Skip to content(if available)orjump to list(if available)

Block YouTube ads on AppleTV by decrypting and stripping ads from Profobuf (2022)

vitus

> instead, I found a flaw in the Protobuf format which allows me to reliably change one byte to obliterate ads.

Let me guess, the author changed the field number to a large unused number.

> Now, all we have to do is scan the Protobuf bytes for classic ad URL signatures like /pagead/ to bound our field search, then move backward from there until we find the target(s) field tags and thus field keys we would like to denature (e.g. 49399797 –> 49399796).

Yeah. This isn't a flaw, this is intended behavior.

If you're willing to go through the effort to find the tag, it's really not that much additional effort to then read the (varint) length right next to the tag and... just skip those bytes.

Yes, you'd need to copy your buffer to do this, or at least slide your bytes around. But the proof-of-concept script already has to perform a copy because the bytes object returned by mitmproxy's API (`body: bytearray = bytearray(flow.response.get_content(strict=False) or b"")`) is immutable, and even a memoryview isn't going to bypass this limitation.

jeroenhd

On the protocol level everything is working as expected, but I think the flaw is that Google's way of dealing with these unknown fields in the ad data structure isn't to throw an error, but to pretend there are no ads to play. After all, Google will definitely release a new version of their app before they modify the protocol to make all the old versions not play ads anymore.

Google could shut down this method of ad blocking instantly by either doing basic certificate pinning or by altering their decoding logic to be less graceful of failures when it comes to extracting ad information. If I were on the YouTube team, I'd consider these flaws.

wongarsu

Smoothly handling missing or unexpected fields is half the value proposition of protobuf. May as well switch a a much simpler versioned binary protocol instead of all this schema and field tagging complexity if you want to reject every message that doesn't match the client's schema.

But rejecting unknown messages would likely degrade the user experience. Just because Google releases a new version doesn't mean everyone instantly has that new version installed everywhere.

Certificate pinning would be a solution, but the world seems to have decided that that's very difficult to get right. Probably easier to get right in an app than in a website, but I understand not using it.

They could manually sign the protobuf messages to ensure integrity. Duplicating some of the work TLS would already do, but doing it decoupled from TLS infrastructure may be easier.

But unless something like OP's hack becomes mainstream, Google's current approach could be the right one. Sure, it leaves them open to message manipulation, but the potential lost ad revenue from even a tiny failure rate around update time from the other approaches could easily outweigh what they lose from a handful of people running middleware boxes to block ads.

immibis

AFAIK ignoring unknown fields is a MUST in the protobuf spec. It's safe to assume all of their tooling is built around this. It wouldn't make a difference anyway. As vitus pointed out, deleting the field isn't much harder than changing it to an unknown field.

You can do cert pinning. And the user can modify the app to pin their own cert. And you can lock down the device so the user can't modify the app. And the user can get a different device where they can modifiable apps. And you can add device attestation. And it's not yet feasible to extract an attestation key from a device, but it probably will be in the future. And then you will switch it to a physically uncloneable function. And then someone will figure out how to physically clone it anyway. And so on.

The war on ad-blocking is fundamentally the war on general-purpose computing. By the time you achieve unskippable ad blocking,

You know, you could also just refuse to send any video segments until the time when the ad is supposed to be over. Then the user may try to download their videos in advance, but most of the time they don't know what they're going to watch that far in advance, so they'll sit through the ad to avoid sitting through a black screen. That seems like a more sane thing to try. And you don't have to destroy the fabric of society to do it.

dcow

The point is that when ignoring unknown fields leads to users defeating your business model, even though the protocol requires it, the business logic of your software almost certainly should not. Protobuf working as intended, youtube client not so much. Agree that cert pinning is not the solution.

wat10000

If you want to prevent MitM modification attacks, the way to do it is to sign the data. Trying to do it by making the serialization format less forgiving isn’t the right approach at all. It still has to be pretty flexible. It’s going to be pretty hard to come up with a format that cannot possibly be altered to make the client show no ads. Something like certificate pinning is way easier.

fastball

I'm very surprised Google isn't already certificate pinning.

dcow

Cert pinning is not a solution and defeats legitimate traffic inspection cases. It also just moves the goalposts as the author discusses it can be defeated by a modified app binary. The industry has moved on. Sign your data if modification in-flight is a threat. I’m surprised google isn't doing that.

