For something like YouTube it can probably still be detected by timing. If the browser plays part A of a video, then when it is done immediately requests part B of the video, when there is supposed to be a 2 minute gap to play an ad, that can be detected on the server side. The client could try to get around that by doing things like telling the server it is playing at 2x, and then really playback at 1x, but then the server could send different content (pre-downsampled) depending on the playback rate requested.
That doesn't seem to be what is happening, because then uBlock Origin couldn't work around it.
Also things like Newpipe and embedding can be used to bypass the block as well.
I find all of this weird because it seems all so lacking in fundamentals. I'd expect indeed checking whether the content was actually downloaded. That'd be much harder to work around.
In turn that should result in an ad blocker that downloads content but doesn't show it, completing the circle.
I think properly doing it would require a specialized web browser, capable of keeping two separate models, one which it pretends to render, and one which is actually renders.
It is beneficial for Google to drag out any cat and mouse game against ad blockers as long as possible. They are all built and maintained by volunteers, who get yelled at by assholes every time something changes and breaks an ad blocker even for a single night.
Google is trying to make this suck for the maintainers, explicitly so they stop maintaining the ad blocker.
I read somewhere Youtube used to send a response like {..., ads: [1, 2, 3]}. uBlock would see this response and turn it into {..., ads: []} and load the page accordingly.
I guess now, Youtube expects a response back, and occasionally, the request/response is faked. So, when uBlock adjusts the request/response and says "This user watched the ads", Youtube knows the request/response was fake and there were no ads to begin with, notifying that user is using an adblocker.
Looking at the filters that uBlock is using, it still seems to be some sort of regex on the xhr request/response body [1]. Why can't youtube trivially defeat this by encrypting everything? It seems like trying to go about the cat-mouse game in this fashion in a losing battle, because all google needs to do is just change up the names a bit each day.
> It seems like trying to go about the cat-mouse game in this fashion in a losing battle, because all google needs to do is just change up the names a bit each day.
That's exactly what they are doing, well I don't know about only "change up the names" but they update the script multiple times per day and uBlock Origin devs are trying to catch up.
> No one has the right to YouTube (or free media for that matter).
This is self-evident and we have Terms of Service for exactly this reason. What I think we're debating is what's reasonable reach for Terms of Service to have? Can we violate it by muting ads? Why not? Why is that different in principle than an Adblocker?
> Hacker News has a really juvenile attitude to DRM.
The door is that way.
Anyway. Sure, no one has right to YouTube, but they can't have their cake and eat it too. I think the EU trend is pretty clear: no tracking to make money off our citizens. If you want to sell them a service, go ahead and just name your price. Actually compete instead of giving away stuff for free to undermine competition and then getting the money back by peddling the eyeballs in the back alleys.
I don't think this argument has any legs. You request a page from a web server, the server gives you back some html and some javascript, you execute the javascript which detects if you are using an adblocker.
There is no tracking involved, if you believe the js you got back is spyware you can refrain from running it and you can't watch the vid. Should every website ask for your consent to serve you javascript now?
As the "cookie consent" debacle showed us, websites won't stop using JS, they'll just bombard you with consent dialogs until you click the button that makes them go away fastest, which is likely the one that involves consenting to run their JS.
I don't think I've ever seen a cookie consent behave that way, they just make it 1-3 extra clicks to refuse non-essential cookies; which is in violation.
A reminder that the "cookie consent debacle" is intentional. There is no requirement for a popup or any system to ask for your consent to store cookies if you simply do not store unnecessary cookies, and the carve out for "necessary" cookies is huge.
Every time you see a popup to approve cookies, it is explicitly so a company can beg you to allow them to track you for free money.
While highly recommended. Outside of the tech crowd, uMatrix is a maze to organise and most folk don't care that they are planted with tracking cookies.
For those users, there is uBlock Origin. Actually, I think it's the recommended suggestion by their developer for all users, isn't uMatrix no longer supported with uBlock Origin including many of it's features?
Everything is missing? That left panel as shown in the screenshot is display-only, you can't click on it to allow/disallow anything (also: it's below the rest of the interface in my version, not to the left, which requires a lot further mouse travel).
...oh, I see, I have to first go into the settings to declare myself an able-minded human. That's quite the UX failure, hiding functionality behind an unrelated toggle at an entirely different place.
