It is downloading a solver at runtime, took maybe half a second in total, downloads are starting way faster than before it seems to me.
[youtube] [jsc:deno] Solving JS challenges using deno
[youtube] [jsc:deno] Downloading challenge solver lib script from https://github.com/yt-dlp/ejs/releases/download/0.3.1/yt.solver.lib.min.js
It would be great if we could download the solver manually with a separate command, before running the download command, as I'm probably not alone in running yt-dlp in a restricted environment, and being able to package it up together with the solver before runtime would let me avoid lessening the restrictions for that environment. Not a huge issue though, happy in general the start of downloads seems much faster now.
I remember when QuickTime came out in 1991 and it was obvious to everyone that video should be copied, pasted and saved like any arbitrary data.
It's absolutely insane to me how bad the user experience is with video nowadays, even video that's not encumbered by DRM or complex JavaScript clients.
I use yt-dlp (and back then youtube-dl) all the time to archive my liked videos. Started back in around 2010, now I have tens of thousands of videos saved. Storage is cheap and a huge percent of them are not available anymore on the site.
I also save temporary videos removed after a time for example NHK honbasho sumo highlights which are only available for a month or so then they permanently remove them.
You are a digital hoarder. I have taken so many pics that I wouldn't even bother to look back that them (do we ever?) but Google memories is really a neat feature, it refreshes memories. I think you should run a similar service to refresh memory of your favourite videos like they are on speed dail.
I started after channels started removing their own videos because they either didn't think the videos were good enough or they had a mental break and deleted their channel. So good stuff just gone.
No! It would be easier but I burned myself so many times with removed videos that I do it on my own basically asap manually. Not a big deal once you have yt-dlp properly
Do you ever go back and actually watch those videos? Whenever I start to journal, track, or just document something, after some time I notice again and again that most of the value has already been created the moment I finish working on a specific entry. Even with something seemingly very important like medical records. Maybe one exception I can think of are recordings of memories involving people close to you
I have the same with journals, but the video archiving has actually come up a few times, still fairly rare though. I think the difference is that you control the journal (and so rarely feel like you need it's content) while the videos you're archiving are by default outside of your control and can be more easily lost.
I would be interested in knowing as well. I've been watching YouTube since it first came out and can't remember any times where I saw something I thought I needed to actually download and save in case I wanted it in 10 years. 10,000+ videos is a lot of videos to just seemingly save.
Whether something is worth downloading is a good heuristic for whether it's worth watching in the first place. e.g. university lectures, technical talks, etc. are something you may want to reference in the future, or you may want to save for your kids in case they're interested in it one day, etc. The latest slop from professional "content creators" that you can't imagine keeping so you can pass it down one day? Not worth your time today either.
Same here and my motivation was that some of my liked videos were randomly removed and it's pretty cool music I wanted to keep forever.
I made another script that adds the video thumbnail as album art and somehow tries to put the proper ID3 tags, it works like 90% of the time which is good enough for me.
Then I made another script that syncs it to my phone when I connect it.
So now I have unlimited music in my phone and I only have to click on "Like" to add more.
And yet, none of Google's 900k TOC genius engineers have thought of this as a feature ...
In ten years time YouTube will be entirely inaccessible from the browser as the iPad kids generation are used to doomscrolling the tablet app and Google feels confident enough to cut off the aging demographic.
maybe to stop the .01%. switching to app only, sign in only would get them pretty much all the way there.
They own the os, with sign-in, integrity checks, and the inability to install anything on it Google doesn't want you to install they could make it pretty much impossible to view the videos on a device capable of capturing them for the vast majority of people. Combine that with a generation raised in sandboxes and their content would be safe.
They find devices that are easy to hack (and I mean rip and tear) and extract the decryption keys from each of them, from what I have heard cheap chinese tvs and set top boxes, they extract the keys from the chips (hardware hacking, heard some even use microscopes to read the keys by hand), and then use them to decrypt streams, I heard that they catch them pretty fast to they use like 1 device per season. This is why they use mostly stollen devices.
I knew of this chrome bug which could allow netflix to be ripped. I had heard it in comments of some section of youtube and I might need to look further into it but its definitely possible.
Yes, it's called: Web Environment Integrity + hardware attestation of some kind
> "the technical means through which WEI will accomplish its ends is relatively simple. Before serving a web page, a server can ask a third-party "verification" service to make sure that the user's browsing environment has not been "tampered" with. A translation of the policy's terminology will help us here: this Google-owned server will be asked to make sure that the browser does not deviate in any way from Google's accepted browser configuration" [1]
Let's say the only devices you can get that will run YouTube are running i/pad/visionOS or Android and that those will only run on controlled hardware and that the hardware will only run signed code. Now let's say the only way to get the YouTube client is though the controlled app stores on those platforms. You can build a chain of trust tied to something like a TPM in the device at one end and signing keys held by Apple or Google at the other that makes it very difficult to get access to the client implementation and the key material and run something like the client in an environment that would allow it to provide convincing evidence that it is a trusted client. As long as you have the hardware and software in your hands, it's probably not impossible, but it can be made just a few steps shy.
The decryption code could verify that it's only providing decrypted content to an attested-legitimate monitor, using DRM over HDMI (HDCP).
You might try to modify the decryption code to disable the part where it reencrypts the data for the monitor, but it might be heavily obfuscated.
Maybe the decryption key is only provided to a TPM that can attest its legitimacy. Then you would need a hardware vulnerability to crack it.