tadfisher

Google still supports the YouTube app on the PlayStation 3. They are not going to rotate hashes/certs on that app because it's very likely there are between zero and two people who know how in the whole org. There are countless other supported devices like this that are either EOL or not receiving updates, and part of YouTube's value proposition is that they are available everywhere.

kbolino

The current YouTube certificate has a lifetime of 84 days. The next one will live that long or even shorter. Certificates are rotated too quickly nowadays for pinning to be viable. They'd be better off pinning their CA than their certificate, but that might cause issues for users in certain scenarios.

null

[deleted]

gowld

Funny you mention that, because unnecessary "security" controls on streaming data is how Google broke Chromecasts lacked week, and still hasn't figured out how to fix.

sgarland

> the bytes object returned by mitmproxy's API (`body: bytearray = bytearray(flow.response.get_content(strict=False) or b"")`) is immutable

Byte objects are immutable, but bytearray objects are not.

lima

A small C++/Go/... proxy can do the same thing with much, much less overhead. Been there, done that - for something well-defined like this, it is more stable and less work than fighting mitmproxy.

Routing everything through the proxy will degrade performance even with SNI interception.

Same with pfSense - a plain Linux server and a simple iptables rules set would do the job without having to fight against all the pfSense abstraction layers.

Write a .proto file with just enough of the reverse-engineered proto fields to auto-generate code and flip the flag. Cheaper than the Python implementation and easier to update when the proto changes.

Ignoring unknown field tags is an important Protobuf feature - it allows for compatible schema changes without breaking existing deployments.

pcardoso

I would love to degrade my YouTube experience and make it slower when switching videos, would make it a lot less addictive specially with shorts.

brainzap

I am experimenting a bit and definitly, a little bit loading delay helps to break the loop and „wake up“

ushiroda80

21th century will be remembered as the great digital drug crisis.

j45

Slowing down certain domains bandwidth can help too.

Always42

Thought this was sarcasm till the end. Good idea

Narishma

Google has been doing that for you since they bought Youtube.

ok_dad

I gotta say, I don’t get that perspective. The content is one thing, but YouTube is super reliable for me, streaming or watching. I can easily stream in 4k 60FPS from OBS and YouTube has never had issues ingesting it, though I generally do 1440p because my computer is slow. When watching, I have never had an interruption on my wired Apple TV even for 4k/60FPS.

I do hate the pushing of shorts and the algorithm that seems to have a 3 video memory, but aside from that I’m pretty happy, I don’t get the weird right wing stuff or creepy videos pushed at me or my kids.

create-username

Isn’t Google degrading your user experience well enough?

j45

This comment made me wonder if some folks have been compelled to find a way to block shorts.

My use of YouTube predates shorts, and I haven’t been a huge shorts consumer on social platforms, and I seem kind of indifferent to them. Anyone else?

Maybe there is something we can figure out and share with our friends who want to manage their shorts use.

Also, apps like opal can be really helpful.

https://www.opal.so/

pcardoso

I never got used to shorts/reels/etc, but it is troubling to see kids addicted to them. I have been thinking that by forcing some pause between videos it would remove some of their addictiveness.

WD-42

Sounds great, looking forward to the detailed blog post where you share how to do it!

s3p

You don't sound like you are actually looking forward to this.

haagendos

You want someone to show you how to write a C++/Go program to forward traffic? There are a lot of tutorials online that can already demonstrate this for you. :)

dcow

Can you put together a guide in response showing where the inefficiencies are and how to mitigate them with more simple software?

It sounds like the author was aware of at least parts of your comment. The post is very thorough. They benchmarked using python and c++ and the final impl doesn’t even decode protobuf. They used various mitm solutions. They are using pfsense for more than just “it’s muh security router”—they are vlanning and vpning the traffic so they can target inly the appletv on their network.

Your comment is cheap and dismissive. The author’s post is not. You owe it to the community to put your money where your mouth is.

WD-42

Yup, I’m looking forward to the detailed post from this person (including screenshots!)

haagendos

[dead]

Starmina

Exactly my thoughts.

