Hacker News new | past | comments | ask | show | jobs | submit login
You can bypass YouTube ads by adding a dot after the domain (reddit.com)
821 points by ashitlerferad 30 days ago | hide | past | favorite | 363 comments

Tangential rant: I hate it when sites ask for your domain name (eg. for setting up hosting) and say that they want the "fully qualified domain name", but they don't actually accept the FQDN. eg. they reject "www.example.com.", but accept "www.example.com" (without the trailing dot). But the FQDN by definition includes the trailing dot. https://en.wikipedia.org/wiki/Fully_qualified_domain_name

I never knew this bothered other folks as well. There are dozens of us!

It must be expensive for Mozilla to pay for all these old bugs to go to college.

I never realized this but now it thoroughly bothers me as well, so +1.

our numbers are growing.


I get the meme, but let’s try to leave the memes on imgur please yeah? I would hate for this site to become another memetic point generator.

Reminds me of sites not accepting "+" in an email address, even though it's a completely valid character to use before the "@".

Some websites accept them when creating an account, but not when trying to log in with that account.

I encounter that a lot with passwords. Amazing how many websites break in weird ways when your password manager throws in random symbols...

This happens with AWS, which I find just incredible. It'll silently accept a password when changing, but fail when you try to log in.

I think in that case it might a matter of length, rather than symbols, but I've never put in the effort to pin down the problem exactly, now that my password manager settings work.

That sounds pretty typical of AWS though.

Like, I caught them doing the "ask for FQDN but reject FQDNs" a couple of weeks ago in either Route53 or something immediately adjacent (i.e. where people who know better should have been involved), yesterday SageMaker stopped launching kernels because of a "known issue" (don't worry, it doesn't meet the definition of downtime though), and today I had to diagnose an unresponsive control panel by opening the console and digging up a REST error response that they didn't bother to handle in any way.

Everything about AWS is not merely broken and half-assed, but fractally so, so that even after using a service for years you are still uncovering severe caveats and awkward limitations. Password validation traps fit that pattern to a T.

I wonder if it silently truncates long password on setup. When you then submit the full password it doesn't match.

Even if they have validation built in when you are signing up! How is it possible that they have taken steps to ensure passwords meet their stringent criteria, but the user still ends up unable to log in? Most recently, I've experienced this problem with two of the big three credit bureaus.

Because they neither know nor care about security and customer service?

Not just websites, I've had windows services fail because I happened to have a "\" in the password of the service user running it

Also some of those same websites allow you to change your email address and then lock you out.

Yeah, I've had this a few times trying to register accounts for my kids at MYNAME+KIDSNAME@gmail.com

Looking at you, Alamo Drafthouse

I have an address that is firstname@lastname.com and am unable to use it on a number of ecommerce sites, because they're doing some sort of validation to filter out people who are too clueless to know what an email address is. Or something. There's no + or other special characters in it, or xn-- international domain name.

Yikes. I've got my own first@firstlast.com but I've never ran into an instance where I wasn't able to use it.

I do now have a hyphen in my last name which is not accepted everywhere. Some companies accept the hyphen but replace it with a space (some credit cards), some reject the hyphen so I either make it all one word or add my own space.

I wonder if yours is more successful because the domain is firstlast.com , not just lastname.com. I've run into it most often with checkout systems that have separate fields for first and last name, it appears that some systems are matching for the field for last name cannot be exactly the same as the part of the email address after the @ symbol.

> I've run into it most often with checkout systems that have separate fields for first and last name, it appears that some systems are matching for the field for last name cannot be exactly the same as the part of the email address after the @ symbol

That's incredibly obtuse of them; what possible reason could they have for doing that?

My best guess is an overly cautious UX guard rail for elderly people, persons very new to the internet, or people who think they can type their twitter username, facebook account name, or some other non properly formatted email address into the "Email:" field and get things delivered.

What category of site do you observe this issue on? My curiosity suggests that there may be a huge UX problem for extreamly popular sites; banks, government services, etc., where a large percentage of their usage base absolutely will entery 100% incorrect information unless extrenous safe guards are in place.

Essentialy, if your site targeted every age demographic or even had a preference for older and/or less tech savy demographics, how can you prioritize the edge case that <0.00001% of your users has their own lastname.tld vs is entering an incorrect email address.

It's spread out across a wide range of things. No specific market segment comes to mind. Personally I encountered it with enough things, often enough that it became a point of frustration, and I started using a gmail address for most 'ordinary' online purchases, which is an inbox set to auto-forward-everything to the firstname@lastname address.

I agree that it's a huge UX problem - one of the reasons why a lot of online checkout processes have you type your email address in two separate fields, twice. Without some guardrails in place, there is probably a not insignificant number of people who typo their email address in a single field, or type a malformed address, and then complain to customer service or their credit card company when they never receive an emailed invoice.

Interesting. Of course I'd speculate that some service like AnonAddy [1] or just having a secondary, anonymous, domain would be a better solution. Or even the most simplest is using a somthing-else@lastname.com email as I would expect them to at least check both parts.

Worse case scenario, you could use firstname@subdomain.lastname.com. Even something like 1.lastname.com would likely work.

I suppose it depends on your reasons for using your own domain in the first place but having to employ the use of a gmail acount negates a lot of the privacy & security of a personal domain IMO.

[1] https://anonaddy.com/

Yeah, try signing up fro steam with your protonmail.ch address... I have a personal .nl one, also caused me some grief in the past, it is the reason I still have my gmail address, because it always works.

In 100% of cases, this is either because someone copied a bad regexp, or they made an explicit decision to not allow local-part wildcarding.

I have in the past normalized email addresses per the rules I know specific providers have to help people login. Did I sign up with mike+hn@ or mike+hackernews@?

I sign up with your website @ my website.

For example: ycombinator.com@example.com.

Nobody blocks dots in email addresses, although I have had some sites in the past email me using the first part of my email address as my name; it's amusing to open an email from example.com saying "Hi, example.com!"

Funny, that's exactly how I do it! One of the reasons is, I know who lost/leaked/sold my data when the spam starts coming in. (Of course today we also have haveibeenpwned.)

Store email and username (if applicable) in password manager alongside the password.

The discussion about valid email addresses reminded me of this article:


For any programmer that's ever tried to validate email addresses it's an eye opener.

Fastmail has a feature it calls "subdomain addressing" [0], where instead of "me+thing@mysite.com", you use "thing@me.mysite.com", which is much better supported.

Other hosts (e.g. Mailbox.org, the host I'm with now) can support the feature as well, with some configuration.

[0]: https://www.fastmail.com/help/receive/addressing.html

That's not the worst, most websites totally reject any form fields not US-ASCII, very anglo-centric and annoying.