Having finally found the correct mystical incantation, I can answer your question. At first glance, that UI is incredibly confusing. Why are there two columns to the right of every domain? What's the difference between making the left column red and the right grey, versus making the right column red and the left grey? What is the significance of the +'s and -'s in the various cells? That help page doesn't explain any of it.
What's really missing: uMatrix lets me see how many resources of what type were loaded from what domain. That's very helpful when finding out what needs to be unblocked: if a site doesn't work, I progessively whitelist third-party resources until basic functionality is restored. I then remove everything from the writelist that's unused. It doesn't seem like that information is available.
Also: with UBO it doesn't seem possible to enable javascript for just one third-party host, or enable everything except javascript? If I whitelist a host in the UI, it automatically enables static resources (img, css), dynamic resources (js), cross-site data (xhr) and frames. I'm not going to write manual rules every time I want to allow everything except javascript.
This is just from a cursory examination, so maybe the functionality is there, it's just unfamiliarity with the new interface. But from what I'm seeing, neither the UI itself nor the help page make a compelling reason to make the switch.
Yes, I phrased that one badly. I meant to ask: how do I enable just javascript for a domain, rather than also enabling css/img/frames? But that's more of an academic question since if you trust a domain to run javascript, you'll surely also load css and img from that domain.
Red button (with more enabled) disables a specific resource
I don't see it. Red button disables a specific domain for as far as I can see. It doesn't disable just one type of resource from that domain.
in a nested-list UI very similar to uMatrix
It seems this is the problem: uMatrix is most emphatically not a nested-list UI: it is an authorization matrix UI. It seems that UBO does try to incorporate some of uMatrix' features back into it, but in the basis it's still a one-dimensional blocklist. That's just not good enough for how I browse the web in safety.
Why are there two two columns to the right of every domain?
The left column is for global rules (independent of the currently-visited domain), the right column is for rules specific to the currently-loaded domain. This is strictly inferior to uMatrix, which allows me to set rules for every part of the dns name (e.g. I can easilty switch between settings rules for news.ycombinator.com, ycombinator.com and even for all .com sites). So what's missing: source domain control for the rule(s) I'm currently configuring.
What's more, in uMatrix I could set a hard block on a toplevel domain (say, google.com) and then add a whitelist for a subdomain (say, mail.google.com) which would override the higher-level block. Since UBO only uses block (red)/ignore (grey), this kind of setup is not possible. So what's missing: an explicit allow/ignore/block toggle like in uMatrix.
What is the significance of the +'s and -'s in the various cells?
These are blocked and allowed resources, so there's some level of feedback there. But it seems that CSS resources are not included in those statistics at all, and images do cause a + to be displayed in the domain-specific row but not in the generic "images" row whereas third-party javascript gets a + in the domain-specific row and in the generic "3rd-party scripts row". So what's missing: I want resource type indicators rather than generic "+"
I'll repeat what I wrote as a response to the sibling comment because it seems to be a fundamental UI issue: the UI of UBO still seems geared towards a one-dimensional blocklist and is missing all the controls for two-dimensional control of [domains]x[resource types]. And after years of safely browsing the modern web with uMatrix, I can't imagine going without that control.
--
edit:
To explain a bit more my thought proces behind how I browse the web: I maintain effectively four trust levels in the browser, which are:
(0. not a browser trust level: pihole-style dns rpz blocking)
1. no trust: all outgoing connections to the domain are blocked.
2. static content: html/css/img is allowed to be loaded from the domain.
3. dynamic content: allow javascript and cross-site requests
4. embeddings: mostly used for payment processors, these tend to get very anxious if some things don't work as expected.
My default (uMatrix) settings put the primary domain at level 2 and all third-party sites at level 1. Surprisingly, this still works fine for a lot of sites, at least the sites that I find worth reading. I guess I'm enough of an academic to prefer reading over "consuming" content.
The first trust increase, if needed, is to selectively bump third-party domains belonging to the same first party to trust level 2. This is mostly because CDNs use a different hostname (such as theguardian.com using guim.co.uk for their content, bbc.co.uk using bbci.co.uk). These rules are configured once as I encounter them, then saved so I won't need to worry about it again.
Then there's webshops I frequent, which are by default at trust level 3. But even there, only the first-party domain is at trust level 3, and the payment provider for the site it whitelisted at level 4. But other third-parties are still at level 1 or 2. Even for these sites, I prefer to keep the trust low and only elevate said trust when I'm actually making a purchase.