Razengan

> A small C++/Go/… proxy

Got any recommendations for lightweight proxies that can run on macOS and serve other devices in the home?

oefrha

https://github.com/elazarl/goproxy is pretty nice Go library for writing proxies, I used it once. Supports both HTTPS passthrough and MITM. Here's a trivial example MITMing connections to www.google.com and rejecting requests to https://www.google.com/maps while allowing everything else through:

  package main
  
  import (
      "log"
      "net/http"
      "strings"
  
      "github.com/elazarl/goproxy"
  )
  
  func main() {
      proxy := goproxy.NewProxyHttpServer()
      proxy.Verbose = true
      proxy.OnRequest(goproxy.DstHostIs("www.google.com")).HandleConnect(goproxy.AlwaysMitm)
      proxy.OnRequest(goproxy.DstHostIs("www.google.com")).DoFunc(func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
          if strings.HasPrefix(r.URL.Path, "/maps") {
              return r, goproxy.NewResponse(r, "text/plain", 403, "Forbidden")
          }
          return r, nil
      })
      log.Fatal(http.ListenAndServe(":8080", proxy))
  }
Try:

  curl -k -x localhost:8080 https://www.google.com/
  curl -k -x localhost:8080 https://www.google.com/maps
  curl -x localhost:8080 https://www.apple.com/
-k is to ignore cert error; note how we don't need it for apple.com due to passthrough.

Remember to use your own cert rather than the hardcoded one in "production" (a trusted network like your home of course, probably a bad idea to expose it on the open Internet).

mubou

> I want to support content creators, so to be fair, after a few months of blocking YouTube ads, I am now paying for YouTube Premium; Just because I can break something, doesn’t mean I need to.

Does paying for YouTube Premium support creators? (If so, how much, compared to say Patreon?)

ozzyphantom

Not much compared to Patreon but if you watch more than a couple YouTubers can you reasonably be expected to subscribe to every YouTuber’s Patreon?

I don’t doubt any given YouTube premium subscription provides a negligible amount of income to a creator but watching their videos ad-blocked provides nothing.

(I use ublock on Zen and do not make enough money to be a Patron of anyone unfortunately)

chii

> watching their videos ad-blocked provides nothing.

it provides the view count, for which the creator reaps rewards from as part of the boost in the algorithm from youtube.

Not to mention that a lot of creators on youtube also do sponsored segments.

debian3

And that’s why there is SponsorBlock

dmonitor

Youtube has recently added a premium feature where if you skip ahead 5s, it will prompt you to skip an entire "commonly skipped" section. It seems like they've picked up on sponsorblock and are making it a feature for Premium users.

jnsie

Is this the new artists-doing-free-work-for-exposure?

chgs

They get far more from a premium viewer than an ad viewer.

kebman

Could you please substantiate that claim?

alwyn

Supposedly creators get a bigger share from YT Premium users' compared to regular, ad-watching views, simply because skipped ads mean no revenue. It's still marginal because most people don't have Premium though.

null

[deleted]

diggan

> Supposedly creators get a bigger share from YT Premium users'

I've heard this multiple times before, but every time I go hunting for a source from Google/YouTube, I cannot find any official statements or confirmed information about this, seems this is mostly based on 3rd party analysis afaik.

mrweasel

Linus tech tips had a break down of their income. One thing Linus highlighted was that YouTube Premium revenue was much larger than most would expect. See https://www.youtube.com/watch?v=-zt57TWkTF4&t=400s (it's a little under 20% of their total revenue from YouTube).

kalleboo

I found this screenshot of the partner program contract that says it's a 55% split for either https://imgur.com/YjOHAAr

But for Premium the amount is distributed by watch time, whereas for ad-supported users it's by number of ad views. This means that for short videos where the value of the ad is higher then the value of the watch time, a "free" user wins, but for longer form videos where the watch time is longer, the Premium user wins.

LinusTechTips once showed the YouTube income breakdowns for some of their videos that showed this - for their hour+ long PC build streams, Premium income was higher and for shorter videos, Ads income was higher.

parasti

I've released an album via Distrokid which distributes the release to YouTube as well. You can look at detailed reports there. Youtube revenue is split into Ads, ContentID and Red (which I believe is the old name for Youtube Premium). I just checked and I am currently getting a bigger share from Ads than from Red, per play.

dtech

> Does paying for YouTube Premium support creators? (If so, how much, compared to say Patreon?)

Yes. Recent info is sparse, but when they initially released it as Youtube Red it was generally much more than they got from ads per view.

chippiewill

Yes,.more than ads, less than patreon.

It's based off of watch time rather than ad impressions so creators with long form content do a lot better from it.

ta1243

Well it would be less than patreon, youtube the platform obviously costs more to run than patreon the platform

vachina

My gf’s YouTube account for some reason does not show ads on any device it is logged in, including the Apple TV. It is not premium, nor ever was premium.

