105 replies
23h17m
Site: "This website has no tracking or analytics."
Privacy Badger blocked tracking from:
googleads.g.doubleclick.net
static.doubleclick.net
play.google.com
www.google.com
www.youtube.com
<iframe width="560" height="315" src="https://www.youtube.com/embed/_1Y8PwD5XDs"
title="YouTube video player" frameborder="0" allow="accelerometer;
autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
I love their work. I’ve also been working on some video to teach people how to publish their own book (the first of which I’ll make available free when it’s ready).
Anyway, I’d like to NOT embed YouTube. Maybe I will anyway, but I wonder if anyone has alternatives, especially if they are scrappy, tiny alternatives like those that I imagine 100r might produce.
I’m considering MP4 or WebM in HTML and wilder ideas like an audio file and a few images that are started at the same time with JS.
why wouldn't you host your own video file? I don't understand this dependency on youtube
Streaming is important, especially for longer videos. I don't believe any static hosting site supports video streaming.
I suppose any reasonable browser can play off a HTTP stream. I not so sure it would be able to navigate in the stream easily (like clicking at a particular time on the progress bar), because the bitrate is highly variable.
What else am I missing?
Dynamic bitrate is the main one - the browser & server coordinate to figure out the highest video quality the user can watch without stuttering/buffering.
The client can do that 100% client side, you can serve pure static files with a JS player that handles the streaming. All you have to do is chunk the video into small 2-5 second chunks at a variety of nitrates and list them all in an .m3u8 playlist file if the right format.
I know because I explored this for a hobby project of a movie I liked. See here: http://lelandbatey.com/projects/REDLINE-intro/
Use your network inspector to observe your browser requesting the individual chunks over time. Note that my server is just an Apache2 file server.
always wondered how this handles prebuffering. (i.e. max-prebuffer = chunk-size) ?
Pretty cool!
most video players also support http and there is no problem with just putting files up.
imho all the streaming tech, drm, hls, adaptive bitrate selection and whatnot, are just commercial fads to increase margin
Adaptive bitrate selection seems important if your clients have narrow or unstable bandwidth (e.g. mobile), or when you may get constrained by outgoing bandwidth (/. effect aka HN crowd).
Amazon S3 (static hosting) supports streaming[1], but doesn’t transfer the hosting “cost” to the user as YT does.
[1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/tutori...
You can just turn your video file into a bunch of HSL or MPEG Dash segments and store then as static file with a playlist/manifest file next to them, and tada! you now have video streaming in your static hosting site.
Right but if you have your own ip address and fiber connection that should be enough for narrow-casting.
I'm surprised to see my inexpressible urges documented by others. I'm with these people 100% right down to why a sailboat.
I tried to do this with an apartment building. The building is too large to focus on a the detail I need. A 43' sailboat is actually a great size to prototype on.
I have a signed P&S and hope to be hard core boat living sometime in September. The idea will be the studio time I get while on land will be much sweeter if I spend a lot of time on a boat.
The boat is self-contained so my aspirations won't effect people paying rent.
The building has everything I need to host my own streaming. I don't know that I will ever publish content, but if I do it will be entirely self-hosted. If the audience is so vast that brings everything to a halt, things will start functioning again once the hordes get bored.
Think of all the wasted brain power content-creators go through to keep YouTube at bay.
I believe content should be the residue of the work. I think once publishing is the funding source it may distort the work.
The video is 57 seconds long. Should be fine ~ kinda.
My host doesn't support video. If I point <video> at a file it plays just fine but the server doesn't do partial content so the player crashes or stutters if the user attempts to seek outside what was downloaded. When the whole thing is downloaded it works smoothly but it isn't quite acceptable. There is no easy html way to preserve the seek/progress bar and `Accept-Ranges: none` has the same meaning as not setting the header(?)
I cant seem to find answers or bugs, all I find "make sure your server supports partial content" which really isn't required to make it work.
most ppl probably fall into the category where self-hosting their content is viable, though most also don't know anything about it, hence the outsourcing
Turn your videos into HLS playlists (.m3u8) or mp4 and host the individual video files behind Cloudflare. Serve them on the frontend using JW Player or some other JS video player and from the backend using a $5 DigitalOcean droplet that serves the files from block storage.