I have a 4 letter tld to my domain name for my email address. The two times that I had to chase up someone to let me create an account was absolutely bonkers. And it only happened with two systems that were crucial: my bank, and my company's payment system.

> Once it was decided that domain names should be arranged hierarchically, it became necessary to decide what sits at the root of that hierarchy. That root is traditionally signified with a single ‘.’. In fact, ending all of your domain names with a ‘.’ is semantically correct, and will absolutely work in your web browser: google.com.

- The History of the URL, https://blog.cloudflare.com/the-history-of-the-url/

But apparently won't work with the HN hyperlink regex.

Imagine how much easier ending sentences with hyperlinks would be.

The link must begin with http(s)://


(Notice how the “.” isn’t included in the hyperlink)

Testing two dots:


Yes, it’s silly. See it all the time. Insist on FQDN and then aparently don’t understand what a FQDN actually is.

It gets worse. Some think the FQDN is the domain zone. Some think it's with elements you find in an URL like the protocol or a part of a path. Humans. Ugh.

But the accepted answer on SO that I copied the code that I have no idea what it does should work, right? There's no bogus accepted answers. The community would have fixed that, so it's trust worthy for me to use as is.

I've never heard of this. When / how / why would you use the trailing dot? I checked my sites and they redirect to the non-trailing version. Is that bad?

A trailing "." represents the root of the DNS namespace like a leading "/" represents the root of the Linux (or Unix, etc.) filesystem.

The root has children like "com", "net", "uk", etc.

There are DNS records at the root level. Try this command:

    host -t ANY .
Also, just as Linux searches PATH (in order) when you run a command, the DNS resolver searches a path when you look up a host. (Usually the resolver path is specified by directives in /etc/resolv.conf.) Just as Linux will skip this process if you specify a leading "/", the DNS resolver will skip that process if you specify a trailing ".".

It used to be pretty common to put your organization's domain in /etc/resolv.conf so that you can use the short version of a hostname. If your company is example.com and you have example.com in the DNS search path, you can type a command like "ping www", and it will do the same thing as "ping www.example.com". Most software still supports this, but it isn't used by that many people. (Some organizations don't put their domain in /etc/resolv.conf, and many users don't know they can abbreviate hostnames in this way.)

You would typically use the trailing dot if you want to be sure the DNS lookup doesn't use the search path and checks only against the root of the DNS namespace. You also use the trailing dot in some data files for DNS servers.

In many cases the trailing dot is not necessary, practically speaking, because the DNS resolver has special logic where if you give it a string that contains any dots (not just trailing), the search order is rearranged to try the root first instead of last. (In /etc/resolv.conf, this is controlled by the "ndots" option.)

So if you look up "www.example.com", it will check for the existence of "www.example.com." before it checks for "www.example.com.example.com." instead of the other way around. Which is good because only the first is likely to exist. If you look up "www", it will check for "www.example.com." before it checks for "www.", which again is a good heuristic because again the first is the one that likely exists.

I just tried it with the domain rakso.at and when I enter rakso.at. there is an htst error. Shouldn't it work because it is technically the same domain?

Out of idle curiosity I tested that domain too, and it works on my end (Chromium 80.0).

The trailing dot tells your resolver to not attempt to use your local list of search domains.

That is an effect. But the standard states that a fully qualified domain ends with the dot. The reason your resolver doesn't use the search domains is because the dot tells it that what you provided is the entire thing so there is no point in looking up the domain in a search list.

Sure. I was responding to a post that asked:

> When / how / why would you use the trailing dot?

While you're certainly not wrong, the phrasing of the question suggests that the asker didn't know the history of the final dot, and was asking the way they did only because they didn't know what to ask, thinking its purpose was to provide some effect rather than being historically (and currently) the correct FQDM.

It bothers me that a “fully-qualified domain name” is still relative to some implicit DNS network class. There’s no syntax for specifying whether you mean an Internet domain, or some other kind. Because of this, there’s no way to have a URL that resolves from an Internet-relative origin to, say, a Chaosnet-relative origin. Lame :(

From the RFC about URLs: https://tools.ietf.org/html/rfc3986#section-3.2.2

> The presence of a host subcomponent within a URI does not imply that the scheme requires access to the given host on the Internet. In many cases, the host syntax is used only for the sake of reusing the existing registration process created and deployed for DNS, thus obtaining a globally unique name without the cost of deploying another registry. However, such use comes with its own costs: domain name ownership may change over time for reasons not anticipated by the URI producer. In other cases, the data within the host component identifies a registered name that has nothing to do with an Internet host. We use the name "host" for the ABNF rule because that is its most common purpose, not its only purpose.

So, the fact that the host part of http(s) URLs are resolved using DNS is not a limitation of the URL spec. Instead that's an implementation restriction.

Heck, I still find sites that don't like "nonstandard" TLDs in your email address. Try putting an address that's not .com, .net, etc and it throws an error.

The sin here isn't not accepting "nonstandard" TLDs. It's that validating an email address is extremely hard to do correctly, and that you often really want to know if the person entering it has access to the address. The only way to do that is to accept pretty much anything that has an @ sign in the middle of some other characters, and then attempt to send email to that address with a clickback link.

The thing that really annoys me though isn't email address handling. It's credit card number and social security number entry fields.

For credit cards, the number of times you should have to specify which type of card you're entering is literally zero. All credit cards of the same type (e.g. Visa) begin with the same number sequence. Visa always starts with 4, so, if I type 4 as the first digit, just call it a Visa card. Do the Luhn checksum validation to make sure it's a valid number and that I probably entered it correctly, and try to run the charge. If it fails, then provide an appropriate error message.

For SSN fields, the thing that annoys me is that there are basically 2 common ways of entering the number: XXX-XX-XXXX and XXXXXXXXX. So many sites and apps only accept one of the two and will complain about the other. It's ridiculous, because the presence or absence of the dashes literally has no bearing on the validity of the number. Just let me enter it the way I want.

As long as we're ranting about stupid form design.

Dear everyone: Denmark does NOT have states. Literally dozens of times have I encountered a form that absolutely requires that I input something in the state field before they will ship my stuff. A sufficiently motivated individual could traverse the major landmasses of Denmark by bicycle in about a day[0], we don't need no damn states.

I usually put in "NULL" for state, and hope something breaks.

[0] https://map.krak.dk/m/oNdAL

Also, addresses in the country of Singapore do not have cities...

(Also, nowhere in the world except the US has "zip codes", and about 60 countries don't even have an equivalent postal code at all...)

> A sufficiently motivated individual could traverse the major landmasses of Denmark by bicycle in about a day[0], we don't need no damn states.