So, with respect to uBlock Origin: I don't see how it would allow me to switch easily between trust level 2 and 3 for each third-party domain. And as described here, I use trust switching a lot -- it's become an ingrained part of my browsing habit. In uMatrix, the same is actually very easy, I only have a resource-level Deny on javascript and a resource-level Deny on iframe embeddings. Setting a specific domain to Allow will only bump it to trust level 2 because the resource-level Deny's are still in plac...
Correct, umatrix is not actively maintained anymore. It still works flawlessly and is (IMHO) feature complete, but as time goes on it's good to be cognisant of the security implications.
Unwanted javascript is a job for the browser to refuse. Which is why the people who ship browsers try to make refusing as difficult or confusing as possible.
-----
Turns out that youtube also has:
1) the dominant browser;
2) the same interests as, multiple partnerships with, and very little actual competition with the company that runs the next biggest browser in a walled garden, and
3) been completely funding the development of the browser that continually press releases as if youtube's aims are pure evil and that they are the only opposition.
Companies are being purposefully obtuse with popups as a form of malicious compliance (and in some cases looking suspiciously like political statement) - and you're blaming the EU for it?
Yes. If you create regulations with the assumption that they will be followed exactly how you want them to be rather than considering how entities who don't share your goals will react, you are doing a bad job.
Cookie consent popups are not mandated by the GDPR (the EU privacy law), they’re just a stupid (and often infringing) reaction to it.
The GDPR disallows tracking without consent, but more in the spirit of “don’t track” than “get consent”. It also specifies that conditions should be clear, and that not granting consent (or withdrawing it) should be as simple as granting it. It even specifies that sites that request private information from kids should be clearer, because they need to understand what they’re accepting even if their guardians will provide the consent.
Cookie consent popups are not mandated by the GDPR (the EU privacy law), they’re just a stupid (and often infringing) reaction to it.
They're an entirely rational and predictable reaction to it. If you're trying to regulate bad actors, it should be utterly unsurprising when they game the easily gameable rules.
The GDPR disallows tracking without consent, but more in the spirit of “don’t track” than “get consent”.
Then it should actually ban tracking, without the loophole of "you can track as long as you get the user to click a button, also you can't offer them anything in exchange for doing so". That's just asking for all the dark patterns we've gotten.
> They're an entirely rational and predictable reaction to it.
The problem isn't that. The problem is that people are being convinced that malicious compliance is somehow the EU's fault. This is clearly the bad actors being bad; the thing that's being gamed isn't GDPR, but publicity around it. As in, the EU should probably invest some money in naming and shaming actors complying in bad faith (if at all).
It does and that's what makes the nonsense of cookie consent laws. How are you going to keep track of the user's preference of "no" to cookie tracking? It's the browser saving the data, not the website.
Tied to your IP, which makes it collection of personal information. Meaning you need to consent to it and they are not allowed to do it unless it's strictly necessary in order to deliver the service, bill you and so on.
They can choose not to provide the service unless you pay.
They can also choose not to provide the service to unregistered users and give out free daily watches as a part of their marketing campaign. Then you enter a simple contract by opening an account and agreeing to their terms.
Terms which can include data collection, but it has to be possible to opt-out from it without losing access to the service.
Every HTTP request should ideally be preceded by a dialog button and if affirmative consent is not provided, the request shouldn't be made.
For example, I did not consent to this y18.svg file that this website has served to me. This is a non-consensual violation of my computational autonomy. Just to put a logo up? Horrific.
Wouldn't that depend on when YouTube starts the "three video" counter? A blanket ban on ad blockers may not violate the law, but their implementation may.
That would be a welcoming change! With html5 standard, pages can have text, image, video, even css animation, all without JS.
If the page need to load some SPA app, draw the canvas (accessing GPU), or WebUSB, etc, then ask for permission would be a good idea. Just like how accessing ones' camera and mic requires permission. It will force web developers to do less stuff in JS for just display. And if an app type of application is needed, then ask for permission.
The proposal does not regulate the use of ad blockers. Users have the freedom to install software on their devices that disables the display of advertisement. At the same time, the Commission is aware that 'free' content on the internet is often funded by advertisement revenue. Therefore, the proposal allows website providers to check if the end-user's device is able to receive their content, including advertisement, without obtaining the end-user's consent. If a website provider notes that not all content can be received by the end-user, it is up to the website provider to respond appropriately, for example by asking end-users if they use an ad-blocker and would be willing to switch it off for the respective website.