Maybe the server could provide a datastream that's fed directly to the monitor and decrypted there, without any decryption happening on the computer. Then of course the reverse engineering would target the monitor instead of the code on the computer. The monitor would be a less easily accessible reverse engineering target, and it itself could employ obfuscation and a TPM.
I guess at that point we could do it the old fashioned way by pointing a camera at the screen. Or, I guess, a more professional approach based on external recording.
I can only navigate to a video by long-pressing, copying the URL and pasting it into the URL bar, otherwise I get a meaningless "something went wrong" type error message. Mobile Safari, no content blockers, not logged into a Google account. After almost two decades of making the website worse they finally succeeded in breaking "clicking a video". I wonder what the hotshots at Alphabet manage to break next :o)
Suspicion: they’ve fingerprinted me hard and know I have premium but like to watch occasionally from Safari private (with content blockers) and don’t hassle me.
Mainly suspect this given lack of anti-adblocking symptoms.
And the YouTube web interface is full of issues too. For example, livestreams had transient memory leaks for months already, thought to be related to their chat implementation.
In the meanwhile, YouTube spends its effort on measures against yt-dlp, which don't actually stop yt-dlp.
What the fuck is wrong with Google corporate as of late.
Because this will mean major shift to open-source and community solution, where creators will be paid directly by their viewers.
I have NO problem, what so ever, to pay content creators directly.
But I have HUGE problem to pay big corpos. It's ridiculous that we pay for Netflix same price as US people and for you it's cheaper than coffee and for us, if you compare median-salary, it's 5-10x MORE expensive. (cancelled every streaming platform year before as all of my friends, cloud seedbox here we go)
And I don't even wanna mention Netflix's agenda they want to push (eg.: Witcher)
That's why piracy is so frequent here in small country in EU :) Also it's legal or in grey-area, because nobody enforce it or copyright companies are unable to enforce it if you don't make money from sharing. (yes, you don't even need to use VPN with torrents)
Pffft, and good riddance, comrade! Just think about native application and native performance, great native animations and native experience (and native ads, of course)! We won't have this god-awful Web (that propelled modern tech world in the first place) anymore, we can finally have personal vendetta against awful JS and DOM. No more interoperability, no more leverage against corpos, just glorious proprietary enclaves where local tyrant can do anything they want!
Think of iOS. You can basically use just 1 programming stack on iOS devices: Swift/Objective-C. You can't have JIT except for the JIT approved by the Apple Gods.
The biggest hack to this is React Native, which barged just in due to sheer Javascript and web dominance elsewhere, and even that has a ton of problems. Plus I'm fairly sure that the React Native JS only runs in the JIT approved by the Apple Gods, anyway.
Otherwise, we're stuck in the old days of compiled languages: C/C++ (they can't really get rid of these due to games, and they have tried... Apple generally hates/tolerates games but money is money). Rust works decently from what I hear. Microsoft bought Mono/Xamarin and that also sort of works.
But basically nothing else is at the level of quality and polish - especially in terms of deployment - as desktops, if you want to build an app in say, Python. Or Java. Or Ruby. Or whatever other language in which people write desktop apps.
And we're at a point where mobile computing power is probably 20x that of desktops available in 2007. The only factor that is holding us back is battery life, and that's only because phone manufacturers manufacture demand by pushing for ever slimmer phones. Plus we have tons of very promising battery techs very close to increasing battery capacities by 20-50%.
This is obviously not plausible. They're never going to shut off browser access on people's laptops. Watching YT at work is a major thing.
I have to assume you're joking, but I honestly can't figure out what point you're even trying to make. Do it think it's surprising that an ad-supported site has anti-scraping/anti-downloading mechanisms? YouTube isn't a charity, it's not Wikipedia.
Not to mention all of the iframe embeds. I’d argue it’d helped YouTube become the defacto go to platform for corporate videos. Yeah there’s other solutions but the number of corp sites that just toss videos on YouTube is insane.
No, they can't. Way too many devices, including televisions, access YT via all sorts of browsers. Not to mention antitrust would be all over that. With their dominant browser share, getting people to switch to Chrome by removing access to YT for Firefox would get multiple governments filing lawsuits ASAP.
I don’t think it’s such a wild possibility that more and more jobs will be able to be done with locked down tablets and smart phone while fewer will be done on laptops and desktops. We are already seeing it at the personal level - people are entirely forgoing personal computers and using mobile devices exclusively. The amount isn’t huge (like 10 or 15% in the US IIRC?) but 10 years ago that was unthinkable IMO.
I was reading a study recently that claimed Gen Z is the first generation where tech literacy has actually dropped. And I don’t blame them! When you don’t have to troubleshoot things and most of your technology “just works“ out the box compared to 20 or even 10 years ago, then you just don’t need to know how to work under the hood as much and you don’t need a fully fledged PC. You can simply download an app and generally it will just take care of whatever it is you need with a few more taps. Similar to how I am pretty worthless when it comes to working on a car vs my parents generation could all change their own oil and work on a carburetor (part of this is also technology has gotten more complicated and locked down, including cars, but you get my point).
The point of all this is I could definitely see a world where using a desktop/laptop computer starts becoming a more fringe choice or specific to certain industries. Or perhaps they become strictly “work” tools for heavy lifting while mobile devices are for everything else. In that world many companies will simply go “well over 90% of our users are only using the app and the desktop has become a pain in the ass to support as it continues to trend downwards so…why bother?”