Wonder what flag is set internally that disabled ads.

a12k

Interesting. If you can DM me the username and email associated with the account, I can look into this and get it fixed for her.

transcriptase

Perhaps set the account to only show ads until she’s caught up!

thunkshift1

And by fixed you mean.. show more ads??

pawelduda

"We're sorry for any inconvenience this error may have caused"

chuckadams

More like Mitch Hedberg would have said: "Sorry for the convenience."

pinoy420

[dead]

doublerabbit

Why would anyone want this fixed?

saaspirant

It's a joke

madmulita

How would you know what to buy without ads?!

Alifatisk

Woooosh

timmg

Your GF is essentially in the "control group" for ads. Her behavior can be compared to the behavior of people who see ads to better understand how ads affect those other users.

TN1ck

Maybe she is in a holdback experiment. To understand how a feature affects the metrics (such as running ads), they often have some people in a holdback. I worked there and we did have such experiments for our features.

HeatrayEnjoyer

Isn't that pretty unethical without an IRB and informed consent?

recursive

How does ethics even come into this? They didn't require consent to show ads in the first place. Why require consent to not show ads?

ta1243

The is the advertising industry, unethical is their middle name

MBCook

I mean, it’s Google.

duxup

Long ago a Google music subscription would disable ads on YouTube. When they discontinued it / I cancelled, it took a good 6+ months before YouTube ads started up for me.

But of a “oh I see what people are complaining about” moment for me ;)

pfooti

I am still paying for mine. My Google music all access I'm feeling lucky subscription turned into a YouTube music one, which includes YouTube premium, and I'm still only paying 8 bucks a month, which seems like a pretty good deal even if I also pay for Spotify.

manwe150

How did you manage to avoid the last price increase? I thought they’d ended that sweet deal for everyone (myself included)

xnorswap

I don't like to advertise this just in case it gets fixed, but I have that same experience for Twitch.

I don't run an adblocker and yet as long as I'm logged in, I get no ads. Not in the website nor in the mobile app. I don't have "turbo" and I don't even have amazon prime any more (which itself only very briefly suppressed adverts across twitch globally before they replaced it with a "Free sub" perk ). I don't have any of the other Turbo benefits, so it's not like I've been fully flagged as Turbo either.

I don't know if I accidentally bugged my account profile messing around back when they ran a bug bounty, but I'd happily provide more details in return for keeping this perk.

What's weird is that I vaguely remember once having a near-meltdown over the level of adverts on twitch when all I wanted to do was watch TV while I was heavily medicated and in pain in the hospital. Then some time a year or two later I was reflecting then suddenly realised I hadn't seen an advert for years.

I guess most likely there's some long forgotten ad-free A/B test that it's not worth cleaning up.

I've definitely benefitted over the years, I easily watch more twitch than any other platform. At £12/mo (roughly $15.50), twitch turbo is among the more expensive in the world. In the US and Europe it's $12 or €12, so we're getting straight ripped off in comparison.

chasd00

> some long forgotten ad-free A/B test that it's not worth cleaning up.

That sounds about right. Different context but I once got on the good boy list at work by accident and it wasn’t fixed for about 6 month. On the first of every month I got a little corporate swag box in the mail thanking me for going “above and beyond”. Lots of cookies, blankets, coffee mugs and other trinkets.

null

[deleted]

choo-t

Afaik Youtube cannot legally display ads to some countries' residents, it could explain this behavior.

zeroadsever

The above is true. Some countries don't get ads. Lucky them. Albania, Cambodia, Ivory Coast, Laos, Myanmar, Macau, Madagascar, Maldives, and Russia.

Use a proxy server/VPN and go ad free.

fastball

Presumably he lives in the same place as his girlfriend.

choo-t

She may have created the account abroad.

null

[deleted]

perching_aix

> I discovered that putting a man-in-the-middle proxy between my Apple TV and the world lets me decrypt HTTPS traffic

This surprised me quite a bit because normally that shouldn't work, but then that surprise was exchanged for a different one, when I learned later down that you can add CAs to the certificate store of an Apple TV.

