simonbrazell / privacy-redirect Goto Github PK
View Code? Open in Web Editor NEWA simple web extension that redirects Twitter, YouTube, Instagram & Google Maps requests to privacy friendly alternatives.
License: GNU General Public License v3.0
A simple web extension that redirects Twitter, YouTube, Instagram & Google Maps requests to privacy friendly alternatives.
License: GNU General Public License v3.0
If I access https://www.twitter.com/
, the extension redirects me to Nitter without a problem.
However, if I access https://twitter.com
, it doesn't.
The console yields the following error
home:1 Refused to load manifest from 'https://nitter.net/manifest.json' because it violates the following Content Security Policy directive: "manifest-src 'self'".
Browser info:
Vivaldi | 2.9.1705.41 (Stable channel) (64-bit) |
---|---|
Revision | ce637bfd730e6b2e549bf8def38f849e1a26bd3b |
OS | Windows 10 OS Version 1703 (Build 15063.2078) |
JavaScript | V8 7.8.279.23 |
Flash | (Disabled) |
User Agent | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.99 Safari/537.36 Vivaldi/2.9.1705.41 |
Let me know if you need any more info, and thank you for the great extension.
Hi, developer of Bibliogram here!
For a couple of months now my Bibliogram request logs have contained listings for rather strange URLs, and I've finally figured out what's causing them — your extension. There's a few things to explain here, so I'll start at the start to make sure we're all on the same page. There's a summary at the bottom of this page if you're really cool and already know everything I'm about to say.
Usernames on Instagram are on the top level, for example, instagram.com/radionewzealand
. The username here is radionewzealand
. This puts them on the same level as other Instagram pages which are not usernames, like /explore
, /accounts
, /graphql
, and /embeds.js
. Therefore, if we see a URL like /privacy
, we don't know if we'll visit Instagram's privacy page, or someone with the username privacy
.
On Bibliogram I decided that I didn't want to deal with this problem, since I of course would like to have my own paths like /imageproxy
without having to worry if there is a person on Instagram with the username imageproxy
whose profile would then become inaccessible. So, I put all users onto the path /u/{username}
, so that any person on Instagram can be visited without me having to worry. Posts are still on /p/
, and I expect that when I implement the explore feature it will be on /explore/
too.
However, people making redirect extensions like yours do actually have to deal with this confusion when deciding whether or not to rewrite a request on instagram.com. It would be rather bad if someone was POSTing their login credentials to Instagram to try to log in there, but some extension rewrote this and sent them to a random person's Bibliogram instance.
Thus, to try to help extension authors, I have written this reference of all of Instagram's reserved URLs that I've found so far (there may be more that I don't know about). https://github.com/cloudrac3r/bibliogram/wiki/Reserved-URLs
Here are the actual strange requests I've received that I spoke about at the start, that you need to not rewrite, however there are very likely more that are currently being rewritten that I just haven't noticed yet:
/embed.js
(www.instagram.com) has been rewritten to /u/embed.js
(Bibliogram)/en_US/embeds.js
(platform.instagram.com) has been rewritten to /u/en_US/embeds.js
(Bibliogram)/accounts/confirm_email/redacted/redacted
(domain unknown) has been rewritten to /u/accounts/confirm_email/redacted/redacted
(Bibliogram). Yes, really. The text redacted
used to be a base64 string that was probably private data, but I decided not to examine it. I don't know if it was a GET or POST.As part of this, I noticed that you were redirecting the secondary request to platform.instagram.com/en_US/embeds.js to Bibliogram. This is a script that is required on another site to display Instagram's post embeds — see here for one example. platform.instagram.com is reserved for their tracking and embedding code to be run on 3rd-party websites. It's probably best that you don't rewrite requests on this domain at all, unless you really want random instance owners to be able to XSS any website with an Instagram embed. Bibliogram does not support external embeds at the moment, and it's not a high priority feature, but I can let you know in the future if you should change this behaviour.