Well, that hasn't stopped similarly-sized Switzerland with 26 cantons. ;)

But, the cantons existed before there was a Switzerland. There's a reason its official name is "Confoederatio Helvetica." ;)

Ugh, try address fields. I mildly regret having moved to my current home last year, as inputting this address into forms is an impossible task. The "correct" address according to the formatting standards of my federal postal service, including street address plus unit number, is 47 characters long. I can put the UNIT number on the 2nd address line (when available), which makes the first line (just the street address) 37 characters long. I've come across more than a dozen services (Amazon, Apple, pizza places, etc.) that have length limits on address lines of between 25 and 35 characters.

The worst are the companies who (somewhat strictly, to varying degrees) verify the address of credit cards. I've barely managed to always verify by shortening into a grotesque form of the address that logistically makes no sense, but is apparently just close enough to match whatever fuzzy formula is used (eg. Levenshtein distance).

Sure, that all sucks, but, at least address handling is actually hard. Dealing with credit card numbers, even if you want to go beyond the basic Visa / MasterCard / Discover / American Express, isn't that hard. Neither is sanely dealing with SSNs (except that most uses of SSNs are insane by default, but that's just a matter of using it as an ID number when it shouldn't be).

FYI, Most credit card verification is just using the house number and the zip code. If there's no physical delivery, you can just put in Elm St or whatever.


> I mildly regret having moved to my current home last year

I know what you mean for a different reason. Explaining that yes, my street name really starts with the word “Avenue” is getting really old.

I'm a fan of forms where they automatically add the dashes/spacing (for ssn and cc, respectively), so you don't have to guess if they're needed.

I was a fan of that until I experienced that they don't actually test the code. I've had it break in entertaining ways, most recently getting a new monitor from Dell and trying to enter a phone number (on Firefox on Android, both current & Preview) went like this for the number 123-555-1212, typed without dashes:

Enter number, result is: 125-535-2112 .

On the plus side it was predictable and I was able to eventually enter the number something like 2153552121 and have it appear on page as 123-555-1212. When I encountered this a second time a few days later (reordering due to DOA) I discovered pasting the entire number in allowed the 'automatic' nature to add dashes correctly.

The correct answer to me is to strip out non-numbers and then verify the number is a valid phone number (which should be easier than programmatically determining names or dates).

I don't think I've been able to enter them AND they've been necessary since the '90s though.

Yes! And it really is so easy to implement all of this validation and checking without it being too complicated. How is parsing some numbers and running a few math equations the source of so much trouble?

The only two explanations I can think of are ignorance and laziness. Ignorance doesn't really fly, IMO, because when you have an input field, you should be at least thinking about validating said input. From there, the simplest of google searches will lead you to the checksum algorithm.

Laziness seems most likely for that reason, but, on top of that, it's not like you even have to go to Stack Overflow to find an implementation. Wikipedia has one! Wiki. Pedia.

Just take my input, run the checksum, check that my expiration date isn't in the past and that the CVV value is the correct number of digits, and just run the charge. It's not like if I mistype my MasterCard's first digit as a 4 that it's going to work anyway. Just do the checks that are feasible, and then just run the charge.

> For credit cards, the number of times you should have to specify which type of card you're entering is literally zero

From what I can recall, the number of times I've had to specific what type of card I have when filling out an online form is zero, because every form I can remember using did autodetect it. I admit I'm fairly young (only have had a card for 10-12 years), but from the amount of frustration you seem to have about this, I feel like you must have run into it much more recently than that.

I bought my last name in the .family TLD. Most websites take it just fine, but not my insurance or my bank(?). To them, they just don't exist.

If you think that's bad, you should see what those folks do to "email address" parsers.

My pet peeve is case folding the LHS (or worse, downcasing) despite the standard defining it as case sensitive.

Later revisions to the standard made it case insensitive as that was common practice IIRC.

That's not correct, it's up to the provider, the owner of the domain.

(I'm not going to say MAY because I can't remember the exact wording, but I did have cause to look it up recently.)

They did no such thing.

Interestingly, if I go to news.ycombinator.com., I get the logged out version of the site. Probably because my browser treats it as a different site entirely

It's technically a different domain. HN cookie is created for a domain without dot at the end, so there's no match when you open a domain with the dot.

In the same way, if a website does not do www->nowww / nowww->www redirect (example.com / www.example.com), you might have www version be logged in and nowww version be logged out or vice versa (depending how exactly it creates its cookies).

The FQDN syntax is what we learn from editing DNS records.

Ads? On desktop? not in a million years with uBlock Origins. I forget how shitty internet is actually since several years now. Occasionally a new client doesn't have and I'm reminded of it, but it takes all of those 30 seconds to install it and no ads baby.

Actually I just started getting ads again, with uBlock Origin, both in YouTube and in newly-redesigned Facebook. I wrote a simple script that removes FB ads, but I need to "productivize" it and make sure it auto-loads...

Facebook's "sponsored" content is a disgusting mess of <span> elements with autogenerated IDs in order to bypass ad-blockers. How did you get around it?

It's a cat and mouse game. Every couple of months FB tries a new version of the HTML layout with slightly changed elements and every time someone writes a CSS selector that manages to find the appropriate tag for the sponsored story and hide it. Currently with the new FB redesign it's:

div[data-pagelet^="FeedUnit"]:has([role^=button]:has(> span:has-text(S)):not(:has-text(1)):not(:has-text(2)):not(:has-text(3)):not(:has-text(4)):not(:has-text(5)):not(:has-text(6)):not(:has-text(7)):not(:has-text(8)):not(span:has-text(9)):not(span:has-text(w)))

I find this so crazy! It says "Promoted" right there. I can use my browser's inspector to click on the element to select the div and then delete it.

Is there no simple way to accomplish the same in a browser extension without bringing in some crazy AI solution? Just read the webpage as it is rendered to an actual human, identify the x/y coordinates of the element, pass that to Firefox/Chrome/Safari's element selector, and delete. Voila!

I'm sure there's a very good reason why this exact solution just doesn't work, but I'd love to hear it explained, because it seems so simple to me. Then again I'm a backend guy, and I just don't even know frontend.

> Just read the webpage as it is rendered to an actual human

Humans read web pages using their vision. So what you’re proposing is to look at the final rendered image of text instead of the DOM tree. The only way to do that would be to perform OCR (https://en.wikipedia.org/wiki/Optical_character_recognition) on a screenshot of the whole web page. This would be possible, but I think nobody’s tried because it feels overly complicated, and many OCR libraries can’t understand text 100% reliably, not even computer-rendered text. Also remember that the OCR library would have to run in JavaScript. Would it run fast enough to block the ad before the user sees it? Would it annoy the user by spinning up their computer’s fan?

