Agree that "control" is a much better framing, since it doesn't suggest a need for secrecy and therefore embarrassing/unacceptable/untoward behavior that needs to stay behind drawn window blinds. I'm also fond of "agency" and "digital self-sovereignty" as alternatives.
But fine, I'll be the one to say it: Cloudflare isn't one of the good guys here and as an entity it shouldn't be trusted. It doesn't matter how pure their stated motives appear to be now, or how unmarred their track record is so far. It's a corporation that has control over an ever-increasing share of internet infrastructure, and is susceptible to the same risks as any other tech monopolist basket that we all decide to put our eggs in. Maybe more risky than the others, given how deep in the stack its influence is buried.
What happens when a government forces it to NXDOMAIN porn or put nuisance captchas in front of dissident blogs? Is there some reason people think this one is different?
This is a case of "When your salary depends on believing one thing, you better believe it.". OP works for Cloudflare and that is blinding his views sadly.
I 100% agree, any entity with a significantly large control of the internet cannot be trusted. And the lower in the stack the smaller the control portion needed for distrust.
I added a disclaimer to the DNS section along with a list of other DNS providers folks can choose to use instead.
I made these choices before I was employed by Cloudflare and personally like how transparently they operate as a company. They have earned my trust but I don't expect others to feel the same way.
Not even this. If you do what OP says on the firefox, and turn on ResistFingerprinting, you'd be seeing many Cloudflare captchas a day. In effect it directly punishes you having any privacy or control. I wonder if they have an internal whitelist for employees? /s
You're right, of course, but I don't think blame rests solely on the individual consumer here... I guess it's a bit of a chicken-and-egg problem, wherein Apple makes $200 knitted iPhone scrotes because they know people will line up to buy it, and people will line up to buy $200 knitted iPhone scrotes because Apple made them.
And people have brand loyalty to Apple stuff because quality, or design, or something... but for a product like this, which to me is prima facie a ridiculous, impractical, high-priced, fast-fashion item, you know that the marketers are cashing in on that brand loyalty almost exclusively (in the absence of any intrinsic value).
Half-baked thoughts, I'm sure people have written properly about this. But the conclusion I leap to is that marketing people are the great Satan here. Fuck those guys.
Pretty sure the profit margin for these bags is 10x at least. Way better (and simpler) that dealing with expensive computer/phone hardware and it supply chain, even if their pricing is ridiculously expensive.
Marketing guys just know and exploit a very well known human weakness. It's annoying because it's Apple, but everyone has been doing this forever.
Non-standardized phone chargers? USB-C and its patent hell? HDMI and its licensing? There's plenty of examples for creating wasteful items without them being fashion ones.
The materials themselves probably cost no more than a few tens of cents, so all the cost is going to be the in the manufacturing process. The knitting pattern does look somewhat advanced, so I guess it would require a relatively high spec knitting machine. I suspect what would drive up cost is a combination of throughput and somewhat that you need an expensive knitting machine. Since this is a high volume item that will probably bring down the average cost by quite a bit.
I would guess somewhere in the region of $2 to $5 per pocket to mass produce these? Anyone have a more qualified guess?
I wonder what the "free-market" types will say to minimize criticisms like those in this thread once everything that can possibly be purchased requires bending over for this sort of abuse.
Is the fantasy that some entrepreneurial savior will come along and voluntarily forgo all the massive spying profits in order to cater to the minute proportion of consumers perceptive enough to realize they're getting molested on the daily?
How about smartphones, for example? "Vote with your wallet," says the smirking corporatocrat, "and just buy a mobile operating system that respects your personal privacy." Alright professor, looks like my choices are iOS or Android, so I'm kind of hosed either way? Unless I want to return to a 2004 feature set, or perhaps a GNU/Linux paperweight with a 20-minute battery life that can't use banking apps or place phone calls?
I exaggerate (but in my opinion only slightly), and sincere apologies for tone--but it's quite frustrating to be met again and again with such a smug dismissal of what to many of us feels like an inescapable horror. This depraved race to the bottom, with every MBA-steered ship vying to see who can violate us the hardest, seems to be standard practice these days, and "purchase different products" puts the onus on consumers to fix what isn't their fault in a way that leaves an awful taste in my mouth.
Wow, this was not a "smug corpo" opinion? I renovated a house recently, and had a plethora of choices for cheap smart options, instead after research I found some expensive options with MQTT support for HomeAssistant, they got my money.
I wanted to buy an etablet but Remarkable has a subscription, so I bought a smaller brand, it's worse, but they got my money.
You want a phone that respects your privacy? There isn't a business model that supports that, so don't support it. Yes you can't have your banking app, but that's the deal, you just dont like it. If no one bought it, there would be a market for alternatives.
Nothing will change these companies apart from market forces.