The video is what had a link to the memo and is what pointed out the apparent contradiction. The memo is from half a decade ago and what alexanderhanff was able to get them to say in the referenced letter was separate[0]. It will probably need to be decided more definitively in court or by some commission somewhere, since it seems like the left hand doesn't know what the right hand is doing.
Are people actually getting blocked? I saw the adblock-block popup once, and after flushing the cache and updating filters of my adblocker I haven't had any issues using yt since. Am I just in a lucky A/B group or is the detection and blockage actually that toothless?
I’m getting fully blocked. I barely mind it anymore though, it basically acts as a great procrastination block. (I think there’s work around a like that embedded videos still work but I like reducing the amount.)
Premium was the worst purchase I ever made. I used to scroll shorts on my phone until my rage towards ads was strong enough to overpower my desire to continue. Now there's no release valve. I should go cancel it actually...
I got blocked briefly. I switched to non-logged-in or using an alternative interface for a bit. I switched back and haven’t seen hide-nor-hair of the warning. I don’t know what that means though. Here’s hoping they don’t disable my Google account.
Yesterday I got the popup constantly but could chose to watch anyway. Today it said "you can watch 2 more videos.." and now I'm blocked after said 2 videos.
you need to clear cookies and local storage on youtube.com and also google.com, update ublock, and make sure you're on the default filter settings, then you'll get unblocked
you need to clear cookies and local storage on youtube.com and also google.com, update ublock, and make sure you're on the default filter settings, then you'll get unblocked
I never watched much of any creator-based content, just used it to browse for music, most of which was uploaded by someone other than the artist and, usually if I like it, I'll go and buy it directly from the artist/label. Someone's gotta pay for that hosting, though, right?
Sure, I'll tell my ad blocker to allow YT ads through, that's a compromise I'm fine with. But Google decided, arbitrarily, that that compromise isn't good enough and the mere presence of an inactive adblocker is enough for them to tell me to fuck off.
If that's how they're gonna be, then it's not gonna bother me at all to use Invidious.
I would happily pay for youtube without ads if I was confident that they wouldn't start putting ads in it anyways like always seems to happen with these services.
Every single streaming service will eventually converge on showing the same amount of ads consumers have shown they're willing to put up with, and that's the amount of ads that are shown on cable TV. That's about 3 to 7 minutes of ads per 30 minute block[1].
Not showing ads is leaving money on the table, and streaming services are like any other company, they will need continuous return on investment no matter what. They will eventually get that return by showing ads[1], shareholders will demand it.
Look at Hulu, Netflix and YouTube. They all show ads now. Netflix previously didn't show ads and now does. Hell, I can't watch a 20-minute YouTube video without watching several minutes of ads.
These services' actual clients are the entities that have million/billion dollar advertising budgets, and not individual customers who pay a paltry monthly fee. Even if services start with no/minimal ads to get their foot in the door, they will eventually have to take their advertising partners' money, and those partners will want to show ads.
The thirst is real. I imagine no publicly traded company will ever stop nickel & diming to the ultimate degree. Even when you think the maximum level has been reached, they'll find a new way to extract more from users.
The only revenue target they have is 'more'. There's no stable end state where the goal has been achieved. Population declines are really going to end that model in spectacular fashion.
Welll... to be fair, that's literally the only reason the platform got as big as it did, and became "the" ubiquitous video hosting platform. They fronted the cost to capture a massive audience, and now they gradually extract more and more value out of the user base they lured in.
People forget that when Google was buying them there were a bunch of copyright lawsuits again them and most of the major tech companies were scared to pay too much for them. Once the deals with the record labels worked out they found their footing.
Because they do offer content to people for free, and have for years. And people might actually be willing to put up with ads if they weren't so invasive and obnoxious - static ad banners, for instance, would probably be fine. But interrupting a video every few seconds for several minutes of ads is just ridiculous.
Also because the ability for the end user to have complete control over the content the server sends them has been baked into the web since the beginning. You can send your content for free and hope that I choose to view your ads (which I probably wont,) or you can put your content behind a paywall, and hope it's worth paying for (it probably isn't.)