Somewhat related, looking at the code, I see you have some sort of expression to match /imageproxy
, /u
, and /static
. These look like Bibliogram endpoints. Can you explain what this does and why it's necessary?
Summary
As much as I like the idea of invidio.us, I prefer seeing youtube's startpage in order to see trending videos list and to get better search results.
Would it be possible to add an option to only redirect youtube links that start with "youtube.com/watch[...]"?
This way, youtube startpage (youtube.com) and youtube search results (youtube.com/results[...]) come from youtube while the actual video page (youtube.com/watch[...]) gets redirected to invidio.us.
Privacy Redirect asks for read and edit permissions for all websites. This might frighten new users to use your extension since they are worried of being spied out...
I think this should be limited to the few sites that are listed in README only.
You might want to check out "Recordify Title Discover" extension on Chrome Extension Store (https://chrome.google.com/webstore/detail/recordify-title-discover/kkgbclpocodjecojibeaaglcgndegljl) in order to see that it only asks for limited specific website access. This shows that it would technically be possible.
For example, https://twitter.com/simonbrazell/tweets
It leads to 404 now.
If I save a youtube link via bookmark or input a channel via the id, it redirects just fine.
But if I open it through reddit or go through via a search engine like DDG, it still takes me to regular Youtube instead of Invidious, It didn't use to do this but now it does. I've seen the same thing on Twitter and it might happen with sites like Instagram too
Way to reproduce it is
https://duckduckgo.com/?t=ffab&q=rain+music&ia=videos
Search a video like this one, click any of the youtube links, either below or in the videos tab
It'll redirect to Youtube
Save it as a bookmark and opening that same video from there
Redirects to Invidious.
Same steps for Twitter too, these all used to redirect no matter what but now it's only with some links, depending on how their accessed.
This is with the default invidio.us domain and with all the default settings, same with Nitter and everything else, these worked before but now only work sometimes.
Hey,
Embeds on a private forum I use (XenForo 2.1 backend) need javascript, iframe etc tracking information to be whitelisted to load. Youtube embeds get changed to invidious embeds without allowing youtube javascript, but twitter and instagram embeds for example fail to load at all.
The redirecting works fine clicking on them once they've loaded, so I'd like to request an option to force embeds to display as links/clickable placeholders. This would also reduce bandwidth and power usage if not wanting to see the embeds.
Those are misspelled as Invideus, despite being correctly written on the README.md and on the Firefox extension description page.
Similar to the other issue #9 regarding studio.youtube.com, the tweetdeck URL should probably not redirect to Nitter.
The faulty URL: https://tweetdeck.twitter.com/
Thanks!
This is a suggestion to help user avoiding mistakes when entering URL for alternate instances. The extension could be smart and ignoring the trailing slash character would.
Steps to reproduce:
https://nitter.snopyta.org/
in the Nitter Instance field (Notice the trailing slash /
character)Current result:
It attempts to load https://nitter.snopyta.org//
(notice the 2 trailing slash characters)
Expected result:
I loads https://nitter.snopyta.org/
(just 1 slash character at the end)
Note: My example is about Twitter/Nitter but this behaviour is true for all 3 services.
Hello,
You can redirect Google to startpage.com, since startpage.com is a proxy between Google and the user.
Results are practically the same, except the fact that startpage.com doesn't store anything about user in order to provide a better search.
Unless I'm missing something, this is a feature request. I'd like to be able to copy a link to the clipboard (for sharing elsewhere, usually) and have redirection rules applied to it. So I find a YouTube link in DuckDuckGo, right click and copy, end up with an invidious link in the clipboard.
Thoughts?
Hi, YouTube embeds by default block fullscreen. But you
modify that by adding allowfullscreen
attribute in iframe tag.
It's annoying not to be able to watch in fullscreen just because the website decided or because they didn't know about allowfullscreen
attribute. Let me decide what I want.
https://www.youtube.com/c/atareao
didn't redirect me to invidious instance. I'm using version 1.1.22 on Firefox.
Really enjoying Privacy Redirect! I have a feature request.
