once I've taken it.
Me taking a copy of Shrek 2 at the local store and not paying for it is theft: the store can no longer benefit from Shrek 2.
Google can re-send the exact same bytes to someone else. All I've costed them is what it costs to send those bytes over. But then, would you consider going into a store, loitering for two hours, taking the sellers attention (therefore, costing them time that they cannot use to sell things to other customers) then leaving without buying anything theft ? Most reasonable people would say no. We'd all agree it's a dick move, but since corporations are not people, it doesn't matter.
Would you go into a restaurant, occupy a table, spend server's time to bring you only tap water, loiter for a couple of hours, and leaving without paying anything OK? if that's what you want, go to a public library.
I think the sooner we move from ads-supported models to pay-per-use like Netflix, the better we are - those that can afford will consume the best content, and the rest will stick to public domain.
Hear hear. I'm beyond tired of all these self-proclaimed hackers with their lips so far up Google's ass that they can taste what Sundar had for breakfast.
The ad industry is a scourge on humanity, and its gormless defenders are willing accomplices.
It would be, if Google didn't have a chokehold on most of the internet. Sure, Nebula exists, I can watch three creators there, woohoo. Let me go on Dailymotion too for those sweet 2005 videos.
Google did everything in their power to force themselves into every aspect of our lives and leaving no alternatives, or destroying them, or buying them. Now they get to deal with the consequences
And it's just a convenient consequence of doing the "morally right" thing, that you happen to get your content for free? And content creators be damned?
No, I just happened to always have it for free. They are the ones that decided that it was a good deal in exchange for tracking me throughout the internet, stalking me. They are the ones that decided to make my watching experience miserable by putting unskippable ads. They are the ones that decided to make the videos I watch crap, because if they're not 10 minutes long with a perfectly engineered cover image, they won't pay out the creators and they won't show their content. They are the ones allowing literal hour-long ads. They are the ones that decided to make my home page """algorithmic""", which is really "oh you watched a video game ? Others like <literal nazi>, you should watch it". They are the ones hiding, destroying, trying to piss me off by removing features one by one and putting them into Youtube Premium. Play in background ? High quality videos ? Not stopping autoplay every 30 minutes to ask me if I'm still here ? Picture-in-picture ? Adding to queue ? These are all features that they proudly displayed in blog posts saying how awesome they are, and that it'll always be free. Now, they blast me with popups telling me to get Youtube Premium. One per person in my household by the way, account sharing is bad and they must extract as much money as possible.
The content creators I support get their money on Patreon or whatever fundraising platforms they use. Same things for my favorite journals. The others ? Well, I don't care enough about them to think that I would pay for them. Maybe others will. And if they don't, well, they'll stop.
It would be, if Google didn't have a chokehold on most of the internet. Sure, Nebula exists, I can watch three creators there, woohoo. Let me go on Dailymotion too for those sweet 2005 videos.
Google did everything in their power to force themselves into every aspect of our lives and leaving no alternatives, or destroying them, or buying them. Now they get to deal with the consequences
The content creators could post anywhere, there is no reason they can't cross-post their videos to other platforms. Most publishers who are on Patreon post all their videos ad-free on there so you don't even need to go to YouTube.
The reason most publishers post on YouTube is because they depend on the revenue from the YouTube network.
If you don't want to watch ads, fine, but you are expressly violating the wishes of the people who are creating the content and then rationalizing it to yourself. The fact that you still rationalize not buying the ad-free premium offering is the kicker.
Ads are emphatically not a valid monetization tactic. Holding up a corner store at gunpoint is unethical; getting up to go to the bathroom during a commercial break is not. There has never, ever, ever, ever been any moral or ethical imperative to view ads, in any context. By asserting otherwise you're simply being dishonest.
None of the content I'm interested in is available elsewhere. I've checked for exactly this reason. I don't want to be freeloading off of google, ideally I'd not use their platform at all, just like how I replaced gmail with self hosting, googlemaps with openstreetmap, googlesearch with duckduckgo, etc.
It costs creators literally nothing to upload an mp4 file to a second website and it would create market forces where youtube now has to compete for views with those alternate platforms (even if it's fragmented). But they're not doing it. Okay, so then I need to use youtube, doesn't mean I need to give google my payment information to pay a fraction of that money onto creators and mainly further their adtech
I'll stop freeloading when mega corps start paying back even a fraction of what they take from society. Governments have a setup for this, it's called taxation.
Google uses their primary business (surveillance and propaganda) to subsidize their other endeavors, engaging in unfair business practices by providing services below cost to destroy any competition. Taking them up on their offer while protecting yourself from their primary operation is no more freeloading than buying only the loss leaders from one store while going elsewhere to get the rest of what you need. They're a business, not a public service.
I just have no sympathy for the ad industry. I wouldn't have gotten into ad blocking if ads were non-intrusive, non-deceptive, and purely contextual. I used to even click on them more than a decade ago. But no, the ad industry wasn't satisfied with the money they were already making. They wanted to stalk you across the web and shove endless amounts of junk ads to uninterested people.
The ad industry brought the current situation on to themselves.
I'm giving them money to view fewer ads. Isn't this an inherently "anti-ad" consumer standpoint? I am telling YT/Google that I as a consumer am willing to pay money to not see ads.
Am I not telling them with my wallet to develop other ad-free solutions that I will pay them and the content creators money for?
> They pay the creators per impression even if you block the ads. Blocking ads harms Google, not the content producers.
Blocking ads and refusing to pay any money into the YT ecosystem decreases the revenue per viewer which will eventually reduce the amount of money YT pays to creators and/or increase the price they charge to YT premium subscribers.
No, they're not going to leave money on the table. Eventually you'll be seeing ads too. This is just a hook period. I don't understand how we as a culture haven't learned this already. This is at least the fourth or fifth generation of this with media. How things actually work should be common sense by now.
It seems to me that all of google's most successful services (search, youtube, gmail and gsuite, maps/earth, android) are next to impossible to monetize profitably and have significant utility to the general public. It feels like these are services that governments should be building and funding themselves.
Youtube specifically has a plethora of useful information made by normal people. You can find hundreds of thousands of videos, in most languages, about doing most basic and complex repairs for almost any model of car made in the last few decades, for example. It is essentially a giant public library.
It is deeper that that, corporations literally are governments. When you form a corporation you are creating the government that your organization will now operate under. usually this will require a license from whatever larger governmental structure you find yourself in.
Sometimes this is a publicly tradable for profit endeavor, sometimes it is private or perhaps non-profit(all profits have to be distributed back into the corporation), or even an actual public corporation(often called a town or a city,
That is insane. No corporation has the ability to incarcerate you or kill you. No corporation can round up your family.
What, precisely, is the “threat” that Google presents that does not rely on a government to be the muscle. Are they going to cancel your Gmail account? Cut you off from YouTube?
Surely if they actually are as powerful and dangerous as you think they are you wouldn’t use their stuff at all. But then I guess they wouldn’t be all that powerful if you could just stop using them…
(Shrug) Insane, whatever. All I know is, when I call the IRS, I can get a human on the phone who actively wants to help.
Try that with Google, PayPal, Amazon, Apple, or any number of other companies when an error they've made but refuse to even explain, much less fix, threatens to wreck your livelihood.
To redress grievances with my government, I don't need to make the front page of HN or go viral on Twitter. We don't go a week around here without another front-page lamentation to appeal for noblesse oblige from one of these intentionally-faceless megacorps. That's not how you should have to deal with a company you're doing business with... but it is how you deal with a dictator who leaves you no other choice.
That's simple in countries without a Second Amendment, or that don't recognize self-defense as a fundamental human right, but it's not simple in this one.
I've been using premium for almost a decade now, since before it was rebranded from YouTube red. I'll let you know when it's safe to remove your tinfoil hat.
Oh and I'll be downloading my videos for offline viewing and listening to ad free unrestricted music as well.