What you can't do is send your content for free and just expect me to view your ads, as if the internet were old media like radio or television, where even then, you could skip ads with DVR or just change the channel.
It's not our problem corporations thought the web was going to be a gravy train where the rules didn't matter, and they poisoned the well and ruined everything in the process. To hell with all of them, let them burn. We'll go back to sharing videos on torrent or something.
122 comments
[ 3.4 ms ] story [ 174 ms ] threadif it gets to that point I wouldn't mind the adblocker even automatically clicking the ad some percentage of the time, just to punish Google
I don't want to punish everyone, only those attempting to coerce me into disabling the ad-blocker
Also things like Newpipe and embedding can be used to bypass the block as well.
I find all of this weird because it seems all so lacking in fundamentals. I'd expect indeed checking whether the content was actually downloaded. That'd be much harder to work around.
In turn that should result in an ad blocker that downloads content but doesn't show it, completing the circle.
I think properly doing it would require a specialized web browser, capable of keeping two separate models, one which it pretends to render, and one which is actually renders.
Google is trying to make this suck for the maintainers, explicitly so they stop maintaining the ad blocker.
I guess now, Youtube expects a response back, and occasionally, the request/response is faked. So, when uBlock adjusts the request/response and says "This user watched the ads", Youtube knows the request/response was fake and there were no ads to begin with, notifying that user is using an adblocker.
[1] https://github.com/uBlockOrigin/uAssets/commit/fb33bb3c1fa99...
That's exactly what they are doing, well I don't know about only "change up the names" but they update the script multiple times per day and uBlock Origin devs are trying to catch up.
*Actually doesn't
No one has the right to YouTube (or free media for that matter).
This is self-evident and we have Terms of Service for exactly this reason. What I think we're debating is what's reasonable reach for Terms of Service to have? Can we violate it by muting ads? Why not? Why is that different in principle than an Adblocker?
The door is that way.
Anyway. Sure, no one has right to YouTube, but they can't have their cake and eat it too. I think the EU trend is pretty clear: no tracking to make money off our citizens. If you want to sell them a service, go ahead and just name your price. Actually compete instead of giving away stuff for free to undermine competition and then getting the money back by peddling the eyeballs in the back alleys.
Privacy advocate challenges YouTube's ad blocking detection scripts under EU law
https://news.ycombinator.com/item?id=38050838
There is no tracking involved, if you believe the js you got back is spyware you can refrain from running it and you can't watch the vid. Should every website ask for your consent to serve you javascript now?
Ideally, yes.
Every time you see a popup to approve cookies, it is explicitly so a company can beg you to allow them to track you for free money.
https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium...
...oh, I see, I have to first go into the settings to declare myself an able-minded human. That's quite the UX failure, hiding functionality behind an unrelated toggle at an entirely different place.
Having finally found the correct mystical incantation, I can answer your question. At first glance, that UI is incredibly confusing. Why are there two columns to the right of every domain? What's the difference between making the left column red and the right grey, versus making the right column red and the left grey? What is the significance of the +'s and -'s in the various cells? That help page doesn't explain any of it.
What's really missing: uMatrix lets me see how many resources of what type were loaded from what domain. That's very helpful when finding out what needs to be unblocked: if a site doesn't work, I progessively whitelist third-party resources until basic functionality is restored. I then remove everything from the writelist that's unused. It doesn't seem like that information is available.
Also: with UBO it doesn't seem possible to enable javascript for just one third-party host, or enable everything except javascript? If I whitelist a host in the UI, it automatically enables static resources (img, css), dynamic resources (js), cross-site data (xhr) and frames. I'm not going to write manual rules every time I want to allow everything except javascript.
This is just from a cursory examination, so maybe the functionality is there, it's just unfamiliarity with the new interface. But from what I'm seeing, neither the UI itself nor the help page make a compelling reason to make the switch.
>uMatrix lets me see how many resources of what type were loaded from that domain.
uBlock Origin > Logger (its an icon)
> enable javascript for just one third-party host
Red button (with more enabled) disables a specific resource in a nested-list UI very similar to uMatrix AFAIR.
Red button (with more enabled) disables a specific resource
I don't see it. Red button disables a specific domain for as far as I can see. It doesn't disable just one type of resource from that domain.
in a nested-list UI very similar to uMatrix
It seems this is the problem: uMatrix is most emphatically not a nested-list UI: it is an authorization matrix UI. It seems that UBO does try to incorporate some of uMatrix' features back into it, but in the basis it's still a one-dimensional blocklist. That's just not good enough for how I browse the web in safety.