Nice and thorough writeup, thanks for sharing. A good carousel through the entire stack involved.

windhaven

If I had to guess why Apple supports adding certificates, it’s probably to allow Apple TVs to work as AirPlay boxes in corporate/educational environments while playing nice with the IT/device management stuff that entails. For instance, when I was in college, getting something on the college WiFi either required allow-listing it’s MAC address or installing a certificate.

madeofpalk

This, and the fact that a fair bit of this would 'come for free' due to tvOS being based on iOS which has supported custom CAs for ages.

josephg

Unfortunately Google can trivially block this by checking which CA signed their SSL certificate in the YouTube app. I don’t know if they will - doing so might break YouTube within a lot of corporate environments. But it would be unfortunately easy.

pbasista

Of course Google can do this. And more. They could, if they wanted, to embed ads into the video stream itself with no way to distinguish them from the actual video content.

But they do not do it. They had so much time and opportunities to do that over the years. And yet, they did not do it.

I am not going to speculate why. But I suppose it is safe to assume that it is their intention to not do it.

rasz

>But they do not do it.

yet. They are moving forward with measures. YT webpage player.js no longer fetches individual video/audio stream URLs. It fetches single bundle pre-packaged on the server. Its a POST request now with only one URL parameter changing &rn=x, where x increments with every request, and ~2000 byte binary encoded body.

It requests pre sliced segments in form of "itag_251_type_3_src_reslicemakeSliceInfosMediaBytes_segsrc_reslicemakeSliceInfosMediaBytes_seg_492_range_77715493-77757871_time_4920.0-4922.6_off_0_len_42379" "itag_251_type_3_src_reslicemakeSliceInfosMediaBytes_segsrc_reslicemakeSliceInfosMediaBytes_seg_492_range_77757872-77879973_time_4922.6-4930.0_off_42379_len_122102_end_1" "itag_251_type_3_src_reslicemakeSliceInfosMediaBytes_segsrc_reslicemakeSliceInfosMediaBytes_seg_493_range_77879974-77987247_time_4930.0-4936.5_off_0_len_107274" "itag_251_type_3_src_reslicemakeSliceInfosMediaBytes_segsrc_reslicemakeSliceInfosMediaBytes_seg_493_range_77987248-78044561_time_4936.5-4940.0_off_107274_len_57314_end_1"

and pushes those directly into MediaSource sourceBuffers

ryao

Does anyone do that? The average developer likely would not think to do this because it is too computationally intensive to splice things into A/V streams on the fly.

A more clever developer could splice the ad into the video at an I frame, but then the ad needs to be a multiple of the number of frames that are both the I frame and follow the I frame. This also would mess with metadata on the length of the video that would need to be adjusted in advance. It is doable, but you give up flexibility and your HTTP sessions cease to be stateless. Then there is the need to handle splicing into audio and I do not know offhand if there is a cheap way of doing that at the server like you can do with video through I frame splicing.

It seems to me that they have lower server costs by doing things the current way.

m3kw9

Doing that across billions of streams a day will cost big computer costs to encode it as they are dynamic ads

ryao

I remember people promising a rogue CA would not work anymore due to certificate transparency requiring certificates to be published in order to be valid, but it is quite obvious here that certificate transparency was not even needed. A private CA is different from a rogue CA, but if the private CA was not forced to do certificate transparency, I wonder what is supposedly forcing the public CAs to do it for their certificates to be “valid”.

vlovich123

> I wonder what is supposedly forcing the public CAs to do it for their certificates to be “valid”.

The power of browsers and operating systems including the cert in the default store distributed to everyone. Participating in cert transparency is a requirement.

codemusings

> [...] when I learned later down that you can add CAs to the certificate store of an Apple TV.

Same. I would not have guessed that that's possible but I guess I never tried to access a resource without a valid certificate chain on Apple TV.

mzajc

Ironically enough Android TV (at least version 7.X) does not let you do that, which I found out the hard way when trying to work around untrusted Let's Encrypt certificates.

jeroenhd

Starting with Android 7, apps have to opt into user-installed certificates. Browsers often do (Firefox is an annoying exception, you need to turn it on in the dev settings and it doesn't work in the official release version of the browser), but apps usually don't even know that the setting exists.

Aside from that, Android has a very easy certificate pinning API where you can just assign a fingerprint to a domain name in the XML config files and it'll pin a certificate to that domain. Easy to bypass if you modify the APK file, but then you miss out on updates and other mechanisms could check if the signature has been tampered with.

With root access (shouldn't be too hard to gain on an Android device still running 7) you can add your certificate to the root certificate folder on the system partition. This will make Let's Encrypt work on all apps. It doesn't bypass certificate pinning, of course, but you don't need there for Let's Encrypt.

jisnsm

Most devices allow you to add CAs, but almost all apps nowadays use certificate pinning which means the system certificate store is ignored. I find it extremely surprising that YouTube doesn’t do that.

