I’m a paying YouTube premium subscriber. Last weekend, I wanted to download something so I can watch it on my way in the train. The app got stuck at “waiting for download..” on my iPad. Same on iPhone. Restart did not work. I gave up after an hour (30 mins hands on trying stuff, 30 mins waiting for it to fix itself). Downloaded the video using yt-dlp, transferred it to my USB c flash drive, and watched it from that.
Awaiting their “premium cannot be shared with people outside household” policy so I can finally cancel. Family members make good use of ad-free.
I'm also a premium subscriber, and have struggled with the same issues on the iPad app. I try to keep some shows downloaded for my toddler, and the download feature never seems to work on the first try.
I finally got so fed up, I bought a Samsung Galaxy Tab A7 off ebay for $50 and flashed it with LineageOS. I can now load whatever media I want onto the 1 TB sdcard I've installed in it. The 5 year old hardware plays videos just fine with the VLC app. And, as a bonus, I discovered that NewPipe, an alternative YouTube client I installed through the F-Droid store, is actually much more reliable at downloading videos than the official client. I was planning on using yt-dlp to load up the sdcard, but now I don't even need to do that.
This is exactly why Google is clamping down on running your own choice of apps on Android, as well as pushing things like remote attestation on both phones and browsers.
It's time to milk the entire userbase for every cent they can get out of them by any means necessary. The future is bleak.
>, I discovered that NewPipe, an alternative YouTube client I installed through the F-Droid store, is actually much more reliable at downloading videos than the official client.
NewPipe is so good and so useful. It can even play 4K and watch livestreams now.
The TIDAL app is absolute trash, it has this same issue all the time; not just that, but also, if a download fails it just hangs there and does not download the rest of the album/playlist.
Also, why would you want to download things in the first place? To watch them offline, right? Well, guess what happens when you open the app w/o an internet connection ... it asks you to login, so you cannot even access your music. 900k/year TOC genius work there.
The only reason why I haven't canceled is because I'm too lazy to reset my password in order to login and cancel, lol. Might do it soon, though.
I also pay for YouTube Premium, but I still use ReVanced on my smartphone just to disable auto-translation. It’s absolute madness that users can’t configure this in the official app.
The auto-dub feature is madness. I noticed it first a couple of days ago, I'm crossing my fingers that few authors choose to enable it, and that YouTube makes it easy to disable as a default in settings (not currently possible, you have to do it as you watch, every time).
I'm in a Spanish speaking country, but I want to watch English videos in English.
Auto-generated subtitles for other languages are ok, but I want to listen to the original voices!
I wonder who got the idea at Youtube that forced auto-dub was a good idea. This shows how dysfunctional the management is. It's one thing to have assholes in your team, it's a different thing to not look at what they are doing.
I tried installing ReVanced recently. The configuration of the system (install a downloader/updater which then installs the app) was a huge turn-off. Why is it so complicated? Moreover, why not NewPipe or LibreTube?
Even more hilariously, if you upload to YouTube then try to download from your creator dashboard thing (e.g. because you were live-streaming and didn’t think to save a local copy or it impacts your machine too much) you get some shitty 720p render while ytdlp will get you the best quality available to clients.
Oh, that reminds me of a similar experience with Facebook video. Did a live DJ stream a few years ago but only recorded the audio locally at max quality.
Back then, I think I already had to use the browser debugger to inspect the url for the 720p version of the video.
When they recently insisted by email I download any videos before they sunset the feature, their option only gave me the SD version (and it took a while to perform the data export).
Canceled mine after ad-free stopped working on YouTube Kids of all things (on ShieldTV). Was probably a bug, but with practically no customer service options, no real solutions besides cancel.
I was also a holdover from a paying Play Music subscriber, and this was shortly after the pita music switchover to youtube, so it was a last straw.
Halfway ready to fist-fight whichever exec drove the death of Play Music. It was a very, very good application, which could have continued to function as such when the platform ended, but they wouldn't even let us have that. I still have them and refuse to uninstall.
I’m another Premium user in the same position. I use uBlock Origin and Sponsorblock on desktop and SmartTube on my TV. I pay for Premium to be able to share ad-free experience with my less technical family members, and to use their native iOS apps.
If they really tighten the rules on Premium family sharing, I’ll drop the subscription in an instant.
I’m a Premium user and primarily watch on AppleTV. A little while ago they added a feature where if I press the button to skip ahead on the remote when a sponsor section starts, it skips over the whole thing. It skips over “commonly skipped” sections.
While it doesn’t totally remove it, it lets me choose if I want to watch or not, and gets me past it in a single button press. All using the native app. I was surprised the first time this happened. I assume the creators hate it.
So long as they are broadcasting media to the public without an explicit login system, so as to take advantage of public access for exposure, it will remain perfectly legitimate and ethical to access the content through whatever browser or software you want.
After they blitzed me with ads and started arbitrarily changing features and degrading the experience, I stopped paying them and went for the free and adblocking clients and experience.
I may get rid of phones from my life entirely if they follow through with blocking third party apps and locking things down.
the problem is, you cannot be sure what Google does if they catch you violating their ToS. They have killed off entire google accounts for YT copyright strikes with no recourse.
I'm constantly baffled by how bad the implementation of YouTube Premium downloads is. Videos will buffer to 100% in a matter of seconds but get endlessly stuck when I hit the download button. Why? All the bytes are literally on my device already.
The whole YouTube app is weird. Sometimes it lets you do 1.0x-2.0x. Sometimes it lets you range from .25x-4x. Sometimes it pops up a text selection box with every .05x option from .1 to 4.0. Sometimes it has a nicer UI with shortcut selections for common choices and a sliding bar for speed. It recently picked up a bug where if you're listening to a downloaded video, but turn the screen off and on again, the video playback seems to crash. A few months ago it became very, very slow at casting, all manipulations could take 30 seconds to propagate to the cast video (pause, changing videos, etc)... but they didn't usually get lost. (It would be less weird if they did just get lost sometimes.) You aggressively can't cast a short to a TV, in a way that clearly shows this is policy for some incomprehensible reason, but if you use the YouTube app directly on your set top box it'll happily play a short on your TV. Despite its claims in small text that downloads are good for a month without being rechecked, periodically it just loses track of all the downloads and has to redownload them. It also is clearly trying to reauthorize downloads I made just 30 minutes ago sometimes when I'm in a no-Internet zone, defeating the entire purpose. When downloads are about 1/4th done it displays the text "ready to watch on the download screen" but if you try to watch it it'll fail with "not yet fully downloaded".
Feels like the app has passed the complexity threshold of what the team responsible for it can handle. Or possibly, too much AI code and not enough review and testing. And those don't have to be exclusive possibilities.
Also a paying YT Premium subscriber. I live in a rural part of CA where there isn't much 5G reception. For extremely long drives in my minivan, I allow my toddler to watch Ms. Rachel on the screen via an HDMI port input from my iPhone. Youtube Premium videos have DRM that disallow downloads to play over HDMI, so I had to do what you did and add them as files locally to VLC and play them from there.
I also have YouTube premium and watch mostly on my iPad and TV. YouTube constantly logs me out at least once per day. I notice because I’ll randomly start seeing ads again (I open videos from my rss reader, never their site). This never happened when I wasn’t on premium. I don’t get what they’re doing, but my impression after almost a year is that it’s only slightly less annoying than getting ads. At this point, I might as well not renew and just use ad block.
I have 2 homes. Every time I "go up north" I have to switch my Netflix household and then back again when I return. This sounds like that won't even be possible.
I'll admit to using yt-dlp to get copies of videos I wish to have a local copy of, which can't be taken away from me by somebody else, but I pay for premium because that pays for content I watch. If you don't pay for content, where's it going to come from? Patreon only works for super dedicated stars with a huge following.
I can’t speak for everyone, but I don’t watch content that needs to be “paid for” in that way. e.g. The last several videos I downloaded for archiving were install instructions for car parts that were uploaded by the part manufacturer. (And that aren’t readily available through any other channel.)
There are no files anymore. I mean, there technically are, but copyright industry doesn't want you to look at them without authorization, security people don't want you to look at them at all, and UX experts think it's a bad idea for you to even know such thing as "files" exists.
Share and enjoy. Like and subscribe. The world is just apps all the way down.
I run into that download issue all the time. I need to pause downloading each video. Force close the youtube app. Then unpause the downloads to get them downloading again. It has been happening for years and is still unfixed.
I have the opposite problem... frequently streaming a video gets stuck buffering even on my gigabit fiber connection, but I can download a full max quality version in a matter of seconds.
Why not use a non-chromium browser and help prevent Google from having larger control over the Internet?
We still need competition in the browser space or Google gets to have a disproportionate say in how the Internet is structured. I promise you, Firefox and Safari aren't that bad. Maybe Firefox is a little different but I doubt it's meaningfully different for most people [0]. So at least get your non techie family and friends onto them and install an ad blocker while you're at it.
[0] the fact that you're an individual may mean you're not like most people. You being different doesn't invalidate the claim.
This description reminds me of program language wars excerpt I saw somewhere years ago about how c was obviously superior to Pascal, because with enough preprocessor macros you can compile any Pascal program in c. Followed by some hideous and humorous examples.
This is excellent for some of my usages. I want to have my AI agents "fork" their context in some ways, this could be useful for that instead of juggling a tree of dictionaries.
Heh, now I wonder how much JavaScript it actually interprets and given that it’s < 1000 lines, whether it could be used towards an introductory course in compilers.
Over time they probably will require that. I believe YT still allows most of these things because of "legacy" apps, which they have been killing off bit by bit. I'm not sure if anyone is cataloging the oldest supported app, but most things like using YT from a slightly older game console don't work anymore.
Basically any publicly known method that can sip video content with doing the least work and authentication will be a common point of attack for this.
I wonder how long until it gets split off into its own project. For the time being, it could do with a lot more documentation. At least they've got some tests for it!
Aside from the fact that the point of the announcement is that they're dropping it entirely, this "interpreter" is a hack that definitely is nowhere near capable of interpreting arbitrary JS. For example, the only use of `new` it handles is for Date objects, which it does by balancing parens to deduce the arguments for the call, then treating the entire group of arguments as a string and applying regexes to that.
When I first got with my wife I seemed a bit crazier than I am because I am a media hoarder for 30+ years. I don't have any VHS, DVDs, etc. laying around because I only keep digital copies, but I have pretty decent archives. Nothing important really, just normal stuff and some rare or obscure stuff that disappears over time.
My wife was interested in the idea that I was running "Netfix from home" and enjoyed the lack of ads or BS when we watched any content. I never really thought I would be an "example" or anything like that - I fully expected everyone else to embrace streaming for the rest of time because I didn't think those companies would make so many mistakes. I've been telling people for the last decade "That's awesome I watch using my own thing, what shows are your favorites I want to make sure I have them"
In the last 2 years more family members and friends have requested access to my Jellyfin and asked me to setup a similar setup with less storage underneath their TV in the living room or in a closet.
Recently-ish we have expanded our Jellyfin to have some YouTube content on it. Each channel just gets a directory and gets this command ran:
It actually fails to do what I want here and download h264 content so I have it re-encoded since I keep my media library in h264 until the majority of my devices support h265, etc. None of that really matters because these YouTube videos come in AV1 and none of my smart TVs support that yet AFAIK.
I have set up a Plex server and started ripping shows from various streaming providers (using StreamFab mostly) specifically because my wife got frustrated with 1) ads starting to appear even on paid plans and 2) never-ending game of musical chairs where shows move from provider to provider, requiring you to maintain several subscriptions to continue watching. She's not a techie at all, she's just pissed off, and I know she's not the only one.
Let's make sure that when all those people come looking for solutions, they'll find ones that are easy to set up and mostly "just work", at least to the extent this can be done given that content providers are always going to be hostile.
First I ran a simple script, now I use ytdltt [1] to allow my mother via telegram bot to download YT videos (in her case its more like audiobooks) and sort them in directories so she can access/download it via jellyfin. Shes at around 1.2TB audiobooks in like 3 years.
I recently discovered Pinchflat [1], which seems like an *arr-inspired web alternative, and works great for me - I just need to add the videos I want downloaded to a playlist and it picks them up. Also uses yt-dlp under the hood.
Tried this: "yt-dlp -f 'bestvideo*[ext=mp4]+bestaudio[ext=m4a]/best[ext=mp4]/best' -S vcodec:h264 -other_options …" ? I'm still getting proper h264 with that (my Raspberry PI 3 only wants a proper codec too… none of that mushy new-era codec stuff. ;) )
Days of just getting data off the web are coming to an end as everything requires a full browser running thousands of lines of obfuscated js code now. So instead of a website giving me that 1kb json that could be cached now I start a full browser stack and transmit 10 megabytes through 100 requests, messing up your analytics and security profile and everyone's a loser. Yay.
On the bright side, that opens an opportunity for 10,000 companies whose only activity is scraping 10MB worth of garbage and providing a sane API for it.
Luckily all that is becoming a non-issue, as most content on these websites isn't worth scraping anymore.
This 1kb os json still sounds like a modern thing, where you need to download many MB of JavaScript code to execute and display the 1kb json data.
What you want is to just download the 10-20kb html file, maybe a corresponding css file, and any images referenced by the html. Then if you want the video you just get the video file direct.
Simple and effective, unless you have something to sell.
The main reason for doing video through JS in the first place, other than obfuscation, is variable bitrate support. Oddly enough some TVs will support variable bitrate HLS directly, and I believe Apple devices, but not regular browsers. See https://github.com/video-dev/hls.js/
> unless you have something to sell
Video hosting and its moderation is not cheap, sadly. Which is why we don't see many competitors.
It's an arms race. Websites have become stupidly/unnecessarily/hostilely complicated, but AI/LLMs have made it possible (though more expensive) to get whatever useful information exists out of them.
Soon, LLMs will be able to complete any Captcha a human can within reasonable time. When that happens, the "analog hole" may be open permanently. If you can point a camera and a microphone at it, the AI will be able to make better sense of it than a person.
Please remember that an LLM accessing any website isn't the problem here. It's the scraping bots that saturate the server bandwidth (a DoS attack of sorts) to collect data to train the LLMs with. An LLM solving a captcha or an Anubis style proof of work problem isn't a big concern here, because the worst they're going to do with the collected data is to cache them for later analysis and reporting. Unlike the crawlers, LLMs don't have any incentives in sucking up huge amounts of data like a giant vacuum cleaner.
fortunately it is now easier than ever to do small-scale scraping, the kind yt-dlp does.
I can literally just go write a script that uses headless firefox + mitmproxy in about an hour or two of fiddling, and as long as I then don't go try to run it from 100 VPS's and scrape their entire website in a huge blast, I can typically archive whatever content I actually care about. Basically no matter what protection mechanisms they have in place. Cloudflare won't detect a headless firefox at low (and by "low" I mean basically anything you could do off your laptop from your home IP) rates, modern browser scripting is extremely easy, so you can often scrape things with mild single-person effort even if the site is an SPA with tons of dynamic JS. And obviously at low scale you can just solve captchas yourself.
I recently wrote a scraper script that just sent me a discord ping whenever it ran into a captcha, and i'd just go look at my laptop and fix it, and then let it keep scraping. I was archiving a comic I paid for but was in a walled-garden app that obviously didn't want you to even THINK of controlling the data you paid for.
> fortunately it is now easier than ever to do small-scale scraping, the kind yt-dlp does.
this is absolutely not the case. I've been web scraping since 00s and you could just curl any html or selenium the browser for simple automation but now it's incredibly complex and expensive even with modern tools like playwright and all of the monthly "undetectable" flavors of it. Headless browsers are laughably easy to detect because they leak the fact they are being automated and that they are headless. Not to even mention all of the fingerprinting.
To how many content creators have you written to request them share their content on PeerTube or BitTorrent? How did they respond? How will they monetize?
I think this is just another indication of how the web is a fragile equilibrium in a very adversarial ecosystem. And to some extent, things like yt-dlp and adblocking only work if they're "underground". Once they become popular - or there's a commercial incentive, like AI training - there ends up being a response.
> Days of just getting data off the web are coming to an end
All thanks to great ideas like downloading the whole internet and feeding it into slop-producing machines fueling global warming in an attempt to make said internet obsolete and prop up an industry bubble.
The future of the internet is, at best, bleak. Forget about openness. Paywalls, authwalls, captchas and verification cans are here to stay.
The Internet was turned into a slop warehouse well before LLMs became a thing - in fact, a big part of why ChatGPT et al. has so extreme adoption worldwide is because they let people accomplish many tasks without having to inflict on yourself the shitfest that's the modern web.
Personally, when it became available, o3 model in ChatGPT cut my use of web search by more than half, and it wasn't because Google became bad at search (I use Kagi anyway) - it's because even the best results are all shit, or embedded in shit websites, and the less I need to browse through that, the better for me.
Accelerationism is a dead-end theory with major holes in its core. Or I should say, "their" core, because there's a million distant and mutually-incompatible varieties. Everyone likes to say "gosh, things are awful, it MUST end in collapse, and after the collapse everyone will see things MY way." They can't all be right. And yet, all of them with their varied ideas still think it'll be a good idea to actively push to make things worse in order to bring on the collapse more quickly.
It doesn't work. There aren't any collapses like that to be had. Big change happens incrementally, a bit of refactoring and a few band-aids at a time, and pushing to make things worse doesn't help.
If you showed me the current state of YouTube 8 years ago - multiple unskippable ads before each video, 5 midrolls for a 10 minute video, comments overran with bots, video dislikes hidden, the shorts hell, the dysfunctional algorithm, .... - I would've definitely told you "Yep, that will be enough to kill it!"
At this point I don't know - I still have the feeling that "they just need to make it 50% worse again and we'll get a competitor," but I've seen too many of these platforms get 50% worse too many times, and the network effect wins out every time.
It's almost funny, not to mention sad, that their player/page has been changed, filling it with tons of JS that makes less powerful machines lag.
For a while now, I've been forced to change "watch?v=" to "/embed/" to watch something in 480p on an i3 Gen 4, where the same video, when downloaded, uses ~3% of the CPU.
However, unfortunately, it doesn't always work anymore.
Many performance problems on YouTube are because they now force everyone to use the latest heavy codecs, even when your hardware does not have acceleration for it. I have a laptop that is plenty powerful for everything else and plays 4K h264 no problem. 720p on YouTube on the other hand turns it into a hot slate after a minute and grinds everything to a halt.
There are browser extensions like h264ify that block newer codecs but WHY??? Is nobody at YouTube caring about the user experience? It’s easier and more reliable to just download the videos.
You are not alone. In Q1 2025 I was forced to adopt the embed player. In Q3 2025, google intentionally broke the embed player. Now the only youtube access I have is via yt-dlp. Long live yt-dlp and its developers
Nsig/sig - Special tokens which must be passed to API calls, generated by code in base.js (player code). This is what has broken for yt-dlp and other third party clients. Instead of extracting the code that generates those tokens (eg using regular expressions) like we used to, we now need to run the whole base.js player code to get these tokens because the code is spread out all over the player code.
PoToken - Proof of origin token which Google has lately been enforcing for all clients, or video requests will fail with a 403. On android it uses DroidGuard, for IOS, it uses built in app integrity apis. For the web it requires that you run a snippet of javascript code (the challenge) in the browser to prove that you are not a bot. Previously, you needed an external tool to generate these PoTokens but with the Deno change yt-dlp should be capable of producing these tokens by itself in the near future.
SABR - Server side adaptive bitrate streaming, used alongside Google's UMP protocol to allow the server to have more control over buffering, given data from the client about the current playback position, buffered ranges, and more. This technology is also used to do server-side ad injection. Work is still being done to make 3rd party clients work with this technology (sometimes works, sometimes doesn't).
>If you ever wondered why the likes of Google and Cloudflare want to restrict the web
I disagree with the framing of "us vs them".
It's actually "us vs us". It's not just us plebians vs FAANG giants. The small-time independent publishers and creators also want to restrict the web because they don't want their content "stolen". They want to interact with real humans instead of bots. The following are manifestations of the same fear:
- small-time websites adding Anubis proof-of-work
- owners of popular Discord channels turning on the setting for phone # verification as a requirement for joining
- web blogs wanting to put a "toll gate" (maybe utilize Cloudflare or other service) to somehow make OpenAI and others pay for the content
We're long past the days of colleagues and peers of ARPANET and NFSNET sharing info for free on university computers. Now everybody on the globe wants to try to make a dollar, and likewise, they feel dollars are being stolen from them.
I don't know, it's really hard to blame them. In a way, the next couple of years are going to be a battle to balance easy access to info with compensation for content creators.
The web as we knew it before ChatGPT was built around the idea that humans have to scavenge for information, and while they're doing that, you can show them ads. In that world, content didn't need to be too protected because you were making up for it in eyeballs anyway.
With AI, that model is breaking down. We're seeing a shift towards bot traffic rather than human traffic, and information can be accessed far more effectively and, most importantly, without ad impressions. So, it makes total sense for them to be more protective about who has access to their content and to make sure people are actually paying for it, be it with ad views or some other form of agreement.
Weird people talking about small time creators wanting DRM I've never seen that... Usually they'd be hounding for any attention? I don't know why multiple accounts are seemingly independently bringing this up, but maybe it is trying to muddy the waters? This concept?
At least for YouTube, viewbotting is very much a thing, which undermines trust in the platform. Even if we were to remove Google ads from the equation, there’s nothing preventing someone from crafting a channel with millions of bot-generated views and comments, in order to paid sponsor placements, etc.
The reasons are similar for Cloudflare, but their stances are a bit too DRMish for my tastes. I guess someone could draw the lines differently.
There could be valid reasons for fighting downloaders, for example:
- AI companies scraping YT without paying YT let alone creators for training data. Imagine how many data YT has.
- YT competitors in other countries scraping YT to copy videos, especially in countries where YT is blocked. Some such companies have a function "move all my videos from YT" to promote bloggers migration.
Everything trends towards centralization on a long enough period.
I laugh at people who think ActivityPub or Mastodon or BlueSky will save us. We already had that, it was called e-mail, look what happened once everyone started using it.
If we couldn't stop the centralization effects that occurred on e-mail, any attempt to stop centralization in general is honestly a utopian fool's errand. Regulation is easier.
And barely a few days after google did it the fix is in.
Amazing how they simply couldn't win - you deliver content to client, the content goes to the client. Could be the largest corporation of the world and we still have yt-dlp.
That's why all of them wanted proprietary walled gardens where they would be able to control the client too - so you get to watch the ads or pay up.
Good question! Indeed you can run the challenge code using headless Chromium and it will function [1]. They are constantly updating the challenge however, and may add additional checks in the future. I suppose Google wants to make it more expensive overall to scrape Youtube to deter the most egregious bots.
Once JavaScript is running, it can perform complex fingerprinting operations that are difficult to circumvent effectively.
I have a little experience with Selenium headless on Facebook. Facebook tests fonts, SVG rendering, CSS support, screen resolution, clock and geographical settings, and hundreds of other things that give it a very good idea of whether it's a normal client or Selenium headless. Since it picks a certain number of checks more or less at random and they can modify the JS each time it loads, it is very, very complicated to simulate.
Facebook and Instagram know this and allow it below a certain limit because it is more about bot protection than content protection.
This is the case when you have a real web browser running in the background. Here we are talking about standalone software written in Python.
More specifically, yt-dlp uses legacy API features supported for older smart TVs which don't receive software updates. Eventually once that traffic drops to near zero those features will go away.
That conspiracy theory never even made sense to me. Why would anyone think that a payment and ad-supported content platform secretly wants their content to be leaked through ad and payment free means?
Mainly the theory that, if you can’t use downloaders to download videos, then people will no longer see YT as the go-to platform for any video hosting and will consider alternatives.
And I call that a theory for a reason. Creators can still download their videos from YT Studio, I'm not sure how much importance there is on being able to download any video ever (and worst case scenario people could screen recording videos)
I agree, all I can think of is that durely alot of commentary YouTubers rely on YouTube downloaders to use fair-use snippets of other people's videos in their commentary videos?
> How on earth can it be that terrible [>20 minutes] compared to Deno?
QuickJS uses a bytecode interpreter (like Python, famously slow), and is optimised for simplicity and correctness. Whereas Deno uses a JIT compiler (like Java, .NET and WASM). Deno uses the same JIT compiler as Chrome, one of the most heavily-optimised in the world.
That doesn't normally lead to such a large factor in time difference, but it explains most of it, and depending on the type of code being run, it could explain all of it in this case.
QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
My concern is either that QuickJS is something like 100x slower, or that even when using Deno, the download experience will be insanely slow.
In my mind, an acceptable time for users might be 30 seconds (somewhat similar to watching an ad). If QuickJS is taking >20 minutes, then it is some 40x slower? Seems very high?
> QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
Interesting, not come across it before. Running C code seems like an insane workaround from a security perspective.
The writing is on the wall for easy ripping. If there's any YT content you expect you'll want to preserve for a long time, I suggest spinning up https://www.tubearchivist.com/ or something similar and archiving it now while you still can.
I agree and feel that the time is now to archive all of the truly valuable cultural and educational content that YT acquired through monopolistic means.
This solution looks interesting, but I am technical enough to know that this looks like a PITA to setup and maintain. It also seems like it is focused on downloading everything from a subbed channel.
As it is now, with a folder of downloaded videos, I just need a local web server that can interpret the video names and create an organized page with links. Is there anything like this that is very lightweight with a next next finish install?
It would break many millions of old consumer devices that no longer receive updates, like old smart TVs. They are waiting for that old device traffic to drop low enough before they can force more robust measures.
It's not really a matter of just turning it on when it comes to the kind of scale that YouTube has on their catalogue. It's practically impossible to retranscode the whole catalogue, so you're more or less stuck with only doing it for newly ingested content, and even there the tradeoffs are quite large when it comes to actually having DRM.
I think we can safely assume that the only content under DRM at YouTube today is the content where it's absolutely legally necessary.
YT probably HAD to put the DRM on in order to get the license deal with the studios. Nobody is twisting their arm as much so other interests (wider audience, less server side resources, not getting around to it) can prevail.
I was surprised they went with Deno instead of Node, but since Deno has a readily available single-exe distribution that removes a lot of potential pain. This was pretty much just a matter of time, though; the original interpreter in Python was a brilliant hack but limited in capability. It was discussed a few years ago for the YouTube-dl project here https://news.ycombinator.com/item?id=32793061
The sandboxing features of Deno also seem to have played a role in that choice. I wouldn't overly trust that as a security layer but it's better than nothing.
This is the first time I've heard of Deno so I'm only going by their Security & Permissions doc page [1], but it looks like the doc page at the very end recommends using system-level sandboxing as a defense in depth. This suggests that Deno doesn't use system sandboxing itself.
To me this is a bit alarming as IIRC most app runtime libraries that also have this in-runtime-only sandboxing approach are moving away from that idea precisely because it is not resistant to attackers exploiting vulnerabilities in the runtime itself, pushing platform developers instead toward process-level system kernel-enforced sandboxing (Docker containers or other Linux cgroups, Windows AppContainer, macOS sandboxing, etc.).
So for example, .NET dropped its Code Access Security and AppDomain features in recent versions, and Java has now done the same with its SecurityManager. Perl still has taint mode but I wonder if it too will eventually go away.
Keep in mind that yt-dlp doesn't just support YouTube, which-- notwithstanding the claims of "all DRM is malware" etc.-- probably won't download actively harmful code to your computer: it also supports a huge number of video streaming sites, including some fairly obscure and sketchy ones. Sandboxing in the interpreter that's at least as good as what you'd get in a browser is a must, because by design this is doing untrusted code execution.
This is very related to a talk I did last year [1]. "Part 2: youtube-dl" starts at 18:21. It dips toes into an analysis about software that fundamentally depends on ongoing human labor to maintain (as compared to, e.g. zlib, which is effectively "done" for all intents and purposes).
More concretely, the additional Deno dependency is quite problematic for my music player, especially after I did all that work to get a static, embeddable CPython built [2].
Ideally for me, yt-dlp would be packaged into something trivially embeddable and sandboxable, such as WebAssembly, calling into external APIs for things like networking[3]. This would reduce the value delivered by the yt-dlp project into pure DRM-defeating computation, leaving concerns such as CLI/GUI to a separate group of maintainers. A different project could choose to fulfill those dependencies with Deno, or Rust, or as in my case, built directly into a music player in Zig.
Of course I don't expect the yt-dlp maintainers to do that. They're doing something for fun, for free, for pride, for self-respect... in any case their goals aren't exactly perfectly aligned with mine, so if I want to benefit from their much appreciated labor, I have to provide the computational environment that they depend on (CPython[4] and Deno).
But yeah, that's now going to be a huge pain in the ass because now I either have to drop support for yt-dlp in my music player, or additionally embed deno, as well as introduce Rust as a build dependency... neither of which I find acceptable. And don't even get me started on Docker.
I used to work on video generation models and was shocked at how hard it was to find any videos online that were not hosted on YouTube, and YouTube has made it impossibly hard to download more than a few videos at a time.
> YouTube has made it impossibly hard to download more than a few videos at a time
I wonder why. Perhaps because people use bots to mass-crawl contents from youtube to train their AI. And Youtube prioritizes normal users who only watch a few videos at most at the same time, over those crawling bots.
I wonder how Google built their empire. Who knows? I’m sure they didn’t scrape every page and piece of media on the internet and train models on it.
My point was that the large players have monopoly hold on large swaths of the internet and are using it to further advantage themselves over the competition. See Veo 3 as an example, YouTube creators didn’t upload their work to help Google train a model to compete with them but Google did it anyways, and creators didn’t have a choice because all eye balls are on YouTube.
you have to feed it multiple arguments with rate limiting and long wait times. i am not sure if there have been recent updates other than the js interpreter but ive had to spin up a docker instance of a browser to feed it session cookies as well.
Unusually well-argued post, hard to disagree with...
What exactly is the problem? That they worked on video generation models? That they only used YouTube? That they downloaded videos from YouTube? That they downloaded multiple videos from YouTube?
At some point we’re going to need a better place to put videos than YouTube. The lack of any democratization of bulk storage is beginning to be a real problem on the internet.
Yes, we have archive.org. We need more than that, though.
I’m sure there’s some distributed solution like IPFS but I haven’t seen any serious attempt to make this accessible to every day people.
> The lack of any democratization of bulk storage is beginning to be a real problem on the internet.
There are many thousands of paid hosting services, feel free to pick one. It turns out hosting TB of data for free is a pretty tricky business model to nail down.
There have been plenty of free distributed hosting services for the web that worked perfectly (popcorn time, etc, etc). It's just that every time they become popular they are attacked legally and shut down. The problem is not technical, or even resource based, the problem is legal. Only a mega-corp can withstand the legal attacks.
And even if the legal attacks could be mitigated most people would still use youtube because they're there for the money (or for people who are there for the money). They are not there for a video host. Youtube enables distribution of money and there's no way that any government would let any free system distribute money without even more intense legal, and indeed physically violent, attacks.
I don’t think network effect matters much if you’re not trying to advertise the content. Organizations can just link to it from their site.
I admit I haven’t looked into peertube, and I didn’t think that rumble was any better than YouTube. I don’t recognize the others. Thank you; I’ll resurvey.
If you want to compete with YT you need to basically build AWS S3 in your own data centers. You'd have to find a way to make your service run cheaper than google can if you wanted to survive. You'd have to get very scrappy and risky. I'd start with questions like: how many 9s of durability do we actually need here? Could we risk it until the model is proven? What are the consequences for losing cat videos and any% speed runs of mario64? That first robotic tape library would be a big stepwise capex event. You'd want to make sure the whole thing makes sense before you call IBM or whoever for a quote.
Games Done Quick has raised 10s of millions for charity. I suspect they could raise a few thousand for a few dozen TB of nvme storage if they wanted to host a speedrun archive.
> If you want to compete with YT you need to basically build AWS S3 in your own data centers. You'd have to find a way to make your service run cheaper than google can if you wanted to survive.
YouTube's economy of scale goes way beyond having their own datacenters, they have edge caches installed inside most ISP networks which soak up YT traffic before it even reaches a Google DC. It would take a staggering amount of investment to compete with them on cost.
The problem with bulk storage is that it will be abused at large scale.
CSAM peddlers, intellectual property violators, unconsensual sexual material ("revenge porn"), malware authors looking for places to exfiltrate stolen data, propagandists and terrorists, the list of abusers is as long as it is dire.
And for some of these abuser classes, the risk for any storage service is high. Various jurisdictions require extremely fast and thorough responses for a service provider to not be held liable, sometimes with turnaround times of 24 hours or less (EU anti terrorism legislation), sometimes with extremely steep fines including prison time for responsible persons. Hell, TOR exit node providers have had their homes raided and themselves held in police arrest or, worse, facing criminal prosecution and prison time particularly for CSAM charges - and these are transit providers, not persistent storage.
And all of that's before looking on the infrastructure provider side. Some will just cut you off when you're facing a DDoS attack, some will bring in extortionate fees (looking at you, AWS/GCE/Azure) for traffic that may leave you in personal bankruptcy. And if you are willing to take that risk, you'll still run the challenge of paying for the hardware itself - storage isn't cheap, 20TB of storage will be around 200€ and you want some redundancy and backups, so the actual cost will rather be 60-100€/TB plus the ongoing cost of electricity and connectivity.
That's why you're not seeing much in terms of democratization.
Can anyone explain specifically what the YT code does that the existing python interpreter is unusable and apparently quickjs takes 20 minutes to run it?
Is it just a lot of CPU-bound code and the modern JIT runtimes are simply that much faster, or is it doing some trickery that deno optimizes well?
> Currently, a new style of player JS is beginning to be sent where the challenge code is no longer modular but is hooked into other code throughout the player JS.
So it's no longer a standalone script that can be interpreted but it depends on all the other code on the site? Which could still be interpreted maybe but is a lot more complex and might need DOM etc?
Just guessing here, if anyone knows the details would love to hear more.
Could something like tree-shaking be used to reduce the player code to just the token generating bit? Or does the whole player js change for each video?
Sounds like a really silly way to engineer things, but then again Google has the workforce to do lots of silly things and the cash to burn, so they can afford it.
I mean, running some unknown highly obfuscated CPU-demanding JS code on your machine - and using its results to decide whether to permit or deny video downloads.
The enshittification will continue until user morale improves.
Noteworthy to me: deno is MIT licensed, but PyPI distributions (at least the ones I checked) include neither license nor source code. It's normal for pre-built distributions ("wheels") to contain only the Python code (which for a project like this is just a small bootstrap used to find the compiled executable — it doesn't appear to be providing any Python API), but they should normally still have a LICENSE file.
It's also common to have the non-Python (here, Rust) source in source distributions ("sdists"), but this project's sdist is only a few kilobytes and basically functions as a meta-package (and also includes no license info). It "builds" Deno by detecting the platform, downloading a corresponding zip from the GitHub releases page, extracting the standalone Rust executable, and then letting Hatchling (a popular build tool in the Python ecosystem) repackage that in a wheel.
Update: It turns out that the Python package is published by a third party, so I submitted an issue (https://github.com/manzt/denop/issues/1) to ask about the licensing.
This will be interesting to see how it affects the numerous Android apps on F-Droid that are essentially wrappers around yt-dlp to create a YouTube Music clone.
Google is making it harder to download from Youtube. Your first thought is correct! Every other website that yt-dlp supports doesn't require this change. Additionally, yt-dlp is still written in python, it has not moved to deno. They are only adding a deno dependency for the javascript challenges added by youtube.
That makes it seem like yt-dlp itself was rewritten from Python to JavaScript (for those who even know it’s Python) or that it used to use Node and now uses Deno.
I was thinking the same walking into this thread. I figured DOM/CSS/HTML would be part of the black box magic, but I suppose from the perspective of JS all of that can be faked appropriately.
I think you only need something like `jsdom` to have the core API available. The DOM itself is just a tree structure with special nodes. Most APIs are optional and you can provide stubs if you're targeting a specific websites. It's not POSIX level.
The length Youtube have gone to make it impossible to download videos. At the same time, Tiktok allows anyone to download a video with just right click
On the other hand, I can navigate, search, and watch any video on YouTube without an account. With TikTok, I can’t even scroll the page without tricks.
Nah, the uploader can turn that off if they want, which they tend to do on any popular video. I've resorted to screen recording, but even that is blockable with the (bullshit, shouldn't exist). "can't screenshot this due to security" API that exists on mobile operating systems now
With the recent forced buy of TikTok with Rupert, Larry and co, I doubt that's going to be a thing for much longer; they will want to make money some how.
The second to last comment in the linked thread is an FAQ with some good explanation of their reasoning. I suggest anyone who hasn't read it yet to do so as it answers a lot of questions I've seen in this thread.
The YouTube RPM (revenue per mille) strongly depends on the location of the audience and the topic of the video. It could be anywhere from $0.5 to $20. That 10x figure could very well be true for that YouTuber, but it's also true that other YouTubers already earn more than a penny per view.
Allright, it means youtube is soon gone for me: deno is just a front-end to the abominations of the web engines from the whatng cartel. It would be a good compromise if I could have such an engine which I could build with a simple C compiler. You have modern javascript engines implemented in C, but no web engine, "la creme de la creme" of software abominations.
Just a few weeks/months ago, gogol search was blocked to noscript/basic (x)html browsers (I have witness gogol agenda about this unfold over the last few years).
Will use yt-dlp(zero whatng) until it breaks for good I guess.
The US administration failed to regulate the market domination of youtube with enforced simple and stable in time technical standards (what Big Tech hates). I don't blame them, since those nasty guys are smart border-line crime lords (and for sure serial offenders in EU).
Is there any other ways, non Big Tech ways, to access Sabine H. content? Or should I said good bye right now?
The change includes the ability to point yt-dlp at a Deno or Node binary of your own choice, which, in principle, allows someone to use a different runtime so long as it provides everything the script needs to run successfully.
"Other JS runtimes (node/bun) could potentially be supported in the future, the issue is that they do not provide the same security features and sandboxing that deno has. You would be running untrusted code on your machine with full system access.
At this point, support for other JS runtimes is still TBD, but we are looking in to it."
While deno has sandboxing, it also has potential access to hundreds of dangerous functions, it might be better just to write a tiny wrapper around JS engine that adds only the function to write to stdout.
Yes, Spidermonkey can be ran standalone and would probably be much more secure than Deno would be because it does not have all the server-related APIs.
What you say is true for most companies/software, but YouTube can play a nasty game for a very long time before it withers into irrelevance (if at all). They have enormous moat, one would need enormous resources to take on YouTube, I don't think anyone has that kind of patience or resources to even attempt. Like it or not, we are stuck with YT for a while.
I have learned so much from YouTube - I wish it was more open and friendly to its creators and users :(
In the meantime, all we can do is support smaller alternatives like https://nebula.tv/
I started this fight with youtube back when it was called google video, because i wanted to watch content but my 28.8kbps modem didnt have the grunt todo it in one session.
When i started getting 100,000's of downloads a day, google updated their html and blocked me from their search engine. I did the cat and mouse a few times but in the end it wasnt worth it.
Surprisingly, Deno was chosen as the first JavaScript runtime due to its security features. I thought it was almost dead, as Bun is growing very quickly among developers.
Fortunately the community is not alone in this fight, because many AI companies need to be able to download YT videos. But they should sponsor yt-dlp more directly..
I doubt it'd be difficult for Google to detect if the client is a browser or not. They already need to check for signals of abnormal use to detect things like clickfarms and ad scams.
The Android app uses an API which does not require a JS runtime, but it does require a Play Integrity token. The iOS app uses an API which is assumed to require an App Attest token.
Also, neither API supports browser cookies, which is a necessity for many users.
The folks at deno have really done a fantastic job at pushing a JS runtime forward in a way that's more easily plug and play for the community. I've used `denoland/deno_core` and `denoland/rusty_v8` quite a bit in embedded projects where I need full JS support but I can't assume users have node/bun/etc installed locally.
Not surprised to see yt-dlp make a similar choice.
I would pay for YouTube if Google created the best possible search engine they could for it. I'm talking inverted and semantic indexing of every word of every video with speaker tagging and second level timestamping. I want to be able to runs queries like "Give me the timestamps of every time Veritasium said math while wearing a blue shirt."
> Note that installing Deno is probably not necessary if you don't want to, only downloading it. Just like yt-dlp, Deno is available as a fully self-contained single executable from their GitHub releases: https://github.com/denoland/deno/releases.
> Yeah, you can just extract the zip and put deno.exe in the same folder as yt-dlp
I hope they just make this automatic if this truly becomes necessary. yt-dlp not having requirements, or having them built-in, isn't something just "convenient", I think there's users that wouldn't use the tool without that simplicity. Most people really don't like and try to avoid having to fight dependencies.
What I found much more annoying, and so far have not been able to work around, is that yt-dlp requires you to have a YouTube account, something that I have not had for a decade or so, and am unwilling to create again.
What tool can I use to simply store what my browser receives anyway, in a single video file?
I think for me it has been this way for a year or so. Maybe it is because I am on a VPN. I also cannot view YouTube videos on YouTube any longer, because it always wants me to log in, to "prove I am not a bot". So I have switched to only using invidious instances, and if they don't work, then I just cannot watch the video.
I wish content creators would think of their own good more, and start publishing on multiple platforms. Are there any terms that YouTube has for them, that reduce revenue, if they publish elsewhere as well? Or is it mostly just them being unaware?
yt-dlp has never required an account. If it looks like that, either you're seeing some error from, e.g., youtube and not yt-dlp claiming that or you're running some sort of scam version instead of the real thing.
jdownloader2 is one of those weirdly licensed things, it claims to be "open source" but you actually can't find the entire source anywhere. Worse than proprietary, tbh.
Great ad for deno. I hit a similar one the other day from pydantic. They make a MCP server for running sandboxed python code and the they did that… Python to WASM, and wasm running in deno.
It's incredible how much work goes into these open source projects for downloading youtube videos, especially since youtube keeps breaking them. There are nearly 1500 contributors
Why won’t they use my browser for downloads, for example through TestCafe? That would also allow downloading premium quality (for subscribers) and so on.
Looks like this runtime is written in Rust. Really does seem like Rust is rapidly swallowing all kinds of common tools and libraries. In this case a single compiled binary for multiple architectures is quite convenient for something like yt-dlp.
"Attack vectors" is a very interesting choice of words. Yt-dlp is literally using a public API for its intended purpose (accessing videos). The only difference is how yt-dlp is delivering the videos to the user. Probably as much of an "attack" as user-agent spoofing or using browser extensions.
But to answer your question, no, there aren't any suitable APIs (I've looked into it). They all either require JavaScript (youtube.com and the smart tv app) or require app integrity tokens (Android and iOS). Please let me know if you know something I don't?
The whole point of YouTube (now) is it’s a market for human attention and behavior. Eyeballs, engagements, tracking and analytics. They will go to great lengths to protect and increase the value of this market.
I would be really interested in hearing what Mike Hearn has to say about this. AFAIK he was responsible for something very similar that was used at Google for other products that had some overlap.
That seems a lot of dev work, why not just run in browser then? There are extensions that work pretty well, like Tubly downloader, Video DownloadHelper.
> Up until now, yt-dlp has been able to use its built-in JavaScript "interpreter" [1]
Wow, this is equal parts fascinating and horrifying.
Edit, after looking into it a bit: It seems like a self-contained build of deno weighs in at around 40 MB (why?), so I can see why they tried to avoid that and appreciate the effort.
Youtube is the real monopoly. Creators are also slaves, as they cant monetize elsewhere, and also they cant let their users download their own content. And the icing on the cake is youtube is unbearable without an ad-blocker, and even with that youtube has started throttling ad-block users.
Its such a shithole, with no real replacement, sad state of affairs.
> Here's the problem (and it's not insurmountable): right now, there's no easy path towards sustainable content production when the audience for the content is 100x smaller, and the number of patrons/sponsors remains proportionally the same.
Some do, and those who are able to make the move to patronage or subscriber monetization seem much happier for it. But that's most viable for creators who have already built up a viable customer base, which usually started on YouTube. It's much harder if you start out somewhere else.
Honestly the time is now to start building a P2P mirror on top of yt-dlp so the videos only need to be scraped a few times, within 4 years it's obvious ads will be burned into the video file or yt-dlp will no longer function at all and then it will be too late to mirror YouTube and the content will be locked up and eventually lost.
I did download YouTube videos a few years ago, I did value that YouTube could keep your place.
But it’s a real mess it keeps crashing, something I might too humbly put down to me having too many files, but passive aggressively put it down to YouTube on iPad not having a limited amount of storage space.
On the other hand there’s a number of amazing videos I’ve downloaded to watch which have been remotely wiped. Grrr
"In 2025, YouTube started rolling out a new streaming protocol, known as SABR, which breaks down the video into smaller chunks whose internal URLs dynamically change rather than provide one whole static URL. This is problematic because it prevents downloaders (such as yt-dlp) from being able to download YouTube videos at resolutions higher than 360p due to only detecting format code 18 (which is the only format code available that doesn't use SABR). So far, this issue has only affected the web client, so one workaround would be to use a different client, such as tv_embedded (where SABR has not yet been rolled out to), so for instance in yt-dlp you could add --extractor-args "youtube:player_client=tv_embedded" to use that client. It is not known how long this workaround will work as intended, as YouTube rolls out SABR to more and more clients."
This is unrelated to the JavaScript challenge this post is about, and a very specific technology for video streaming. SABR means "server-side adaptive bitrate" and is a bespoke video streaming protocol that Google is moving towards, away from the existing DASH protocol. There is some info here https://github.com/LuanRT/yt-sabr-shaka-demo
more dependency bloat just to deobfuscate some randomly generated bs that's increasingly complex for no reason and has no value existing in the first place, much like its creators
I know the definition precisely, which is why I used that word. If you disagree with my usage, please explain why their actions don't constitute extortion.
Here's what happened: They leveraged their platform to get 60,000 people to sign a petition.
Using this petition and the resulting legal proceeding, they forced the entire community's hand by framing it as "the last chance" to get the trademark released, which it is solely because of their actions.
They unilaterally made it the "last chance" without seeking even minimal input from the community they claim to represent. Not even OpenJS. Now they're demanding 200k, citing the difficulty of proceeding alone and suggesting they might not be able to succeed without this funding.
This is textbook extortion: creating artificial urgency, leveraging community pressure, and demanding payment under the threat that their stated goal will fail without it.
Good to see the mice are still winning the cat-and-mouse game. Selfishly, I kind of want the cat to start to win, to satisfy my curiosity. I predict that if YouTube ever actually blocked downloading, a YouTube competitor that supports downloading would start to immediately gain popularity. I want to know if I'm right about that, and there's no way to test unless Google actually starts to win. Go, Google, go! I believe in you!
I suspect that if youtube ever fully blocks video downloads you will start to see a lot of piracy groups and file sharing communities providing youtube content.
Those who download videos are a minority and targeting minorities will never give you exponential growth. Furthermore, the same minority probably abuses ad blockers so it would be difficult to squeeze a single cent from these freeloaders.
A friend of mine recorded a YouTube video using OBS. She had to do some minor edits on it and could not use her system during the recording, but it worked. I told her to stop it, as that is infringing on the creator's copyright and is an assault on the nation's digital economy. She hasn't recorded a video since, at least not that I know about. I feel good about making sure YouTube can reasonably profit off of creators' content since they give away the storage and access for free.
Instructions on Vine-glo grape concentrate during prohibition:
"Do not place the liquid in this jug and put it away in the cupboard for twenty-one days, because then it would turn into wine."
I had another friend that simply recorded YouTube videos from their smartphone. As a zealous law abiding citizen, I immediately smacked the phone out of his hand and lectured on how copyright law is the foundation of the Information Age, which is the future, and disregarding it is an affront to modern life and civilization. I made him delete all his videos, and even made him hand write letters of apologies to the YouTube creators. These creators don't reveal their home addresses, but I'm sure they appreciated the emails containing the scan of the handwritten letters.
We have an old SCSI scanner, so it took about as long to scan it as it did to write it.
My brother sent me a long talk on YouTube and pleaded with me to listen to it. Watching was pointless the video was just talking heads sitting in chairs. However you can’t just play a video and turn off your phone while listening to the audio on headphones. The mobile browser sleeps and the audio stops. So I used yt-dlp to rip the audio and dropped it into my Plex server to listen to with Prologue. It wasn’t even about the ads, I just wanted to do some gardening and listen to something on headphones while I worked, without my phone screen on.
on iphone, if you use youtube in the browser in stead of the app (as you should), then you can do background listening if you play the video, lock the phone, unlock the phone, play th video again, lock the phone, unlock the phone, resume play with the media controls, lock the phone.
I'm watching not youtube but video creators. There is no even worse alternative if person you want to watch doesn't publish video on other site.
Maybe, for watching "recommended" stream without any subscriptions there are alternatives (which? I cannot name good ones, anyway), but if you watch your subscription you are bound to platform which contain this subscription. And no, content creators are not interchangeable.
I’m a paying YouTube premium subscriber. Last weekend, I wanted to download something so I can watch it on my way in the train. The app got stuck at “waiting for download..” on my iPad. Same on iPhone. Restart did not work. I gave up after an hour (30 mins hands on trying stuff, 30 mins waiting for it to fix itself). Downloaded the video using yt-dlp, transferred it to my USB c flash drive, and watched it from that.
Awaiting their “premium cannot be shared with people outside household” policy so I can finally cancel. Family members make good use of ad-free.
I'm also a premium subscriber, and have struggled with the same issues on the iPad app. I try to keep some shows downloaded for my toddler, and the download feature never seems to work on the first try.
I finally got so fed up, I bought a Samsung Galaxy Tab A7 off ebay for $50 and flashed it with LineageOS. I can now load whatever media I want onto the 1 TB sdcard I've installed in it. The 5 year old hardware plays videos just fine with the VLC app. And, as a bonus, I discovered that NewPipe, an alternative YouTube client I installed through the F-Droid store, is actually much more reliable at downloading videos than the official client. I was planning on using yt-dlp to load up the sdcard, but now I don't even need to do that.
This is exactly why Google is clamping down on running your own choice of apps on Android, as well as pushing things like remote attestation on both phones and browsers.
It's time to milk the entire userbase for every cent they can get out of them by any means necessary. The future is bleak.
6 replies →
I use yt-dlp inside of a-shell on iOS, then play files using VLC.
13 replies →
NewPipe is incredible. If Google ever stops signing apps like that, I'll be switching to a Linux phone.
17 replies →
Use Tubular, which is basically NewPipe with Sponsorblock. (And has really nice Android Auto support which I learned after a while)
>, I discovered that NewPipe, an alternative YouTube client I installed through the F-Droid store, is actually much more reliable at downloading videos than the official client.
NewPipe is so good and so useful. It can even play 4K and watch livestreams now.
Tangential.
The TIDAL app is absolute trash, it has this same issue all the time; not just that, but also, if a download fails it just hangs there and does not download the rest of the album/playlist.
Also, why would you want to download things in the first place? To watch them offline, right? Well, guess what happens when you open the app w/o an internet connection ... it asks you to login, so you cannot even access your music. 900k/year TOC genius work there.
The only reason why I haven't canceled is because I'm too lazy to reset my password in order to login and cancel, lol. Might do it soon, though.
5 replies →
Premium subscriber here.
Download feature on iOS always works flawlessly whenever I need to hop on a long haul flight (several times a year).
I also pay for YouTube Premium, but I still use ReVanced on my smartphone just to disable auto-translation. It’s absolute madness that users can’t configure this in the official app.
The auto-dub feature is madness. I noticed it first a couple of days ago, I'm crossing my fingers that few authors choose to enable it, and that YouTube makes it easy to disable as a default in settings (not currently possible, you have to do it as you watch, every time).
I'm in a Spanish speaking country, but I want to watch English videos in English.
Auto-generated subtitles for other languages are ok, but I want to listen to the original voices!
11 replies →
It’ll be fixed when some product manager can offer it as a promotion project
20 replies →
I wonder who got the idea at Youtube that forced auto-dub was a good idea. This shows how dysfunctional the management is. It's one thing to have assholes in your team, it's a different thing to not look at what they are doing.
I tried installing ReVanced recently. The configuration of the system (install a downloader/updater which then installs the app) was a huge turn-off. Why is it so complicated? Moreover, why not NewPipe or LibreTube?
3 replies →
Thanks for the recommendation.
I was using the browser feature that disables the mobile mode on smartphones.
The autodub feature should be disabled asap. Or at least have a way to disable globally on all my devices.
Even more hilariously, if you upload to YouTube then try to download from your creator dashboard thing (e.g. because you were live-streaming and didn’t think to save a local copy or it impacts your machine too much) you get some shitty 720p render while ytdlp will get you the best quality available to clients.
Oh, that reminds me of a similar experience with Facebook video. Did a live DJ stream a few years ago but only recorded the audio locally at max quality. Back then, I think I already had to use the browser debugger to inspect the url for the 720p version of the video.
When they recently insisted by email I download any videos before they sunset the feature, their option only gave me the SD version (and it took a while to perform the data export).
Canceled mine after ad-free stopped working on YouTube Kids of all things (on ShieldTV). Was probably a bug, but with practically no customer service options, no real solutions besides cancel.
I was also a holdover from a paying Play Music subscriber, and this was shortly after the pita music switchover to youtube, so it was a last straw.
Halfway ready to fist-fight whichever exec drove the death of Play Music. It was a very, very good application, which could have continued to function as such when the platform ended, but they wouldn't even let us have that. I still have them and refuse to uninstall.
>Awaiting their “premium cannot be shared with people outside household” policy so I can finally cancel.
Then I have good news for you! https://lifehacker.com/tech/youtube-family-premium-crackdown
In fact, I've got an email from them about this already. My YT is still ad-free though, so not sure when it's going to kick in for real.
Ya I got this message when I was on vacation for a week. Seems a little messy on their part.
I’m another Premium user in the same position. I use uBlock Origin and Sponsorblock on desktop and SmartTube on my TV. I pay for Premium to be able to share ad-free experience with my less technical family members, and to use their native iOS apps. If they really tighten the rules on Premium family sharing, I’ll drop the subscription in an instant.
I’m a Premium user and primarily watch on AppleTV. A little while ago they added a feature where if I press the button to skip ahead on the remote when a sponsor section starts, it skips over the whole thing. It skips over “commonly skipped” sections.
While it doesn’t totally remove it, it lets me choose if I want to watch or not, and gets me past it in a single button press. All using the native app. I was surprised the first time this happened. I assume the creators hate it.
ReVanced and other alternatives exist.
So long as they are broadcasting media to the public without an explicit login system, so as to take advantage of public access for exposure, it will remain perfectly legitimate and ethical to access the content through whatever browser or software you want.
After they blitzed me with ads and started arbitrarily changing features and degrading the experience, I stopped paying them and went for the free and adblocking clients and experience.
I may get rid of phones from my life entirely if they follow through with blocking third party apps and locking things down.
> ReVanced and other alternatives exist.
For now. I suspect this is the real reason Google is going to require a developer cert even for sideloaded apps: https://www.techradar.com/phones/android/google-will-soon-st...
the problem is, you cannot be sure what Google does if they catch you violating their ToS. They have killed off entire google accounts for YT copyright strikes with no recourse.
6 replies →
> ReVanced and other alternatives exist.
until next year, when google will require real name and address for dev of side loaded apps
I'm constantly baffled by how bad the implementation of YouTube Premium downloads is. Videos will buffer to 100% in a matter of seconds but get endlessly stuck when I hit the download button. Why? All the bytes are literally on my device already.
The whole YouTube app is weird. Sometimes it lets you do 1.0x-2.0x. Sometimes it lets you range from .25x-4x. Sometimes it pops up a text selection box with every .05x option from .1 to 4.0. Sometimes it has a nicer UI with shortcut selections for common choices and a sliding bar for speed. It recently picked up a bug where if you're listening to a downloaded video, but turn the screen off and on again, the video playback seems to crash. A few months ago it became very, very slow at casting, all manipulations could take 30 seconds to propagate to the cast video (pause, changing videos, etc)... but they didn't usually get lost. (It would be less weird if they did just get lost sometimes.) You aggressively can't cast a short to a TV, in a way that clearly shows this is policy for some incomprehensible reason, but if you use the YouTube app directly on your set top box it'll happily play a short on your TV. Despite its claims in small text that downloads are good for a month without being rechecked, periodically it just loses track of all the downloads and has to redownload them. It also is clearly trying to reauthorize downloads I made just 30 minutes ago sometimes when I'm in a no-Internet zone, defeating the entire purpose. When downloads are about 1/4th done it displays the text "ready to watch on the download screen" but if you try to watch it it'll fail with "not yet fully downloaded".
Feels like the app has passed the complexity threshold of what the team responsible for it can handle. Or possibly, too much AI code and not enough review and testing. And those don't have to be exclusive possibilities.
5 replies →
Because they want to control the bytes on your devices.
Giving you the bytes would be easy, the hard part is preventing the free flow of information. And those bugs are the side effects.
Also a paying YT Premium subscriber. I live in a rural part of CA where there isn't much 5G reception. For extremely long drives in my minivan, I allow my toddler to watch Ms. Rachel on the screen via an HDMI port input from my iPhone. Youtube Premium videos have DRM that disallow downloads to play over HDMI, so I had to do what you did and add them as files locally to VLC and play them from there.
> Awaiting their “premium cannot be shared with people outside household” policy
I recently got paused for "watching on another device" when I wasn't. I don't think that policy you mention is too far off.
I also have YouTube premium and watch mostly on my iPad and TV. YouTube constantly logs me out at least once per day. I notice because I’ll randomly start seeing ads again (I open videos from my rss reader, never their site). This never happened when I wasn’t on premium. I don’t get what they’re doing, but my impression after almost a year is that it’s only slightly less annoying than getting ads. At this point, I might as well not renew and just use ad block.
> Awaiting their “premium cannot be shared with people outside household” policy so I can finally cancel
That's been a policy for a while, the sign up page prominently says "Plan members must be in the same household".
No idea if its enforced though.
I have 2 homes. Every time I "go up north" I have to switch my Netflix household and then back again when I return. This sounds like that won't even be possible.
1 reply →
I'll admit to using yt-dlp to get copies of videos I wish to have a local copy of, which can't be taken away from me by somebody else, but I pay for premium because that pays for content I watch. If you don't pay for content, where's it going to come from? Patreon only works for super dedicated stars with a huge following.
I can’t speak for everyone, but I don’t watch content that needs to be “paid for” in that way. e.g. The last several videos I downloaded for archiving were install instructions for car parts that were uploaded by the part manufacturer. (And that aren’t readily available through any other channel.)
YouTube’s “Download” is not really a download, it’s actually “cache offline” within YouTube app.
Lmao, people really should stop giving them money.
YouTube premium "download" is also just completely fake. Downloaded where? What file can I copy?
Files? What era do you hail from? Prehistory?
There are no files anymore. I mean, there technically are, but copyright industry doesn't want you to look at them without authorization, security people don't want you to look at them at all, and UX experts think it's a bad idea for you to even know such thing as "files" exists.
Share and enjoy. Like and subscribe. The world is just apps all the way down.
1 reply →
I run into that download issue all the time. I need to pause downloading each video. Force close the youtube app. Then unpause the downloads to get them downloading again. It has been happening for years and is still unfixed.
I have the opposite problem... frequently streaming a video gets stuck buffering even on my gigabit fiber connection, but I can download a full max quality version in a matter of seconds.
I had a similar experience on YouTube Music. I discovered the message was misleading and I just had to enable downloads when not on WiFi
I am a premium subscriber so I can download via yt-dlp in peace without any errors or warnings.
We are not the same.
For now.
Why not use Brave browser and their playlist feature for offline downloads?
Why not use a non-chromium browser and help prevent Google from having larger control over the Internet?
We still need competition in the browser space or Google gets to have a disproportionate say in how the Internet is structured. I promise you, Firefox and Safari aren't that bad. Maybe Firefox is a little different but I doubt it's meaningfully different for most people [0]. So at least get your non techie family and friends onto them and install an ad blocker while you're at it.
[0] the fact that you're an individual may mean you're not like most people. You being different doesn't invalidate the claim.
11 replies →
> Why not use Brave
Reddit has the answer for you: https://www.reddit.com/r/browsers/comments/1j1pq7b/list_of_b...
I’m not using brave browser so did not know it could download videos
1 reply →
Nice, didn't know Brave could do that.
Brave is a series scam company.
What video did you watch?
Nintendo Direct. Download issue persisted with all videos though
[dead]
For anyone here who runs a startup, I propose two lifestyle benefits you should add:
1. Unlimited YouTube Premium
2. Unlimited drink reimbursement (coffee, tea, smoothies, whatever)
The psychological sense of loss from those two things would be larger than any 5% raise.
I don't like that math, rather have the 5% than $8k in perks.
1 reply →
I personally wouldn't want to hire a startup employee who couldn't figure out how to install a browser extension. ;-)
9 replies →
I really appreciate the engineering effort went into this "JavaScript interpreter"
https://github.com/yt-dlp/yt-dlp/blob/2025.09.23/yt_dlp/jsin...
This is the buried lede in this announcement for me - I had no idea they were already going to such lengths. It's really impressive!
This is perfect for the problem they were solving. Really cool that they took it this far to avoid adding further overhead.
It's a subset of Javascript. HN discussion here https://news.ycombinator.com/item?id=32794081
This description reminds me of program language wars excerpt I saw somewhere years ago about how c was obviously superior to Pascal, because with enough preprocessor macros you can compile any Pascal program in c. Followed by some hideous and humorous examples.
This is amazing, an old school but effective approach in this modern age. I was afraid they were going to embed a browser.
That was such a stroll through memory lane.
I decided just to look at the code for a moment and discovered ChainMap in Python.
This is excellent for some of my usages. I want to have my AI agents "fork" their context in some ways, this could be useful for that instead of juggling a tree of dictionaries.
Ha, that's cool. I have implemented a crappy and probably broken version of this type before. Next time I won't have to!
I'm on mobile, this seems like an actual js interpreter that only does objects and arithmetic. Impressive that it went that far
Heh, now I wonder how much JavaScript it actually interprets and given that it’s < 1000 lines, whether it could be used towards an introductory course in compilers.
Obviously not. An introductory course would introduce concepts like lexers, parsers, AST, etc, instead of working on strings.
Here are lines 431 through 433:
1 reply →
There’s a famous presentation by David Beazley where he implements a WASM interpreter in Python in under an hour. Highly recommended.
1 reply →
Wait I thought they were running an entire browser engine
Over time they probably will require that. I believe YT still allows most of these things because of "legacy" apps, which they have been killing off bit by bit. I'm not sure if anyone is cataloging the oldest supported app, but most things like using YT from a slightly older game console don't work anymore.
Basically any publicly known method that can sip video content with doing the least work and authentication will be a common point of attack for this.
heh, that's pretty cool.
I wonder how long until it gets split off into its own project. For the time being, it could do with a lot more documentation. At least they've got some tests for it!
> I wonder how long until it gets split off into its own project
The submission is literally about them moving away from it in favor of Deno, so I think "never" probably gets pretty close.
1 reply →
Aside from the fact that the point of the announcement is that they're dropping it entirely, this "interpreter" is a hack that definitely is nowhere near capable of interpreting arbitrary JS. For example, the only use of `new` it handles is for Date objects, which it does by balancing parens to deduce the arguments for the call, then treating the entire group of arguments as a string and applying regexes to that.
When I first got with my wife I seemed a bit crazier than I am because I am a media hoarder for 30+ years. I don't have any VHS, DVDs, etc. laying around because I only keep digital copies, but I have pretty decent archives. Nothing important really, just normal stuff and some rare or obscure stuff that disappears over time.
My wife was interested in the idea that I was running "Netfix from home" and enjoyed the lack of ads or BS when we watched any content. I never really thought I would be an "example" or anything like that - I fully expected everyone else to embrace streaming for the rest of time because I didn't think those companies would make so many mistakes. I've been telling people for the last decade "That's awesome I watch using my own thing, what shows are your favorites I want to make sure I have them"
In the last 2 years more family members and friends have requested access to my Jellyfin and asked me to setup a similar setup with less storage underneath their TV in the living room or in a closet.
Recently-ish we have expanded our Jellyfin to have some YouTube content on it. Each channel just gets a directory and gets this command ran:
It actually fails to do what I want here and download h264 content so I have it re-encoded since I keep my media library in h264 until the majority of my devices support h265, etc. None of that really matters because these YouTube videos come in AV1 and none of my smart TVs support that yet AFAIK.
I have set up a Plex server and started ripping shows from various streaming providers (using StreamFab mostly) specifically because my wife got frustrated with 1) ads starting to appear even on paid plans and 2) never-ending game of musical chairs where shows move from provider to provider, requiring you to maintain several subscriptions to continue watching. She's not a techie at all, she's just pissed off, and I know she's not the only one.
Let's make sure that when all those people come looking for solutions, they'll find ones that are easy to set up and mostly "just work", at least to the extent this can be done given that content providers are always going to be hostile.
First I ran a simple script, now I use ytdltt [1] to allow my mother via telegram bot to download YT videos (in her case its more like audiobooks) and sort them in directories so she can access/download it via jellyfin. Shes at around 1.2TB audiobooks in like 3 years.
1: https://github.com/entropie/ytdltt
> It actually fails to do what I want here and download h264 content so I have it re-encoded
I struggled with that myself (yt-dlp documentation could use some work). What's currently working for me is:
Checkout https://github.com/meeb/tubesync
Thanks for the mention :)
2 replies →
use the new preset feature to get h264: -t mp4
you can also skip the match filters by running the /videos URL instead of the main channel url.
if you want 720p, use -S res:720
I recently discovered Pinchflat [1], which seems like an *arr-inspired web alternative, and works great for me - I just need to add the videos I want downloaded to a playlist and it picks them up. Also uses yt-dlp under the hood.
1. https://github.com/kieraneglin/pinchflat
Tried this: "yt-dlp -f 'bestvideo*[ext=mp4]+bestaudio[ext=m4a]/best[ext=mp4]/best' -S vcodec:h264 -other_options …" ? I'm still getting proper h264 with that (my Raspberry PI 3 only wants a proper codec too… none of that mushy new-era codec stuff. ;) )
I'll just mention ytcc here. Not a recommendation, but might be suitable for someone.
https://pypi.org/project/ytcc/
>fails to do what I want here and download h264 content
you are missing [vcodec^=avc1] ?
Do you have to put in cookies to avoid the sign in/bot prompt? Do you use a vpn to download yt videos?
Days of just getting data off the web are coming to an end as everything requires a full browser running thousands of lines of obfuscated js code now. So instead of a website giving me that 1kb json that could be cached now I start a full browser stack and transmit 10 megabytes through 100 requests, messing up your analytics and security profile and everyone's a loser. Yay.
On the bright side, that opens an opportunity for 10,000 companies whose only activity is scraping 10MB worth of garbage and providing a sane API for it.
Luckily all that is becoming a non-issue, as most content on these websites isn't worth scraping anymore.
*and whose only customers are using it for AI training
1 reply →
This 1kb os json still sounds like a modern thing, where you need to download many MB of JavaScript code to execute and display the 1kb json data.
What you want is to just download the 10-20kb html file, maybe a corresponding css file, and any images referenced by the html. Then if you want the video you just get the video file direct.
Simple and effective, unless you have something to sell.
The main reason for doing video through JS in the first place, other than obfuscation, is variable bitrate support. Oddly enough some TVs will support variable bitrate HLS directly, and I believe Apple devices, but not regular browsers. See https://github.com/video-dev/hls.js/
> unless you have something to sell
Video hosting and its moderation is not cheap, sadly. Which is why we don't see many competitors.
7 replies →
It's an arms race. Websites have become stupidly/unnecessarily/hostilely complicated, but AI/LLMs have made it possible (though more expensive) to get whatever useful information exists out of them.
Soon, LLMs will be able to complete any Captcha a human can within reasonable time. When that happens, the "analog hole" may be open permanently. If you can point a camera and a microphone at it, the AI will be able to make better sense of it than a person.
The future will just be every web session gets tied to a real ID and if the service detects you as a bot you just get blocked by ID.
4 replies →
Please remember that an LLM accessing any website isn't the problem here. It's the scraping bots that saturate the server bandwidth (a DoS attack of sorts) to collect data to train the LLMs with. An LLM solving a captcha or an Anubis style proof of work problem isn't a big concern here, because the worst they're going to do with the collected data is to cache them for later analysis and reporting. Unlike the crawlers, LLMs don't have any incentives in sucking up huge amounts of data like a giant vacuum cleaner.
5 replies →
And it's all to sell more ads.
fortunately it is now easier than ever to do small-scale scraping, the kind yt-dlp does.
I can literally just go write a script that uses headless firefox + mitmproxy in about an hour or two of fiddling, and as long as I then don't go try to run it from 100 VPS's and scrape their entire website in a huge blast, I can typically archive whatever content I actually care about. Basically no matter what protection mechanisms they have in place. Cloudflare won't detect a headless firefox at low (and by "low" I mean basically anything you could do off your laptop from your home IP) rates, modern browser scripting is extremely easy, so you can often scrape things with mild single-person effort even if the site is an SPA with tons of dynamic JS. And obviously at low scale you can just solve captchas yourself.
I recently wrote a scraper script that just sent me a discord ping whenever it ran into a captcha, and i'd just go look at my laptop and fix it, and then let it keep scraping. I was archiving a comic I paid for but was in a walled-garden app that obviously didn't want you to even THINK of controlling the data you paid for.
> fortunately it is now easier than ever to do small-scale scraping, the kind yt-dlp does.
this is absolutely not the case. I've been web scraping since 00s and you could just curl any html or selenium the browser for simple automation but now it's incredibly complex and expensive even with modern tools like playwright and all of the monthly "undetectable" flavors of it. Headless browsers are laughably easy to detect because they leak the fact they are being automated and that they are headless. Not to even mention all of the fingerprinting.
4 replies →
Those days are not coming to an end:
* PeerTube and similar platforms for video streaming of freely-distributable content;
* BitTorrent-based mechanisms for sharing large files (or similar protocols).
Will this be inconvenient? At first, somewhat. But I am led to believe that in the second category one can already achieve a decent experience.
To how many content creators have you written to request them share their content on PeerTube or BitTorrent? How did they respond? How will they monetize?
2 replies →
I think this is just another indication of how the web is a fragile equilibrium in a very adversarial ecosystem. And to some extent, things like yt-dlp and adblocking only work if they're "underground". Once they become popular - or there's a commercial incentive, like AI training - there ends up being a response.
Not only that, but soon it will require age verification and device attestation. Just in case you're trying to watch something you're not supposed to.
For now, yes, but soon CloudFlare and ever more annoying captchas may make that option practically impossible.
You should be thankful for the annoying captchas, I hear they're moving to rectal scans soon.
> Days of just getting data off the web are coming to an end
All thanks to great ideas like downloading the whole internet and feeding it into slop-producing machines fueling global warming in an attempt to make said internet obsolete and prop up an industry bubble.
The future of the internet is, at best, bleak. Forget about openness. Paywalls, authwalls, captchas and verification cans are here to stay.
The Internet was turned into a slop warehouse well before LLMs became a thing - in fact, a big part of why ChatGPT et al. has so extreme adoption worldwide is because they let people accomplish many tasks without having to inflict on yourself the shitfest that's the modern web.
Personally, when it became available, o3 model in ChatGPT cut my use of web search by more than half, and it wasn't because Google became bad at search (I use Kagi anyway) - it's because even the best results are all shit, or embedded in shit websites, and the less I need to browse through that, the better for me.
2 replies →
Do you know what Accelerate means?
I want them to go overboard. I want BigTech to go nuts on this stuff. I want broken systems and nonsense.
Because that’s the only way we’re going to get anything better.
Accelerationism is a dead-end theory with major holes in its core. Or I should say, "their" core, because there's a million distant and mutually-incompatible varieties. Everyone likes to say "gosh, things are awful, it MUST end in collapse, and after the collapse everyone will see things MY way." They can't all be right. And yet, all of them with their varied ideas still think it'll be a good idea to actively push to make things worse in order to bring on the collapse more quickly.
It doesn't work. There aren't any collapses like that to be had. Big change happens incrementally, a bit of refactoring and a few band-aids at a time, and pushing to make things worse doesn't help.
10 replies →
If you showed me the current state of YouTube 8 years ago - multiple unskippable ads before each video, 5 midrolls for a 10 minute video, comments overran with bots, video dislikes hidden, the shorts hell, the dysfunctional algorithm, .... - I would've definitely told you "Yep, that will be enough to kill it!"
At this point I don't know - I still have the feeling that "they just need to make it 50% worse again and we'll get a competitor," but I've seen too many of these platforms get 50% worse too many times, and the network effect wins out every time.
1 reply →
It's almost funny, not to mention sad, that their player/page has been changed, filling it with tons of JS that makes less powerful machines lag.
For a while now, I've been forced to change "watch?v=" to "/embed/" to watch something in 480p on an i3 Gen 4, where the same video, when downloaded, uses ~3% of the CPU.
However, unfortunately, it doesn't always work anymore.
https://www.youtube.com/watch?v=xvFZjo5PgG0 https://www.youtube.com/embed/xvFZjo5PgG0
While they worsen the user experience, other sites optimize their players and don't seem to care about downloaders (pr0n sites, for example).
Many performance problems on YouTube are because they now force everyone to use the latest heavy codecs, even when your hardware does not have acceleration for it. I have a laptop that is plenty powerful for everything else and plays 4K h264 no problem. 720p on YouTube on the other hand turns it into a hot slate after a minute and grinds everything to a halt.
There are browser extensions like h264ify that block newer codecs but WHY??? Is nobody at YouTube caring about the user experience? It’s easier and more reliable to just download the videos.
Nah, their page and player are ridiculously heavy and slow regardless of the video codec.
Put that next to GitHub. The app is nearly unusable on an i5 8th, often I just download a snapshot to browse locally.
You are not alone. In Q1 2025 I was forced to adopt the embed player. In Q3 2025, google intentionally broke the embed player. Now the only youtube access I have is via yt-dlp. Long live yt-dlp and its developers
Personally I am looking to get away from Youtube and looking towards some form of PeerTube/peer-based platform.
Nsig/sig - Special tokens which must be passed to API calls, generated by code in base.js (player code). This is what has broken for yt-dlp and other third party clients. Instead of extracting the code that generates those tokens (eg using regular expressions) like we used to, we now need to run the whole base.js player code to get these tokens because the code is spread out all over the player code.
PoToken - Proof of origin token which Google has lately been enforcing for all clients, or video requests will fail with a 403. On android it uses DroidGuard, for IOS, it uses built in app integrity apis. For the web it requires that you run a snippet of javascript code (the challenge) in the browser to prove that you are not a bot. Previously, you needed an external tool to generate these PoTokens but with the Deno change yt-dlp should be capable of producing these tokens by itself in the near future.
SABR - Server side adaptive bitrate streaming, used alongside Google's UMP protocol to allow the server to have more control over buffering, given data from the client about the current playback position, buffered ranges, and more. This technology is also used to do server-side ad injection. Work is still being done to make 3rd party clients work with this technology (sometimes works, sometimes doesn't).
Nsig/sig extraction example:
- https://github.com/yt-dlp/yt-dlp/blob/4429fd0450a3fbd5e89573...
- https://github.com/yt-dlp/yt-dlp/blob/4429fd0450a3fbd5e89573...
PoToken generation:
- https://github.com/yt-dlp/yt-dlp/wiki/PO-Token-Guide
- https://github.com/LuanRT/BgUtils
SABR:
- https://github.com/LuanRT/googlevideo
EDIT2: Addeded more links to specific code examples/guides
If you ever wondered why the likes of Google and Cloudflare want to restrict the web to a few signed, integrity-checked browser implementations?
Now you know.
>If you ever wondered why the likes of Google and Cloudflare want to restrict the web
I disagree with the framing of "us vs them".
It's actually "us vs us". It's not just us plebians vs FAANG giants. The small-time independent publishers and creators also want to restrict the web because they don't want their content "stolen". They want to interact with real humans instead of bots. The following are manifestations of the same fear:
- small-time websites adding Anubis proof-of-work
- owners of popular Discord channels turning on the setting for phone # verification as a requirement for joining
- web blogs wanting to put a "toll gate" (maybe utilize Cloudflare or other service) to somehow make OpenAI and others pay for the content
We're long past the days of colleagues and peers of ARPANET and NFSNET sharing info for free on university computers. Now everybody on the globe wants to try to make a dollar, and likewise, they feel dollars are being stolen from them.
36 replies →
I don't know, it's really hard to blame them. In a way, the next couple of years are going to be a battle to balance easy access to info with compensation for content creators.
The web as we knew it before ChatGPT was built around the idea that humans have to scavenge for information, and while they're doing that, you can show them ads. In that world, content didn't need to be too protected because you were making up for it in eyeballs anyway.
With AI, that model is breaking down. We're seeing a shift towards bot traffic rather than human traffic, and information can be accessed far more effectively and, most importantly, without ad impressions. So, it makes total sense for them to be more protective about who has access to their content and to make sure people are actually paying for it, be it with ad views or some other form of agreement.
9 replies →
Weird people talking about small time creators wanting DRM I've never seen that... Usually they'd be hounding for any attention? I don't know why multiple accounts are seemingly independently bringing this up, but maybe it is trying to muddy the waters? This concept?
At least for YouTube, viewbotting is very much a thing, which undermines trust in the platform. Even if we were to remove Google ads from the equation, there’s nothing preventing someone from crafting a channel with millions of bot-generated views and comments, in order to paid sponsor placements, etc.
The reasons are similar for Cloudflare, but their stances are a bit too DRMish for my tastes. I guess someone could draw the lines differently.
16 replies →
The fact you shoved Cloudflare in there shows your ignorance of the actual problems and solutions offered.
There could be valid reasons for fighting downloaders, for example:
- AI companies scraping YT without paying YT let alone creators for training data. Imagine how many data YT has.
- YT competitors in other countries scraping YT to copy videos, especially in countries where YT is blocked. Some such companies have a function "move all my videos from YT" to promote bloggers migration.
13 replies →
Everything trends towards centralization on a long enough period.
I laugh at people who think ActivityPub or Mastodon or BlueSky will save us. We already had that, it was called e-mail, look what happened once everyone started using it.
If we couldn't stop the centralization effects that occurred on e-mail, any attempt to stop centralization in general is honestly a utopian fool's errand. Regulation is easier.
3 replies →
And barely a few days after google did it the fix is in.
Amazing how they simply couldn't win - you deliver content to client, the content goes to the client. Could be the largest corporation of the world and we still have yt-dlp.
That's why all of them wanted proprietary walled gardens where they would be able to control the client too - so you get to watch the ads or pay up.
> For the web it requires that you run a snippet of javascript code (the challenge) in the browser to prove that you are not a bot.
How does this prove you are not a bot. How does this code not work in a headless Chromimum if it's just client side JS?
Good question! Indeed you can run the challenge code using headless Chromium and it will function [1]. They are constantly updating the challenge however, and may add additional checks in the future. I suppose Google wants to make it more expensive overall to scrape Youtube to deter the most egregious bots.
[1] https://github.com/LuanRT/BgUtils
4 replies →
Once JavaScript is running, it can perform complex fingerprinting operations that are difficult to circumvent effectively.
I have a little experience with Selenium headless on Facebook. Facebook tests fonts, SVG rendering, CSS support, screen resolution, clock and geographical settings, and hundreds of other things that give it a very good idea of whether it's a normal client or Selenium headless. Since it picks a certain number of checks more or less at random and they can modify the JS each time it loads, it is very, very complicated to simulate.
Facebook and Instagram know this and allow it below a certain limit because it is more about bot protection than content protection.
This is the case when you have a real web browser running in the background. Here we are talking about standalone software written in Python.
6 replies →
Just the other day there was a story posted on hn[0][1] that said YouTube secretly wants downloaders to work.
It's it's always been very apparent that YouTube are doing _just enough_ to stop downloads while also supporting a global audience of 3 billion users.
If the world all had modern iPhones or Android devices you'd bet they'd straight up DRM all content
[0] https://news.ycombinator.com/item?id=45300810
More specifically, yt-dlp uses legacy API features supported for older smart TVs which don't receive software updates. Eventually once that traffic drops to near zero those features will go away.
So more people using yt-dlp will increase the likelihood of Youtube keeping legacy APIs?
1 reply →
That conspiracy theory never even made sense to me. Why would anyone think that a payment and ad-supported content platform secretly wants their content to be leaked through ad and payment free means?
Mainly the theory that, if you can’t use downloaders to download videos, then people will no longer see YT as the go-to platform for any video hosting and will consider alternatives.
And I call that a theory for a reason. Creators can still download their videos from YT Studio, I'm not sure how much importance there is on being able to download any video ever (and worst case scenario people could screen recording videos)
2 replies →
I agree, all I can think of is that durely alot of commentary YouTubers rely on YouTube downloaders to use fair-use snippets of other people's videos in their commentary videos?
being a de facto monopoly has a lot of value that is hard to quantify...
e.g. censorship, metadata, real time society-wide trends, etc...
google is way-way more than just a company.
Ronsor [1] and reply by seproDev:
> Why can't we embed a lightweight interpreter such as QuickJS?
> @Ronsor #14404 (comment)
The linked comment [2]:
> @dirkf This solution was tested with QuickJS which yielded execution times of >20 minutes per video
How on earth can it be that terrible compared to Deno?
[1] https://github.com/yt-dlp/yt-dlp/issues/14404#issuecomment-3...
[2] https://github.com/yt-dlp/yt-dlp/issues/14404#issuecomment-3...
> How on earth can it be that terrible [>20 minutes] compared to Deno?
QuickJS uses a bytecode interpreter (like Python, famously slow), and is optimised for simplicity and correctness. Whereas Deno uses a JIT compiler (like Java, .NET and WASM). Deno uses the same JIT compiler as Chrome, one of the most heavily-optimised in the world.
That doesn't normally lead to such a large factor in time difference, but it explains most of it, and depending on the type of code being run, it could explain all of it in this case.
QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
JIT is still banned by policy on a LOT of mobile devices, meaning that previous usage of yt-dlp on mobile is now effectively unsupportable.
5 replies →
My concern is either that QuickJS is something like 100x slower, or that even when using Deno, the download experience will be insanely slow.
In my mind, an acceptable time for users might be 30 seconds (somewhat similar to watching an ad). If QuickJS is taking >20 minutes, then it is some 40x slower? Seems very high?
> QuickJIT (a fork of QuickJS that uses TCC for JIT) might yield better results, but still slower than Deno.
Interesting, not come across it before. Running C code seems like an insane workaround from a security perspective.
It's horrifying and Google must've worked very hard to kill the performance in other interpreters.
The brightest minds (or something close) working hard to make computation slower and more difficult, so that someone can profit more.
That is interesting. We use QuickJS in Minecraft (Bedrock, for modding) and while it's much slower than V8 it's not _that_ much slower.
The writing is on the wall for easy ripping. If there's any YT content you expect you'll want to preserve for a long time, I suggest spinning up https://www.tubearchivist.com/ or something similar and archiving it now while you still can.
I agree and feel that the time is now to archive all of the truly valuable cultural and educational content that YT acquired through monopolistic means.
This solution looks interesting, but I am technical enough to know that this looks like a PITA to setup and maintain. It also seems like it is focused on downloading everything from a subbed channel.
As it is now, with a folder of downloaded videos, I just need a local web server that can interpret the video names and create an organized page with links. Is there anything like this that is very lightweight with a next next finish install?
They already had the proper-DRM tech for youtube movies for years, why didn't they already turn that on for all content?
It would break many millions of old consumer devices that no longer receive updates, like old smart TVs. They are waiting for that old device traffic to drop low enough before they can force more robust measures.
You already need such things for certain formats.
They actually somewhat did: https://github.com/yt-dlp/yt-dlp/issues/12563 "DRM on ALL videos with tv (TVHTML5) client"
It's not really a matter of just turning it on when it comes to the kind of scale that YouTube has on their catalogue. It's practically impossible to retranscode the whole catalogue, so you're more or less stuck with only doing it for newly ingested content, and even there the tradeoffs are quite large when it comes to actually having DRM.
I think we can safely assume that the only content under DRM at YouTube today is the content where it's absolutely legally necessary.
1 reply →
YouTube's delivery scale is enormous and adding additional complexity if they don't have to is probably considered a no no.
But if they decide they have to, they can do it fairly trivially.
YT probably HAD to put the DRM on in order to get the license deal with the studios. Nobody is twisting their arm as much so other interests (wider audience, less server side resources, not getting around to it) can prevail.
They have to pay a technology license fee per month per protected title.
pinchflat (https://github.com/kieraneglin/pinchflat) is an alternative to tubearchivst. less mature but also less buggy IME
I was surprised they went with Deno instead of Node, but since Deno has a readily available single-exe distribution that removes a lot of potential pain. This was pretty much just a matter of time, though; the original interpreter in Python was a brilliant hack but limited in capability. It was discussed a few years ago for the YouTube-dl project here https://news.ycombinator.com/item?id=32793061
Node does not have the concept of security and isolation like the Deno has. There is maintainer comment in the same thread.
What evidence is there that Deno's "security and isolation" works?
It's their application, yt-dlp can use whatever it wants. But they made their choices for stylistic/aesthetic reasons.
7 replies →
The sandboxing features of Deno also seem to have played a role in that choice. I wouldn't overly trust that as a security layer but it's better than nothing.
This is the first time I've heard of Deno so I'm only going by their Security & Permissions doc page [1], but it looks like the doc page at the very end recommends using system-level sandboxing as a defense in depth. This suggests that Deno doesn't use system sandboxing itself.
To me this is a bit alarming as IIRC most app runtime libraries that also have this in-runtime-only sandboxing approach are moving away from that idea precisely because it is not resistant to attackers exploiting vulnerabilities in the runtime itself, pushing platform developers instead toward process-level system kernel-enforced sandboxing (Docker containers or other Linux cgroups, Windows AppContainer, macOS sandboxing, etc.).
So for example, .NET dropped its Code Access Security and AppDomain features in recent versions, and Java has now done the same with its SecurityManager. Perl still has taint mode but I wonder if it too will eventually go away.
[1] https://docs.deno.com/runtime/fundamentals/security/
1 reply →
Deno sandboxing is paper thin, last time I looked they had very simple rules. It's a checkbox feature. If you want isolation use WASM.
7 replies →
Keep in mind that yt-dlp doesn't just support YouTube, which-- notwithstanding the claims of "all DRM is malware" etc.-- probably won't download actively harmful code to your computer: it also supports a huge number of video streaming sites, including some fairly obscure and sketchy ones. Sandboxing in the interpreter that's at least as good as what you'd get in a browser is a must, because by design this is doing untrusted code execution.
This is very related to a talk I did last year [1]. "Part 2: youtube-dl" starts at 18:21. It dips toes into an analysis about software that fundamentally depends on ongoing human labor to maintain (as compared to, e.g. zlib, which is effectively "done" for all intents and purposes).
More concretely, the additional Deno dependency is quite problematic for my music player, especially after I did all that work to get a static, embeddable CPython built [2].
Ideally for me, yt-dlp would be packaged into something trivially embeddable and sandboxable, such as WebAssembly, calling into external APIs for things like networking[3]. This would reduce the value delivered by the yt-dlp project into pure DRM-defeating computation, leaving concerns such as CLI/GUI to a separate group of maintainers. A different project could choose to fulfill those dependencies with Deno, or Rust, or as in my case, built directly into a music player in Zig.
Of course I don't expect the yt-dlp maintainers to do that. They're doing something for fun, for free, for pride, for self-respect... in any case their goals aren't exactly perfectly aligned with mine, so if I want to benefit from their much appreciated labor, I have to provide the computational environment that they depend on (CPython[4] and Deno).
But yeah, that's now going to be a huge pain in the ass because now I either have to drop support for yt-dlp in my music player, or additionally embed deno, as well as introduce Rust as a build dependency... neither of which I find acceptable. And don't even get me started on Docker.
[1]: https://www.youtube.com/watch?v=SCLrNqc9jdE
[2]: https://github.com/allyourcodebase/cpython
[3]: https://ziglang.org/news/goodbye-cpp/
[4]: https://github.com/yt-dlp/yt-dlp/issues/9674
> introduce Rust as a build dependency
https://news.ycombinator.com/item?id=45314055
Just like git! This is the present and future. :(
I used to work on video generation models and was shocked at how hard it was to find any videos online that were not hosted on YouTube, and YouTube has made it impossibly hard to download more than a few videos at a time.
> YouTube has made it impossibly hard to download more than a few videos at a time
I wonder why. Perhaps because people use bots to mass-crawl contents from youtube to train their AI. And Youtube prioritizes normal users who only watch a few videos at most at the same time, over those crawling bots.
Who knows?
I wonder how Google built their empire. Who knows? I’m sure they didn’t scrape every page and piece of media on the internet and train models on it.
My point was that the large players have monopoly hold on large swaths of the internet and are using it to further advantage themselves over the competition. See Veo 3 as an example, YouTube creators didn’t upload their work to help Google train a model to compete with them but Google did it anyways, and creators didn’t have a choice because all eye balls are on YouTube.
1 reply →
you have to feed it multiple arguments with rate limiting and long wait times. i am not sure if there have been recent updates other than the js interpreter but ive had to spin up a docker instance of a browser to feed it session cookies as well.
Yeah we had to roll through a bunch of proxy servers on top of all the other tricks you mentioned to reliably download at a decent pace
2 replies →
[flagged]
Unusually well-argued post, hard to disagree with...
What exactly is the problem? That they worked on video generation models? That they only used YouTube? That they downloaded videos from YouTube? That they downloaded multiple videos from YouTube?
At some point we’re going to need a better place to put videos than YouTube. The lack of any democratization of bulk storage is beginning to be a real problem on the internet.
Yes, we have archive.org. We need more than that, though.
I’m sure there’s some distributed solution like IPFS but I haven’t seen any serious attempt to make this accessible to every day people.
> The lack of any democratization of bulk storage is beginning to be a real problem on the internet.
There are many thousands of paid hosting services, feel free to pick one. It turns out hosting TB of data for free is a pretty tricky business model to nail down.
There have been plenty of free distributed hosting services for the web that worked perfectly (popcorn time, etc, etc). It's just that every time they become popular they are attacked legally and shut down. The problem is not technical, or even resource based, the problem is legal. Only a mega-corp can withstand the legal attacks.
And even if the legal attacks could be mitigated most people would still use youtube because they're there for the money (or for people who are there for the money). They are not there for a video host. Youtube enables distribution of money and there's no way that any government would let any free system distribute money without even more intense legal, and indeed physically violent, attacks.
There are: peertube, odysee, minds, rumble, bitchute web torrent)...
It is the same reason why people just can't get off IG. Network effect and in YT case a lot of disk space and bandwidth.
I don’t think network effect matters much if you’re not trying to advertise the content. Organizations can just link to it from their site.
I admit I haven’t looked into peertube, and I didn’t think that rumble was any better than YouTube. I don’t recognize the others. Thank you; I’ll resurvey.
2 replies →
If you want to compete with YT you need to basically build AWS S3 in your own data centers. You'd have to find a way to make your service run cheaper than google can if you wanted to survive. You'd have to get very scrappy and risky. I'd start with questions like: how many 9s of durability do we actually need here? Could we risk it until the model is proven? What are the consequences for losing cat videos and any% speed runs of mario64? That first robotic tape library would be a big stepwise capex event. You'd want to make sure the whole thing makes sense before you call IBM or whoever for a quote.
Games Done Quick has raised 10s of millions for charity. I suspect they could raise a few thousand for a few dozen TB of nvme storage if they wanted to host a speedrun archive.
3 replies →
> If you want to compete with YT you need to basically build AWS S3 in your own data centers. You'd have to find a way to make your service run cheaper than google can if you wanted to survive.
YouTube's economy of scale goes way beyond having their own datacenters, they have edge caches installed inside most ISP networks which soak up YT traffic before it even reaches a Google DC. It would take a staggering amount of investment to compete with them on cost.
The problem with bulk storage is that it will be abused at large scale.
CSAM peddlers, intellectual property violators, unconsensual sexual material ("revenge porn"), malware authors looking for places to exfiltrate stolen data, propagandists and terrorists, the list of abusers is as long as it is dire.
And for some of these abuser classes, the risk for any storage service is high. Various jurisdictions require extremely fast and thorough responses for a service provider to not be held liable, sometimes with turnaround times of 24 hours or less (EU anti terrorism legislation), sometimes with extremely steep fines including prison time for responsible persons. Hell, TOR exit node providers have had their homes raided and themselves held in police arrest or, worse, facing criminal prosecution and prison time particularly for CSAM charges - and these are transit providers, not persistent storage.
And all of that's before looking on the infrastructure provider side. Some will just cut you off when you're facing a DDoS attack, some will bring in extortionate fees (looking at you, AWS/GCE/Azure) for traffic that may leave you in personal bankruptcy. And if you are willing to take that risk, you'll still run the challenge of paying for the hardware itself - storage isn't cheap, 20TB of storage will be around 200€ and you want some redundancy and backups, so the actual cost will rather be 60-100€/TB plus the ongoing cost of electricity and connectivity.
That's why you're not seeing much in terms of democratization.
Maybe that’s true, but YouTube is just absolutely miserable to use in every way. There’s got to be better options.
1 reply →
> I’m sure there’s some distributed solution like IPFS
Almost 25 years on the internet and I have not been able to download anything from IPFS. Does one need a PhD to do so?
Same. Are we missing information, or is it really stagnating and not being utilized for whatever reasons?
I keep seeing ads on TV for Photobucket (Which I thought was dead) for 1TB of storage for either free, or $5, depending on the ad.
Maybe there is an opportunity for that company to expand.
Also, archive.org is in magaland, so that is a very endangered service.
Can anyone explain specifically what the YT code does that the existing python interpreter is unusable and apparently quickjs takes 20 minutes to run it?
Is it just a lot of CPU-bound code and the modern JIT runtimes are simply that much faster, or is it doing some trickery that deno optimizes well?
From https://github.com/ytdl-org/youtube-dl/issues/33186
> Currently, a new style of player JS is beginning to be sent where the challenge code is no longer modular but is hooked into other code throughout the player JS.
So it's no longer a standalone script that can be interpreted but it depends on all the other code on the site? Which could still be interpreted maybe but is a lot more complex and might need DOM etc?
Just guessing here, if anyone knows the details would love to hear more.
Yeah that is guess google using spaghetti code to keep their yt moat.
Could something like tree-shaking be used to reduce the player code to just the token generating bit? Or does the whole player js change for each video?
Sounds like a really silly way to engineer things, but then again Google has the workforce to do lots of silly things and the cash to burn, so they can afford it.
1 reply →
YouTube is mining cry-
I mean, running some unknown highly obfuscated CPU-demanding JS code on your machine - and using its results to decide whether to permit or deny video downloads.
The enshittification will continue until user morale improves.
And at the same time we are against websites mining crypto. At this point they could do that, too...
Noteworthy to me: deno is MIT licensed, but PyPI distributions (at least the ones I checked) include neither license nor source code. It's normal for pre-built distributions ("wheels") to contain only the Python code (which for a project like this is just a small bootstrap used to find the compiled executable — it doesn't appear to be providing any Python API), but they should normally still have a LICENSE file.
It's also common to have the non-Python (here, Rust) source in source distributions ("sdists"), but this project's sdist is only a few kilobytes and basically functions as a meta-package (and also includes no license info). It "builds" Deno by detecting the platform, downloading a corresponding zip from the GitHub releases page, extracting the standalone Rust executable, and then letting Hatchling (a popular build tool in the Python ecosystem) repackage that in a wheel.
Update: It turns out that the Python package is published by a third party, so I submitted an issue (https://github.com/manzt/denop/issues/1) to ask about the licensing.
(Update 2: the distribution has been updated. Thanks to Trevor Manz for an unexpectedly prompt response!)
This will be interesting to see how it affects the numerous Android apps on F-Droid that are essentially wrappers around yt-dlp to create a YouTube Music clone.
2045:
"yt-dlp needs a copy of your digitized prefrontal cortex in order to bypass Youtube's HumanizeWeb brain scanner"
This assumes that YouTube will still exist in 2045.
I think it's safe to say that DRM and ads will still exist either way, so...
Can we remove heartdropping mystery from the title? My first thought is that Google makes it more difficult to download from YouTube.
"yt-dlp moves to Deno runtime"
Google is making it harder to download from Youtube. Your first thought is correct! Every other website that yt-dlp supports doesn't require this change. Additionally, yt-dlp is still written in python, it has not moved to deno. They are only adding a deno dependency for the javascript challenges added by youtube.
I get that, but still title is too "loud".
> "yt-dlp moves to Deno runtime"
That makes it seem like yt-dlp itself was rewritten from Python to JavaScript (for those who even know it’s Python) or that it used to use Node and now uses Deno.
TIL that you can run frontend Javascript with a package like Deno. I thought you need a proper headless browser for it.
I was thinking the same walking into this thread. I figured DOM/CSS/HTML would be part of the black box magic, but I suppose from the perspective of JS all of that can be faked appropriately.
I think you only need something like `jsdom` to have the core API available. The DOM itself is just a tree structure with special nodes. Most APIs are optional and you can provide stubs if you're targeting a specific websites. It's not POSIX level.
I would like to know more about this. I had some web scrapers in Perl but they no longer work. :(
1 reply →
The length Youtube have gone to make it impossible to download videos. At the same time, Tiktok allows anyone to download a video with just right click
On the other hand, I can navigate, search, and watch any video on YouTube without an account. With TikTok, I can’t even scroll the page without tricks.
Nah, the uploader can turn that off if they want, which they tend to do on any popular video. I've resorted to screen recording, but even that is blockable with the (bullshit, shouldn't exist). "can't screenshot this due to security" API that exists on mobile operating systems now
You can point a camera at the screen, at least.
Once upon a time (around 2000) they tried to fix this by making cameras illegal except for licensed photographers.
With the recent forced buy of TikTok with Rupert, Larry and co, I doubt that's going to be a thing for much longer; they will want to make money some how.
The second to last comment in the linked thread is an FAQ with some good explanation of their reasoning. I suggest anyone who hasn't read it yet to do so as it answers a lot of questions I've seen in this thread.
https://github.com/yt-dlp/yt-dlp/issues/14404#issuecomment-3...
Why can youtube not just give a micropayments backed API? Just charge a few cents per video download and be done with it.
meanwhile Youtubers: a penny per view would be 10x what Youtube pays us
https://www.youtube.com/watch?v=3nloigkUJ-U&t=4851s
The YouTube RPM (revenue per mille) strongly depends on the location of the audience and the topic of the video. It could be anywhere from $0.5 to $20. That 10x figure could very well be true for that YouTuber, but it's also true that other YouTubers already earn more than a penny per view.
They do. It's called YouTube Premium.
It's not though. You can't download an mp4 to use however you wish with YouTube Premium. And definitely not via an API.
2 replies →
AFAIK Premium allows you to download to persistent browser storage. But is it DRM-free/open or usable format?
2 replies →
Allright, it means youtube is soon gone for me: deno is just a front-end to the abominations of the web engines from the whatng cartel. It would be a good compromise if I could have such an engine which I could build with a simple C compiler. You have modern javascript engines implemented in C, but no web engine, "la creme de la creme" of software abominations.
Just a few weeks/months ago, gogol search was blocked to noscript/basic (x)html browsers (I have witness gogol agenda about this unfold over the last few years).
Will use yt-dlp(zero whatng) until it breaks for good I guess.
The US administration failed to regulate the market domination of youtube with enforced simple and stable in time technical standards (what Big Tech hates). I don't blame them, since those nasty guys are smart border-line crime lords (and for sure serial offenders in EU).
Is there any other ways, non Big Tech ways, to access Sabine H. content? Or should I said good bye right now?
The change includes the ability to point yt-dlp at a Deno or Node binary of your own choice, which, in principle, allows someone to use a different runtime so long as it provides everything the script needs to run successfully.
What?
How could you miss the point that much?
2 replies →
on why they chose Deno instead of node:
"Other JS runtimes (node/bun) could potentially be supported in the future, the issue is that they do not provide the same security features and sandboxing that deno has. You would be running untrusted code on your machine with full system access. At this point, support for other JS runtimes is still TBD, but we are looking in to it."
While deno has sandboxing, it also has potential access to hundreds of dangerous functions, it might be better just to write a tiny wrapper around JS engine that adds only the function to write to stdout.
Deno blocks by default the access to network, storage and environment variables
1 reply →
Many Linux distros have Firefox's JavaScript (SpiderMonkey?) runtime independently packaged and available. Can it be used for this?
Yes, Spidermonkey can be ran standalone and would probably be much more secure than Deno would be because it does not have all the server-related APIs.
Came across this the other day - set of yt-dlp helper scripts loaded up with flags:
https://github.com/TheFrenchGhosty/TheFrenchGhostys-Ultimate...
That's why youtube is so buggy and slow.
So, instead of using something lightweight and embeddable like QuickJS, they opted for Deno? Nothing specifically against it, just seems... overkill
See this comment:
https://news.ycombinator.com/item?id=45359626
There are other embeddable JS engines out there.
2 replies →
Really feels like the somewhat open nature of yt is running on borrowed time
First you spend money to create something people really want and build a big user base.
Then you open it up to third party businesses and get them tied to your platform, making money off your users.
Once locked in you turn the screws on the businesses to extract as much money from them as possible.
Finally you turn the screws on the users to extract every last bit of value from the platform before it withers and fades into irrelevance.
What you say is true for most companies/software, but YouTube can play a nasty game for a very long time before it withers into irrelevance (if at all). They have enormous moat, one would need enormous resources to take on YouTube, I don't think anyone has that kind of patience or resources to even attempt. Like it or not, we are stuck with YT for a while.
I have learned so much from YouTube - I wish it was more open and friendly to its creators and users :(
In the meantime, all we can do is support smaller alternatives like https://nebula.tv/
I started this fight with youtube back when it was called google video, because i wanted to watch content but my 28.8kbps modem didnt have the grunt todo it in one session.
When i started getting 100,000's of downloads a day, google updated their html and blocked me from their search engine. I did the cat and mouse a few times but in the end it wasnt worth it.
Glad to see the legacy still lives on :D
https://gvdownloader.sourceforge.net/
Cool. But Youtube was never called google video. Youtube was acquired by Google and Google Videos was a separate site.
Surprisingly, Deno was chosen as the first JavaScript runtime due to its security features. I thought it was almost dead, as Bun is growing very quickly among developers.
Fortunately the community is not alone in this fight, because many AI companies need to be able to download YT videos. But they should sponsor yt-dlp more directly..
I wonder if we're going to see JS runtime fingerprinting attempt from google now
I doubt it'd be difficult for Google to detect if the client is a browser or not. They already need to check for signals of abnormal use to detect things like clickfarms and ad scams.
> detect if the client is a browser
User agents are like journalists: there's no such thing as pretending to be one.
If someone writes their own client and says, "This is a browser", then it is one.
Have they not done this for years and years already?
Ah, JavaScript Run-time Integrity checks!
I wonder if the youtube phone app also needs a JS runtime or is it able to bypass the JS requirements somehow.
NewPipe will probably need to add a JS runtime too.
yt-dlp dev here
The Android app uses an API which does not require a JS runtime, but it does require a Play Integrity token. The iOS app uses an API which is assumed to require an App Attest token.
Also, neither API supports browser cookies, which is a necessity for many users.
Any Android app can run code inside a WebView without adding anything.
The folks at deno have really done a fantastic job at pushing a JS runtime forward in a way that's more easily plug and play for the community. I've used `denoland/deno_core` and `denoland/rusty_v8` quite a bit in embedded projects where I need full JS support but I can't assume users have node/bun/etc installed locally.
Not surprised to see yt-dlp make a similar choice.
I would pay for YouTube if Google created the best possible search engine they could for it. I'm talking inverted and semantic indexing of every word of every video with speaker tagging and second level timestamping. I want to be able to runs queries like "Give me the timestamps of every time Veritasium said math while wearing a blue shirt."
> Note that installing Deno is probably not necessary if you don't want to, only downloading it. Just like yt-dlp, Deno is available as a fully self-contained single executable from their GitHub releases: https://github.com/denoland/deno/releases.
> Yeah, you can just extract the zip and put deno.exe in the same folder as yt-dlp
I hope they just make this automatic if this truly becomes necessary. yt-dlp not having requirements, or having them built-in, isn't something just "convenient", I think there's users that wouldn't use the tool without that simplicity. Most people really don't like and try to avoid having to fight dependencies.
What I found much more annoying, and so far have not been able to work around, is that yt-dlp requires you to have a YouTube account, something that I have not had for a decade or so, and am unwilling to create again.
What tool can I use to simply store what my browser receives anyway, in a single video file?
When did it start requiring one? It didn't require one the last time I used it a few months ago...
Google started using IP range blocks recently. If they decide that your IP stinks, they'll block YouTube viewing and demand that you log in.
It's inconsistent as fuck, and even TOR exit nodes still work without a log in sometimes.
2 replies →
I think for me it has been this way for a year or so. Maybe it is because I am on a VPN. I also cannot view YouTube videos on YouTube any longer, because it always wants me to log in, to "prove I am not a bot". So I have switched to only using invidious instances, and if they don't work, then I just cannot watch the video.
I wish content creators would think of their own good more, and start publishing on multiple platforms. Are there any terms that YouTube has for them, that reduce revenue, if they publish elsewhere as well? Or is it mostly just them being unaware?
1 reply →
It must be a pretty recent (as in added yesterday) addition, as I was watching youtube with mpv+yt-dlp.
> What tool can I use to simply store what my browser receives anyway, in a single video file?
This. I'm interested in such a tool or browser extension.
I'm using it right now without a youtube account.
yt-dlp has never required an account. If it looks like that, either you're seeing some error from, e.g., youtube and not yt-dlp claiming that or you're running some sort of scam version instead of the real thing.
How will this JS execution be contained/isolated? Do we have to run it inside a VM, or containers?
They are running the JS in Deno, a sandboxed JS runtime.
What are folks thoughts on jdownloader2 these days? Hell is that still kicking?
jdownloader2 is one of those weirdly licensed things, it claims to be "open source" but you actually can't find the entire source anywhere. Worse than proprietary, tbh.
https://beta.jdownloader.org/developmentquicktutorial
svn://svn.jdownloader.org/jdownloader/trunk
it's right there on the home page
Yeah my go to for youtube still. Working as good as ever for that so far.
Great ad for deno. I hit a similar one the other day from pydantic. They make a MCP server for running sandboxed python code and the they did that… Python to WASM, and wasm running in deno.
It's incredible how much work goes into these open source projects for downloading youtube videos, especially since youtube keeps breaking them. There are nearly 1500 contributors
To be fair yt-dlp supports a lot more than just YouTube
https://github.com/yt-dlp/yt-dlp/tree/master/yt_dlp/extracto...
Why won’t they use my browser for downloads, for example through TestCafe? That would also allow downloading premium quality (for subscribers) and so on.
I think you can get premium formats through the --cookies-from-browser flag
I've been using yt-dlp to download transcripts. Are there alternatives that don't require going through all these hoops? I'm guessing no.
I thought transcripts already broke a long ago. Are they working again?
I was scared this morning when yt-dlp did not work, but a git pull fixed it.
A huge thank you to the yt-dlp folks. They do amazing work.
This change has been long overdue. The web player has been broken with yt-dlp for such a long time.
Will Debian package Deno for it?
Looks like this runtime is written in Rust. Really does seem like Rust is rapidly swallowing all kinds of common tools and libraries. In this case a single compiled binary for multiple architectures is quite convenient for something like yt-dlp.
Deno itself is written mostly in Rust, but it also leverages [1] Google's V8 Javascript engine which is written in C++.
[1]: https://choubey.gitbook.io/internals-of-deno/architecture/v8
Might as well start an effort to rewrite the whole project in Javascript at this point
Why are they using the web target? YouTube has multiple other attack vectors which have no javascript barriers.
Plenty of devices have YouTube players which are not being capable of being updated and which must work, exploit those APIs.
"Attack vectors" is a very interesting choice of words. Yt-dlp is literally using a public API for its intended purpose (accessing videos). The only difference is how yt-dlp is delivering the videos to the user. Probably as much of an "attack" as user-agent spoofing or using browser extensions.
But to answer your question, no, there aren't any suitable APIs (I've looked into it). They all either require JavaScript (youtube.com and the smart tv app) or require app integrity tokens (Android and iOS). Please let me know if you know something I don't?
What about the smart TVs? There have to be a lot of them, do all of them run JS?
Also what kind of environments are executing the JS? If Google begins to employ browser fingerprinting that may become relevant.
2 replies →
The whole point of YouTube (now) is it’s a market for human attention and behavior. Eyeballs, engagements, tracking and analytics. They will go to great lengths to protect and increase the value of this market.
I would be really interested in hearing what Mike Hearn has to say about this. AFAIK he was responsible for something very similar that was used at Google for other products that had some overlap.
That seems a lot of dev work, why not just run in browser then? There are extensions that work pretty well, like Tubly downloader, Video DownloadHelper.
This morning youtube was already breaking the functionality of yt-dlp.
To solve, just upgrade on linux using:
pip install -U "yt-dlp[default]"
I refuse to run JS on my n270 netbook; even less with a propietary license. Thus, I will just use some invidious mirror.
> Up until now, yt-dlp has been able to use its built-in JavaScript "interpreter" [1]
Wow, this is equal parts fascinating and horrifying.
Edit, after looking into it a bit: It seems like a self-contained build of deno weighs in at around 40 MB (why?), so I can see why they tried to avoid that and appreciate the effort.
[1] https://github.com/yt-dlp/yt-dlp/blob/2025.09.23/yt_dlp/jsin...
At this rate they are just gonna have to ship a whole web browser with it lol.
Youtube is the real monopoly. Creators are also slaves, as they cant monetize elsewhere, and also they cant let their users download their own content. And the icing on the cake is youtube is unbearable without an ad-blocker, and even with that youtube has started throttling ad-block users.
Its such a shithole, with no real replacement, sad state of affairs.
why can't they monetize elsewhere?
> Here's the problem (and it's not insurmountable): right now, there's no easy path towards sustainable content production when the audience for the content is 100x smaller, and the number of patrons/sponsors remains proportionally the same.
https://www.jeffgeerling.com/blog/2025/self-hosting-your-own...
1 reply →
Some do, and those who are able to make the move to patronage or subscriber monetization seem much happier for it. But that's most viable for creators who have already built up a viable customer base, which usually started on YouTube. It's much harder if you start out somewhere else.
Much, much, much smaller audience elsewhere.
1 reply →
Youtube is victim of its success
I don't promote piracy, but it seems that it's easier to download music from youtube than using torrents, which is quite surprising.
Who expected that such a big company would contribute to piracy?
Honestly the time is now to start building a P2P mirror on top of yt-dlp so the videos only need to be scraped a few times, within 4 years it's obvious ads will be burned into the video file or yt-dlp will no longer function at all and then it will be too late to mirror YouTube and the content will be locked up and eventually lost.
Is there an official name for this endless uphill battle? Counter-Enshittification?
Cleaning the Augean stables.
amazing how posts critical of google quickly fall off the front page during north american hours
I wonder if they could use Wasmer to execute Javascript under the hood without limitations.
I did download YouTube videos a few years ago, I did value that YouTube could keep your place.
But it’s a real mess it keeps crashing, something I might too humbly put down to me having too many files, but passive aggressively put it down to YouTube on iPad not having a limited amount of storage space.
On the other hand there’s a number of amazing videos I’ve downloaded to watch which have been remotely wiped. Grrr
Viva Revanced!
SABR
"In 2025, YouTube started rolling out a new streaming protocol, known as SABR, which breaks down the video into smaller chunks whose internal URLs dynamically change rather than provide one whole static URL. This is problematic because it prevents downloaders (such as yt-dlp) from being able to download YouTube videos at resolutions higher than 360p due to only detecting format code 18 (which is the only format code available that doesn't use SABR). So far, this issue has only affected the web client, so one workaround would be to use a different client, such as tv_embedded (where SABR has not yet been rolled out to), so for instance in yt-dlp you could add --extractor-args "youtube:player_client=tv_embedded" to use that client. It is not known how long this workaround will work as intended, as YouTube rolls out SABR to more and more clients."
https://wiki.archiveteam.org/index.php/YouTube/Technical_det...
Thanks for the comment, OP just throwing out just "SABR" like we're all supposed to know what it means.
1 reply →
This is unrelated to the JavaScript challenge this post is about, and a very specific technology for video streaming. SABR means "server-side adaptive bitrate" and is a bespoke video streaming protocol that Google is moving towards, away from the existing DASH protocol. There is some info here https://github.com/LuanRT/yt-sabr-shaka-demo
You need at least 5 letters for Wordle.
What does the Society of American Baseball Research have to do with this?
Sneak Attack By Roger?
it's pronounced sabray
more dependency bloat just to deobfuscate some randomly generated bs that's increasingly complex for no reason and has no value existing in the first place, much like its creators
...
[dead]
[flagged]
[flagged]
I know the definition precisely, which is why I used that word. If you disagree with my usage, please explain why their actions don't constitute extortion.
Here's what happened: They leveraged their platform to get 60,000 people to sign a petition.
Using this petition and the resulting legal proceeding, they forced the entire community's hand by framing it as "the last chance" to get the trademark released, which it is solely because of their actions.
They unilaterally made it the "last chance" without seeking even minimal input from the community they claim to represent. Not even OpenJS. Now they're demanding 200k, citing the difficulty of proceeding alone and suggesting they might not be able to succeed without this funding.
This is textbook extortion: creating artificial urgency, leveraging community pressure, and demanding payment under the threat that their stated goal will fail without it.
You don't need enemies with friends like that.
none of it will matter soon. anything you want to see or watch will be dynamically generated just for you. enders game is here.
why would I want that?
What if I want to rewatch it, offline?
Good to see the mice are still winning the cat-and-mouse game. Selfishly, I kind of want the cat to start to win, to satisfy my curiosity. I predict that if YouTube ever actually blocked downloading, a YouTube competitor that supports downloading would start to immediately gain popularity. I want to know if I'm right about that, and there's no way to test unless Google actually starts to win. Go, Google, go! I believe in you!
I suspect that if youtube ever fully blocks video downloads you will start to see a lot of piracy groups and file sharing communities providing youtube content.
Those who download videos are a minority and targeting minorities will never give you exponential growth. Furthermore, the same minority probably abuses ad blockers so it would be difficult to squeeze a single cent from these freeloaders.
> targeting minorities will never give you exponential growth
Serving a niche is a very good way to start with many products. It is even common gospel in startups. With the rest I agree.
A friend of mine recorded a YouTube video using OBS. She had to do some minor edits on it and could not use her system during the recording, but it worked. I told her to stop it, as that is infringing on the creator's copyright and is an assault on the nation's digital economy. She hasn't recorded a video since, at least not that I know about. I feel good about making sure YouTube can reasonably profit off of creators' content since they give away the storage and access for free.
Instructions on Vine-glo grape concentrate during prohibition: "Do not place the liquid in this jug and put it away in the cupboard for twenty-one days, because then it would turn into wine."
I had another friend that simply recorded YouTube videos from their smartphone. As a zealous law abiding citizen, I immediately smacked the phone out of his hand and lectured on how copyright law is the foundation of the Information Age, which is the future, and disregarding it is an affront to modern life and civilization. I made him delete all his videos, and even made him hand write letters of apologies to the YouTube creators. These creators don't reveal their home addresses, but I'm sure they appreciated the emails containing the scan of the handwritten letters.
We have an old SCSI scanner, so it took about as long to scan it as it did to write it.
Touché
No requirements for me. I don´t use YT at all :) There are plenty of better alternatives.
My brother sent me a long talk on YouTube and pleaded with me to listen to it. Watching was pointless the video was just talking heads sitting in chairs. However you can’t just play a video and turn off your phone while listening to the audio on headphones. The mobile browser sleeps and the audio stops. So I used yt-dlp to rip the audio and dropped it into my Plex server to listen to with Prologue. It wasn’t even about the ads, I just wanted to do some gardening and listen to something on headphones while I worked, without my phone screen on.
Firefox Mobile has an extension "Video Background Play Fix" to disable the Page Visibility API anti-feature.
1 reply →
on iphone, if you use youtube in the browser in stead of the app (as you should), then you can do background listening if you play the video, lock the phone, unlock the phone, play th video again, lock the phone, unlock the phone, resume play with the media controls, lock the phone.
https://newpipe.net/
You're welcome
I'm watching not youtube but video creators. There is no even worse alternative if person you want to watch doesn't publish video on other site.
Maybe, for watching "recommended" stream without any subscriptions there are alternatives (which? I cannot name good ones, anyway), but if you watch your subscription you are bound to platform which contain this subscription. And no, content creators are not interchangeable.
It's obviously not about YT the product, but about YT the content library. I don't think there are better alternatives to that content library.
Thanks for letting us know!
until someone shares a video with you
any recommendations?
Dailymotion, Vimeo etc. No ads, no bs it feels like freedom again. And if they change others will replace them.
3 replies →