The way I see it, the suggestion that one can simply "vote with their wallet" is absolutely a pro-corporation stance because it pretends that consumers and megacorps have equal footing in the market. This premise is a bit of a spherical cow because it--conveniently for corporations--ignores monopoly, price fixing, anti-consumer corporate fraud at scale and flouting of regulations. Perhaps, in the frictionless vacuum of an Ayn Rand wet dream where every interaction is a transaction between two equals operating perfectly rationally, where there's no governments thus no regulatory capture, no barriers to entry, and so on, this might make sense--but in our world it does not.
You tell me that nothing will change the companies apart from market forces, but in response to another commenter you said it well yourself: "this kind of behavior should be illegal." If we had consumer protection laws, and those laws had teeth, maybe a company would have to consider the possible risk to future profits of engaging in the next abusive, ethically bankrupt scheme. It wouldn't be possible to be, as former FTC chair and antitrust warrior Lina Khan put it, "too big to care."
I'm not so naive as to imagine that more economic guardrails are a panacea for consumer suffering, but to me it seems that the globalized economy and its Western democratic hegemons have spent much of the post-WWII era on a deregulatory death march, and we can see with our own eyes how well it's going.
Hey, you're right. When I said nothing will change them I guess I should have said "nothing will change the goals of a company" apart from your money. The practicalities are hugely affected by law. Maybe I should have originally said "Vote with your money, lobby with your voice"?
Hey, we don't argue like that here. I didn't say that. I said there isn't a business model yet that supports a phone with privacy. There are a few, and they'd force you to be creative on how you interact with certain apps, but you'd have what you wanted at a cost. Hell, I'm sure a Linux Phone with a bunch of crypto apps would work fine, suck for other reasons, but there you go.
Yeah, from the demo video, it looks like this OCRs a photo of text and turns it into one of those QR codes. Then you can use Google Lens against the QR code onscreen to get the "join" button.
From this state, adding a button to join the network shouldn't be too complicated, at least not on Android. There's an API for offering a WiFi connection to the user. I don't know about iOS but I presume there's a similar API there.
I’m not sure about iOS either. Could you point me to how an Android app can directly connect the user to a WiFi network? I know about the WiFi suggestion API, but I haven’t found a straightforward way to initiate a direct WiFi connection. That’s why I ended up with this quirky QR code workaround.
Yep, downloading copies of videos so I can watch them on long flights is one of my main use cases for yt-dlp.
I suppose someone more sycophantic to the wishes of trillion-dollar corporations could argue that I'm not entitled to do this for free, and that YouTube offers an offline download option as part of its $13.99/mo Premium offering. To them, I'd say "you're right, also go pound sand lol."
Felony contempt of business model! The DMCA and its anti-circumvention provisions bring us a rich history of abuse, including such gems as "Lexmark suing a company that figured out how to interoperate with its ink cartridge business and thus give consumers more ink cartridge options" and "Chamberlain suing a company that figured out how to interoperate with its garage door openers and thus give consumers more garage door remote options".
I admit I don't shed many tears for the poor movie publishers, but even setting piracy completely aside, these laws are anti-consumer garbage. One wonders aloud if there are limits to the insanity copyright owners are entitled to inflict on their customers. How about surreptitiously installing malware on people's machines to make sure they play nice?[0]
They may be anti-consumer garbage, but they're black-letter law, and repealing them would require violating international treaties. So they're not going anywhere.
Those are treaties that the US lobbied into existence, and can ignore out of existence. The reason they're not going anywhere is that the people who own the rights to everything want it that way, and pay people in government to keep it that way.
It's like the local EU politicians saying they have no choice to implement an unpopular law due to EU regulations when their own party took part in getting those regulations passed in the first place. Always good to have a scape goat to avoid accountability.
International treaties are de facto legally binding only for non-U.S. countries, surely we can all agree. The U.S. must be free to break any treaty whenever it sees fit, which is the price of being the leader of the free world... or something.
In summary, YouTube is A/B testing a change where specific clients receive only DRM-locked video streams. This is notable because yt-dlp impersonates those clients during normal operation. Since yt-dlp won't support decrypting DRM-locked videos, this change breaks yt-dlp's ability to download any videos.
To respond to your specific questions:
- innertube is the name for private YouTube APIs. (Here's a library that talks to innertube https://github.com/tombulled/innertube/, although yt-dlp has its own separate client code.) These APIs are intended for consumption by the various types of YouTube client software.
- TVHTML5 is the specific client (as opposed to e.g. TVLITE or TVANDROID)... presumably different TVs run different specific TV clients, with consumption of different specific TV APIs.
- When yt-dlp downloads a video, it roughly performs this sequence of steps: pretend to be one of the types of clients supported by innertube; download the top-level video object; parse out the list of possible formats. These formats are like "MP4, 1080p, with AAC audio" or "Ogg, audio only". (The original issue report shows a better example in the verbose output dump.) By default, yt-dlp just grabs the best quality audio and best quality video stream, downloads them, and muxes them together into a single file, but you can configure this behavior. DRM formats are formats that are protected by (presumably) Widevine: https://en.wikipedia.org/wiki/Widevine, the decryption of which yt-dlp has stated will not be supported.