Who knows the future? Some new piece of hardware could come out in 10 years and all of this becomes irrelevant. But I could see a world where devices in our hands are the norm and the large device on the desk becomes more of a thing of the past for a larger percentage of the population.
Just because the balance shifts doesn't mean the desktop/laptop stops being supported.
Laptops aren't going anywhere. Even if phones and tablets replace them for a third of tasks, or a third of people.
The idea that laptops with browsers would become so rare that YouTube would drop support, within any reasonably predictable future timeframe, is pure fantasy.
>within any reasonably predictable future timeframe
I think given the pace of technological advancement and given how every generation we see at least one major piece of electronics completely wipe out generations of predictions, this statement doesn’t serve a productive purpose other than to make “I don’t agree” sound like some variation of “it’s an objective fact that what you said is impossible.” You’re just spiking the conversation, even if that is not your intention.
I didn’t say this is definitely going to happen. I’m just saying clearly the way we engage with computers is shifting and that means companies will adjust accordingly. It’s not that far fetched.
As for “within any reasonably predictable future timeframe,” for all we know YouTube will become a relic.
Lots of people listen to the audio. It’s like a podcast, or having the radio on, which is fine in lots and lots of jobs.
Some people probably also literally watch it, but I know multiple people who basically use it as a radio at work.
Plus, never worked anywhere where half of everyone, including management, is more-or-less openly watching sports more than working during major tournaments?
And nobody's saying you're getting paid to watch YouTube all day. But video links get sent around, and people check out whatever 3 minute video. They watch during lunch. You know how it is.
"yt-dlp is a feature-rich command-line audio/video downloader with support for thousands of sites. The project is a fork of youtube-dl based on the now inactive youtube-dlc."
I guess the point was that yt-dlp is only possible, because of the mandatory protocols you need in the browser. Moving to native app makes it much easier to prevent downloading and denying access to the unencrypted content.
I think these days yt-dlp is possible because they're relying on the infra YouTube has for their TV apps, which are html5 (ish) browser apps. so they'd also have to dedicate time to building native apps for every TV in existence, even if youtube.com went away.
> Moving to native app makes it much easier to prevent downloading and denying access to the unencrypted content.
It would still be possible with native apps. Somebody will have to reverse engineer it continuously. So it will be slower, but still possible.
However, that won't be the case if they start using some secret (like a private key) that you can't access directly from an app, or if they decide that you can't run custom/modified apps. That's what I believe to be the true intentions behind their push to adopt dystopian technologies like secure enclaves and platform attestation. Not really about security as they claim.
> That's what I believe to be the true intentions behind their push to adopt dystopian technologies like secure enclaves and platform attestation. Not really about security as they claim.
Doesn't matter, yt-dlp looks like a browser to youtube. They can put authorization/encryption in an app that can't be done in a webpage. By killing browsers they gain control.
> Is it because it would break compatibility with some devices?
This is a significant part of it. There are many smart devices that would not be capable of running that sort of software. As those cycle out of the support windows agreed way-back-when then this sort of limitation will be removed.
I'm sure this is not the only consideration, but it is certainly part of the equation.
It's just an understandable reluctance to insert a bunch of additional dependencies in your playback stack unless you really, really have to.
People underestimate how much engineering Netflix have put in over the years to get it to work seamlessly and without much playback start latency, and replicating that over literally millions of existing videos is pretty non-trivial, as is re-transcoding.
It's not because of older devices - any TV that has got a YouTube app for a decade was required to support Widevine as part of the agreement to get the app, so the tail end of devices you'd cut off would be tiny, and even if they wanted to keep them in use you could probably use the client certificate to authenticate them and disallow general web access. It wouldn't be 100% fullproof but if any open source project used an extracted key you could revoke it quickly.
Yeah, it's pretty much to support backwards compatibility with old smart TVs and the like. They already enforce stricter rules on new hi-res content, and once those old devices cycle out of service you can expect the support to go away.
More and more recently with youtube, they seem to be more and more confrontational with their users, from outright blocking adblockers, which has no bearing on youtube's service, to automatically scraping creators content for AI training and now anything API related. They're very much aware that there is no real competition and so they're taking full advantage of it. At the expense of the 'users experience' but these days, large companies simply don't suffer from a bad customer experience anymore.
> At the expense of the 'users experience' but these days, large companies simply don't suffer from a bad customer experience anymore.
This is my personal opinion. They're still affected by customer satisfaction and they're still driven by market forces. It's just that you and I are not their customers. It's not even the YT premium customers. Google is and always has been an ad service company and their primary customers have always been the big advertisers. And they do care about their experience. For example, they go overboard to identity the unique views of each ad.
Meanwhile the rest of us - those of us who don't pay, those who subscribe and even the content creators - are their captive resources whose creativity and attention they sell to the advertisers. Accordingly, they treat us like cattle, with poor quality support that they can't be bothered about. This is visible across their product lineup from YouTube and gmail to workspace. You can expect to be demonetized or locked out of your account and hung out to dry without any recourse if your account gets flagged by mistake or falsely suspected of politics that they don't like. Even in the best case, you can only hope to raise a stink on social media and pray that it catches the attention of someone over there.
Their advantage is that the vast majority of us choose to be their slaves, despite this abuse. Without our work and attention, they wouldn't have anything to offer their customers. To be fair to ourselves, they did pull off the bait and switch tactic on us in the beginning by offering YouTube for free and killing off all their competition in the process. Now it's really hard to match their hosting resources. But this is not sustainable anymore. We need other solutions, not complaints. Even paid ones are fine as long as they don't pull these sort of corporate shenanigans.