You’ll have to learn some ffmpeg incantations but the bandwidth will be free and your total costs will be the tiny VM and block storage. Might even be able to point Cloudflare at a public bucket and skip the VM.
If you need to store and serve several terabytes of content, a dedicated server instead of block storage will be your best bet (again with Cloudflare), you’ll just need to figure out offsite backup and restoration.
Doesn't cloudflare TOS forbid video content?
Huh, looks like it does unless you use Cloudflare Stream. Thankfully this is a throwaway account :-)
I think by keeping the HLS segments at a few megabytes each and not using a file extension in the URL, I've slipped through the cracks.
(My religion forbids me from recognizing any terms of service that haven't been given the three blessings of the matriarch)
I’ve heard that third blessing is pretty much impossible to get.
There hasn’t been a matriarch since the last one died in 1842. The two last surviving religious orders with voting rights have been in a deadlock ever since because they can’t agree on what color sesame seed belongs in “Everything but the Bagel” seasoning.
Saint Trader Joes tried to unite them by using both light and dark sesame years ago, but there’s just too much bad blood for them to work together. We are still waiting for the chosen one that will bring balance to the bagel.
Ahh, the utter tragedy of the Sesamoschism of 1842. The sad thing is that the deadlock between the Correctly Righteous Matriarchaleanbageloptomistrists and the Righteously Correct Matriarchaleanbageloptomistrists all comes down to one member’s error in mixing toasted light sesame seeds with raw dark sesame seeds, and neither side being able to agree which member needed to suffer the rites of immaculate defenestration.
May the bagel balanced be.
Yes, then in 1863 we had a brief window of hope as Frau Blücher, a charismatic blind preacher, wrote her famous “Two Theses” on a bagel bag: “1. I cannot taste the difference; 2. It all looks the same in your stomach.” This ecumenical message sadly did not endure and she too was thrown out of a first floor window.
*Horse Whinnies in the distance*
I think it's more likely you just don't generate enough traffic for them to care to stop you. I think the main issue is that their business model of not charging for bandwidth doesn't work well for video. As long as you aren't using a ton of bandwidth, they won't care you are doing some video.
Just make sure that player supports right click->Save I'd much rather download and view a video in VLC than somebodies janky JS player
<pkg-manager> install mpv ytdlp
give site-url to mpv
watch video
PS:
vlc can play from urls too, but isn't as compatible with the way most sites implement it
You might, but the UX of that process for a 57s video is... below standard expectation.
The simplest thing would be to simply link to a Youtube video, perhaps with a small warning that it will take them to Youtube which uses trackers. You could even make the link an image that is the thumbnail of the video.
Not the prettiest or purest solution, but very simple.
I've seen youtube embeds be overlaid and say things like "this embed carries tracking, click here to load inline at your own peril or here to watch on original site" or something to that effect.
Can't recall where though.
I believe duckduckgo offers a similar warning when playing videos from search results.
It also uses YouTube-nocookie.com, which turns off targeted advertising or tracking. You are still tracked, but views aren’t linked or ads aren’t linked to your account. YouTube docs call Privacy Enhanced Mode for Embeds.
https://support.google.com/youtube/answer/171780?hl=en#zippy...
Medium did (does?) this when you have DNT enabled. Several GDPR-compliant sites do the same, though many use their embeds as a means to track people into clicking the "accept all tracking" button.
Duck duck go?
What I do (first of all for performance) is use YouTube links and have a script that prepends each `a.embed` link with an "embed" button. The button turns the link into an embed and back.
https://dbohdan.com/assets/embed.js
Neat solution.-
I disagree. That is the prettiest and the purest solution!
The "purest" solution would be to host the video yourself.
I use lite-youtube on my site for this reason. Instead of embedding the YT player directly, it shows a thumbnail that pulls in the embed when you click to watch the video.
That way visitors aren't tracked unless they actively click the thumbnail to watch the embedded player. Iirc it also works as just a link so visitors have the option to cmd+click or right-click-copy to avoid the embed.
It makes me sad that this is the top comment for this link to Hundred Rabbits.
I feel it’s such a “I am very smart gotcha” comment that isn’t helpful in any way.