Would it be possible to add an advanced setting for Invidious video quality?
I find that this would be especially useful for embedded videos since
the default of 720p can eat a bit of bandwidth due to preloading a
portion of the video and I rarely play videos that are embedded.Thanks for considering!
Received via support email.
Hi again!
I found another incorrect redirection.
When trying to access pwnyoutube.com
it redirects to invidious. I think it should not redirect and allow access to pwnyoutube normally.
For info, pwnyoutube.com
is a useful way to access http://deturl.com which provides various tools and services that use youtube videos.
Developer of Bibliogram here, again.
To reduce the volume of requests from users to a single instance, I'd prefer if you randomly selected a trusted instance from a list as the default when someone first installs the extension.
I suggest choosing from this list:
However, you should contact the developer of pussthecat.org before adding their instance to this initial list to make sure they're okay with the volume of traffic they may receive. I (bibliogram.art) and perflyst (snopyta.org) are already both okay with this.
I love the idea of using nitter for individual tweets but it keeps redirecting my main feed link to nitter and it doesn't support it.
I'm not sure I can trust a privacy extension that uses screenshots taken in Chrome.
Received via AMO store review.
As per title. I am on Firefox with extension version number 1.1.21
I'm always generally uneasy about letting an extension "access my data for all websites".
Would you please consider limiting the extension's access to just data from Youtube, Twitter, Instagram, and Google Maps URLs?
Hi,
your extension is very useful. Please add support to bibliogram (instagram alternative front-end).
When you click a View on YouTube link in Invidious it redirects back to invidious. It would be more useful if this actually went to YouTube as there is sometimes issues with some videos.
To be fair, I have no idea of how potentially this could work, but i’m just suggesting,
An alternative, into G maps redirect, to the Qwant Maps service instead of OpenStreetMap (While, of course, Keeping OpenStreetMap as default, the user would have to manually change it for Qwant Maps if that wishes).
While Qwant Maps is based on the OpenStreetMap service, it isn’t a fork or an instance in any way and still is in Beta stages currently.
But while it is currently not as complete as OpenStreetMap, It still has some interesting design choices like the Masq profile alternative, or the addition of open crown-sourced services during the COVID-19 confinement period, with the implementation of ¨Carestouvert¨. https://blog.caresteouvert.fr/qwant-integre-ca-reste-ouvert-dans-sa-carte
And of course, Qwant Maps is open-source obviously : https://github.com/QwantResearch/qwantmaps
Links to channel pages like https://www.youtube.com/pewdiepie
doesn't work, only links with /channel/ or /user/, like https://www.youtube.com/channel/pewdiepie
works.
Love it! but hey dev can you make an option to redirect youtube to invidious works ONLY on embed video? thats would be more convenient!
Received via Chrome web store user review.
Very minor cosmetic "issue" but in Firefox there are unnecessary scrollbars in the popup settings. In Brave/Chrome there are none.
If you open a link that leads to video.twimg.com or pbs.twimg.com the extension should redirect them to nitter.
To get examples just check the direct links to images or videos on any nitter tweet.
Would be nice to have 2 separate extensions one for nitter and one for invidio.us. Mainly because we have lots of issues with youtube very slow/not loading sometimes from invidio.us.
Thanks
can this addon support the other youtube addresses like https://youtu.be and other shortcuts for it.
While this makes more videos work, it puts a lot of strain on the invidious instances. Every video will be pulled from the invidious instance instead of pulling it from Google's severs. If a lot of people do it, it will be infeasible for many instances to function correctly (or at all) because the demand of bandwidth will be incredibly high. It will affect the user negatively in the end.
Invidition support a feature (only for Invidious) named "Always use prefered", it's a feature that redirect every Invidious links of public instances to the chosen instance.
It would be really nice if it was possible to do in Privacy Redirect, either using regex (preferable but might cause some issue in website using the same URL format) or using the list of public instance of each service (how it's implemented in Invidition) either by scraping the list (how it's implemented in Invidition) or by having the list directly in the code.