> identify the x/y coordinates of the element

This wouldn’t be too too hard to implement using `document.elementsFromPoint(x, y)`. This part isn’t the problem.

You could replace OCR with a CNN trained to predict bounding boxes of ads. You could generate the training data by looking at the visual diff between a page rendered with an ad blocker enabled, and the same page rendered with the ad blocker disabled.

I don't want a badly trained CNN accidentally removing relevant content from the page, though. The CSS selector solutions are deterministic, and you can't just throw ML at every damn thing you see.

Also, the problem with OCR/CNN solutions are that you have to render ahead (i.e. parts of the page that you haven't scrolled to yet) to remove ads without being disruptive to the website's content flow.

I'm not sure that facebook does it for the "promoted" text, but they have been known to mess with layout to make text difficult to detect. For example each character of a word might be in a separate <div> and be strangely offset so as to line up. The divs might not have the mutually common parent element that you would expect.

The browser has no context for what it is rendering. Should it ban every element containing "promoted"? Even posts by people?

The word "promoted" might not even appear as text, it might be simply a series of divs with one letter each (out of order, of course) and then visually defined with CSS.

The browser doesn't know it's rendering a word, it only knows it's rendering a series of divs with one letter on each, and it absolutely can't know what the visual representation of the divs spell.

What you are proposing is another crazy AI solution, OCR.

Which would mean to render the document, using pattern recognition delimit the area with the sponsored post, then pass those coordinates to the browser in order to select the currently visible element, then delete it.

Even then I could think of a thousand ways to beat this, because OCR can't see invisible things and you can do all sorts of fun stuff with invisible styling, and it'd be the same game of cat and mouse the ad blockers are currently running but at a higher level of abstraction.

I think the issue isn't finding the text "Promoted", but coming up with a way to figure out exactly which element containing that text to remove (because simply removing the text itself would not be a good solution). I imagine that Facebook could be doing something like generating a CSS class names on based by using a different seed or producing different element configurations that visually appear the same for each page load (or worse, for each ad on the page...)

I think, the uBlock Origin context menu does that?

Similar tactic on Twitter as well. I'm not even doing it for ad blocking necessarily, just to hide features I don't want like "who to follow" or all those nonstop COVID updates.

In case anyone interested: https://github.com/dawnerd/ublock-filters/blob/master/sites/...

How can they get away with these deceptive obfuscatory practices without breaking web accessibility standards (e.g. screen readers parsing alt text and meta data for the visually impaired/blind) without opening themselves up to serious liability and class action lawsuits?

I didn't know about FacebookTrackingRemoval. I always used facebook_adblock[1] instead, which seems to do almost the same and has worked very well for me most of the time. I'm also seeing other comments here trying to figure out other solutions. It's making me wonder how much duplicated effort is being spent on the same problem.

[1] https://addons.mozilla.org/en-US/firefox/addon/fb_ad_block/

Do what I did, delete your Facebook...

I keep planning to write this script, but never get around to it. One of those messy autogenerated ID spans is "aria-labeledby" a span that clearly contains the text "sponsored". And it would be hard (legally) for Facebook to stop doing that.

Speaking of sponsored content. Both eBay and Amazon are unusable without uBO to remove sponsored listings that completely mess up my sorting and filtering.

In javascript, `span.innerText == "sponsored"` ... I was surprised it was so easy, but it probably won't work for long though.

I have a plugin for chrome called FB Purity that removes all the embedded ads, and also strictly list the feed in chronological order.

Can't you just remove all posts that aren't from people in your friend list?

This would also remove posts by FOF who tag your friends (e.g., your friend is tagged in a post by his wife, whom you're not friends with).

When that happens, I usually just do a manual update on my filters. More often than not, someone has already updated it.

Try updating your filters.

Perhaps the issue is that UBlock Origin allows some ads. AdBlocker Ultimate, recommended by Firefox, faces that issue, removing all adds. See https://addons.mozilla.org/en-US/firefox/addon/adblocker-ult...

EDIT: I don't think UBlock Origin has acceptable ads anymore :)

> EDIT: I don't think UBlock Origin has acceptable ads anymore :)

uBlock Origin has _never_ had "acceptable" (or any other kind) of ads.

Note that uBlock Origin is also "recommended by Firefox". In fact for some time now it's been the only supported extension on Firefox preview on Android.

Prove it.

I'll do my best, swinglock. I heard somewhere that UBlock Origin has acceptable ads, and based on that, the AdBlocker Ultimate had an appeal to me of removing them all.

I went on to investigate on it, and couldn't find much on UBlock Origin having acceptable ads. Some shady UBlock Origin-like websites claimed that, but UBlock Origin itself blocked them.

I'm wrong about UBlock Origin having acceptable ads, from what I gathered. Thank you for questioning my claims, swinglock.

You are confusing Ad Block Plus (ABP) and uBlock Origin. ABP has acceptable ads, while uBlock Origin does not.

Authoritative reference for anyone else curious about this: https://github.com/gorhill/uBlock/blob/master/MANIFESTO.md

Kelamir, perhaps you are confusing UBlock Origin's policy with that of Adblock Plus.


I think you had a fuzzy memory of adblock allowing "acceptable" ads and mis-associated it. Human brains are like that.

I've never routinely run an adblocker in, whatever, 25 years online.

I've experimented with them here and there, and tend to find that the unintended consequences are as much of a hassle as the ads.

I keep meaning to try a PiHole but I'm not sure I'll have much better luck.

> unintended consequences

That is a rare thing for me these days with uBlock Origin. I assume you're referring to broken websites when using ad blocking.

I never really used an adblocker as well, but now I'm using nextdns which does really good filtering at the dns level (not affiliated).

What unintended consequences?

Sometimes checkout on storefront sites will rely on scripts served from domains that adblockers block. When this happens, it's easy enough to turn the adblocker off for a few minutes (or, conversely, to decide "nope I'm not shopping here").

Weird formatting, things not working and you not remembering/understanding why, trying to keep settings in sync across browsers and platforms, and so on.

IOW I've found it easier to tolerate ads and slow sites "functioning as intended" than the much-less-frequent but far-more-maddening broken functionality that takes me "longer than it should" to troublehsoot.

I'm not sure I've used uBlock though, mostly ABP over the years.

Adblockers broke EasyJets navigation on their website, I think they have since fixed it.

Do content creators get ad revenue if you block ads via that extension?

I hope this was a sarcastic comment and not a genuine question from an adblock user.

I mean, I hope all adblock users are aware that if everyone did as they do, the content they enjoy would not exist.

Or it would still exist, but would be monitized differently.