- Available means they're an option for our yt-dlp client to download. Videos don't necessarily have all formats for all clients; for instance, a video might not have a 4K option, because it was never uploaded in 4K. Or it might have a 4K upload, but YouTube won't show 4K options to a client that doesn't support 4K decoding.
- In this case, it means this specific internal client type can't download the video, because when yt-dlp reaches out, it gets ONLY formats that are DRM-locked. This is of note, I think, because the TV client is a way to get high-quality video from the YouTube API without having to pass it a valid YouTube login token (further down the issue, the reporter says providing a token allows the "web" innertube client to work).
Not a login token, but rather an attestation token. Presumably TV clients don't really have a good mechanism for attestation that isn't tied to DRM (web technically doesn't either, but the web code can be updated daily...)
This is very helpful, thank you. Also cleared up a misinterpretation I had along the way (my initial reading that maybe only DRM format information is supplied but no content, indicating a minor breakage e.g. due to API changes - a very different nature of issue).
>This is of note, I think, because the TV client is a way to get high-quality video from the YouTube API without having to pass it a valid YouTube login token
Are you talking about the "1080p premium" quality tier that you normally have to pay to get?
Low trust as in intended to be used by 3rd parties without Javascript or any form of attestation. Like the Wii U client or I think the iframe embeds at one point.
(maybe they've all been killed by now, I haven't been paying too much attention...)
Then what's the "high quality" video? Anyone can use the web interface of youtube and watch it without any DRM (for now). Why are they so jellously guarding one specific API when the others are wide open?
It's the VP9 high bitrate codec, to get it you need the cookie from a premium subscribed account or yt-dlp can get it by default by emulating an iPhone header if I recall correctly.
--extractor-args "youtube:player_client=default,ios"
But this is done by default.
As somewhat related know that there's also a higher bitrate OPUS codec that's only available to premium cookies, it would then be the default YouTube music codec.
I've rambled about this on here before, but I'm pretty bothered that the media coverage of these always mentions the 25-year import law, but also always frames it simply as a matter of exemption from safety and emissions standards, never deigning to mention that the law originated in the first place as a protectionist measure.
In the late 80s, Mercedes in North America was getting its lunch eaten by grey-market importers who were bringing European models over and undercutting the American dealers on price. So they blew millions lobbying the government to crack down on these imports, and found a not-wholly-unsubstantiated justification in safety concerns around modifications not complying with American safety standards. So the US just enacted a sweeping ban of any new imports; you can bring in dodgy old cars from the 1990s unmodified, but you can't bring in a 2024 European Mercedes or Japanese kei truck, because they're "unsafe". The new cars can't be titled, and if the feds find out you got one in anyway, they'll literally confiscate it and throw it in the crusher.
Seeing Whistlindiesel in the article makes me realize that there could be a bipartisan coalition here of "government should let me do what I want" conservatives and libertarians, and urban-design lefties who resent having to drive everywhere and would love to buy the minimum amount of car possible to meet their needs if such a thing were possible. My conspiracy theory is that burying the lede on this is intentional because people buying $12,000 Japanese imports wouldn't be buying $60,000 F-150s.
> My conspiracy theory is that burying the lede on this is intentional because people buying $12,000 Japanese imports wouldn't be buying $60,000 F-150s.
I imagine they're buying the cheaper Toyotas, or Kias instead?
It looks like you're doing great work here, thanks a bunch; looking forward to seeing this project develop.
Selling custom integrations, managed instances, white-glove support with an SLA, and so on seems like a reasonable funding model for a project based on an open-source, self-hostable platform. But I'm a little disheartened to read that you're maintaining a closed fork with "goodies" in it.
How do you decide which features (better test suite?) end up in the non-libre, payware fork of your software? If someone contributed a feature to the open-source version that already exists in the payware version, would you allow it to be merged or would you refuse the pull request?
The idea with the plugin system is that plugins are just git repos containing <pluginname>/__init__.py, and you can add any set of git repo plugins you want to your instance.
The marketplace will work by showing all git repos tagged with the "archivebox" tag on github.
My approval is only needed for PRs to the archivebox core engine.
But fine, I'll be the one to say it: Cloudflare isn't one of the good guys here and as an entity it shouldn't be trusted. It doesn't matter how pure their stated motives appear to be now, or how unmarred their track record is so far. It's a corporation that has control over an ever-increasing share of internet infrastructure, and is susceptible to the same risks as any other tech monopolist basket that we all decide to put our eggs in. Maybe more risky than the others, given how deep in the stack its influence is buried.
What happens when a government forces it to NXDOMAIN porn or put nuisance captchas in front of dissident blogs? Is there some reason people think this one is different?
reply