A place to discuss the news and latest developments on the open-source browser Firefox
Edit: Replies to this thread indicate this is not fully correct as it exists on all browsers; and is likely an ad thing.
If the person who tweeted this scrolled down in the hackernews thread, they’d see this code was misinterpreted. It’s part of an anti Adblock script that runs 5s after page load. Still shitty, but less insidious
Oh they think that delay in the beginning is malicious .
I noticed a huge drop in bandwidth until I logged out of YouTube. This was a onetimer however.
Whoever posted this is not a programmer. Does no conditional on that code so it would run on every browser on every session so where's the check for Firefox?
Unless they are claiming that it is injected at runtime. But that's easily provable/disprovable with agent spoofing.
In the demo I saw they did an agent spoofing to Chrome and the delay went away, but it didn’t look very extensively tested. As others said, the disappearance on reload could easily be because they thought he was returning to the page and had already seen the ad/been punished for not seeing the ad and so something ad-related disappeared instead.
It would not be the first time Google was caught doing this. A couple years ago they were caught breaking apps like google maps if your user agent string wasnt chrome.
But recently I've noticed they can tell regardless of that string. So my guess is that they've hidden fingerprinting code in the chrome browser
This is not correct.
Most of the posts/articles reference following reddit post: https://old.reddit.com/r/firefox/comments/17ywbjj/whenever_i_open_a_youtube_video_in_a_new_tab_its/k9w3ei4/ . It shows the code from your screenshot. However the code does not check the user agent and is not injected server side (I checked by user agent spoofing and using a freshly installed chrome). So it will run on every browser and cannot be used against some specific ones.
There is an answer to the post everyone seems to reference, which goes a bit deeper into what the code could do: https://old.reddit.com/r/firefox/comments/17ywbjj/whenever_i_open_a_youtube_video_in_a_new_tab_its/ka08uqj/
Laughts in agent spoofing
Browser detection is rarely done through User Agent lookup anymore. Nowadays we determine browser through feature detection.
And yet in this case if I change my agent to any non-FF value while using FF, videos load immediately.
I set my agent back to FF, 5 second delay.
Yeah, but some amount of the time is just easier to rely on the user agent. Why bother with the fancy logic when user agent spoofing, adblocking Firefox users is a % of a % of a %?
I tend to agree. I think there's little need as a developer to go that extra mile for accurate browser detection without UA unless it's for fingerprinting. Most feature sets are supported and where it isn't you have a polyfil or whatever shim to make it work. So in the case of fingerprinting you try not to rely fully on anything the user can alter easily.
"Here's a screenshot of nothing to prove that I found code!"
I will make a call to a friend of mine called EU to solve this problem.