this post was submitted on 09 Jun 2023
131 points (100.0% liked)

Free and Open Source Software

17957 readers
22 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

They don't understand that we never agreed to any of their TOS/policies, they don't understand that we don't use their API.

What now?

Things will continue normally until they can't anymore.

Assume it's just the start.

Assume they'll ask GitHub to takedown the repos (if so go to our Gitea https://gitea.invidious.io/iv-org ).

Assume the team wont be able to work on Invidious.

You know what you have to do.

May Invidious live and prosper, with, or without us.

PS: We won't do anything unless we have to.

PS-2: If we are forced to quit, any funds remaining will go to Framasoft (and maybe some other organization working on FOSS/privacy)

you are viewing a single comment's thread
view the rest of the comments
[–] Evkob@lemmy.ca 15 points 1 year ago (3 children)

This is disheartening to see as someone who just switched to Invidious. Does anyone with more in-depth knowledge on how Invidious and similar Youtube front-ends work know if it's possible for Google to shutdown access to their servers for Invidious/Piped instances?

[–] Andreas@feddit.dk 25 points 1 year ago

I don't have a lot of knowledge about the technical details of these frontends and I'm probably using the incorrect terminology, but this is mostly an empty threat because

The only way Youtube could [restrict access to Invidious/Piped for good] is by making a Google account required to watch videos. Logged out users on Youtube’s official services like its website and mobile app currently use the same API endpoints these frontends use, so breaking those endpoints would disable its actual services for users without an account as well. You’ll notice that you cannot perform any logged in actions with a Google account on these frontends, and that’s because the frontends only use endpoints that don’t require authentication like watching videos and reading comments. This is the same reason why Twitter hasn’t shut down Nitter (the read-only privacy frontend for Twitter) yet, even though they would really want to.

Invidious/Piped do not use the official developer API provided by Youtube, so they can argue that they're not bound by its TOS. There is the concern that Google can implement severe rate limiting per IP to disable proxies or they'll try to make their unauthenticated API private, but people will probably reverse engineer it.

[–] Daklon 19 points 1 year ago (1 children)

As far as i know, they don't use the youtube api. Therefore they don't have to be compilant with any api policy or tos. They just connect to YouTube like any browser do and then show that information(with modifications) on the invidious app.

Google can try to modify the code faster than the developers try to update the app since they expect the data to be in an specific format, but that's all, they aren't using the api... There is nothing to be closed.

[–] sotolf 7 points 1 year ago

Yeah that's what I thought, that they are scraping like NewPipe is, that usually breaks a couple of times a year when google is messing around with the page, but the developers are usually really quick and fixes it in a day or two so that it works again.

[–] jack 6 points 1 year ago (1 children)

Technical issues aside, they can do legal takedowns on the big instances and while they can also technically do small ones, I doubt they will. The thing is that a TOS violation can lead to a suspended google account, so it's a 'high risk, low probability' event for self hosters with a google footprint (such as an android device).

[–] comfy@lemmy.ml 5 points 1 year ago (1 children)

Hmm, I'm not sure I understand what you're suggesting. The host running Invidious on a server would have a different fingerprint to the same person accessing it through a web browser or phone app. Do Invidious hosters even use a Google account? I assumed it just accessed Google servers like an anonymous user.

[–] jack 1 points 1 year ago

I'm mainly saying that from the hosting side, especially if you're hosting on a personal IP at home or something, the "nightmare" scenario is that google tracks you down based on information leaks and slaps you with a TOS violation and account suspension. They don't need any actual evidence to screw with you, they hold all the cards regarding their services once they've decided to cause you trouble.

The more likely scenario is that people serving invidious at a scale noticable to google will have their hosting providers slapped with some kind of cease and desist. (Yes, not all hosting providers will have to comply, but many will - why deal with big tech lawyers over something like this?). That won't stamp the service out, but it will make using it trickier and less reliable.