>outright blocking adblockers, which has no bearing on youtube's service
The scale of data storage, transcoding compute, and bandwidth to run YouTube is staggering. I'm open to the idea that adblocking doesn't have much effect on a server just providing HTML and a few images, but YouTube's operating costs are (presumably, I haven't looked into it) staggering and absolutely incompatible with adblocking.
I’m recently also encountering more unskippable ads, especially in kids videos. There were always two ads. Sometimes the first wasn’t shippable and the second always was. That has gradually shifted to neither being skippable.
Perhaps a stupid question, but is there some reason I can't potentially fall back to recording my screen / audio in realtime and saving videos that way? yt-dlp is obviously far superior to this, but just thinking about what my fallback points are.
You definitely can, it's just 1) vastly slower, and 2) you have to recompress the decompressed video, which loses quality. It's therefore an option of last resort.
Most people want to be able to download 5 hours of video in the background in 5 minutes. Not wait 5 hours while their computer is unusable.
Understood and agreed. I mostly don't even care about keeping videos from Youtube, but some of the most amazing music performances in the world are trapped on Youtube, and in many cases there is no obvious way to purchase or download them elsewhere.
I wonder if it has to be a real computer, display, and camera, or if doing it with a "headless display" that is nonetheless being fed to a "video recorder" would work...
It depends on a lot of factors. But even if it works in a virtual machine, your CPU is going to be pegged at 100% the whole time to handle the re-encoding. Unless you use a hardware h.264 encoder, but then the quality is pretty terrible since it's explicitly optimized for speed over quality and isn't tunable the way software encoders are.
It's always doable, it's just an option of last resort. You always just want to access the original compressed bitstream if possible.
With browser's and hardware's support for DRM they could make it impossible if they want to. Basically the OS / recording software sees a blank screen.
I was on live TV recently and wanted to keep a recording for myself, that wasn't just filming the screen with my phone. I first tried screen recording watching the show in my browser in their streaming service. Got a black video. Then I tried their phone app, got a black video. Finally, using my phone but the web page they enabled playback without DRM and I could record and store it. When more devices support DRM they will probably get rid of that fallback as well.
I don't know if Youtube cares, but other website do attempt to block this as well. They will either black your screen or prevent playback if you try to screen record, even encrypting to prevent recording the HDMI/DP output.
It's quite worrying. A sizeable chunk of cultural and educational material produced in the last decade is in control of greedy bastards who will never have enough. Unfortunately, downloading the video data is only part of it. Even if we shared it all on BitTorrent it's nowhere near as useful without the index and metadata.
What are you talking about? It's in control of the creators. YT doesn't get exclusive copyright on user's content. Those creators can upload wherever they want.
And YT isn't "greedy bastards". They provide a valuable service, for free, that is extremely expensive to run. Do you think YT ought to be government-funded or a charity or something?
Benn Jordan made a pretty compelling video on this topic, arguing that the existing copyright system and artifacts of it are actually not that great and a potential government system might actually be better: https://www.youtube.com/watch?v=PJSTFzhs1O4
I will say that is something I would not have considered reasonable prior to watching his video.
Seems its already in Arch's repositories, and seems to work, just add another flag to the invocation:
It is downloading a solver at runtime, took maybe half a second in total, downloads are starting way faster than before it seems to me. It would be great if we could download the solver manually with a separate command, before running the download command, as I'm probably not alone in running yt-dlp in a restricted environment, and being able to package it up together with the solver before runtime would let me avoid lessening the restrictions for that environment. Not a huge issue though, happy in general the start of downloads seems much faster now.I remember when QuickTime came out in 1991 and it was obvious to everyone that video should be copied, pasted and saved like any arbitrary data.
It's absolutely insane to me how bad the user experience is with video nowadays, even video that's not encumbered by DRM or complex JavaScript clients.
I use yt-dlp (and back then youtube-dl) all the time to archive my liked videos. Started back in around 2010, now I have tens of thousands of videos saved. Storage is cheap and a huge percent of them are not available anymore on the site.
I also save temporary videos removed after a time for example NHK honbasho sumo highlights which are only available for a month or so then they permanently remove them.
You are a digital hoarder. I have taken so many pics that I wouldn't even bother to look back that them (do we ever?) but Google memories is really a neat feature, it refreshes memories. I think you should run a similar service to refresh memory of your favourite videos like they are on speed dail.
I compulsively take pictures of the sky, same never to be looked at
I started after channels started removing their own videos because they either didn't think the videos were good enough or they had a mental break and deleted their channel. So good stuff just gone.
do you have a cron job or something? i know it is probably trivial but eh
Popular self-hosted solution: https://github.com/tubearchivist/tubearchivist
You people always make everything more complicated than necessary.
No! It would be easier but I burned myself so many times with removed videos that I do it on my own basically asap manually. Not a big deal once you have yt-dlp properly
Do you ever go back and actually watch those videos? Whenever I start to journal, track, or just document something, after some time I notice again and again that most of the value has already been created the moment I finish working on a specific entry. Even with something seemingly very important like medical records. Maybe one exception I can think of are recordings of memories involving people close to you
I have the same with journals, but the video archiving has actually come up a few times, still fairly rare though. I think the difference is that you control the journal (and so rarely feel like you need it's content) while the videos you're archiving are by default outside of your control and can be more easily lost.