Why are there two two columns to the right of every domain?
The left column is for global rules (independent of the currently-visited domain), the right column is for rules specific to the currently-loaded domain. This is strictly inferior to uMatrix, which allows me to set rules for every part of the dns name (e.g. I can easilty switch between settings rules for news.ycombinator.com, ycombinator.com and even for all .com sites). So what's missing: source domain control for the rule(s) I'm currently configuring.
What's more, in uMatrix I could set a hard block on a toplevel domain (say, google.com) and then add a whitelist for a subdomain (say, mail.google.com) which would override the higher-level block. Since UBO only uses block (red)/ignore (grey), this kind of setup is not possible. So what's missing: an explicit allow/ignore/block toggle like in uMatrix.
What is the significance of the +'s and -'s in the various cells?
These are blocked and allowed resources, so there's some level of feedback there. But it seems that CSS resources are not included in those statistics at all, and images do cause a + to be displayed in the domain-specific row but not in the generic "images" row whereas third-party javascript gets a + in the domain-specific row and in the generic "3rd-party scripts row". So what's missing: I want resource type indicators rather than generic "+"
I'll repeat what I wrote as a response to the sibling comment because it seems to be a fundamental UI issue: the UI of UBO still seems geared towards a one-dimensional blocklist and is missing all the controls for two-dimensional control of [domains]x[resource types]. And after years of safely browsing the modern web with uMatrix, I can't imagine going without that control.
-- edit:
To explain a bit more my thought proces behind how I browse the web: I maintain effectively four trust levels in the browser, which are:
(0. not a browser trust level: pihole-style dns rpz blocking)
1. no trust: all outgoing connections to the domain are blocked.
2. static content: html/css/img is allowed to be loaded from the domain.
3. dynamic content: allow javascript and cross-site requests
4. embeddings: mostly used for payment processors, these tend to get very anxious if some things don't work as expected.
My default (uMatrix) settings put the primary domain at level 2 and all third-party sites at level 1. Surprisingly, this still works fine for a lot of sites, at least the sites that I find worth reading. I guess I'm enough of an academic to prefer reading over "consuming" content.
The first trust increase, if needed, is to selectively bump third-party domains belonging to the same first party to trust level 2. This is mostly because CDNs use a different hostname (such as theguardian.com using guim.co.uk for their content, bbc.co.uk using bbci.co.uk). These rules are configured once as I encounter them, then saved so I won't need to worry about it again.
Then there's webshops I frequent, which are by default at trust level 3. But even there, only the first-party domain is at trust level 3, and the payment provider for the site it whitelisted at level 4. But other third-parties are still at level 1 or 2. Even for these sites, I prefer to keep the trust low and only elevate said trust when I'm actually making a purchase.
So, with respect to uBlock Origin: I don't see how it would allow me to switch easily between trust level 2 and 3 for each third-party domain. And as described here, I use trust switching a lot -- it's become an ingrained part of my browsing habit. In uMatrix, the same is actually very easy, I only have a resource-level Deny on javascript and a resource-level Deny on iframe embeddings. Setting a specific domain to Allow will only bump it to trust level 2 because the resource-level Deny's are still in plac...
I don't think umatrix is actively maintained any more
-----
Turns out that youtube also has:
1) the dominant browser;
2) the same interests as, multiple partnerships with, and very little actual competition with the company that runs the next biggest browser in a walled garden, and
3) been completely funding the development of the browser that continually press releases as if youtube's aims are pure evil and that they are the only opposition.
If a website doesn’t support your usecase, that’s on you, there is no ADA requirement for JS-free websites
Privacy shouldn't only be afforded to the more technical users.
Yes! I would have much preferred the EU to make PSAs explaining how to disable cookies in browsers rather than inflicting popups on billions of users.
Yes. If you create regulations with the assumption that they will be followed exactly how you want them to be rather than considering how entities who don't share your goals will react, you are doing a bad job.
The GDPR disallows tracking without consent, but more in the spirit of “don’t track” than “get consent”. It also specifies that conditions should be clear, and that not granting consent (or withdrawing it) should be as simple as granting it. It even specifies that sites that request private information from kids should be clearer, because they need to understand what they’re accepting even if their guardians will provide the consent.