Sure, let's tell private entities how to monetize their content that we enjoy.

See, if instead of this sarcastic quip you had bothered to come up with an insightful comment I might have had a chance to understand what you're trying to say.

Is it really all that unreasonable, as a consumer, to favor certain monetization schemes over others?

It was a genuine question from someone who doesn’t use an ad-blocker.

I block trackers, which blocks most ads on the web, but Youtube’s ads are not affected by this, and I’m perfectly fine with that.

I enjoy a lot of content that has no ads at all

Then no adblocker needed!

Unless you have youtube premium, no

uBlock Origin also works very well on mobile, but you have to use Firefox. Mobile Chrome doesn't allow any extensions and I think we know why.

Because the APIs where too permissive and plugins would be a threat to privacy of the user because they could intercept everything.

So instead of fixing the API to enable enduser privacy from third party plugins, the API was simply removed to remove enduser privacy from trackers.

Yeah I know, I should have added a /s to my comment.

this technique also works for paywalls, which I don't think ublock can get around

And I like it that way actually. If I can't see your site with my adblocker I am not going to ever land it again there. I also have NoScript and what I do is something like this:

Step 1 - open your site. Can't see it? I try to allow JS in NoScript

Step 2 - Still can't see your site due to shitty various techniques? Then I re-enable NoScript and add it to blacklist to never land on it ever.

Step 3 - You're not unique, your info is duplicated by several other dozens as well.

This remembers me a bug I came across while developing a game for an <old game console here>.

Implementing a network feature, I had to poke a service server. But the OS DNS resolver returned broken results and sometimes hanged or crashed the system.

After a lot of head scratching and exchanges with the first party support, we found the issue to be a misread of the cache line of the CPU, delivering broken data to the OS and causing havok.

The problem was that as the cache line was 32 bytes, if the url being resolved was exactly 32 bytes long, it would trigger this edge case (probably the OS missing the ending null character).

The first party support said there was nothing they would do to solve this and suggested creating an DNS alias, but the domain was a third party address specific per project which in our case with our project codename was 32 bytes, they also were unwilling to modify or create aliases.

My solution was to add a dot in the address and this fixed it, as now the address was 33 bytes and the CPU fetched two cache lines. The first party technical support was surprised by the fix and called it "sneaky ;)"

Fun times.

For those wondering why:

It's a commonly forgotten edge case, websites forget to normalize the hostname, the content is still served, but there's no hostname match on the browser so no cookies and broken CORS - and lots of bigger sites use a different domain to serve ads/media with a whitelist that doesn't contain the extra dot

I would disagree that this is an "edge case;" it's a rather fundamental feature of DNS that is relied on every time a record from one domain references a record in another domain. The dot at the end fully qualifies the name and makes it unambiguous. Without the dot, unqulified DNS names are treated as members of their parent SOA. This is why when creating CNAME or NS or MX records that reference a foreign domain, you have to specify a dot at the end, and when you don't they dont resolve as expected.

So a machine with a search domain of 'foo.com' looking up 'www.google.com' should ideally seek the record for 'www.google.com.foo.com' first. Conversely, looking up 'www.google.com.' is more specific and returns google's ip even if 'www.google.com.foo.com' were to exist.

The reason it's not common is because all DNS client behaviors have been modified for convenience to avoid this; in basically every resolver any query containing at least one dot is automatically treated as if it were a fully qualified name. So behind the scenes, the DNS resolver is caring very much about the trailing dot and adding it to nearly every query; it's just typically hidden from users.

It's an edge case from the point of view of the people who develop the ad serving software. If 99.9 percent of urls don't have that dot at the end, then it's an edge case.

Or they could read the OP from which you copied.

It's not only a commonly forgotten case (I disagree about it being an edge case), but the Anaconda installer used by Fedora removed the ability to enter a FQDN for the hostname during system setup.

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1648107

Goddamnit, why'd you have to out the secret? Now everyone's going to plug it. T_T

Yeah, never put something like this in a LPT unless you want it immediately fixed.

Like most nice things, it gets ruined once everybody starts using it.

Looks like the NY Times already fixed it.

ITT "You could bypass YouTube ads by adding a dot after the domain "

You can also bypass YouTube ads by watching the videos using a different player, like VLC.

(I find it ironic that their "polymer" redesigned site is also ridiculously slow and bloated, yet my computer, which is many years old now, has zero problems playing the videos themselves; somehow it takes more resources to render a UI --- which I could probably make easily in static HTML --- than to play an HD video...?)

You could easily make YouTube with static html? For each of these as they currently exist, how would you implement them in static html: comments, liking, subscribing, video annotations, livestream chat, etc?


Comments are essentially a tiny subset of the features of an Internet forum, which is definitely possible with static HTML. (Some things come naturally with that too, such as pagination so you can continue reading from exactly where you left off without the cursed O(n^2) of "infinite" scrolling.)

liking, subscribing

HTML forms.

video annotations

I thought annotations disappeared long ago?

livestream chat

That's one which could do with some AJAX, but...


I remember using a few in the early 2000s which didn't require JS either, and probably worked on a similar principle.

by "as they currently exist" I mean achieving parity. You might not like it, but YouTube as it exists currently is a complex web app. I think it's hyperbole to say it could be implemented with static HTML.

> cursed O(n^2) of "infinite" scrolling

What exactly is that?

Every refresh, accidental or otherwise, forces you to start from the beginning and scroll through comments you've already read.

Does anyone actually want that stuff?

I would guess a surprisingly small subset of the users, and a surprisingly large subset of the Youtube developers.

You can try using invidio.us, it's free from excessive javascript shenanigans and uses the simple html5 player to present videos. It even supports subscriptions, you can import them from regular youtube.

Playing(decoding) video is mostly offloaded to GPU's video decoder rather than CPU.

In a similar tangent, if you want to bypass age checks without logging in, you can use the embed link for a video.

For a link like this (this one is not actually age restricted or NSFW):


Just visit this instead:


This one is a lot more interesting, though. I guess I assumed that sites wouldn't even respect the FQDN like that, but it's definitely interesting to see a changed site returned instead.

Unless the uploader has also disabled embedding, in which case there is a way which I forget at the moment since I usually don't watch YouTube videos on their site.

Gotta throw this out there; if you hate ads but actually like YouTube and want to support YouTube creators, I’d highly recommend YouTube Red. Totally worth it IMO.

FYI, it has been called YouTube Premium since 2018. I pay for it, as I can't stand advertisements. For the amount of Youtube content I watch, it's one of the more cost effective services I pay for.

Which was a positive name change.

"YouTube Red" sounded like some adult service. Whereas YouTube Premium leaves most people knowing what it is before you tell them.