AnonHP

> but almost all apps nowadays use certificate pinning which means the system certificate store is ignored

Certificate pinning (or rather, public key pinning) is technically obsolete and browsers themselves removed support for it in 2018. [1] Are there many apps still really using this?

[1]: https://en.m.wikipedia.org/wiki/HTTP_Public_Key_Pinning

jeroenhd

HPKP, yes. Certificate pinning in apps is the norm.

The difference between HPKP and certificate pinning is that HPKP can pin certificates on the fly, whereas certificate pinning in apps is done by configuring the HTTPS client in the native application.

Apps like Facebook won't work on TLS MitM setups without using tools like Frida to kill he validation logic.

klausa

Mobile apps still frequently do, yes.

It's gotten less popular over the years as people keep asking "wait, what are we doing this for again?"; but it's still very popular in certain kinds of apps (anything banking related will almost certainly have it, along with easily broken and bypassed jailbreak detections, etc).

solarexplorer

I don't have any numbers, but I think this is still pretty common. On iOS for example Alamofire which is a popular network stack, still offers this as a feature. I think the use case is a bit different for apps and web sites, especially for closed ecosystems like Apple's where reverse engineering is not as easy/straightforward.

https://github.com/Alamofire/Alamofire

oarsinsync

Most personal banking apps I’ve used still do this. The bank is liable for your lost funds if your corporate IT department doesn’t secure the MITM solution properly otherwise.

(The end customer isn’t liable for the bank’s inability to properly secure their app from MITM attacks…)

boscillator

That sounds like you've just made it so your app doesn't work behind a corporate SSL proxy. I really need people to stop rolling there own SSL stores (looking at you python, java and nodejs). I spend way to much of my time getting things running on my work laptop that should just use the CA store IT pre-installed.

jeroenhd

Is that a problem? What segment of Google's Apple TV revenue comes from people behind shitty middleboxes?

YouTube won't work on Chromecast if you're trying to MitM it, so clearly Google doesn't think this situation is worth making an exception for in their logic.

JoshTriplett

I can't help but wonder if any apps have tried doing TLS-in-TLS, with the outer TLS not caring about MITM, and the inner TLS doing certificate pinning?

myko

Certificate pinning seems like extreme overkill for nearly all applications. Are most folks really doing this?

netsharc

A regime can now force you to install their "root certificate" (and forcing organizations under their rule, e.g. national banks) to use a certificate issued by them, and these certificates would also be able to MITM your connection to e.g. Google. (1)

Looking forward to Americans being forced to install the DOGE-CA, X-CA or Truth-CA or whatever...

1) https://blog.mozilla.org/netpolicy/2020/12/18/kazakhstan-roo...

mschuster91

> I find it extremely surprising that YouTube doesn’t do that.

Not surprising for me - it used to be only banks where it was required (sometimes by law) that any and all communication be intercepted and logged, but this crap (that by definition breaks certificate pinning) is now getting rolled out to even small businesses as part of some cyber-insurance-mandated endpoint/whatever security solution.

And Youtube is obviously of the opinion that while bankers aren't enough of a target market to annoy with certificate pinning breaking their background music, ordinary F500 employees are a significant enough target market.

dmos62

Love the engineering, but it's kind of sad the hoops we have to jump through to get some semblence of owning our hardware or software.

duxup

Well you own the device in this case. I don’t think there’s a justification to arguing you own YouTube or the content.

mystifyingpoi

What is "content"? I recently tried to use AppleTV Android app to play something and then use screen recorder app to record the phone screen. The recorder app was able to see the menus and even subtitles, but not the movie itself (black screen). Is the screen of my phone "mine"? Or does the manufacturer decide how can I use it?

knowitnone

The screen is yours, the content displayed is not. Same reason you can "buy" a movie, game, audio, ebook and have it disappear overnight. Same reason your security camera, car, oven may suddenly cease to work if the company shuts down their servers. Do we support it? You do because you paid for it.

kriops

Creative work, i.e. intellectual property. Much can be said about the state of copyright law in 2025, but the basic idea that you own what you create is the fundamental reason we (able to) prosper.

duxup

I'm thinking of the Youtube videos as content.

ndriscoll

Note that a significant amount of videos on youtube, and in particular many of the highest quality ones (e.g. educational material from schools like MIT or individuals like 3blue1brown) are Creative Commons licensed, so in terms of copyright, you are free to download and share them. Many including MIT's lectures are also NC and SA, so having the ability to save them and strip any ads is obviously in accordance with the wishes of the creators.