It distracts from the actual topic.
It calls out a bogus claim. The actual topic is diluted and deemphasized if the authors make bogus claims. So the distraction is on them, not on HN commenters.
You pointing out a minor mistake that has zero implications doesn’t provide any value. It may feel good to you pointing out mistakes others made, but especially in this case it doesn’t matter. It’s not important.
And you seem to read way too much into this mistake, promptly distrusting all the content they ever made or wrote.
Next time you make a mistake, I hope people around you will treat you the same way you treat other people, let’s find out if you like that.
It does matter, it is important. Making such a mistake calls into question if they don't have other, more serious, mistakes in their actual articles.
I don't make extraordinary claims so I am not bound to provide any extraordinary evidence. They do make an extraordinary claim.
This shows such black-and-white thinking, thinking in absolutes that doesn't take in account, the context and circumstances.
To me it shows a rigid mind that can't perceive nuance, and think / reason about topics in a particular context.
Minor mistakes are often just that: minor mistakes. If this was an error in a scientific paper or news article, your stance may have had more merit. But that's not the context here at all.
A blog claiming not to track you isn't an 'extraordinary claim' by any definition. So that's a mistake on your part, so I can't take anything you say seriously anymore, by your own definition.
It's your right to conclude all that. I gave my take, I was not looking into calling into question. ¯\_(ツ)_/¯
I feel that engaging here is probably a mistake, but screw it.
That seems like a pretty extraordinary claim to me. That you've made. Twice.
Was that supposed to be an argument? I don't claim I don't do tracking on my website. They do.
One could also be a bit more compassionate and just realize that people make mistakes or just don't have every line on their website memorized if they decide one day to just share a YouTube video.
I doubt they are actively trying to trick people into letting down their "adblocker" guard so they can retarget them with advertising...
Compassion has nothing to do with taking something seriously.
I have compassion for their cause. Read 2 articles and was intrigued.
At the same time, spotting such an obvious mistake does make me wonder if their articles have glaring mistakes in them as well.
"Perfect is the enemy of good" really applies here.
Someone is aware of the issue of online tracking and tries their best to get rid of all of these things (web fonts, analytics,...) and even states their intent "No tracking". One day they make a small mistake and don't realize that sharing a YouTube link on their website drops a cookie and immediatelly all the good they are trying to do is forgotten.
I hope you never make mistakes.
This absolutely does not relate at all to me. I don't make extraordinary claims so I am not bound to provide extraordinary evidence. So your "I hope you never make mistakes" is irrelevant or, even worse, arguing in bad faith.
You can spin it any way you like. Claims should be backed and checked, else credibility flies out the window. I don't get how that's not glaringly obvious.
This is indeed how I feel about it, thanks.
Curious? What is the actual topic?
Although I feel this is yet another disingenuous question, mostly referencing my own reference, this post is about the people behind Hundred Rabbits, what they make and how they live.
This is noteworthy because it’s 180 degrees opposite from how most HN people live and what they do.
I feel we should change society somewhat
Google's become a marketing-profiling engine, wrapped in ad-serving infrastructure, wrapped in the decaying remnants of a search engine.-
It’s been like that since August 2000 when they launched their premium sponsorship program, which was replaced by AdWords later that year.
I’m not sure you can fully blame Google for what the web became though. Part of the reason search engines are close to useless here 24 years later is because most of the content people produce go to SoMe sites. Sites like Hacker News, sites like Medium and so on and because of how everything became a popularity matrix people are posting soooo much useless stuff online. Where it used to be you actually had to have something to say to bother putting it online, because it took an effort, we now live in a world where 90% or the talk people do is while they’re on the shitter. Those 90% is a number I pulled out my ass, but it would be hilarious to see an actual number on just how much internet “content” gets created by people on a toilet.
It is what it is though. To make a functional search engine today which was on par with Google in 2000, you’d probably need access to browser bookmarks of the people you’ve ranked as having interesting taste in what they bookmark. Which probably isn’t really possible without breaking a lot of laws, if at all.
Makes sense. Tangentially, people always mention of spending time on the toilet, but I never could relate as its a max 2-3 minute activity for me, usually less. Only have enough time to read some Reddit posts. Maybe, as I get older, this will change.
Edit: I am vegetarian, probably has something to do with it.
In my personal experience it mostly has to do with how much fiber you get, whether you eat meat or not. Lots of meat and no fiber is not recommended.
This is why I stopped eating keto; I lost two stone really quickly but you pay for it when you're on the throne.
Low carb tortillas are absolutely packed with fiber (like 25-30 grams per burrito).
A little chewy, but you get used to it. And you definitely aren't short of fiber if you also have a salad that day
Gotta give the hemorrhoid doctors some work. Ideally you should finish your business rather fast, but I think a lot of people simply find a nice break on the toilet. Obviously food has an impact but if any type of *vore has long shits it’s probably because they aren’t getting enough fibre, another boon for the hemorrhoid doctors!
The reason I know a shit should take 30 seconds is because there is this Danish doctor who has spent like 30 years studying how we shit, and her name is Gert which is typically a male name. Anyway some years back she was on TV telling the nation how to shit, and it sort of went viral and now everyone above a certain age basically knows who Gert “who knows how to shit” is.
No shit.-
Actually lots
One could probably put a date on the moment when the decreasing friction of publishing to the web intersected with the increasing potential for monetization. Suddenly all of these new people are writing blogs for AdSense revenue instead of good vibes and the atmosphere has all the vibrancy and vitality of a strip mall.
Early 2004, I'd ballpark.-
That didn't last very long. Even before geocities there was a huge amount of random/pointless stuff online. It was okay though because those people weren't looking to make money. They didn't feel the need to misrepresent or SEO the hell out of their personal sites to drive traffic.
Greed killed the internet. Once people started putting up websites with the intent to line their own pockets instead of doing it just to share something fun or cool or personal or helpful it was doomed. Corporations quickly got involved and everything else got crowded out, bought out, or replaced by ad-filled trash.
I'll pull out an equally haphazard guess: Up to 5%.-
It's an unfortunate use of Youtube embeds. Aside from letting people uncharitably dunk on them, the Youtube here isn't even doing anything. The YT video in question is https://www.youtube.com/watch?v=_1Y8PwD5XDs , which is 57s long, has 2 worthless comments, no description/metadata/playlist/closed-captions/categories, and a yt-dlp takes literally 5s for me to download the 1.5MB MP4. (Which I think may actually be about the size of the full weight of the YT embed container based on the last post I saw here whining about YT embeds...?)
This is a perfect candidate to host yourself and just slap it in some <video> tags.
this could honestly even be a gif if you just showed the app without the desktop background
GIFs are warts. There's no way to stop them, so they endlessly demand your attention.
You can tell your browser to stop them.
Unconditionally, for all websites. I suppose nothing of value is lost.
I beg to differ: hamster dance.
I've often wondered why Discord is the only major platform client that provides an option to play gifs only on mouseover. It's incredibly effective at solving for the problem you describe.
They're probably not GIFs, and I have to say this because it bugs the hell out of me.
Half the """GIFs""" you see online are webm. Just put a webm. They work great.
It's possible to stop gifs if the domain framed them with the proper code. Unfortunately many people believe gif = png,jpg and exert zero effort to handle them differently.
also with <video> it does not get preloaded before you press play (in Firefox and chrome at least?
Depends on what you set the preload attribute to
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/vi...
The embed has to be changed to YouTube-nocookie (which is what happens when you enable privacy enhance mode when sharing embeds). But that might not entirely comply with GDPR, as Google still does attempt other measures of tracking.
So they should either introduce a cookie banner, find an alternative host that more strictly adheres to privacy concerns, or just host the video themselves in a video element.
also you could just embed a self-hosted image that links to youtube. presumably if somebody clicks on the image with the youtube logo on it they know they're going to youtube
i mean peertube is a great alternative, and nowadays browsers are pretty okay at just playing bare mp4 files if you re-encode them with ffmpeg -movflags faststart -c copy, but if for whatever reason you choose to use youtube instead there are some harm-reduction measures you can take
I’ve done this in the past by literally grabbing a screenshot of the video thumbnail (and the play button) and adding a link to that image.
Sure, it won’t play in the same page and won’t be up to date with thumbnail or other presentation changes but I didn’t care - it was a small image that also didn’t include any executable code or privacy risks.
yes, exactly!
I'd like to see Peertube clients as widely available as Wordpress clients. They don't have to be federated. You can just host your own stuff.
any browser works as a peertube client; do you mean "peertube installations" and "wordpress installations", or are you talking about the software used to view videos?
Peertube. Now there's an idea whose time has come.-
More info:
https://dri.es/how-to-remove-youtube-tracking
(I develop Privacy Badger.)
Privacy Badger can replace YouTube embeds with "click to activate" placeholders. Faster browsing, better privacy, easy-to-use controls, at least when the replacement works properly.
See "Pro tip #1" in https://www.eff.org/deeplinks/2024/01/privacy-badger-puts-yo...
ah thanks for this! youtube embeds disabled by default is an improvement I didn't even know I was looking for!
You're welcome!
Thank you for developing an amazing tool!
Thank you for using Privacy Badger!!
One solution is to add headers that forbid all includes (and therefore all tracking):
Wouldn't this break the embedded video?
Yes. The website publisher would add this CSP header to ensure that the browser only loads sub-resources come from the first-party domain. It does not prevent the publisher from writing markup that declares third-party resource loads. The header ensures that the site will "break fast". CSP headers are often more useful in sites that allow clients to write markup, however there is still utility in declaring your intention to not load third-party content in your markup.
Yeah, or as a META tag
The "\u263Eoe\u2721is\u271E" of online politics if I've ever seen. Nearly meaningless but people place great emotional and identity-based weight on it (even if they've signed away all their data via TOS, as they likely have).
Sidebar—why does hacker news fuck with arbitrary unicode codepoints? Strikes me as deeply user-hostile behavior.
This place would be utterly unbearable with emoji.
The symbols you wanted to include are in the Dingbats and Miscellaneous Symbols blocks, which I expect are all banned because they contain some emoji and this was the cheap way to be rid of those, quick test: "" "", that's a Miscellaneous Symbol and a Dingbat of no emotional valence to speak of and certainly not colourful ones.
As you can see, that's the deal: they're casualties. I wouldn't mind a more discerning filter, but then again, I wouldn't mind a dark mode, and here it is, years later.
This is meant to be a representation of this image https://en.wikipedia.org/wiki/Coexist_(image) for people too lazy to copy and paste
That doesn't happen until you actually attempt to play the video though, right?
No, it happens when you load the page. As a test I made a simple web page that just said "This is a test" and included the Google embed and visited it in an incognito window in Chrome and looked at what happened in the inspector. I used an incognito window to ensure that I wasn't starting with any cookies already saved for Google.
Just displaying the page with the embed hits those sites. All in all there were around 20 successful network requests made to load the site. There were another 7 or so requests the Ublock Origin blocked, to play.google.com/log, and then after the page loaded it continues trying those every second or so, although it seems to have slowed down after around 19 but is still ongoing.
It leaves 5 cookies (4 persistent, 1 session) and also looks like it has something in IndexedDB.
Similar with Firefox in a private window except it stores one fewer persistent cookies.
On Safari in a private window it has similar network access, but no cookies.
Thanks! I appreciate the effort to get us this info
Apparently there's http://youtube-nocookie.com/ that doesn't do that, but of course that's not the default.
Someone just pointed out I have the same problem on my blog and I'm very pissed. It's not enough that their embeds break every Lighthouse metric and recommendation. It's all this, too
Offtopic: that website is hosted on a webserver/proxy/LB that appears to have a wildcard certificate for dozens of Google domains. Don't they use SNI and separate certs? This wouldn't fly where I work and the security team is asleep half the time.
The same-origin policy prevents Google tracking in a iFrame from identifying the parent site, so technically "This website has no tracking or analytics." is correct. It does expose you to Google's analytics for the iFrame however, so it's down to how you define "this site"...
The same-origin policy prevents Google tracking in a iFrame from identifying the parent site, so technically "This website has no tracking or analytics." is correct. It does expose you to Google's analytics for the iFrame however, so it's down to how you define "this site", but as the owners of the site don't have access to that tracking information, the statement seems fair.
A lot of sites (that follow GDPR mostly) have a "turn on embeddings" switch so that you only see embedded content if you want