I can just imagine the meetings where everyone but the Product Marketing Managers knew why "YouTube Red" is a bad name, but didn't want to speak up.

Yeah it was way too similar to RedTube, a porn site.

It's also worth knowing that, at least according to Linus Tech Tips in a recent one of their WAN shows, they informed their users that YouTube premium pays them better than regular YouTube ads, so that's something valueable, too. I don't remember which one of the WAN shows it was; but, I think it was in the last 2 months. Definitely since the quarantine.

Why do you think it helps creators?

I'm also a Youtube Premium subscriber, but a creator told me that Google pays less after my views than views from non-premium youtube viewers.

> a creator told me that Google pays less after my views than views from non-premium youtube viewers.

What? It feels like a deterrent to me.

Citation needed, please?

I have only heared it, didn't read it, so it might not be true. I juat wrote this anecdote, because the opposite isn't cited either. I can't give you citation, I'm sorry.

Youtube Premium is quite expensive for paying to remove ads and to download videos on mobile unless you’re also willing to use Youtube Music as your dedicated streaming service (and last I checked on the desktop there wasn’t even a way to disable the video part, which is an absolutely colossal waste of bandwidth).

It’s insane to me that they don’t include Premium with a YouTube TV subscription. I’d immediately switch from AT&T Now (formerly Directv Now) if they included Premium, even as a discounted add on.

YouTube TV started out as something that was almost worth the price; but, yes, it's a service that, IMO, combined should be max $45 a month. At $60 a month for both, it's just absolutely not worth it.

They still force you to pay for dozens of channels you’ll never watch. They don’t have basic ad blocking for the tv content. How is it better than cable again?

I use YouTube premium in the browser, and there's no video visible in Google Music. I haven't checked to see if the stream I'm getting the data from is more than just an audio stream.

Youtube premium gives access to youtube music. I had no idea Google Music still existed—I thought it was phased out for the youtube service.

This involves giving out validated billing details to Google which from a privacy point of view is much worse than just letting the ads be (they still track you but at least it's pseudonymous).

How is it much worse? If you're already using Gmail, they know _way_ more than your billing address.

This assumes that you're using Gmail or even a Google account. I'm comparing it to using ad-blockers without being logged into a Google account at all.

But even then, if they're stalking you already, why would you pay them money for this "privilege"?

To get rid of ads, because I am pretty consistent about my stance that if I can pay for something to not have ads, I'll do it.

The only exception so far has been Firefox's new thing because it feels weird giving a third party all of my internet browsing history.

Get YouTube premium. You won't regret it.

The added benefit of listening to audiobooks on YouTube while doing other things on your phone make it worth it.

YouTube premium = no ads, Spotify + audible + supporting creators + more productivity on mobile (pip mode). Also you can download videos for a flight/later.

Google doesn't get to dictate what/how their webpage works. Firefox on Android can run extensions like "Video Background Play Fix" to let videos play in the background. Youtube-dl is a great way to download videos for watching later.

I prefer supporting creator directly.

If you're on Android, NewPipe is a lot better than hacking extensions into your browser. Plus FF will add a convenient button in the address bar to open a youtube page in NewPipe.


Agreed, but you'd be surprised how many people will blow $10-15 on one drink but balk at the idea of paying for something they use for hours every month.

Totally. I'm sure a lot of people here spend at least 3x more time on YouTube than Netflix. Just makes sense to me.

YouTube is where I watch almost all of my educational / "reality tv" (vlogging, mostly makers) content. Netflix has some pretty good stuff every once in a while, but it has nothing on YouTube. Educational television of the 90s and early 2000s seems to have reinvented itself on YouTube with channels like The Great War, Tested, all of the PBS channels (Space Time, Physics Girl, Infinite Series, etc), Vsauce, 3Blue1Brown, Veritasium, SciShow, all the cooking shows, metal fabrication, music history, history in general. Far to many amazing to name here, but I think I subscribe to at least 30 rather high quality channels that I'd place under "education". I really don't care much for saving music, but I'm getting pretty close to starting to archive some of my favourite channels / series in case they disappear.

I for the most part don't watch Netflix or Hulu anymore. When a big show comes along I'll watch it, but I really enjoy watching other people talk about things they love.s

I have a gut feeling that the people who try not to spend money on drinks end up drinking before they go out possibly causing traffic accidents etc. Which makes your comparison unfair. The act of paying for shitty UI should not be related to the virtue of abstaining from drinking until at a social gathering or a bar.

So... pay them to be shitty, but slightly less shitty to you? That just seems like funding them to make the world worse.

Try it. You'll like it

I agree. Streaming video is expensive and content creators deserve to be paid.

Eh, I don't think there's much of a selection of legal audiobooks on YouTube other than public domain stuff, so it's not a great substitute for Audible.

Fair enough, however for someone with audible, it may be a easy first step to get a lot of audiobooks and listen easily which was my main point.

Or get YouTube Vanced on rooted android. ;)

Yeh I used to use that before. Good alternative

Very neat but now I'm sure they'll fix it and close the loophole

or you know... install ublock origin

edit: add "origin" qualifier

Presumably you mean ublock origin? ublock is a commercial product that sells whitelist slots to advertisers.

Can I tweak the whitelists myself or are they somehow immutable?

Does it matter? There's no reason to use ublock instead of uBlock Origin. You can whitelist things with uBlock Origin if you please.

Ok. I didn't realize uBlock Origin and uBlock were two separate things.

thanks, fixed.

I already use it! When I say neat, I mean it in the abstract. Or maybe in the "Bender taking a picture" sense.

The amount of people I know who don't use adblocker/ublock etc is ridiculous. Many are non-technical, but it's not any more difficult than installing an app on your phone. Does anyone know if there is some philosophy to this I don't understand?

I use an adblocker, but not without major hesitation. Ad blockers see all web browser content and can do basically anything with it. It's scary giving extensions this much access.

Telling someone non-technical "go install extension ABC" is pretty risky. They might find and install "uBlock Original BETTER AND FASTER" that comes with a bitcoin miner or something worse. Even as someone "tech literate", I sometimes find it quite hard to verify the authenticity of downloads like this.

Also relevant in this case, when there is a reasonable option to pay to remove ads from something I use frequently, I do it. YT is $10/mo, it's worth it to me.

> Ad blockers see all web browser content and can do basically anything with it.

So does the web browser and almost every other application you install on your desktop.

> It's scary giving extensions this much access

No, it's scary giving random websites so much power like it's currently done with JavaScript. The ad blocker makes it a little bit less scary.

Paying for YT is paying for having your privacy violated.

Nope. You can have YT violate your privacy without paying.