As far as youtube's wishes go, I don't think people should have much concern for a company that's engaged in predatory pricing for years to develop a monopoly through network effects.

dmos62

> I don’t think there’s a justification to arguing you own YouTube or the content.

This actually gets to the core of my sentiment. I am influenced by these systems, but I can't directly influence them back. I don't know if this is somehow wrong in principle, but I definitely want more.

HumblyTossed

> but I can't directly influence them back.

Opting out of viewing is directly influencing.

duxup

As an individual viewer of course the creator of the content is the one with influence.

There's potentially millions of viewers, there's no magic influence that you'd ever notice.

rchaud

Any $30 Android shitbox with a nieuwpipe apk has been able to do this for ~ 10 years.

Zephyrix

I’ve tried implementing this a few times on my Apple TV to no avail. I think YouTube has implemented cert pinning on their app now or something. Has anyone else been able to get this working recently?

abricq

I really like everything related to network-wide blocking of shitty online services that are enforced on us !

On top of blocking adds (which is great), I wish there were more / easier ways to do network-wide blocking of all sorts of aggressive infinite scrolling (in my case : youtube shorts and instagram reels).

I often like to go on instagram to see posts / stories from the people I follow and I don't want to be suggested stupid videos that are especially designed to catch my attention. I know it's probably revealing a lack of strength on my side, but yeah, I often fall for watching a few of them and loosing 15 minutes of my life.

duxup

> that are enforced on us !

You don’t have to use them and you could pay for them.

The users of the internet have made their call and they often don’t want to pay, so someone does.

As a whole the users of the internet are not rewarding anyone for NOT showing ads. We want our content and we want if for free generally.

_Algernon_

The problem is that advertisement business infects everything.

For instance, I could pay for Youtube Premium to ostensibly not be shown ads, but it doesn't change the fact that all the content[^1] in the ecosystem is still produced for maximizing watch time and/or being advertisement friendly.

I could pay for news, but that doesn't change the fact that the news is written to receive clicks from the non-paying users.

Paying for things does not help escaping the second order effects of advertisement.

[^1]: To a close approximation.

wat10000

I don’t understand this complaint in the context of YouTube. It’s the only major streaming service with plentiful new content that isn’t clickbait, focus-grouped, lowest-common-denominator, metrics-chasing trash. I can hop on and watch hours of jets flying through the Mach loop, people playing chess, and people machining metal. If those aren’t your thing, I bet there’s plenty of stuff that is.

Sure, there’s a lot of crap. But you don’t have to watch that.

jnsie

Recently I've been annoyed with Youtube Premium. I pay for an ad-free experience and do not see ads in the traditional (wait 5 seconds to skip) way, yet more and more content has inline product promotion where time is spent thanking a sponsor and pitching their product. So I'm paying not to avoid ads, but I'm still seeing paid promotion...

javcasas

You know who is the best target demographic for selling stuff? People with money.

So that's who you want to show ads to.

And do you know a proxy for "have money"? Paying for premium, when there is free.

Therefore, every time you pay for premium, all the advertisers look and say "I'd pay a lot to show ads to that guy". At some point, the premium service includes ads, because of so much potential extra revenue!

And that's why I don't pay for premium.

carlosjobim

> it doesn't change the fact that all the content[^1] in the ecosystem is still produced for maximizing watch time and/or being advertisement friendly.

That's just not true. There is an enormous amount of content on YouTube right now, which is made chiefly with quality in mind, by some of the most professional people in the industry. There's more than you could watch even if you watched for a thousand years.

You just have to use the like/dislike and subscribe functions, so the algorithm knows what you want.

Jgrubb

Every one of the streaming services that I paid extra to go ad free decided to push ads anyway.

duxup

And they got their subscriber still I guess….

As users of these services as a whole we reward this kinda thing and then are upset when it happens again.

I don’t like any of this situation but I also think the user’s choices incentivize it.

choo-t

Paying make it worse, paying doesn't prevent ads to be forced later (e.g: Netflix, Prime, Disney+) and split people fight against ad, as the ones with enough money to avoid them will berate the other for not paying, will still providing benefits to an ad-driven company.