I actually do! I have a perpetual VLC playlist which plays those videos randomly if I need some background noise.
I would be interested in knowing as well. I've been watching YouTube since it first came out and can't remember any times where I saw something I thought I needed to actually download and save in case I wanted it in 10 years. 10,000+ videos is a lot of videos to just seemingly save.
Whether something is worth downloading is a good heuristic for whether it's worth watching in the first place. e.g. university lectures, technical talks, etc. are something you may want to reference in the future, or you may want to save for your kids in case they're interested in it one day, etc. The latest slop from professional "content creators" that you can't imagine keeping so you can pass it down one day? Not worth your time today either.
Same here and my motivation was that some of my liked videos were randomly removed and it's pretty cool music I wanted to keep forever.
I made another script that adds the video thumbnail as album art and somehow tries to put the proper ID3 tags, it works like 90% of the time which is good enough for me.
Then I made another script that syncs it to my phone when I connect it.
So now I have unlimited music in my phone and I only have to click on "Like" to add more.
And yet, none of Google's 900k TOC genius engineers have thought of this as a feature ...
> And yet, none of Google's 900k TOC genius engineers have thought of this as a feature ...
Isn’t that the YouTube Music app?
In ten years time YouTube will be entirely inaccessible from the browser as the iPad kids generation are used to doomscrolling the tablet app and Google feels confident enough to cut off the aging demographic.
They’d need dedicated hardware to enforce any kind of effective DRM. Encrypted bitstream generated on the fly watchable only on L2 attested device.
maybe to stop the .01%. switching to app only, sign in only would get them pretty much all the way there.
They own the os, with sign-in, integrity checks, and the inability to install anything on it Google doesn't want you to install they could make it pretty much impossible to view the videos on a device capable of capturing them for the vast majority of people. Combine that with a generation raised in sandboxes and their content would be safe.
Netflix is already there for 4k streams
It's not as easy as downloading a YouTube video though
And it's an entirely useless effort. No idea how it is done but the internet is full 4k rips.
They find devices that are easy to hack (and I mean rip and tear) and extract the decryption keys from each of them, from what I have heard cheap chinese tvs and set top boxes, they extract the keys from the chips (hardware hacking, heard some even use microscopes to read the keys by hand), and then use them to decrypt streams, I heard that they catch them pretty fast to they use like 1 device per season. This is why they use mostly stollen devices.
Interesting - do you have any sources to read further?
Search for widevine decrypt. You’ll find code and forums where at least some L3 keys are publicly shared.
Random article: https://www.ismailzai.com/blog/picking-the-widevine-locks
Claimed to be L1 key leaks (probably all blacklisted by now): https://github.com/Mavrick102/WIDEVINE-CDM-L1-Giveaway
The analog hole is real.
I knew of this chrome bug which could allow netflix to be ripped. I had heard it in comments of some section of youtube and I might need to look further into it but its definitely possible.
Can you explain in simple terms what would prevent one from running the decryption programmatically posing as the end client?
Yes, it's called: Web Environment Integrity + hardware attestation of some kind
> "the technical means through which WEI will accomplish its ends is relatively simple. Before serving a web page, a server can ask a third-party "verification" service to make sure that the user's browsing environment has not been "tampered" with. A translation of the policy's terminology will help us here: this Google-owned server will be asked to make sure that the browser does not deviate in any way from Google's accepted browser configuration" [1]
https://www.fsf.org/blogs/community/web-environment-integrit...
Let's say the only devices you can get that will run YouTube are running i/pad/visionOS or Android and that those will only run on controlled hardware and that the hardware will only run signed code. Now let's say the only way to get the YouTube client is though the controlled app stores on those platforms. You can build a chain of trust tied to something like a TPM in the device at one end and signing keys held by Apple or Google at the other that makes it very difficult to get access to the client implementation and the key material and run something like the client in an environment that would allow it to provide convincing evidence that it is a trusted client. As long as you have the hardware and software in your hands, it's probably not impossible, but it can be made just a few steps shy.
Here are a couple ideas:
The decryption code could verify that it's only providing decrypted content to an attested-legitimate monitor, using DRM over HDMI (HDCP).
You might try to modify the decryption code to disable the part where it reencrypts the data for the monitor, but it might be heavily obfuscated.
Maybe the decryption key is only provided to a TPM that can attest its legitimacy. Then you would need a hardware vulnerability to crack it.
Maybe the server could provide a datastream that's fed directly to the monitor and decrypted there, without any decryption happening on the computer. Then of course the reverse engineering would target the monitor instead of the code on the computer. The monitor would be a less easily accessible reverse engineering target, and it itself could employ obfuscation and a TPM.
Attestation requiring a hardware TPM 2.0 (or higher), and not being able to extract the private key from the TPM on your system.
TPM is Mathematically Secure and you can't extract what's put in. See, Fritz-Chip.
I guess at that point we could do it the old fashioned way by pointing a camera at the screen. Or, I guess, a more professional approach based on external recording.
Which is why Windows 11 requires TPM.
TPM isn't the only misfeature that makes Windows 11 an abomination. People who don't switch to a respectful platform is in for a lot of pain.
i think a lot of millenials and older gen-z use youtube on browsers. It has more and more alternative competitors too, like bilibili in China.
The YouTube web app is so full of bugs it's almost unusable on a phone.
Comments also disappear regularly on all platforms...
> Comments also disappear regularly on all platforms...
I don't believe that that's a bug. The disappearance depends a lot on the topic of those comments. It's very much deliberate censorship.
> It's very much deliberate censorship.
Also known as "moderation"
I can only navigate to a video by long-pressing, copying the URL and pasting it into the URL bar, otherwise I get a meaningless "something went wrong" type error message. Mobile Safari, no content blockers, not logged into a Google account. After almost two decades of making the website worse they finally succeeded in breaking "clicking a video". I wonder what the hotshots at Alphabet manage to break next :o)
Works dandily here.
Suspicion: they’ve fingerprinted me hard and know I have premium but like to watch occasionally from Safari private (with content blockers) and don’t hassle me.
Mainly suspect this given lack of anti-adblocking symptoms.
Do you also get looping search results? I've also had it happen to the simple "videos" tab of a channel.
And the YouTube web interface is full of issues too. For example, livestreams had transient memory leaks for months already, thought to be related to their chat implementation.
In the meanwhile, YouTube spends its effort on measures against yt-dlp, which don't actually stop yt-dlp.
What the fuck is wrong with Google corporate as of late.
dumb middle management driven by dumb metrics
a very old story...
Google is having a hard time conforming to their own javascript standards.
I hope they will do that, yes really.
Because this will mean major shift to open-source and community solution, where creators will be paid directly by their viewers.
I have NO problem, what so ever, to pay content creators directly.
But I have HUGE problem to pay big corpos. It's ridiculous that we pay for Netflix same price as US people and for you it's cheaper than coffee and for us, if you compare median-salary, it's 5-10x MORE expensive. (cancelled every streaming platform year before as all of my friends, cloud seedbox here we go) And I don't even wanna mention Netflix's agenda they want to push (eg.: Witcher)
That's why piracy is so frequent here in small country in EU :) Also it's legal or in grey-area, because nobody enforce it or copyright companies are unable to enforce it if you don't make money from sharing. (yes, you don't even need to use VPN with torrents)
Pffft, and good riddance, comrade! Just think about native application and native performance, great native animations and native experience (and native ads, of course)! We won't have this god-awful Web (that propelled modern tech world in the first place) anymore, we can finally have personal vendetta against awful JS and DOM. No more interoperability, no more leverage against corpos, just glorious proprietary enclaves where local tyrant can do anything they want!
Think of iOS. You can basically use just 1 programming stack on iOS devices: Swift/Objective-C. You can't have JIT except for the JIT approved by the Apple Gods.
The biggest hack to this is React Native, which barged just in due to sheer Javascript and web dominance elsewhere, and even that has a ton of problems. Plus I'm fairly sure that the React Native JS only runs in the JIT approved by the Apple Gods, anyway.
Otherwise, we're stuck in the old days of compiled languages: C/C++ (they can't really get rid of these due to games, and they have tried... Apple generally hates/tolerates games but money is money). Rust works decently from what I hear. Microsoft bought Mono/Xamarin and that also sort of works.
But basically nothing else is at the level of quality and polish - especially in terms of deployment - as desktops, if you want to build an app in say, Python. Or Java. Or Ruby. Or whatever other language in which people write desktop apps.
And we're at a point where mobile computing power is probably 20x that of desktops available in 2007. The only factor that is holding us back is battery life, and that's only because phone manufacturers manufacture demand by pushing for ever slimmer phones. Plus we have tons of very promising battery techs very close to increasing battery capacities by 20-50%.
> Plus we have tons of very promising battery techs very close to increasing battery capacities by 20-50%.
Could you elaborate a bit, please? Any links are appreciated.
This is obviously not plausible. They're never going to shut off browser access on people's laptops. Watching YT at work is a major thing.
I have to assume you're joking, but I honestly can't figure out what point you're even trying to make. Do it think it's surprising that an ad-supported site has anti-scraping/anti-downloading mechanisms? YouTube isn't a charity, it's not Wikipedia.
Not to mention all of the iframe embeds. I’d argue it’d helped YouTube become the defacto go to platform for corporate videos. Yeah there’s other solutions but the number of corp sites that just toss videos on YouTube is insane.
They can't shut off browser access, but they surely can kill all non-Chromium browsers.
No, they can't. Way too many devices, including televisions, access YT via all sorts of browsers. Not to mention antitrust would be all over that. With their dominant browser share, getting people to switch to Chrome by removing access to YT for Firefox would get multiple governments filing lawsuits ASAP.
I don’t think it’s such a wild possibility that more and more jobs will be able to be done with locked down tablets and smart phone while fewer will be done on laptops and desktops. We are already seeing it at the personal level - people are entirely forgoing personal computers and using mobile devices exclusively. The amount isn’t huge (like 10 or 15% in the US IIRC?) but 10 years ago that was unthinkable IMO.
I was reading a study recently that claimed Gen Z is the first generation where tech literacy has actually dropped. And I don’t blame them! When you don’t have to troubleshoot things and most of your technology “just works“ out the box compared to 20 or even 10 years ago, then you just don’t need to know how to work under the hood as much and you don’t need a fully fledged PC. You can simply download an app and generally it will just take care of whatever it is you need with a few more taps. Similar to how I am pretty worthless when it comes to working on a car vs my parents generation could all change their own oil and work on a carburetor (part of this is also technology has gotten more complicated and locked down, including cars, but you get my point).
The point of all this is I could definitely see a world where using a desktop/laptop computer starts becoming a more fringe choice or specific to certain industries. Or perhaps they become strictly “work” tools for heavy lifting while mobile devices are for everything else. In that world many companies will simply go “well over 90% of our users are only using the app and the desktop has become a pain in the ass to support as it continues to trend downwards so…why bother?”