You can have YT violate your privacy. And you can pay for it and still have them violate your privacy.

It's worth it to support the content creators. YT Premium is probably the last thing I would cancel.

What portion of the $10 actually ends up in your favorite content creator's hands?

That's why I prefer to support creators via Patreon. Then 80%+ of the money goes directly to the creator, and none to YT.

I support all creators. My favorite ones I also donate to through Patreon.

I think thats great. I know someone who uses YT as a genuine source of income. They are not the biggest YT out there but they have enough to make some money and they deserve to be compensated for their work providing all of us with content.

BTW supporting platform for video delivery is also worth. (maybe most HN users don't care for YouTube's profit)

> Does anyone know if there is some philosophy to this I don't understand?

1) it doesn't come installed by default (too difficult)

2) technology should be secure by default (naivete)

3) nothing to hide and do want to support the sites (don't steal)

What is your source for these?

These are anecdotes from family. Perhaps asking for source is the reason that these concepts are foreign to many people.

It sounds like you are trying to say that when you are asked for a source for your claims, that you see that as confirmation that you are right?

> when you are asked for a source for your claims, that you see that as confirmation that ...

Not at all. I'm willing to be open to and read any scientific study that says otherwise. Bear in mind, I definitely have a critic's heart for it.

Please remember the context to which I replied:

> The amount of people I know who don't use adblocker/ublock etc is ridiculous. Many are non-technical, but it's not any more difficult than installing an app on your phone. Does anyone know if there is some philosophy to this I don't understand?

@Avicebron clearly stated that they don't understand why people don't use adblockers even though it's "not any more difficult than installing an app". I provided three examples from non-technical family, meaning: I do talk to my family and they did explain why they don't or didn't use adblockers.

I'm trying to say that asking for source perhaps means that you didn't talk to your own friends and family (or other non-technical acquaintances) and ask why they don't use adblockers. Or if you did talk then you didn't listen, you didn't think about it in their perspective.

Perhaps your own people will have different reasons than the ones I presented. Just off the top of my head, a reason that didn't come up would be "work doesn't permit it"; my family aren't encumbered by employers who strictly determine what software is installed.

I've had arguments with friends on the topic who see this as stealing content without paying for it.

Well it is an argument that has a fair bit of merit. How exactly do you expect YouTube or the creators to pay their bills? Don't feel like watching ads? You can subscribe to YouTube premium if you dislike ads so much.

Paying to remove ads creates an incentive to make ads more annoying, which punishes people who can't afford to pay.

I donate to a few creators. As for YouTube, Google can close it down for all I care, we'll figure it out. We'd probably better off, in fact.

Yeah I subscribe to YouTube Premium for this reason. I'd also subscribe to "AdWords Premium" or whatever to support general content sites if it was an option.

There's something like that: https://contributor.google.com/v/beta

I subscribe on their Patreon or make direct donations personally.

Exactly it helps creators generate more content

I've heard this argument as well especially with regards to youtube content creators. On the one hand I find ads to be so negatively affecting my experience I won't watch content with them. However I still hope the people who make content are rewarded for continuing to do so. It's tricky. I think sponsorship is at least a step in the right direction.

EDIT: interesting thought experiment. Adblock is so universally adopted through aggressive marketing that ad supported internet as we know it is forced to adapt...where does it go?

I think that google gets enough out of Youtube based off of information alone to justify the expense. But if not - we see a shift back toward content hosts charging a fee or rent for the content hosted - storage space and web-traffic is extremely inexpensive but if the host is getting no value other than rent out of the proposition (i.e. if they operate like most CMSes do where the fact that you used a particular CMS is not widely advertised[1]) then you'll see a shift back to content creators paying for distribution.

That all said - geocities existed back in the day without getting much out of the proposition except some minor side-loaded ad revenue and network value. So I don't think a content host would ever be in a position where they find no benefit in hosting and, again, hosting is so incredibly cheap to do at scale that only a very marginal value is required to get into the black.

1. So a word-press site is going to have a lot of wp-* styles all over the place - but wordpress doesn't force a giant WP logo in the top-left of everyone's site.

Oh those poor people who feel bound to supporting the abuse of advertisers - I don't know when that particular motive emerged in users but I agree that I've seen it around quite a bit.

> Does anyone know if there is some philosophy to this I don't understand?

I've worked for two companies that made most of their money from (online) advertising. While working for those companies it was important for me to experience the web as our users would --- mostly without an adblocker, and trying to avoid overpowered hardware; my users were running mostly low end android phones, so it I've got a GalaxyS or a Pixel, what I experience is nothing like what they experience.

I'm not working there anymore, so maybe I'll do an adblocker eventually, but I'm IT support for my family, and it helps if I can se what they see, and I don't want to manage adblockers for them, so....

Is the number or intrusiveness of YouTube ads dependent on the device you use, or the amount of YouTube you watch?

I don't watch much YouTube. Before the pandemic, maybe 60 minutes a week. (Now zero.) I saw maybe one 15 second commercial each week, which didn't seem so horrible that I'd need to block it.

It depends on multiple factors, including the type of videos you're watching, your country, etc. If you only get one ad for each hour of viewing, you're definitively lucky.

15 seconds ads are the non-skippable ones. The skippable may be 5 minutes long or more - that's fine when you can actually skip them, but it's a pain when you have your hands busy.

I think ad-blockers are bad for the web. I have nothing against people running them, but I don't choose to. It incentivizes an arms-race between clients and servers to control the content that gets displayed. The end game of this race is bad for everyone. That's my reason.

The end game of the race has already been reached and this is why the web without an ad-blocker is so hostile so I'm not sure what value there is in doing this.

In both cases (both now without an ad-blocker, and in a hypothetical future where ad-blockers are impossible due to DRM) the experience is terrible.

"The end game of the race has already been reached."

I still think there's a lot farther it could still go. The fact that ads can mostly be blocked by using domain filters suggests that the "bad guys" aren't really trying yet.

I prefer the internet of today to one where all content is DRM locked.

I would like to think that when that day is reached, I'm building my own web and I have an open invite anyone who wants to join...

I'll join you, but I still have hope for this one. So I'll keep avoiding ad blockers.

I watch YouTubers who make videos as a full time job and depend on the ads for their room and board. Blocking ads because I think they’re annoying would be inexcusably selfish. It is not as bad as actual theft but it’s a scummy thing to do.

I don’t use an adblocker at all these days, but even when I did I made sure to specifically whitelist YouTube ads. People deserve to get paid for their work and running 30 seconds of ads before a 20 minute video is a fair trade.

Admirable sentiment, but watching ads does not support Youtubers. It supports Youtube - which you hope translates into Youtube giving money to the Youtuber's whose videos you watched.