They're an entirely rational and predictable reaction to it. If you're trying to regulate bad actors, it should be utterly unsurprising when they game the easily gameable rules.
The GDPR disallows tracking without consent, but more in the spirit of “don’t track” than “get consent”.
Then it should actually ban tracking, without the loophole of "you can track as long as you get the user to click a button, also you can't offer them anything in exchange for doing so". That's just asking for all the dark patterns we've gotten.
The problem isn't that. The problem is that people are being convinced that malicious compliance is somehow the EU's fault. This is clearly the bad actors being bad; the thing that's being gamed isn't GDPR, but publicity around it. As in, the EU should probably invest some money in naming and shaming actors complying in bad faith (if at all).
They can choose not to provide the service unless you pay.
They can also choose not to provide the service to unregistered users and give out free daily watches as a part of their marketing campaign. Then you enter a simple contract by opening an account and agreeing to their terms.
Terms which can include data collection, but it has to be possible to opt-out from it without losing access to the service.
I'm not familiar with tbh because the idea of working on ad software and SEO seem like the most boring possibly ethically dubious jobs.
For example, I did not consent to this y18.svg file that this website has served to me. This is a non-consensual violation of my computational autonomy. Just to put a logo up? Horrific.
Wouldn't that depend on when YouTube starts the "three video" counter? A blanket ban on ad blockers may not violate the law, but their implementation may.
If the page need to load some SPA app, draw the canvas (accessing GPU), or WebUSB, etc, then ask for permission would be a good idea. Just like how accessing ones' camera and mic requires permission. It will force web developers to do less stuff in JS for just display. And if an app type of application is needed, then ask for permission.
Can users still use ad blockers?
The proposal does not regulate the use of ad blockers. Users have the freedom to install software on their devices that disables the display of advertisement. At the same time, the Commission is aware that 'free' content on the internet is often funded by advertisement revenue. Therefore, the proposal allows website providers to check if the end-user's device is able to receive their content, including advertisement, without obtaining the end-user's consent. If a website provider notes that not all content can be received by the end-user, it is up to the website provider to respond appropriately, for example by asking end-users if they use an ad-blocker and would be willing to switch it off for the respective website.
[0]: https://twitter.com/alexanderhanff/status/722861362607747072
Google is SO data driven, and many people's objectives are going to be impacted by the reduced watch time.
They're going to have to (or already have) modify the objectives of many, many employees
If I go incognito I can.
FreeTube for now, I guess.
I never watched much of any creator-based content, just used it to browse for music, most of which was uploaded by someone other than the artist and, usually if I like it, I'll go and buy it directly from the artist/label. Someone's gotta pay for that hosting, though, right?
Sure, I'll tell my ad blocker to allow YT ads through, that's a compromise I'm fine with. But Google decided, arbitrarily, that that compromise isn't good enough and the mere presence of an inactive adblocker is enough for them to tell me to fuck off.
If that's how they're gonna be, then it's not gonna bother me at all to use Invidious.
Maybe you didn't try to play videos when they didn't update their fix yet.
https://imgur.com/a/m1NAWeC
Not showing ads is leaving money on the table, and streaming services are like any other company, they will need continuous return on investment no matter what. They will eventually get that return by showing ads[1], shareholders will demand it.
Look at Hulu, Netflix and YouTube. They all show ads now. Netflix previously didn't show ads and now does. Hell, I can't watch a 20-minute YouTube video without watching several minutes of ads.
These services' actual clients are the entities that have million/billion dollar advertising budgets, and not individual customers who pay a paltry monthly fee. Even if services start with no/minimal ads to get their foot in the door, they will eventually have to take their advertising partners' money, and those partners will want to show ads.
[1] https://digiday.com/future-of-tv/ad-supported-streaming-serv...
Also because the ability for the end user to have complete control over the content the server sends them has been baked into the web since the beginning. You can send your content for free and hope that I choose to view your ads (which I probably wont,) or you can put your content behind a paywall, and hope it's worth paying for (it probably isn't.)
What you can't do is send your content for free and just expect me to view your ads, as if the internet were old media like radio or television, where even then, you could skip ads with DVR or just change the channel.
It's not our problem corporations thought the web was going to be a gravy train where the rules didn't matter, and they poisoned the well and ruined everything in the process. To hell with all of them, let them burn. We'll go back to sharing videos on torrent or something.