URL of the error: https://wii.scenebeta.com/tutorial/como-instalar-cmios-en-la-wii
I have been able to verify that the type links ...
http://www.youtube.com/v/B8uurHgZLsU&hl=es&fs=1&rel=0&color1=0x234900&color2=0x4e9e00&border=1
They do not work
It should generate a basic url, for example...
https://invidious.snopyta.org/embed/B8uurHgZLsU
PD: I am seeing that it works through object, I don't know exactly what the solution will be, but I suppose it is possible to fix it.
Cheers
Hello, can you add auto redirect from Google to DuckDuckGo?
Add OpenStreetMap (OSM) as a privacy alternative to Google Maps (and potentially other map services).
Found this bug in latest version: Visiting https://youtube-dl.org/ redirects to invidious.
I wonder if it would be possible to add an exception so that links to studio.youtube.com would not redirect to invidious.
As the owner of a channel, I would like to be able to keep editing my videos and livestreams.
Here's some example URLs
I understand that I can just deactivate the redirection temporarily when I need to access Youtube Studio, but that would be a little nice improvement. Maybe as an option?
Thanks for this otherwise excellent extension! :)
Mobile links don't seem to redirect, at least in Twitter's case, I haven't tested the other sites.
For example, mobile.twitter doesn't redirect to nitter, but twitter redirects to nitter no issues as expected.
Hello!
First, thank you for this handy add-on! Combining redirects to those sites into one add-on is really awesome. Please keep up the good work!
For a while now I have problems with embedded videos. They are not shown, I only get a black rectangle. Please find example output from the Firefox developer console below. I get such and similar output from different pages, varying in the number of repetitions of the same message. The last part on each line is the (temporary) file name, line and column number. (Sorry for the bad format.) Amid that jungle, two URLs shine out:
Interestingly, only one URL is redirected to Invidious in the example output (a different problem?). On some pages I get errors with the both URLs, but with the first URL already rewritten to Invidious. When I try to access those URLs, I get redirected to the homepage of Invidious, which fits the error messages about content of unexpected MIME type, as far as I can see. However, fetching those files with invidio.us
as domain also leads to the homepage in Ungoogled Chromium.
I think this is a problem of this add-on, because I tested with another add-on that redirects to Invidious and with that I don't get this error and the videos play. However, I still get communication with YouTube and repeated output of an error message, so this specific (unmaintained) add-on is not the best code example.
Happy to help testing. Please let me know, if I can provide more information. Thanks!
The resource from “https://invidio.us/” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). 9B9SId9_lpQ
The script from “https://invidio.us/” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. 2 uMG8BMrOO00
The script from “https://invidio.us/” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. _w0oBujJ9P4
The resource from “https://invidio.us/” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). 9B9SId9_lpQ
The script from “https://invidio.us/” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. 2 DbKzNqEIDdY
The script from “https://invidio.us/yts/jsbin/www-embed-player-vfl19rSh2/www-embed-player.js” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. DbKzNqEIDdY
Loading failed for the <script> with source “https://www.youtube.com/yts/jsbin/www-embed-player-vfl19rSh2/www-embed-player.js”. DbKzNqEIDdY:3:1
The resource from “https://invidio.us/” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). 9B9SId9_lpQ
The script from “https://invidio.us/” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. DbKzNqEIDdY
Loading failed for the <script> with source “https://www.youtube.com/yts/jsbin/player_ias-vfl22ubNH/en_US/base.js”. DbKzNqEIDdY:4:1
ReferenceError: yt is not defined DbKzNqEIDdY:12:1
The resource from “https://invidio.us/” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). _w0oBujJ9P4
The resource from “https://invidio.us/” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). uMG8BMrOO00
Loading failed for the <script> with source “https://www.youtube.com/yts/jsbin/www-embed-player-vfl19rSh2/www-embed-player.js”. uMG8BMrOO00:3:1
The script from “https://invidio.us/” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. uMG8BMrOO00
Loading failed for the <script> with source “https://www.youtube.com/yts/jsbin/player_ias-vfl22ubNH/en_US/base.js”. uMG8BMrOO00:4:1
ReferenceError: yt is not defined uMG8BMrOO00:12:1
The resource from “https://invidio.us/” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). _w0oBujJ9P4
Loading failed for the <script> with source “https://www.youtube.com/yts/jsbin/www-embed-player-vfl19rSh2/www-embed-player.js”. _w0oBujJ9P4:3:1
The resource from “https://invidio.us/” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). 9B9SId9_lpQ
Loading failed for the <script> with source “https://www.youtube.com/yts/jsbin/www-embed-player-vfl19rSh2/www-embed-player.js”. 9B9SId9_lpQ:3:1
The resource from “https://invidio.us/” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). _w0oBujJ9P4
Loading failed for the <script> with source “https://www.youtube.com/yts/jsbin/player_ias-vfl22ubNH/en_US/base.js”. _w0oBujJ9P4:4:1
ReferenceError: yt is not defined _w0oBujJ9P4:12:1
The resource from “https://invidio.us/” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). 9B9SId9_lpQ
Loading failed for the <script> with source “https://www.youtube.com/yts/jsbin/player_ias-vfl22ubNH/en_US/base.js”. 9B9SId9_lpQ:4:1
ReferenceError: yt is not defined 9B9SId9_lpQ:12:1
My Invidious instance (https://invidious.pussthecat.org) is semi-private and behind an HTTP login.
Privacy Redirect (and Invidition see the related issue) doesn't support it and automatically rewrite the instances links removing the login.
It would be really nice if it was supported.
Would like to request the ability to whitelist websites from redirecting, this is beneficial on sites that have trouble with Invidious in embeds and you don't mind them passing through, but want other sites to continue using the redirection.
One site in specific I find I have issues is cytube.
https://cytu.be/
Unfortunately, Invidious seems to forget its URL parameters when navigating within it. To reproduce:
So, not only YouTube links need to be redirected, but Invidious's own as well.
While at it, it would also be very convenient to add an option to load dark theme (parameter for that is 'dark_mode=true'). Nitter has it by default, but majority of Invidious instances do not unfortunately.
might be more user friendly if all known instances for the services could be selected from a drop-down - Booteille / Invidition · GitLab does this for Invidious instances if you wanted to look at the code
Another redirect idea 😄
Edit: updated with search providers
These are all privacy focused.
Found on: privacytools.io & restoreprivacy.com
Searx is a privacy-respecting metasearch engine. Google Searches could redirect here (and potentially Bing, Yahoo, Yandex etc).
Source: GitHub
Documentation: doc
Instances: searx.space
There are also Meta-searx instances ("These are websites that source from other searx instances. These are useful if you can't decide which Searx instance to use"). More info is available on searx.space - click "About".
since you are already at least partly choosing random instances from a list (#34 - although i would use all public instances directly from their lists: Invidious & Nitter & Bibliogram), a cool feature came into my mind:
how about an (optional) kind of a fallback mode to automatically use a different instance if the chosen one is currently offline? ...similar to DNS for example.
perhaps if you stick with one persistent main instance per installation even if the user itself hasn't set one by himself, then something like a counter which prompts after a week/month or somewhat may become necessary: "the chosen resp. set main instance is offline for quite a while now and it is probably time to set an other one." with then two options: "choose a random one." | "i'll set one on my own."
i'm not sure if this can be done (with reasonable effort), but this would make this addon even more awesome and nearly completely "install and forget" for non-techies...
As many know, Googles attempt to rehost websites and normalize the AMP framework is a threat to not only our privacy, but the open internet as a whole.
It would be nice to have the extension make this a non-issue by automatically de-amp-ing any tainted links I happen to click on.
Hi folks,
first of all, thanks for this very interesting and useful extension.
I've noticed that a bibliogram page is as follows
https://bibliogram.art/u/$username
The extension redirects to /$username so it doesn't work as expected.
Is this normal ?
Thanks,
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.