As far as I know, most people who make money from Youtube videos do not have a contract with Youtube. There are plenty of stories of Youtube changes that strongly impact the monetization - most recently: [1].

I believe it's better to support content creators themselves (e.g., directly, or via a Patreon or something similar) than indirectly-no-strings-attached-I-hope-having-my-privacy-violated-gets-you-some-something.

Furthermore: the way advertisements work has become so nefarious, that basically your browser is sleeping around with 30-50 random unknown third parties on just about every site you visit. And browser STDs are rampant across the web. Browse safely, use a browser condom, i.e., an ad blocker.

[1] https://www.theverge.com/2019/9/5/20849752/youtube-creators-...

> but watching ads does not support Youtubers. It supports Youtube - which you hope translates into Youtube giving money to the Youtuber's whose videos you watched.

The point is that not watching ads actively screws YouTubers over, although the way you phrased it does establish some safe moral distancing from the implications of your actions. The fact that YouTube takes advantage of content creators is no excuse for denying content creators money, which is precisely what an adblocker does.

> I believe it's better to support content creators themselves (e.g., directly, or via a Patreon or something similar)

This is true and I do it for people I watch regularly. But I am not going to donate directly if I only watch one video, even if I really enjoy it. Patreon is not an adequate substitute for most YouTubers. Pretending it is just dodges the actual implications of using an adblocker.

And adblockers are not adequate malware protection, even against malicious ads. Adblockers should not be giving you a false sense of security about this (let alone be used for such a condescending argument).

What about blocking ads but also donating directly to the YouTubers you follow?

Serious question: is there a way to get ublock (or similar) on a iPhone?

I use AdGuard Pro: https://apps.apple.com/us/app/adguard-pro-adblock-privacy/id...

There are plenty of other content blockers available in the App Store too though

If all you need is the safari content blocker functionality, the free version works fine. I think the only real advantage of the pro version is that it has ad blocking VPN functionality for blocking ads in other apps.

iOS safari has supported content blockers for a few years now!

Firefox Focus also serves as an adblocker for Safari, if you like having all that sweet apple integration but want free adblocking. It’s alright at it.

Or pay $9.99/mo for YouTube premium and actually support the creators of content you consume.

This does nothing for a privacy point of view which is also a big reason for blocking ads. It's actually worse for privacy because you're now giving Google validated billing details instead of just the pseudonymous identifiers they use for tracking.

There's also no reason to give out 10 bucks to Google where only peanuts of that will go to the creators when you can split it across creators directly through Patreon or even a bulk donation once a year.

That creates an incentive for them to make ads more annoying, which punishes people who can't afford it.

I "actually support" the creators by donating directly to them instead.

Tried. For some reason I cannot remember it didn't feel worth it.

PS: I'm not against paying, I am a paying customer of both Spotify and Google Drive.

Totally worth it if you use it on a regular basis imo. I watch/listen to enough content that the time savings is worth it to me. With premium you can do audio only on the android app as well which I use a lot.

Also apparently even demonetized videos/channels still get paid something when you watch.

What about all the other paywalls I would have to pay to read an article? I just instantly close the tab when I met with one. I get it they live out of money, but I dont feel like paying to 10+ different websites.

YouTube Vanced for Android removes all in-video ads in case anyone doesn't know.

And newpipe lets you download videos, stream and play them using an external audio or video player, has a built in background and popup player, lacks ads and is open source.

And is on F-Droid. Also supports other services including PeerTube. I probably forgot other useful features. Always irks me a little when people recommend Vanced.

> And is on F-Droid

I use F-Droid whenever I can but only for NewPipe I started to actively avoid it. YouTube occasionally changes it's HTML and breaks NewPipe, the app starts crashing and while it usually gets fixed quickly and the apk gets uploaded to GitHub, F-Droid still takes weeks to update it. Last update was about 2 weeks late, that's when I uninstalled the F-Droid version and started installing it directly from the GitHub releases page. Unfortunately for time critical bug fixes F-Droid still has a lot to improve.

A useful feature you forgot is the AMOLED theme. Also subscribing to channels without having to use a YouTube account.

You could add this repository to get the latest github releases: https://archive.newpipe.net/fdroid/repo/

Some ongoing discussion on this issue thread here. https://github.com/TeamNewPipe/NewPipe/issues/1981

Thank you very much for that! I didn't know they had their own repository.

What's so good about PeerTube? Never heard of it

newpie is excellent, I switched last year and never looked back. It offers exactly the features, that I as a user want. It made me realize afterwards in how many ways the official app is lacking.

Somewhat related self advertising. I made this tiny tool that lets you take a YouTube playlist or channel and turn it into a podcast RSS that works with any podcast listening app that still supports RSS sources. And the final audio URLs are pointing to YouTube anyway.


Last I tried it, there was no way to sign in and get personalized recommendations. Is that still true (or did I just miss it)?

That is by Design. You can add you subscriptions in xml formar and have newpipe fetch the new video list for you, but newpipe will by design not interface with anything google.

Wow! Thanks for the tip! I've been using YouTube on Firefox mobile in order to avoid the ads. This looks like it could be a better experience.

Is there a similar project for iOS?

Firefox Preview / Firefox both can run uBlock Origin + EFF Privacy Badger and work very well with Youtube's mobile website. The only thing I notice that is missing is Chromecast integration, but I fine living without that.

Upside is one less native app on my devices.

Why is having one less native app an upside? From my experience, mobile websites are much more cumbersome than native apps, especially in this case because NewPipe is so much better than the YouTube mobile website.

Native Apps have more permissions to your system, like running in the background, information about your device, storage and code execution. Running a 3rd party Native Application to get around Youtube ads requires a lot of trust that that application does not have malicious behaviors.

Invidious (https://github.com/omarroth/invidious) is a server-side proxy for YouTube that removes all the bullshit (ads, background play restrictions, etc) while requiring no client-side support (so no need for side loading and will work on iOS).

There is a hosted instance at https://invidio.us if you want to check it out, but for continuous usage I highly recommend deploying your own as it's much faster.

If you deploy it yourself and you're pretty much the only user of your instance, don't you loose the anonymization benefit of a proxy?

Why should I trust the creators of YouTube Vanced? Last time I looked, it was closed source.

It's a modified version of the official YouTube app, which is also closed source.

It doesn't really affect whether you can trust it or not, but it's probably unreasonable to expect them to deliver something they don't have.

They can publish their methods so everyone can reproduce their builds. I don't expect them to have the source to the original app. But I am expecting them do give me a reason to trust them.

It seems it only works by casting to another screen. And the app itself is hypocritically overflowing with ads more intrusive than YouTube ads...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact