Comment by xeonmc
11 hours ago
In ten years time YouTube will be entirely inaccessible from the browser as the iPad kids generation are used to doomscrolling the tablet app and Google feels confident enough to cut off the aging demographic.
11 hours ago
In ten years time YouTube will be entirely inaccessible from the browser as the iPad kids generation are used to doomscrolling the tablet app and Google feels confident enough to cut off the aging demographic.
They’d need dedicated hardware to enforce any kind of effective DRM. Encrypted bitstream generated on the fly watchable only on L2 attested device.
>They’d need dedicated hardware to enforce any kind of effective DRM.
That's already here. Even random aliexpress tablets support widevine L1 (ie. highest security level)
maybe to stop the .01%. switching to app only, sign in only would get them pretty much all the way there.
They own the os, with sign-in, integrity checks, and the inability to install anything on it Google doesn't want you to install they could make it pretty much impossible to view the videos on a device capable of capturing them for the vast majority of people. Combine that with a generation raised in sandboxes and their content would be safe.
"their" content? This is Youtube.
Of course, the same can be said for FB, Tiktok, instagram, Pintrest, reddit, ... and I'm sure the list keeps going. Frankly, Youtube is pretty damn good about this, really.
1 reply →
Netflix is already there for 4k streams
And it's an entirely useless effort. No idea how it is done but the internet is full 4k rips.
13 replies →
I knew of this chrome bug which could allow netflix to be ripped. I had heard it in comments of some section of youtube and I might need to look further into it but its definitely possible.
It's not as easy as downloading a YouTube video though
Can you explain in simple terms what would prevent one from running the decryption programmatically posing as the end client?
Yes, it's called: Web Environment Integrity + hardware attestation of some kind
> "the technical means through which WEI will accomplish its ends is relatively simple. Before serving a web page, a server can ask a third-party "verification" service to make sure that the user's browsing environment has not been "tampered" with. A translation of the policy's terminology will help us here: this Google-owned server will be asked to make sure that the browser does not deviate in any way from Google's accepted browser configuration" [1]
https://www.fsf.org/blogs/community/web-environment-integrit...
Let's say the only devices you can get that will run YouTube are running i/pad/visionOS or Android and that those will only run on controlled hardware and that the hardware will only run signed code. Now let's say the only way to get the YouTube client is though the controlled app stores on those platforms. You can build a chain of trust tied to something like a TPM in the device at one end and signing keys held by Apple or Google at the other that makes it very difficult to get access to the client implementation and the key material and run something like the client in an environment that would allow it to provide convincing evidence that it is a trusted client. As long as you have the hardware and software in your hands, it's probably not impossible, but it can be made just a few steps shy.
Here are a couple ideas:
The decryption code could verify that it's only providing decrypted content to an attested-legitimate monitor, using DRM over HDMI (HDCP).
You might try to modify the decryption code to disable the part where it reencrypts the data for the monitor, but it might be heavily obfuscated.
Maybe the decryption key is only provided to a TPM that can attest its legitimacy. Then you would need a hardware vulnerability to crack it.
Maybe the server could provide a datastream that's fed directly to the monitor and decrypted there, without any decryption happening on the computer. Then of course the reverse engineering would target the monitor instead of the code on the computer. The monitor would be a less easily accessible reverse engineering target, and it itself could employ obfuscation and a TPM.
1 reply →
Attestation requiring a hardware TPM 2.0 (or higher), and not being able to extract the private key from the TPM on your system.
TPM is Mathematically Secure and you can't extract what's put in. See, Fritz-Chip.
You don't get access to the decryption code nor the keys - both are hardwired in silicon.
We'll eventually be able to reverse-engineer that and run it programmatically, but it will take a long time.
And when they catch you doing so, they'll ban your (personalized) encryption key so you'll just have to buy another graphics card to get another key.
This is how it already works, not some future thing. But the licensing fees make it so it only gets used for Hollywood-level movies.
iOS can already attest to websites that they are running in unmodified Safari. https://developer.apple.com/news/?id=huqjyh7k
I guess that isn't quite enough to prevent screen recording but these devices also support DRM which does this.
I guess at that point we could do it the old fashioned way by pointing a camera at the screen. Or, I guess, a more professional approach based on external recording.
Wonder if you could train a neural net to take camera recordings and basically reconstitute the original. For a given setup, the distortions should be pretty consistent.
I might be recalling it wrong,but I remember reading that there was some old hardware that refused to record protected TV/Movies probably a VCR or a DVR.
Camera manufacturers can easily refuse to record a stream of they detect it is protected, may be via watermarks or other sidechannel.
1 reply →
Which is why Windows 11 requires TPM.
TPM isn't the only misfeature that makes Windows 11 an abomination. People who don't switch to a respectful platform is in for a lot of pain.
DRM protection schemes usually don't rely on TPM, the real magic happens inside your GPU and the monitor.
2 replies →
The YouTube web app is so full of bugs it's almost unusable on a phone.
Comments also disappear regularly on all platforms...
I can only navigate to a video by long-pressing, copying the URL and pasting it into the URL bar, otherwise I get a meaningless "something went wrong" type error message. Mobile Safari, no content blockers, not logged into a Google account. After almost two decades of making the website worse they finally succeeded in breaking "clicking a video". I wonder what the hotshots at Alphabet manage to break next :o)
This was happening to me browsing in FF with uBO. It would work as soon as I disabled uBO. I realized uBO needed an update, and it went back to working with uBO active after the update. For a couple of hours I was ready to never use YT again if it meant suffering their obnoxious interruptions with ads.
Works dandily here.
Suspicion: they’ve fingerprinted me hard and know I have premium but like to watch occasionally from Safari private (with content blockers) and don’t hassle me.
Mainly suspect this given lack of anti-adblocking symptoms.
I only use the web app on my phone (via Firefox). It works well enough and I can play videos in the background and block ads.
Do you also get looping search results? I've also had it happen to the simple "videos" tab of a channel.
> Comments also disappear regularly on all platforms...
I don't believe that that's a bug. The disappearance depends a lot on the topic of those comments. It's very much deliberate censorship.
> It's very much deliberate censorship.
Also known as "moderation"
And the YouTube web interface is full of issues too. For example, livestreams had transient memory leaks for months already, thought to be related to their chat implementation.
In the meanwhile, YouTube spends its effort on measures against yt-dlp, which don't actually stop yt-dlp.
What the fuck is wrong with Google corporate as of late.
> livestreams had transient memory leaks for months already
maybe it's vibe coded nowadays
dumb middle management driven by dumb metrics
a very old story...
Google is having a hard time conforming to their own javascript standards.
One constant about Google, they always bet on the web.
Until the profits tells them not to.
i think a lot of millenials and older gen-z use youtube on browsers. It has more and more alternative competitors too, like bilibili in China.
Ooh thanks. If the 21st century is going to belong to China, then BiliBili, along with v2ex.com, is gonna need to get added to my doomscrolling itinerary.
They'll never leave money on the table like that. The older demographic are the only ones that can buy things.
Pffft, and good riddance, comrade! Just think about native application and native performance, great native animations and native experience (and native ads, of course)! We won't have this god-awful Web (that propelled modern tech world in the first place) anymore, we can finally have personal vendetta against awful JS and DOM. No more interoperability, no more leverage against corpos, just glorious proprietary enclaves where local tyrant can do anything they want!
> No more interoperability
> no more leverage against corpos
> just glorious proprietary enclaves where local tyrant can do anything they want!
These are all literally consequences of the web btw, as are things like attestation in consumer hardware.
> These are all literally consequences of the web btw, as are things like attestation in consumer hardware.
Totally this, and not because powers suddenly realized they can't control Web like they controlled early "smart" dumb phones circa J2ME times.
Think of iOS. You can basically use just 1 programming stack on iOS devices: Swift/Objective-C. You can't have JIT except for the JIT approved by the Apple Gods.
The biggest hack to this is React Native, which barged just in due to sheer Javascript and web dominance elsewhere, and even that has a ton of problems. Plus I'm fairly sure that the React Native JS only runs in the JIT approved by the Apple Gods, anyway.
Otherwise, we're stuck in the old days of compiled languages: C/C++ (they can't really get rid of these due to games, and they have tried... Apple generally hates/tolerates games but money is money). Rust works decently from what I hear. Microsoft bought Mono/Xamarin and that also sort of works.
But basically nothing else is at the level of quality and polish - especially in terms of deployment - as desktops, if you want to build an app in say, Python. Or Java. Or Ruby. Or whatever other language in which people write desktop apps.
And we're at a point where mobile computing power is probably 20x that of desktops available in 2007. The only factor that is holding us back is battery life, and that's only because phone manufacturers manufacture demand by pushing for ever slimmer phones. Plus we have tons of very promising battery techs very close to increasing battery capacities by 20-50%.
> Plus we have tons of very promising battery techs very close to increasing battery capacities by 20-50%.
Could you elaborate a bit, please? Any links are appreciated.
2 replies →
This is obviously not plausible. They're never going to shut off browser access on people's laptops. Watching YT at work is a major thing.
I have to assume you're joking, but I honestly can't figure out what point you're even trying to make. Do it think it's surprising that an ad-supported site has anti-scraping/anti-downloading mechanisms? YouTube isn't a charity, it's not Wikipedia.
They can't shut off browser access, but they surely can kill all non-Chromium browsers.
No, they can't. Way too many devices, including televisions, access YT via all sorts of browsers. Not to mention antitrust would be all over that. With their dominant browser share, getting people to switch to Chrome by removing access to YT for Firefox would get multiple governments filing lawsuits ASAP.
2 replies →
Not to mention all of the iframe embeds. I’d argue it’d helped YouTube become the defacto go to platform for corporate videos. Yeah there’s other solutions but the number of corp sites that just toss videos on YouTube is insane.
I don’t think it’s such a wild possibility that more and more jobs will be able to be done with locked down tablets and smart phone while fewer will be done on laptops and desktops. We are already seeing it at the personal level - people are entirely forgoing personal computers and using mobile devices exclusively. The amount isn’t huge (like 10 or 15% in the US IIRC?) but 10 years ago that was unthinkable IMO.
I was reading a study recently that claimed Gen Z is the first generation where tech literacy has actually dropped. And I don’t blame them! When you don’t have to troubleshoot things and most of your technology “just works“ out the box compared to 20 or even 10 years ago, then you just don’t need to know how to work under the hood as much and you don’t need a fully fledged PC. You can simply download an app and generally it will just take care of whatever it is you need with a few more taps. Similar to how I am pretty worthless when it comes to working on a car vs my parents generation could all change their own oil and work on a carburetor (part of this is also technology has gotten more complicated and locked down, including cars, but you get my point).
The point of all this is I could definitely see a world where using a desktop/laptop computer starts becoming a more fringe choice or specific to certain industries. Or perhaps they become strictly “work” tools for heavy lifting while mobile devices are for everything else. In that world many companies will simply go “well over 90% of our users are only using the app and the desktop has become a pain in the ass to support as it continues to trend downwards so…why bother?”
Who knows the future? Some new piece of hardware could come out in 10 years and all of this becomes irrelevant. But I could see a world where devices in our hands are the norm and the large device on the desk becomes more of a thing of the past for a larger percentage of the population.
Just because the balance shifts doesn't mean the desktop/laptop stops being supported.
Laptops aren't going anywhere. Even if phones and tablets replace them for a third of tasks, or a third of people.
The idea that laptops with browsers would become so rare that YouTube would drop support, within any reasonably predictable future timeframe, is pure fantasy.
4 replies →
>Watching YT at work is a major thing.
Where are these jobs where I can get paid to watch YouTube?
Lots of people listen to the audio. It’s like a podcast, or having the radio on, which is fine in lots and lots of jobs.
Some people probably also literally watch it, but I know multiple people who basically use it as a radio at work.
Plus, never worked anywhere where half of everyone, including management, is more-or-less openly watching sports more than working during major tournaments?
1 reply →
Working in infrastructure design (specifically railways), cab ride videos are often useful to fill in gaps in as-built plans or the pictures you took on a site visit (you'll always miss out to photograph something that'll be of major interest later), especially in early planning phases. Plus there's the odd software tutorial video here and there, too, of course.
I think it would give me a life crisis and I'd feel like a failure of a boss if I learned my otherwise productive employees felt they couldn't watch sloptube the clock. A sysadmin that isn't constantly jacked into nethack is hardly a sysadmin at all. You should really demand more humane working conditions if you feel like you have to micro-optimize your work day.
In small shops youtube is quite a handy source of information. I have to prototype and 3D print lots of stuff.
[dead]
I hope they will do that, yes really.
Because this will mean major shift to open-source and community solution, where creators will be paid directly by their viewers.
I have NO problem, what so ever, to pay content creators directly.
But I have HUGE problem to pay big corpos. It's ridiculous that we pay for Netflix same price as US people and for you it's cheaper than coffee and for us, if you compare median-salary, it's 5-10x MORE expensive. (cancelled every streaming platform year before as all of my friends, cloud seedbox here we go) And I don't even wanna mention Netflix's agenda they want to push (eg.: Witcher)
That's why piracy is so frequent here in small country in EU :) Also it's legal or in grey-area, because nobody enforce it or copyright companies are unable to enforce it if you don't make money from sharing. (yes, you don't even need to use VPN with torrents)
> Because this will mean major shift to open-source and community solution, where creators will be paid directly by their viewers.
That’s an unrealistic nerd dream. People haven’t moved off of closed social networks such as Facebook and Instagram, and haven’t flocked to creator-owned platforms such as Nebula. The general public, i.e. the majority of people, will eat whatever Google, Meta, et al feed them. No matter how bad things get, too few people abandon those platforms in favour of something more open.
I'm sorry but this sounds hollow. Creators are specifically choosing to upload their content to YouTube. They have elected "big corpos" to handle payment for them.
You are not standing up for them by pirating their stuff from YouTube.
If you have a problem with it, it is on you to stop using YouTube to view their content. You did not gain a moral right to pirate their stuff just because you don't like the deal.
It's not YouTube though, but downloader :)
"yt-dlp is a feature-rich command-line audio/video downloader with support for thousands of sites. The project is a fork of youtube-dl based on the now inactive youtube-dlc."
I guess the point was that yt-dlp is only possible, because of the mandatory protocols you need in the browser. Moving to native app makes it much easier to prevent downloading and denying access to the unencrypted content.
I think these days yt-dlp is possible because they're relying on the infra YouTube has for their TV apps, which are html5 (ish) browser apps. so they'd also have to dedicate time to building native apps for every TV in existence, even if youtube.com went away.
1 reply →
My understanding is that the original yt-dl used the browser interface. yt-dlp uses the android app interface.
1 reply →
> Moving to native app makes it much easier to prevent downloading and denying access to the unencrypted content.
It would still be possible with native apps. Somebody will have to reverse engineer it continuously. So it will be slower, but still possible.
However, that won't be the case if they start using some secret (like a private key) that you can't access directly from an app, or if they decide that you can't run custom/modified apps. That's what I believe to be the true intentions behind their push to adopt dystopian technologies like secure enclaves and platform attestation. Not really about security as they claim.
1 reply →
Doesn't matter, yt-dlp looks like a browser to youtube. They can put authorization/encryption in an app that can't be done in a webpage. By killing browsers they gain control.
They know that. yt-dlp uses browser-like access to download.