Thank you for reminding me that yt-dlp also works with youtube music (didn't think of that). I just tried to list all the available formats of a song there:
ID EXT RESOLUTION FPS CH │ FILESIZE TBR PROTO │ VCODEC VBR ACODEC ABR ASR MORE INFO
────────────────────────────────────────────────────────────────────────────────────────────────────────────────
233 mp4 audio only │ m3u8 │ audio only unknown Default
234 mp4 audio only │ m3u8 │ audio only unknown Default
599 m4a audio only 2 │ 1.05MiB 31k https │ audio only mp4a.40.5 31k 22k ultralow, m4a_dash
600 webm audio only 2 │ 1.27MiB 37k https │ audio only opus 37k 48k ultralow, webm_dash
139 m4a audio only 2 │ 1.67MiB 49k https │ audio only mp4a.40.5 49k 22k low, m4a_dash
249 webm audio only 2 │ 1.86MiB 55k https │ audio only opus 55k 48k low, webm_dash
250 webm audio only 2 │ 2.44MiB 71k https │ audio only opus 71k 48k low, webm_dash
140 m4a audio only 2 │ 4.42MiB 130k https │ audio only mp4a.40.2 130k 44k medium, m4a_dash
251 webm audio only 2 │ 4.71MiB 138k https │ audio only opus 138k 48k medium, webm_dash
Hm ... no mp3 (my car accepts mp3 only) and the bit rate is not very high. Is youtube music that bad?
Both AAC and Opus fix some of MP3's inherent design problems (like imperfect handling of short sharp transients no matter how much bitrate you throw at it), so the only reason to continue using MP3 is for compatibility with old devices.
Since downloads aren't an official part of Youtube's offering, they don't have to care about old offline-only hardware players only supporting MP3, either and anything that's modern enough to still support either a Youtube app or the website will also support either AAC or Opus.
> the bit rate is not very high
There's also a high bitrate available, but only for subscribers.
Tell me, do you casually click 15-20 videos on your phone while You're taxing before takeoff to be entertained for the whole flight? Do you use a media player that lets you turn off the screen but continue to listen to your just released yt podcast while you work out? Do you watch live feeds on your phone without ads? Or do you run a yt-dl scripts from the CL 3-4 times per year to farm w comments?
Not seeing ads is a benefit of the service. Paying for premium is to support the video makers and, yes, the service itself.
Paying for things you use is how you signal you like the product. The insane contortions people resort to in order to justify piracy boggles my mind. You either pay by watching ads or you pay the premium price. No one is entitled to YouTube. YouTube has to be paid for in order for it to exist and the creators to make stuff. That is the reason to pay for premium.
Or you can do what I do and support the creators on patreon and continue to use adblock on YouTube. That way you can consume content without feeling guilty and not support Google's monopoly at the same time.
I’m honestly not asking to be obtuse, but what difference does this “tracking” actually make? I block ads on the web because they’re so obnoxious and usually so utterly stupid (One weird trick to blast belly fat!!”), but I couldn’t care less if an ad profile exists on me or on some GUID tied to a browser I use[1]. What’s your pitch to someone who doesn’t care, that they should care?
[1] also, if tracking can help to replace idiotic ads like that with ones for some b2b software product I’d actually be interested in knowing about, please track me.
The idea that if you are willing to give up some privacy, the ads you see will be high quality and relevant. That sounds like a great trade and for twenty years I waited for those useful ads.
They still haven't appeared. When I consider what I trade for the ads I'm getting now, it's no where near good enough. My data is valuable and Google et al just aren't offering enough in return. The only place I ever see decent ads is on Google's search page.
I think the reason we see shitty ads like the belly fat ones, is because Google isn't actually trying to serve us first. Their main concern is ad dollars. So even though Google knows you watched a video on changing guitar strings an hour ago and now you are standing in a Guitar Center, instead of showing you an ad for guitar strings, you're going to see an ad for belly fat because that advertiser is willing to pay a fraction of a penny more.
So to answer your question about why you should care - it's because you are greatly overpaying for the service you are getting. Of course there are other reasons too - avoiding ads containing malware is one. Protecting yourself from tyrants is another. If you are socially or politically active, you may not trust that the government now or in the future can resist grabbing the data that shows you support abortion rights or attended a BLM or LGBTQ march or were part of the crowd on Jan 6.
Let me ask you this - if you learned the tracking is actually a person on the other side of the planet watching in real time, everything you do online, every conversation you have, every site you visit, and mix it with the data they can get from your phone (location, phone calls, music preferences, who you are spending time with, etc...) and they manually log it into a database, would that change how you feel about it?
I think there’s an opportunity cost not considered explicitly here, which is heavy users of YouTube (such as myself) find $13/month cheaper than wastes time watching ads.
If I added up the total ad time I’d have to see on a free account, the math would heavily favor paying to not see them vs my (or really most software engineers at the level of YouTube I consume)’s hourly rate.
It’s made decisions much easier for me if I take my hourly post-tax rate and compare it to services I’m using. If math works out, it’s generally worth it.
I’d love to fight the good fight against ads and stuff, but between working 9-5 and a side business, relationships, hobbies, I just don’t have the time.
You're giving them money because they're serving you ads in the first place.
I appreciate advertising money pays the salaries of people in such companies, but there are other less intrusive ways. Since I've grown up with the evolution of internet advertising, my brain is wired to just ignore it. I can't saying I've knowingly be influence by any form of internet advertising, ever.
A better solution for all concerned would just be to watermark a corner of a video with 'sponsored by company X' than the hours of human effort wasted in squeezing 30 seconds of adverts into everything, and the effort of people to block and get around that.
Fortunately I bypass Google entirely and find ways of paying good creators, which ends up with more in their pocket and less in the pocket of one of the shittiest companies on earth.
Do not confuse Google's revenue with market rate of an impression on YouTube. More revenue for Google does not equal higher pay for content creators. Google pays them the minimum to keep them on the platform. And that minimum is tiny since their platform is essentially a monopoly.
I do when I regularly watch a particular creator's videos over and over. However, this isn't the case for most of the videos I watch. Lots of one-off views.
So have 100 different Patreon subscriptions each month? The minimum pledge is $1. What if I watch 200 different YT creators? What about the short videos? Should I create a new Patreon subscription for each individual creator I watch? What if my interests frequently change (they do). Should I spend hours per month managing individual Patreon subscriptions?
The original post is about blocking ads. Blocking ads reduces the amount of money going to creators. Now you are saying that paying actual real money to not see ads is also not the way.
> They shaft creators in every way possible.
I guess this could be true that YT "shaft[s] creators in every way possible". If this were true, I'm somehow guessing that not basically everyone would show their videos there, don't you think?
There's a balance here; being universally against ads (which quite a few people here are) while also refusing to pay anything for content is not a congruent view.
At a very minimum there is considerable costs associated with delivering the video content, as most of us know.
And for the record, I do patronize the creators whom I watch lots of consistently.
> I guess this could be true that YT "shaft[s] creators in every way possible". If this were true, I'm somehow guessing that not basically everyone would show their videos there, don't you think?
The fact that content creators are still using Youtube doesn't mean Youtube is not shafting content creators. Youtube has killed most of their competitors so it's not like content creators have other options right now, but I suspect new competitors will show up if Google continue to enshitify youtube.
The problem is that most people don't subscribe to hundreds of Patreon creators. It is actually REALLY hard to have a substantial income from Patreon unless you have like 1 million subscribers on youtube. YT Premium+Ads is the next best thing and makes most creators a lot more money with less effort.
Source: I'm a full time youtuber, I have done Patreon for over a year, and I have friends who are also full time youtubers.
I don't see a point in giving google any money when the price of premium seems to go up every time I open the page for it (it's literally gone up 50% in the last 2 months, with the cheaper tier also no longer being offered) on top of actively being worse than using normal adblockers since you won't get any equivalent to sponsorblock by paying for premium. It's literally worthless, at least until google begins clamping down on ad blocking.
A problem with paying is that you have to be logged on so you can’t avoid being tracked and having every video you ever watch linked to you for all eternity.
You have privacy controls in your Google account. I have web & app activity off, location history off, YouTube search off and YouTube watch history auto deleting after a few months. https://myaccount.google.com/data-and-privacy
If you're talking about them building a secret extra profile about you with those things turned off, then they wouldn't need you to login for that.
And if you believe Google is not storing that information anyway I’ve got a beautiful bridge for sale.
If you don’t use an account you can create a fresh container every once in a while and start the game anew and you can choose to not associate it all with your identity.
Read the privacy policy, they explicitly state they store it. Obviously, because in many cases they need to know who watched that. For instance for their licenses they need to be allowed to show you copyrighted content.
You can ‘pause history’ which means ‘If you turn off your YouTube watch history and have no significant prior watch history, YouTube features that rely on your watch history to give video recommendations, like recommendations on the YouTube homepage, are removed.’ it doesn’t mean they don’t store it.
Google stores everything and deletes nothing. If you don’t want Google to keep track of information, you have to make sure they don’t have it and never get it.
> Google stores everything and deletes nothing. If you don’t want Google to keep track of information, you have to make sure they don’t have it and never get it.
This would be a clear GDPR violation. This isn't the 2000s or 2010s any more.
If my country either took privacy seriously or took corporate malfeasance seriously, then Google wouldn't exist in the first place. Here's to hoping, though.
This is misleading. At least with Google Play, they track all installed apps on your account forever.
even if you uninstall, remove from history in the app, and remove from Google account history, future API calls reflect that you've installed the app before.
I understand the sentiment, but the creators actually only got peanuts (most don't even see any money) out of your $13 while the rest go to Google. You are paying Google for youtube, and Google pay (some) content creators with a tiny fraction of your subscription money.
Afaik From ad revenue channels get 55%. They also get money from premium subscribers depending on how much time they spent on channel. I wouldn't call it peanuts.
That’s true when they pay out. It’s supposedly hard to get to get them to actually pay.
They say they pay out 55% of ad revenue per video and 55% of subscription revenue.
Assuming 10% of video creators have successfully set up monetization (I made up that number), then they are only paying out 5.5% of ad revenue, since (as far as I know) the unclaimed ad revenue is not pooled and the distributed proportionately to other accounts.
It’s unclear if they put YouTube premium revenue in per-creator buckets in the same way as they do ad revenue. If so, then they would only be paying out 5.5% of subscription revenue in my 10% example. If, on the other hand, subscription revenue is split amongst just the monetized creators that you personally watch, then they would be paying the 55% their marketing department likes to brag about.
I haven’t been able to figure out which way they do the accounting.
However, as of 2021, over their service lifetime, they paid $30B to creators. Their 2022 revenue was $29B
So, they’re definitely keeping the vast majority of the combined ad and subscription money that comes in the front door (or revenue exploded in 2022).
This is bullshit. I'm a full time youtuber, and creators get 55% of that money, and we really appreciate that income stream.
Youtube is actually one of the good companies out there when it comes to paying creators a fair share. No other company that I know of pay creators this well, and it is probably a big reason for their continued success.
The infrastructure for growing and preparing tobacco products also "costs rather steep amount of money" but isn't justification for supporting them. The incessant vomiting of advertising by Google into the faces of the public and the distortion of incentives for content creation has reached a point where the overused word "toxic" has really become warranted.
I'm also intensely Youtube positive, even if I don't like ads or google.
Youtube is one of the best things on the internet. The shame is that it's centralized with a single point of failure.
The upsides of youtube are enormous - people learn a lot there. It's not just nerds learning about stuff, but everyone. How do I fix this thing on my car, etc? People show and tell about all kinds of topics. This is making people more knowledgeable and capable on a citizen level(!)
The written word champions here will have to realize that for some, videos are a superior medium for transmitting know-how.
I'll pay Google when they start weeding out the utter garbage that is uploaded targeting kids. Things like frozen characters getting tired up and thrown in water, or their clay stomachs getting cut open. YouTube happily suggests these abusive videos when you are watching kids shows, and Google does stuff all about them
The last sentence in the Wikipedia article you link provides reason to believe that the extensive and largely unfocussed show of action Google made in 2017 did not, in fact, solve the problem.
Are you sure these videos and their targeting are still a thing? Your comment is the first I've heard about it in years, and looking now everything I'm finding is years old.
At this point I would pay those people to stop making videos and start writing again. Sitting through a 15 minute video to explain something that can be read in 2 minutes is a waste of everyone's time.
But that's not all about it. You probably don't know amount of courses available on YouTube. Chemistry, medicine, engineering, mathematics and what not.
Which, if people weren’t aware, is also a consequence of ads. It’s so the creator can get a mid-video ad. Even if you pay for yt premium, you’re still getting a garbage experience because creators fluff out videos to hit the higher minute mark.
Some videos are drawn out but lost aren’t. People will drop if the video gets too boring. It’s also very easy to skip in video ads or forward or reverse to the most replayed part of the video.
I find it’s pretty unusual to find something being taught in a YouTube video that couldn’t be learned from a book, repair manual/schematics, or a university course. Nothing’s stopping you from seeking out written material instead, especially if you’d be willing to pay people to _stop_ making videos.
The obvious reality here is that RandyLahey1989 from Halifax probably isn’t going to start a Substack about snowmobile repair, nor would anyone read it if he did, but his video on replacing the carb in a 2011 Switchback has hundreds of comments thanking him for his help. Wouldn’t you agree the internet’s a better place for giving Randy the chance to share his domain knowledge (and get paid for it)?
I seriously think the “everything should be an article” crowd is a bit disconnected with how the average person prefers to create. The future of consumption is video for a growing majority of internet users, one would be a fool to pretend otherwise.
I’m eagerly awaiting the day when some pirate site feeds the videos through a machine learning thingy and outputs an appropriate length text summary, with an appropriate number of screenshots for following along.
I’d want the summary and images to be verbatim from the video, but for it to strip crap like “hey, it’s been a while since I made my last video, as you can see behind me, nessie the cow is caught in a tree in my vertical farm wall again, which you can see another video about. Today, we are going to explain how to open this laptop, but first I’m going to talk about [product placement]”
I and other educational content creators thank you. YouTube is not evil, the service they provide for both content creators and viewers on YouTube is not only fair, it is clearly unmatched.
As long as the youtube tos allows creators to upload videos with their own add I won’t be paying a dime for premium. Where is the point to pay for skipping 5s of ads, when there is another one by the creator for a whole minute in the middle of the video?
This post is more of a technical breakdown of things, not some sort of advocacy for not paying content creators:
> Disclaimer: I want to support content creators, so to be fair, after a few months of blocking YouTube ads, I am now paying for YouTube Premium; Just because I can break something, doesn’t mean I need to.
For many it's not about supporting the platform and creators. YouTube can be unwatchable with ads. I believe this was done in part to push people to purchase premium. Some pay, some block, but nobody thinks the YouTube advertisement business is something done right.
Paying for YouTube premium does not remove the sponsors, in video ad breaks and all. Actually the only way to do that on mobile is with ReVanced, not matter how much you want to pay YouTube.
Easier solution: You can get YouTube Premium for $2 a month if you just happen to be in Argentinia while you sign up, even if you are using a US credit card to pay.
Nah. I’m old enough that i don’t care about playing the “catch the mouse” game with all the various ways to borderline-legally pay less (and maybe get your account flagged and suspended - good luck appealing to that).
I’ll just block ads, alphabet is doing fine anyway.
You can use a separate Google account with a separate email address for that. Using Apple Pay or similar, your payment also remains anonymous. And if you don’t care about history etc., you can switch to a new account every year or so.
if you want to DRM your app, yeah. In that case, also don't forget to check for microG or root (super scary stuff, a user having admin on their own device, imagine!) and ensure that the device isn't muted during ads as well as disabling app backups (they might be able to get at their own data!!1) and turning off screenshots (no benefit, but it can be claimed to be a security benefit just like denying root and turning off backups, and it will serve to further annoy the user).
If you don't mind that users can see what you're leaking to the server from their device, or sending to their device, then please don't use certificate pinning, or at least make it an option...
Unfortunately, there's two types of users MITMing apps, opening their browser's dev console etc.:
Those that know what they are doing (i.e. tinkering with the app to find out what makes it work or to modify it), and those that have no idea what any of this means and that get instructed by scammers on the internet (e.g. phone support scams) to do so.
One of the things I never do is paying someone else to circumvent paying to the original vendor. I either buy it legally, in the correct region, or pirate it for free.
Ok, 3 bucks and inconvenience of using a vpn(if free it's also tracking you) and no blocking sponsored blocks and works worse in some countries without vpn? Yeah sure...
I pay for premium, but i du this solely for blocking tv ads and yt music, for the rest, ublock and sponsorblock do offer a better experience in browsers and completely free
658 comments
[ 0.27 ms ] story [ 314 ms ] thread> In fact, the YouTube app is zippier because fewer connections are made to ad URLs in the first place.
I swear on LG TV that webOS runs at a smooth 60 FPS when it's not connected to Wi-Fi and slows down as soon as it phones home for whatever telemetry and ads LG intend to serve me...
The solution: I set up a query param that would disable google tag manager. All of the crazy tracking and telemetry stuff we didn't control was the biggest issue.
I am not sure who is to blame, but I guess there is no way we can get the simple web we loved back.
Failing all engineering effort, they could have use a beefer CPU...
In my experience, there was a noticable performance improvement as well. Bootup times alone are probably 2x-3x faster.
[1] https://www.reddit.com/r/LGOLED/comments/1571djx/guide_how_t...
I commented about it a while back here: https://news.ycombinator.com/item?id=34374725
i am not sure how one could possibly characterize that as a "flaw," since protobuf is a field-numeric length-prefixed protocol in the first place. it makes a (reasonable) assumption that bytes won't be messed with over the wire, leaving integrity to the reader, so even if this _was_ a flaw, it would be a flaw in the YouTube app for iOS, not in protobuf...
since it isn't a flaw, it isn't an "exploit," unless you are referring to the fact that youtube's protobuf exchange on their iOS app isn't checking hashes for returned payloads.
i suspect after this post they will
There's also this bit:
> Google makes it computationally expensive to decode, alter, and re-encode without the C++ source proto files
Yeah, it's computationally expensive if you use unoptimized Python code to do it. If you write your code in C (or another compiled language) then scanning 1.8MB of protobuf code should be trivial, with or without the proto source files.
I'm pretty sure that making Protobuf files hard to decode without sources is not a design goal. If it was, they did a pretty lousy job.
https://news.ycombinator.com/item?id=26931581
The author seemed to have parsed the protobuf data by converting it all to a huge hierarchy of thousands (millions?) of Python objects. Of course that is slow and takes a few seconds. That's so many allocations!
But if you are just looking for a specific tag, there's no need for that, I'm pretty sure you can parse protobuf in place without allocations, which would be a million times faster. You could maybe even do it in Python with reasonable speed.
Required fields were a feature of Proto2. In proto3 syntax (latest), the required field concept was dropped because it caused issues with protocol evolution and was easy to misuse.
In essence, because of the backward and forward compatibility guarantees supported by protobuf, a "required" field must be required for the entire lifecycle of the protocol.
For these reasons and others, protobuf takes a stance where unrecognized fields are not necessarily errors. If it took a strict stance and failed in this condition, the presence of new fields in an "evolved" protocol would be an error which would break forward compatibility; old clients would not be able to communicate with new servers, and vice versa.
Protobuf guarantees that new fields will not break forward or backward compatibility.
This is why parsing unknown fields in protobuf is a feature, working as intended, not a flaw. In some language SDKs for protobuf I believe you can customize this behavior but it really isn't a good idea.
This is also why the app authors might want to consider a hash instead. Tampering with the payload would break the hash, and without the schema, the author would not necessarily know where the hash was situated in the payload to fix it, or even that one is present at all. The complexity of recalculating the hash (assuming they find it) vastly multiplies the attacker's burden at little cost to the application; adding a few rounds and a salt, for instance, would make this kind of attack significantly harder to pull off.
It's not perfect security, but it would certainly be better.
Protobuf does this so you can do `deep.dotted.paths` and you won't get null exceptions (probably a side effect of starting partly in Java). The leaf fields end up as empty strings, `0`, `false`, or an empty array for repeated fields.
It's a neat trick to get it to ignore a field, just not a "flaw." It's actually a compatibility feature in disguise.
(So it might be pretty hard to detect, versus the potentially-legitimate case of just not having any ads to show.)
I would think that a dummy object would be trivial to detect.
Is it ever reasonable to assume you have a properly decoded empty array because a user tampered with it, instead of that being what the server gave back to you?
If you have to choose between (a) the app shutting down or (b) the user not seeing ads bc the ad array is empty, you are probably going to pick B.
I guess the only way to do that would be to dump the flash memory, replace the CA and reupload the dump to the device?
A good write up here for ways to try to intercept IoT devices without any hardware/firmware job: https://robertheaton.com/2019/11/21/how-to-man-in-the-middle...
The only relevant thing to repeat here might be this
> if you can’t get access to your IOT device’s hardware in order to add a new root CA to it, your journey mostly ends here. Don’t lose hope though. Leave your setup running for a while and see if anything strange happens. When I attempted the above process on my baby’s crib, the device refused to trust Burp’s certificate and so refused to complete a TLS handshake with my laptop. But after a minute or two of repeated failures, the crib started sending out some of its system status data over plain, unencrypted HTTP!
The point of TLS is to prevent that... You'd be relying on implementation flaws if it were ever achieved.
Frankly I expect the days of being able to install our own trusted certificates are numbered on the few devices that do currently allow it.
For iot security reasons, namely trying to stop persistence of exploits, secure boot features on arm processors will become widely used. Think of it like TPM chips. This will make it much harder to “own your” device.
Since Cloudflare employees are known to lurk here, I'd like to know: is this considered a false positive, or working as intended?
https://github.com/cloudflare/mitmengine
"Regimes" sounds pejorative but in truth, companies have a duty and in many cases a legal obligation to protect their networks. Prima facie, I don't see any reason at all why interception of traffic in this circumstance is "bad," except maybe a potential for political misuse like any other written medium.
I actually think the reverse would be substantially worse: if _only_ the public trust chain was valid in major browsers, we would be completely hosed and there would be no distinguishing factor at all between remote attestation and trust.
Thus, corporate TLS interception is, at worst, a necessary byproduct of a very well chosen tradeoff.
> The term "Cyber Monday" was coined by Ellen Davis, and was first used within the ecommerce community during the 2005 holiday season. According to Scott Silverman, the head of Shop.org, the term was coined based on 2004 research showing "one of the biggest online shopping days of the year" was the Monday after Thanksgiving (12th-biggest day historically). Retailers also noted the most significant shopping period was December 5 through 15 of the previous year. In late November 2005, The New York Times reported: "The name Cyber Monday grew out of the observation that millions of otherwise productive working Americans, fresh off a Thanksgiving weekend of window shopping, were returning to high-speed Internet connections at work Monday and buying what they liked." At the time, a lot of people had slow Internet at home. The idea for having such a holiday was created by Tony Valado, in 2003 while working at 1800Flowers.com, and coined "White Wednesday" to be the day before Thanksgiving for online retailers.
https://en.wikipedia.org/wiki/Cyber_Monday
Greetings from a country whose (almost) entire IP space is blacklisted by Cloudflare!
> Software engineer from Belgrade, Serbia
greetings from the other side of the world, commandline brother. I did not know of this tool, but I do now. Thanks
Sounds like something that would be "trivial" to defeat, by means of "emulating" other TLS implementations more closely?
what else do you MITM for?
Once the requests leave the computer and travel onto the internet destined for another computer, then of course "MITM" makes sense as a concept. We all want to prevent that.
The computer owner controls the proxy and it's the proxy, not the untrusted application, like a "modern" web browser for example, that handles authentication of the remote peer. Compiling and fully controlling a "modern" browser is a PITA. Almost no one does it, even software developers. Instead people beg for an advertising company or their partner to make changes to a browser. That does not seem to work. Sometimes when people complain it stops the company from making undesired changes. But only temporarily.
Whereas compiling a proxy is easy and the user can fully control it.
Having used many different applications that implement support for TLS, I actually trust the proxy's implementation more than most applications. It's arguably easier to audit one program, the proxy, than it is to check every application to make sure the developer didn't make a mistake when adding TLS support. I recall socat as one example. That mistake went undetected for a long time. Elinks was another. At the time, it was dropped from OpenBSD ports as a result.
[1] https://reshade.me/forum/troubleshooting/8746-reshade-v-5-8-...
Googling this, development ended in 2004? An informed summary of the current state of play would be interesting, since a lot of different "continuations" of it seem to be around. Also, is it Windows-only? (I've been casually looking for a simple proxy that would enable injection of local links into remote content.)
https://github.com/barre/privaxy
https://github.com/AdguardTeam/AdguardHome
The readme goes on to say: "Privaxy is also way more capable than DNS-based blockers as it is able to operate directly on URLs and to inject resources into web pages."
Can’t Wine help with this?
Regular http gets redirected to proxy, non-standard traffic needs to be explicitly allowed out.
What works are browser based ad-blockers and app patchers like ReVanced. As my savings have gone up, I've relied more and more on just paying for ad-free services like YouTube Premium, Hulu, Netfix, and Max for the cases those 2 can't handle.
It works really well and is simple to manage. It runs on my mobile devices easily.
I turn it off occasionally to shop, but immediately turn it back on as the internet is a whole different place without some sort of robust ad blocking.
It’s nice to see the logs fill up with blocked telemetry and other crap all day.
Because they're often ads made to look like search results. Pi-hole working as intended.
That's my experience anyway. My family network is behind a pi-hole and rarely if ever does an intended website visit break as a result.
I use a layered approach. I’ve been using Pi-hole for 8-10 years, don’t remember, with about 1-2M in the block list.
In addition, I use uBlock as well as pfsense with pfBlocker-NG for blocking countries and other features.
They all work well together. Sometimes I have to bypass them, when I momentarily use the ISP’s Wi-Fi router directly.
It’s been working fine.
From personal experience, we programmers/hackers sometimes like to make things more complicated than they need to be just for the fun of it (and learning experience too!).
it's a bit like inspecting source on a banking website, altering the balance html, then expecting the displayed value to reflect actual account funds
>https://xn--rr6sn-uxa0n-t8gz-vg6i.googlevideo.com/initplayba... &orc=1&oeis=1&c=IOS&oss=1&oda=1&oad=5500&ovd=5500&oaad=11000&oavd=11000 &ocs=700&oputc=1&oses=1&ofpcc=1&osbr=1&osnz=1&msp=1&odeak=1&odepv=1 &osfc=1&id=58cc678216d6aaca&ip=121.35.98.26&initcwndbps=2125000 &mt=1640373902
This is one of the many things that make it _exactly_ like malware. Ads are delivered the same way malicious code or artifacts would be delivered to your device.
Weird-ass random subdomains, obfuscated query params -- no legitimate service that works for the user's benefit should behave like this.
But it's googlevideo.com. I know this is Google/YouTube's domain so the rest doesn't matter.
The fact of the matter is these techniques are well established black hat ways of preventing the user from discovering what you're doing on their device.
And I won't even call them "obfuscated" -- it's just a batch of switches and plain IP and ID hash.
But it's a google ad, how could it link to a scam that looks exactly like my bank's website?
Those days are gone as the distinction between ads and malware becomes a technicality.
It's maddening how people just refuse to understand the GDPR. This is likely partly due to intentional misinformation campaigns from the spyware (i.e. advertisement) industry. And then the cargo cult takes care of the rest.
The general gist of GDPR is that if you're not doing some shady shit that your visitors wouldn't want you to do, you don't need a consent. As you said, it has nothing to do with cookies.
And yes, Google Analytics etc are shady shit that your visitors wouldn't want you to do.
Also most of the nags you see all the time are illegal for any sane intepretation of the law. But the regulators just don't care to enforce the law at all. So if you want to do shady shit, just do it without adding to the insult with having to bother with your illegal nag.
https://github.com/deetungsten/webui-privaxy is the dockerized fork of https://github.com/Barre/privaxy
I really don’t like hardware becoming waste because we don’t have a better iot cert pool update story
I trust YouTube to know how to bake their own cert and trustworthy tls libraries into their apps but I’m not sure if that’s common in other apps
At that point, cut all its connections from the Internet and use it as a dumb panel. Many people will say you should have never connected it in the first place anyway.
You can alway use a streamer box (custom Linux one, Apple TV, Fire Stick, etc) to give it "smarts".
https://sick.codes/extraordinary-vulnerabilities-discovered-...
If there are known exploits for the TV (a bunch are now running old and unpatched Android), the answer is easy enough (root it and do what you want - though that opens different and maybe easier options for ad stripping), but I’ve heard of it on Apple TV where jailbreaking isn’t so easy. Perhaps MDM deployments?
Looks like it uses the method in this article https://developer.apple.com/library/archive/qa/qa1948/_index... but i have not (yet) tried it
TL;DR it involves using Apple Configuration to make a custom mobileconfig profile to point to your proxy and then also installing the certificate with the same method.
https://github.com/AdguardTeam/urlfilter
I have it working for a few TV Everywhere compatible apps, but some are proving to be more difficult than others. I may have to do some other TLS inspection with mitmproxy and figure out what needs to be removed with the custom uBlock filter syntax option.
(Some people are unable to afford it but that's an entirely separate social problem, and it would be unusual for somebody with the skills demonstrated in the article to be struggling to earn a living wage.)
What I would be interested in this protobuf inspection approach for would be implementing some decent parental controls. I would very much like to be able to enable/disable individual youtube channels. Currently all I can do is switch the whole site on and off. I have all the necessary infrastructure already, so I might give it a try.
but if I must take an alternative position: the last time I used youtube without premium (which happens sometimes because its not so smooth to log in if its a temporary session); the number and length of the ads was absurd, multiple levels of unskippable ads, minutes long, with volume that is much higher than the content itself. Awful experience and I can see why people who don’t have the free money want to lower it a little.
Thats of course not including sponsored content which contains an ad inside the video itself- even YT premium users get those.
Besides these days it's barely a monopoly with TikTok.
"anyway, you can switch from the high end monopolist to the low brow monopolist so I don't see what you're complaining about" Yes, you don't.
the right to wear hair-shirts is not the only principle that counts.
The only part of Youtube that I find valuable is the content. Not the UI, not the comments, algorithm. Free content hosting is nice, but it's not the only platform hosting videos for free.
If I wanted to pay for a streaming service, it'd be Nebula (https://nebula.tv/), because I know it benefits creators.
But I'm never turning off the adblocker, thank you.
You're only looking at this from your own point of view. The content producers are looking for monetization options, and youtube is the only game. Nebula might be sufficient for some small amount of content producers, but it's unlikely to hit mainstream, and not enough people want to pay.
It's unfortunate, but ads are the only game in town on the internet atm.
I'm using NewPipe (https://newpipe.net) on Android TV which provides an ad-free YouTube experience just like the Android phone version of NewPipe. Piped would also work on an Android TV browser like TV Bro (https://github.com/truefedex/tv-bro).
The legitimacy of ad blocking is well-established. People have been using DVRs, VHS players, and tape recorders to capture and consume ad-free broadcasts for decades.
I follow a wide variety of channels, but there are maybe a dozen to 20 that I would consider essential. Maybe 3-4 are on Nebula.
I think for a lot of viewers and creators, YouTube is simply inevitable at this point.
Huh? Ad revenue and Premium subscription also ends up as direct payouts for YouTube creators, what are you talking about? Why the need for this BS?
How is this any different from changing the channel, leaving the room, or just hitting the mute button and closing your eyes in the scenario of "regular" TV when adverts or any other content you don't want to see appears? Compelled consumption should be illegal.
If you created a painless, super easy way to remove all ads, i'm sure that TV channels will also find it hard to sell to advertisers, and thus, their revenue would decrease.
I always found it bizarre that other people did not do the same
Since ad sections are your typical break from a program to get to the fridge or toilet or whatever, the DSP transform makes sure you still hear the ads and pick up dialog even when far away from the TV.
Downmixing audio so that you can both hear dialogue and not lose eardrums to music and 'splosions seems to be an intractable decades old problem for the movie industry but it sure as hell been solved a dozen times over by the ad biz.
It was very shocking to go from 75dB to an ambient 30dB or something like that out in the countryside. I'd have much preferred to talk over or zone out over the commercials without the suddenly shocking lack of auditory stimulus!
We had that almost 3 decades ago:
https://www.orlandosentinel.com/1995/09/20/with-this-vcr-com...
I watch TV on my tablet now, streamed from a Raspberry PI with a TV Hat. Again, I activate the popup player, start browsing, maybe checking HN or whatever. I put the volume off. Maybe I start doing something else. The advantage of a tablet is that I can bring it with me wherever I go in my house. The TV, not so much. I rarely switched on my TV in the past two years.
Of course on cabled channels, they get part of the fee of your package.
There is no "compelessed consumption", there is available package "this for free with ads", or "this for a fee", you're free to chose the one you want or neither.
I'm certain your company whichever it is would have an issue if I wanted to use its services but then run away when it came time to pay the bill.
Now before you dismiss this as childish and/ or obnoxious: please consider the point. We cannot gloss over _what_ we "have" to watch and not just that it's an ad.
It is true that things have to be paid for and I am 100% for this. But if you want me to basically degrade myself in order for me to get to watch your content, then wtf?
But the most important issue is that as long as malware can spread through ads (https://en.m.wikipedia.org/wiki/Malvertising), everyone should be blocking all ads.
In fact, not blocking internet advertising is a security risk.
If they get their house in order my opinion may change, but there's currently no business reason for them to change their existing lax systems; no pressure or threat from regulation to hold them liable for what they allow on their advertising networks.
Or should we just continue consuming people's services and effort while blocking what's sometimes their only revenue stream?
I'd rather not use a service if it has ads and I can't remove them, instead of block them and make everyone else's experience worse.
https://www.ic3.gov/Media/Y2022/PSA221221?=8324278624
That didn't last long...
Still doesn't protect you from in-video sponsorships (skullshare, OstVPN, etc.), product placements, etc. Some creators especially do these because it protects them from platform demonetization risk.
Same shit with paying for cabletv & movie theatre tickets. If anything, people that pay are their most valuable targets for ads.
Even a newspaper that I sub to runs ads and a zillion trackers against me. Ugh.
I get where you're coming from, but the platform could more to protect paying members from this. E.g. creators with over $x revenue must tag promos so the platform ships them for paying users
But now they have ads.
Also, YouTube is a video streaming monopoly, if it didn't exist there would be a significant chance of new streaming platforms to succeed, but given that it captured the marked such chance is unlikely to exist, monopoly that they achieved hosting videos free of ads (or very light on these) and now that they have the control want to force people to pay or watch a ridiculous amount of ads.
I listen to news and podcast-esque things in the car going to work or school drop-off / pick-up, on the way to sport etc. I'd begrudgingly tolerate the ads if the app background-played but it doesn't without paying for premium. I'm somewhere on an "entitlement" scale here, but background-play being a premium feature really feels like it's stretching the friendship.
So... alternative front-end it is. Great experience and no ads to boot.
The said ability exists on the YT website if you use desktop mode on the mobile browser.
Imagine Youtube preventing you from adjusting the volume unless you paid. This is similar.
Do you know that the paid version has this exact feature? This is a limitation of the ad-supported version, because advertisers are paying to actually have people watch their ad.
I already pay Google much more than I care to and am willing to in the form of my privacy and personal data because of the ubiquitious surveillance that Google performs on as many people as they possibly can.
If I could cut Google out of my life I would do it in an instant, but I can't because they won't allow it. In lieu of that I take whatever I can from them.
“To steal from a brother or sister is evil. To not steal from the institutions that are the pillars of the Pig Empire is equally immoral.” -- Abbie Hoffman
And I dislike YouTube's hostile ad escalation in recent years. One ad - fine, two ads - hmmm, three ads - what the hell. Unskippable ads. Inappropriate ads. Loud-ass eardrum ripping ads. Ads even on Premium.
They've tried? It seems like it would be pretty easy to detect ad sequences in larger channels.
I really dislike the attitude of defending megacorps and worrying about their bottom lines, especially anti customer ones like Google.
Things cost money. Every monetizing strategy involves users paying for it or the company making money from the users indirectly. OP mentions both of these. So tell me, what's a monetizing strategy other than these that works?
People consumed videos online at a very limited scale before YouTube, and those videos were usually hosted by few, generous individuals. Even if every user in the world decides to contribute 50% of their device storage for a decentralized streaming platform, I doubt it would even fit a small part of all videos in YouTube's catalog right now.
I really dislike the attitude of hating megacorps without really proposing any viable alternatives.
Consider a freemium model without the threat of adxtortion, obviously this would require youtube to offer a significant value add and/or premium content besides trying to be a monopoly and gatekeeping eyes. Make it purely subscription based (e.g. Netflix before ads). Ask creators to pay for the blue checkmark. Make it a loss leader. Plenty of adult streaming sites manages to do just fine without youtube style invasive ads. I'm sure much smarter people can name countless other ways as well, it also does not need to be a 1-1 alternative either.
This. PeerTube can provide similar benefits without centralization.
I remember I had this discussion after a school political debate in the 90s, with (adult) actual politicians. Textbooks at the time were not publicly funded, and naturally the textbook companies jacked up prices for their captive audience forced to buy their books.
This one party had the "brilliant" idea of ad-funded textbooks. I asked, if the textbook companies currently take $50 for the book, if it was instead funded by say McDonalds ads, how many extra burgers would each student have to buy that year? They didn't have any good answer to that.
It's the same as blocking YouTube ads; Google still pays the creator as if you had watched the ads, so your video playback is being subsidized by Google's ad business profits.
When you choose not to block ads, you aren't "supporting creators", you are supporting Google shareholders.
Google's shareholders might, for a while, for the sake of "control". But either way, it's not sustainable. The anti-adblockers are right about that part. They're just wrong that watching ads without spending a ton of money on the products help matters.
See here (picture gallery): https://johannes.freudendahl.net/2019/01/werbung-in-romanen/
The introduction goes like: "Only Kirk kept helping himself, because he was convinced he would need strength for the upcoming events." and then below the black bars the actual ad: "The reader should do same bla e.g. soup bla takes just 5 minutes etc"
Just some anecdote.
What about fair advertising? The main problem here nobody dares to talk about because dealing with it would undermine the very essence of capitalism: unlimited growth, is that there is no way to have fair advertising exactly as there's no way to have a fair use of any resources. Once you allow anything to be used for profit, it will be abused from the strongest players at the expense of the others until the last drop. It would be extremely easy to put well defined limits on how much advertising can be shown, and make the Internet a better place, but no way, it's anti capitalistic and therefore a no-no. Ad blockers weren't born the same day advertising came to the Internet, and many years passed until someone realized we needed them; that was the day surfing became such a horrid experience thanks to unlimited, pervasive and ever growing advertising.
edit: and, by the way, I still have to see some company going bankrupt because of ad blockers.
Why are you defending a multi billion dollar company from something that the users aren’t obliged to do in the first place?
People using their excess Internet connectivity, they already pay for for other reasons, to share content with others.
It works for socially disadvantaged, too.
You get native player and no ads.
The remote host serves you the content. The remote host is also entitled to serve you ads, since they own their end of the communication.
You view the content. You are also entitled to not view the ad, since you own the device at which you're viewing their content.
I learn so much from the people who spend hours and hours making videos every month that I am more than happy to pay a measly $13 or whatever it is every month to YouTube.
https://www.theverge.com/2021/8/2/22605455/youtube-premium-l...
No, paying Nebula as an alternative to paying Youtube doesn't work for many viewers because most creators who create good content are not on Nebula. E.g. Many popular channels with worthwhile info such as Applied Science, Technology Connections, 3Blue1Brown, etc are not on Nebula.
Also, many people who use Youtube for learning DIY repair, hobbies, coding, etc and Nebula doesn't really cater to those genres. E.g. I watched some videos about configuring Unifi networks and then some tutorials on installing some flooring. These types of videos are not on Nebula's platform.
There is a huge variety and scope of educational material on Youtube and platforms like Nebula/CuriosityStream only have a fraction of that.
I've had college students build better apps for homework. It's insulting considering the rather high price of a service.
Plus paying for youtube premium does not remove the sponsor ads inside videos.
Also I feel like the algorithm has gotten worse and worse? I personally don't like to support that.
30 second un-skippable advert to see a 7 year old 45 second clip? I press "back" and watch neither.
Thinking of supporting creators: I looked at Nebula a while back as an alternative; I think there was some UX issue back then, but they've likely improved it and I should look again.
There are dozens and dozens of different creators of videos that I watch each month, so if I only used Patreon most wouldn't get anything from me.
They're an ad company. They pay the creators per impression even if you block the ads. Blocking ads harms Google, not the content producers.
Spotify suggestions and playlists weren't a seller feature for me for years. Maybe I'm missing out on a few podcasts.
Adblocking Google is morally right.
All ads should be blocked. I do not consume ads, and am not interested in paying a ransom to hide them.
Ad companies have been tilting the agreement attention for content ever more in their favor in aggressive and privacy harming ways. They long ago broke any moral standing.
The content creators need to seek a better deal, they’re getting screwed by Google too.
Ad supporters talk like blocking ads is literal theft, which is absolutely laughable. It's further away from theft than piracy, which is also in no way literal theft.
If I'm watching traditional non-demand television, and I go to the bathroom or change the channel during an ad, am I stealing from the network or the show? Hell no, that's ridiculous.
I would agree with you it's ok if there was no way to _otherwise_ pay for the service. If they push a only ads-supported version, and I have no choice but see ads, and I don't consent to the impact of ads on my brain, it makes a case for blocking ads being ethically correct.
But since there is a choice on how to pay, I find reasoning is no longer ethically right. You can choice to pay with your attention and brain, or to pay with hard cold cash, so the argument of ads being shoved down your brain no longer holds. You can choose to not see ads and pay for the service, and you chose to steal.
And you can make the argument that stealing is ok since you steal from the bad guys, but then you don't get to complain when others may steal from you - we're all "the bad guy" for somebody else
Me taking a copy of Shrek 2 at the local store and not paying for it is theft: the store can no longer benefit from Shrek 2.
Google can re-send the exact same bytes to someone else. All I've costed them is what it costs to send those bytes over. But then, would you consider going into a store, loitering for two hours, taking the sellers attention (therefore, costing them time that they cannot use to sell things to other customers) then leaving without buying anything theft ? Most reasonable people would say no. We'd all agree it's a dick move, but since corporations are not people, it doesn't matter.
I think the sooner we move from ads-supported models to pay-per-use like Netflix, the better we are - those that can afford will consume the best content, and the rest will stick to public domain.
The ad industry is a scourge on humanity, and its gormless defenders are willing accomplices.
Google did everything in their power to force themselves into every aspect of our lives and leaving no alternatives, or destroying them, or buying them. Now they get to deal with the consequences
Otherwise you're just rationalising freeloader behaviour.
I'm saying Google _deserves_ to have freeloaders milking them for every bit they can. So does Meta, Microsoft, Apple, Netflix, Amazon...
The content creators I support get their money on Patreon or whatever fundraising platforms they use. Same things for my favorite journals. The others ? Well, I don't care enough about them to think that I would pay for them. Maybe others will. And if they don't, well, they'll stop.
Why not get your content from ad-free platforms?
It would be, if Google didn't have a chokehold on most of the internet. Sure, Nebula exists, I can watch three creators there, woohoo. Let me go on Dailymotion too for those sweet 2005 videos.
Google did everything in their power to force themselves into every aspect of our lives and leaving no alternatives, or destroying them, or buying them. Now they get to deal with the consequences
The reason most publishers post on YouTube is because they depend on the revenue from the YouTube network.
If you don't want to watch ads, fine, but you are expressly violating the wishes of the people who are creating the content and then rationalizing it to yourself. The fact that you still rationalize not buying the ad-free premium offering is the kicker.
It costs creators literally nothing to upload an mp4 file to a second website and it would create market forces where youtube now has to compete for views with those alternate platforms (even if it's fragmented). But they're not doing it. Okay, so then I need to use youtube, doesn't mean I need to give google my payment information to pay a fraction of that money onto creators and mainly further their adtech
The ad industry brought the current situation on to themselves.
Am I not telling them with my wallet to develop other ad-free solutions that I will pay them and the content creators money for?
> They pay the creators per impression even if you block the ads. Blocking ads harms Google, not the content producers.
Blocking ads and refusing to pay any money into the YT ecosystem decreases the revenue per viewer which will eventually reduce the amount of money YT pays to creators and/or increase the price they charge to YT premium subscribers.
Youtube specifically has a plethora of useful information made by normal people. You can find hundreds of thousands of videos, in most languages, about doing most basic and complex repairs for almost any model of car made in the last few decades, for example. It is essentially a giant public library.
Sometimes this is a publicly tradable for profit endeavor, sometimes it is private or perhaps non-profit(all profits have to be distributed back into the corporation), or even an actual public corporation(often called a town or a city,
What, precisely, is the “threat” that Google presents that does not rely on a government to be the muscle. Are they going to cancel your Gmail account? Cut you off from YouTube?
Surely if they actually are as powerful and dangerous as you think they are you wouldn’t use their stuff at all. But then I guess they wouldn’t be all that powerful if you could just stop using them…
Try that with Google, PayPal, Amazon, Apple, or any number of other companies when an error they've made but refuse to even explain, much less fix, threatens to wreck your livelihood.
To redress grievances with my government, I don't need to make the front page of HN or go viral on Twitter. We don't go a week around here without another front-page lamentation to appeal for noblesse oblige from one of these intentionally-faceless megacorps. That's not how you should have to deal with a company you're doing business with... but it is how you deal with a dictator who leaves you no other choice.
"Does entity X have a monopoly on violence?" If yes, they are a government. If no, they are not.
Whether X is nice or mean, important or unimportant, is irrelevant.
Oh and I'll be downloading my videos for offline viewing and listening to ad free unrestricted music as well.
Both AAC and Opus fix some of MP3's inherent design problems (like imperfect handling of short sharp transients no matter how much bitrate you throw at it), so the only reason to continue using MP3 is for compatibility with old devices.
Since downloads aren't an official part of Youtube's offering, they don't have to care about old offline-only hardware players only supporting MP3, either and anything that's modern enough to still support either a Youtube app or the website will also support either AAC or Opus.
> the bit rate is not very high
There's also a high bitrate available, but only for subscribers.
Sorry, was that supposed to be a gotcha?
Paying for things you use is how you signal you like the product. The insane contortions people resort to in order to justify piracy boggles my mind. You either pay by watching ads or you pay the premium price. No one is entitled to YouTube. YouTube has to be paid for in order for it to exist and the creators to make stuff. That is the reason to pay for premium.
This is their job, after all.
[1] also, if tracking can help to replace idiotic ads like that with ones for some b2b software product I’d actually be interested in knowing about, please track me.
They still haven't appeared. When I consider what I trade for the ads I'm getting now, it's no where near good enough. My data is valuable and Google et al just aren't offering enough in return. The only place I ever see decent ads is on Google's search page.
I think the reason we see shitty ads like the belly fat ones, is because Google isn't actually trying to serve us first. Their main concern is ad dollars. So even though Google knows you watched a video on changing guitar strings an hour ago and now you are standing in a Guitar Center, instead of showing you an ad for guitar strings, you're going to see an ad for belly fat because that advertiser is willing to pay a fraction of a penny more.
So to answer your question about why you should care - it's because you are greatly overpaying for the service you are getting. Of course there are other reasons too - avoiding ads containing malware is one. Protecting yourself from tyrants is another. If you are socially or politically active, you may not trust that the government now or in the future can resist grabbing the data that shows you support abortion rights or attended a BLM or LGBTQ march or were part of the crowd on Jan 6.
Let me ask you this - if you learned the tracking is actually a person on the other side of the planet watching in real time, everything you do online, every conversation you have, every site you visit, and mix it with the data they can get from your phone (location, phone calls, music preferences, who you are spending time with, etc...) and they manually log it into a database, would that change how you feel about it?
If I added up the total ad time I’d have to see on a free account, the math would heavily favor paying to not see them vs my (or really most software engineers at the level of YouTube I consume)’s hourly rate.
It’s made decisions much easier for me if I take my hourly post-tax rate and compare it to services I’m using. If math works out, it’s generally worth it.
I’d love to fight the good fight against ads and stuff, but between working 9-5 and a side business, relationships, hobbies, I just don’t have the time.
I appreciate advertising money pays the salaries of people in such companies, but there are other less intrusive ways. Since I've grown up with the evolution of internet advertising, my brain is wired to just ignore it. I can't saying I've knowingly be influence by any form of internet advertising, ever.
A better solution for all concerned would just be to watermark a corner of a video with 'sponsored by company X' than the hours of human effort wasted in squeezing 30 seconds of adverts into everything, and the effort of people to block and get around that.
Oh, that's OK, unknowing influence will do.
The way you phrase it makes it seem like you think they slapped ads on something that would have otherwise been a free gift.
No
this is false. if they can’t show the ad they won’t pay the content creator.
I agree with OP that the $13 I spend on YouTube is easy money. Would happily spend that amount or more on an alternative.
I wouldn't support them that way. They shaft creators in every way possible.
You should be subscribing to Patreons and their video subscriptions. YouTube Premium is NOT the way.
So have 100 different Patreon subscriptions each month? The minimum pledge is $1. What if I watch 200 different YT creators? What about the short videos? Should I create a new Patreon subscription for each individual creator I watch? What if my interests frequently change (they do). Should I spend hours per month managing individual Patreon subscriptions?
The original post is about blocking ads. Blocking ads reduces the amount of money going to creators. Now you are saying that paying actual real money to not see ads is also not the way.
> They shaft creators in every way possible.
I guess this could be true that YT "shaft[s] creators in every way possible". If this were true, I'm somehow guessing that not basically everyone would show their videos there, don't you think?
There's a balance here; being universally against ads (which quite a few people here are) while also refusing to pay anything for content is not a congruent view.
At a very minimum there is considerable costs associated with delivering the video content, as most of us know.
And for the record, I do patronize the creators whom I watch lots of consistently.
The fact that content creators are still using Youtube doesn't mean Youtube is not shafting content creators. Youtube has killed most of their competitors so it's not like content creators have other options right now, but I suspect new competitors will show up if Google continue to enshitify youtube.
Source: I'm a full time youtuber, I have done Patreon for over a year, and I have friends who are also full time youtubers.
Keep your hand in the adblocking world because it's morally right.
People can do two things.
If you're talking about them building a secret extra profile about you with those things turned off, then they wouldn't need you to login for that.
If you don’t use an account you can create a fresh container every once in a while and start the game anew and you can choose to not associate it all with your identity.
You can ‘pause history’ which means ‘If you turn off your YouTube watch history and have no significant prior watch history, YouTube features that rely on your watch history to give video recommendations, like recommendations on the YouTube homepage, are removed.’ it doesn’t mean they don’t store it.
Google stores everything and deletes nothing. If you don’t want Google to keep track of information, you have to make sure they don’t have it and never get it.
This would be a clear GDPR violation. This isn't the 2000s or 2010s any more.
Because what happens over time is that some new feature or service comes along that you have to also opt out of.
even if you uninstall, remove from history in the app, and remove from Google account history, future API calls reflect that you've installed the app before.
Afaik From ad revenue channels get 55%. They also get money from premium subscribers depending on how much time they spent on channel. I wouldn't call it peanuts.
Louis Rossmann:
> If you gave a creator even $1 as a donation that is more than they will make from you watching years of ads on their content.
I just don't feel like paying 100 different youtube channels $1-$2 each every year.
They say they pay out 55% of ad revenue per video and 55% of subscription revenue.
Assuming 10% of video creators have successfully set up monetization (I made up that number), then they are only paying out 5.5% of ad revenue, since (as far as I know) the unclaimed ad revenue is not pooled and the distributed proportionately to other accounts.
It’s unclear if they put YouTube premium revenue in per-creator buckets in the same way as they do ad revenue. If so, then they would only be paying out 5.5% of subscription revenue in my 10% example. If, on the other hand, subscription revenue is split amongst just the monetized creators that you personally watch, then they would be paying the 55% their marketing department likes to brag about.
I haven’t been able to figure out which way they do the accounting.
However, as of 2021, over their service lifetime, they paid $30B to creators. Their 2022 revenue was $29B
So, they’re definitely keeping the vast majority of the combined ad and subscription money that comes in the front door (or revenue exploded in 2022).
Support page clearly explains about revenue sharing, I don't see anything about pooling:
https://support.google.com/youtube/answer/72902?hl=en#zippy=...
If you ever tried to self host you'll know just how expensive that is.
Youtube is actually one of the good companies out there when it comes to paying creators a fair share. No other company that I know of pay creators this well, and it is probably a big reason for their continued success.
It's not only more effective, but also doesn't support Google (main player in the ad industry)
Something that costs rather steep amount of money?
Youtube is one of the best things on the internet. The shame is that it's centralized with a single point of failure.
The upsides of youtube are enormous - people learn a lot there. It's not just nerds learning about stuff, but everyone. How do I fix this thing on my car, etc? People show and tell about all kinds of topics. This is making people more knowledgeable and capable on a citizen level(!)
The written word champions here will have to realize that for some, videos are a superior medium for transmitting know-how.
The obvious reality here is that RandyLahey1989 from Halifax probably isn’t going to start a Substack about snowmobile repair, nor would anyone read it if he did, but his video on replacing the carb in a 2011 Switchback has hundreds of comments thanking him for his help. Wouldn’t you agree the internet’s a better place for giving Randy the chance to share his domain knowledge (and get paid for it)?
I seriously think the “everything should be an article” crowd is a bit disconnected with how the average person prefers to create. The future of consumption is video for a growing majority of internet users, one would be a fool to pretend otherwise.
I’d want the summary and images to be verbatim from the video, but for it to strip crap like “hey, it’s been a while since I made my last video, as you can see behind me, nessie the cow is caught in a tree in my vertical farm wall again, which you can see another video about. Today, we are going to explain how to open this laptop, but first I’m going to talk about [product placement]”
We deserve butter! https://butter.sonnet.io/
Also you have more control over where the money goes with Patreon, and they’re far better corporate citizens than google.
> Disclaimer: I want to support content creators, so to be fair, after a few months of blocking YouTube ads, I am now paying for YouTube Premium; Just because I can break something, doesn’t mean I need to.
Did you even open the article?
I’ll just block ads, alphabet is doing fine anyway.
But as the OP says…the problem is that this is not feasible on mobile or TVs.
On my tv… i purposedly picked a tv without any form of smart feature, and have a small nuc to use the aforementioned proxy.
If you don't mind that users can see what you're leaking to the server from their device, or sending to their device, then please don't use certificate pinning, or at least make it an option...
Not sure which side you're on here
Those that know what they are doing (i.e. tinkering with the app to find out what makes it work or to modify it), and those that have no idea what any of this means and that get instructed by scammers on the internet (e.g. phone support scams) to do so.
I’m all for privacy but that is regulated via other means — the law.