Who knows the future? Some new piece of hardware could come out in 10 years and all of this becomes irrelevant. But I could see a world where devices in our hands are the norm and the large device on the desk becomes more of a thing of the past for a larger percentage of the population.
Just because the balance shifts doesn't mean the desktop/laptop stops being supported.
Laptops aren't going anywhere. Even if phones and tablets replace them for a third of tasks, or a third of people.
The idea that laptops with browsers would become so rare that YouTube would drop support, within any reasonably predictable future timeframe, is pure fantasy.
All the ewaste MS generated w/Win11 min requirements… I’m thinking that kinda maneuver. Eh not really but anyways:
A slow dropping of support for those who aren’t using an app or Chrome with some Play(Video) Integrity Extension installed.
>within any reasonably predictable future timeframe
I think given the pace of technological advancement and given how every generation we see at least one major piece of electronics completely wipe out generations of predictions, this statement doesn’t serve a productive purpose other than to make “I don’t agree” sound like some variation of “it’s an objective fact that what you said is impossible.” You’re just spiking the conversation, even if that is not your intention.
I didn’t say this is definitely going to happen. I’m just saying clearly the way we engage with computers is shifting and that means companies will adjust accordingly. It’s not that far fetched.
As for “within any reasonably predictable future timeframe,” for all we know YouTube will become a relic.
>Watching YT at work is a major thing.
Where are these jobs where I can get paid to watch YouTube?
Lots of people listen to the audio. It’s like a podcast, or having the radio on, which is fine in lots and lots of jobs.
Some people probably also literally watch it, but I know multiple people who basically use it as a radio at work.
Plus, never worked anywhere where half of everyone, including management, is more-or-less openly watching sports more than working during major tournaments?
And nobody's saying you're getting paid to watch YouTube all day. But video links get sent around, and people check out whatever 3 minute video. They watch during lunch. You know how it is.
It's not YouTube though, but downloader :)
"yt-dlp is a feature-rich command-line audio/video downloader with support for thousands of sites. The project is a fork of youtube-dl based on the now inactive youtube-dlc."
I guess the point was that yt-dlp is only possible, because of the mandatory protocols you need in the browser. Moving to native app makes it much easier to prevent downloading and denying access to the unencrypted content.
I think these days yt-dlp is possible because they're relying on the infra YouTube has for their TV apps, which are html5 (ish) browser apps. so they'd also have to dedicate time to building native apps for every TV in existence, even if youtube.com went away.
I think that too. When the people refresh their TVs with the newer, more DRM friendly/updated version this channel will meet its end :(
> Moving to native app makes it much easier to prevent downloading and denying access to the unencrypted content.
It would still be possible with native apps. Somebody will have to reverse engineer it continuously. So it will be slower, but still possible.
However, that won't be the case if they start using some secret (like a private key) that you can't access directly from an app, or if they decide that you can't run custom/modified apps. That's what I believe to be the true intentions behind their push to adopt dystopian technologies like secure enclaves and platform attestation. Not really about security as they claim.
> That's what I believe to be the true intentions behind their push to adopt dystopian technologies like secure enclaves and platform attestation. Not really about security as they claim.
Yeah, that is exactly I was thinking.
My understanding is that the original yt-dl used the browser interface. yt-dlp uses the android app interface.
>This impacts yt-dlp as we currently request video data from YouTube as if we were YouTube on TV.
https://github.com/yt-dlp/yt-dlp/issues/12563
Doesn't matter, yt-dlp looks like a browser to youtube. They can put authorization/encryption in an app that can't be done in a webpage. By killing browsers they gain control.
They know that. yt-dlp uses browser-like access to download.
From
https://github.com/yt-dlp/yt-dlp/wiki/EJS
it looks like deno is recommended for these reasons:
> Notes
> * Code is run with restricted permissions (e.g, no file system or network access)
> * Supports downloading EJS script dependencies from npm (--remote-components ejs:npm).
I wonder why YouTube doesn't implement full DRM, such as Widevine, at this point.
Is it because it would break compatibility with some devices? Is it too expensive?
(not that I'd like that; I always download videos from YouTube for my personal archive, and I only use 3rd party or modified clients)
They are already experimenting with DRM on all videos in certain clients (like the HTML5 TV one) https://github.com/yt-dlp/yt-dlp/issues/12563
Sooner or later, in the next couple of years, it will happen.
> Is it because it would break compatibility with some devices?
This is a significant part of it. There are many smart devices that would not be capable of running that sort of software. As those cycle out of the support windows agreed way-back-when then this sort of limitation will be removed.
I'm sure this is not the only consideration, but it is certainly part of the equation.
It's just an understandable reluctance to insert a bunch of additional dependencies in your playback stack unless you really, really have to.
People underestimate how much engineering Netflix have put in over the years to get it to work seamlessly and without much playback start latency, and replicating that over literally millions of existing videos is pretty non-trivial, as is re-transcoding.
It's not because of older devices - any TV that has got a YouTube app for a decade was required to support Widevine as part of the agreement to get the app, so the tail end of devices you'd cut off would be tiny, and even if they wanted to keep them in use you could probably use the client certificate to authenticate them and disallow general web access. It wouldn't be 100% fullproof but if any open source project used an extracted key you could revoke it quickly.
Yeah, it's pretty much to support backwards compatibility with old smart TVs and the like. They already enforce stricter rules on new hi-res content, and once those old devices cycle out of service you can expect the support to go away.
More and more recently with youtube, they seem to be more and more confrontational with their users, from outright blocking adblockers, which has no bearing on youtube's service, to automatically scraping creators content for AI training and now anything API related. They're very much aware that there is no real competition and so they're taking full advantage of it. At the expense of the 'users experience' but these days, large companies simply don't suffer from a bad customer experience anymore.
> At the expense of the 'users experience' but these days, large companies simply don't suffer from a bad customer experience anymore.
This is my personal opinion. They're still affected by customer satisfaction and they're still driven by market forces. It's just that you and I are not their customers. It's not even the YT premium customers. Google is and always has been an ad service company and their primary customers have always been the big advertisers. And they do care about their experience. For example, they go overboard to identity the unique views of each ad.
Meanwhile the rest of us - those of us who don't pay, those who subscribe and even the content creators - are their captive resources whose creativity and attention they sell to the advertisers. Accordingly, they treat us like cattle, with poor quality support that they can't be bothered about. This is visible across their product lineup from YouTube and gmail to workspace. You can expect to be demonetized or locked out of your account and hung out to dry without any recourse if your account gets flagged by mistake or falsely suspected of politics that they don't like. Even in the best case, you can only hope to raise a stink on social media and pray that it catches the attention of someone over there.
Their advantage is that the vast majority of us choose to be their slaves, despite this abuse. Without our work and attention, they wouldn't have anything to offer their customers. To be fair to ourselves, they did pull off the bait and switch tactic on us in the beginning by offering YouTube for free and killing off all their competition in the process. Now it's really hard to match their hosting resources. But this is not sustainable anymore. We need other solutions, not complaints. Even paid ones are fine as long as they don't pull these sort of corporate shenanigans.
>outright blocking adblockers, which has no bearing on youtube's service
The scale of data storage, transcoding compute, and bandwidth to run YouTube is staggering. I'm open to the idea that adblocking doesn't have much effect on a server just providing HTML and a few images, but YouTube's operating costs are (presumably, I haven't looked into it) staggering and absolutely incompatible with adblocking.
That’s fine, but YouTube has an obligation to make sure the ads they serve aren’t scams. They are falling short of that obligation.
I’m recently also encountering more unskippable ads, especially in kids videos. There were always two ads. Sometimes the first wasn’t shippable and the second always was. That has gradually shifted to neither being skippable.
Perhaps a stupid question, but is there some reason I can't potentially fall back to recording my screen / audio in realtime and saving videos that way? yt-dlp is obviously far superior to this, but just thinking about what my fallback points are.
You definitely can, it's just 1) vastly slower, and 2) you have to recompress the decompressed video, which loses quality. It's therefore an option of last resort.
Most people want to be able to download 5 hours of video in the background in 5 minutes. Not wait 5 hours while their computer is unusable.
Understood and agreed. I mostly don't even care about keeping videos from Youtube, but some of the most amazing music performances in the world are trapped on Youtube, and in many cases there is no obvious way to purchase or download them elsewhere.
eg: https://www.youtube.com/watch?v=HAi1pn3kBqE
I wonder if it has to be a real computer, display, and camera, or if doing it with a "headless display" that is nonetheless being fed to a "video recorder" would work...
Funny how it'd be like The Matrix...
It depends on a lot of factors. But even if it works in a virtual machine, your CPU is going to be pegged at 100% the whole time to handle the re-encoding. Unless you use a hardware h.264 encoder, but then the quality is pretty terrible since it's explicitly optimized for speed over quality and isn't tunable the way software encoders are.
It's always doable, it's just an option of last resort. You always just want to access the original compressed bitstream if possible.
With browser's and hardware's support for DRM they could make it impossible if they want to. Basically the OS / recording software sees a blank screen.
I was on live TV recently and wanted to keep a recording for myself, that wasn't just filming the screen with my phone. I first tried screen recording watching the show in my browser in their streaming service. Got a black video. Then I tried their phone app, got a black video. Finally, using my phone but the web page they enabled playback without DRM and I could record and store it. When more devices support DRM they will probably get rid of that fallback as well.
I don't know if Youtube cares, but other website do attempt to block this as well. They will either black your screen or prevent playback if you try to screen record, even encrypting to prevent recording the HDMI/DP output.
yt-dlp feels like a whole army fighting Google. Users reporting and the army performs.
If by army you mean underfunded open source volunteers then yes.
That's the point, they don't have the fund but still give the sense of fight and power of an army.
previously: https://news.ycombinator.com/item?id=45358980
god damn they the youtube is at fault, always says: forbidden when trying to download a book audiobook
It's quite worrying. A sizeable chunk of cultural and educational material produced in the last decade is in control of greedy bastards who will never have enough. Unfortunately, downloading the video data is only part of it. Even if we shared it all on BitTorrent it's nowhere near as useful without the index and metadata.
What are you talking about? It's in control of the creators. YT doesn't get exclusive copyright on user's content. Those creators can upload wherever they want.
And YT isn't "greedy bastards". They provide a valuable service, for free, that is extremely expensive to run. Do you think YT ought to be government-funded or a charity or something?
> Do you think YT ought to be government-funded
Benn Jordan made a pretty compelling video on this topic, arguing that the existing copyright system and artifacts of it are actually not that great and a potential government system might actually be better: https://www.youtube.com/watch?v=PJSTFzhs1O4
I will say that is something I would not have considered reasonable prior to watching his video.