Never pays to avoid ad, block them or get the content by other means. It's akin to "never negotiate with terrorists" or "never pay ransom", you have to remove the incentive.

friendzis

I'm not that old and yet old enough to remember internets before ad-supported free content, which was just infinitely better.

davidcbc

I've been on the internet since the mid 90s and that entire time it has relied on ad supported free content.

windexh8er

You could pay for them or Google could choose to take a different approach that is less intrusive. The assertion here seems to put the onus on the viewer. Considering YouTube pays little to nothing comparative to its profits based on content it does not make, I think a realignment of how Google operates YouTube could be an improvement for users of the service.

> The users of the internet have made their call and they often don't want to pay, so someone does.

Just because YouTube users put up with a broken system doesn't mean it's the correct, fair, or ethical approach. Beyond that many of the views are curated via algorithms that intentionally work against the user with an end goal to hold them in a viewing state regardless of the users original intent. With that in mind users should use tools against those malpractices and not feel bad about not paying for them. If someone is intentionally trying to manipulate you, what's stopping you from doing the same?

If Google were a fair and ethical company I think treating them the same would be more in line with your response. However, they are not.

stingraycharles

People have voted with their wallets on YouTube that they don’t want to pay for premium, and prefer to watch ads or block them.

Ads aren’t “forced” upon YouTube users, people have the option to pay but they just don’t want to pay.

belorn

YouTube can always choose to package the content in a financial transaction. They have chosen not to do so, and instead they are supplying advertisement alongside the content for which the viewer may or may not watch.

They can always change it, but then there are legal consequences of making it a financial transaction.

windward

Paying users are too valuable not to serve ads to. Their clicks are worth more: ad-free tiers are always temporary.

Not that it matters: I pay for the bandwidth and hardware too. So I decide what it serves and runs.

wffurr

Delete the app, use the webpage, and use a browser that allows user scripts. I found a good one that turns an Instagram page into just an image tag so you can just see the picture: https://greasyfork.org/en/scripts/5014-un-instagram

tecleandor

For web access, in Firefox I've been using the "SocialFocus" add-on, that allows you to remove certain blocks in "social" websites (for example, blocking Shorts or comments in YT), put a color filter to make it "black and white", or even blocking the whole site. I had to access Facebook a couple times some months ago, and the quantity of trash you can filter with this add-on is astounding. This developer has also a YouTube specific add-on I haven't tested yet, named "UnTrap for YouTube" that has almost 200 different options for blocking very specific stuff there. Their add-ons in [0]

For Android there's an App called Revanced that let's you apply patches on certain commercial apps like YouTube or Twitter modifying their behavior, and for example block shorts. See the patches available for YouTube in [1]. I'm still pending to test it, but if you do, go to their official site [2], or even better, to their GitHub releases [3] as it seems like there are a good bunch of scammy sites using their name.

--

  0: https://addons.mozilla.org/ru/firefox/user/17777732/
  1: https://revanced.app/patches?pkg=com.google.android.youtube
  2: https://revanced.app/
  3: https://github.com/ReVanced/revanced-manager/releases

whywhywhywhy

Wouldn't risk trying to extract from IG too much, I used to yt-dlp from it a lot and use scripts to extract the images because I like to archive references, nothing on a massive scale we're talking <20 times a month and I got a warning that I could lose my username if I "use automated scraping tools".

tecleandor

Oh! Were you using your user cookie? I use yt-dlp a couple times a month, but I think I'm always unauthenticated (although I guess they could match my IP address in their logs)

prmoustache

Why would you use an account to do that?

andrepd

It's 11 years old, I'm impressed that it even works.

fumeux_fume

> I know it's probably revealing a lack of strength on my side...

I think these tactics exploit our natural sense of curiosity and the aesthetics that surround it. So I don't think it's so much a lack of strength, but more of a jadedness we have build up and I think that's pretty bad. I respect the effort and creativity it takes to fight back and make the platform work for us instead of vice versa.

rfgil

This has worked great for me to prevent the infinite scrolling on instagram: https://www.distractionfreeapps.com/index.html

aembleton

I'm not going to trust that until its on F-Droid.

mtsr

I feel this, particularly as a parent. It's difficulty watching your kids get lost in the algorithm. We regularly discuss this with them and they agree with our perceived harm, but it's just too difficult to resist. Heck, even I get lured into (doom)scrolling every now and then.

I've setup ad-filtering using pihole, where possible, but I'd prefer not to block youtube as a whole. But I'm definitely considering that in the future, to protect my family.

freehorse

Imo the best thing that can work is introducing delays to the loading of videos, increasing as time goes by. Youtube introduced sth like this to me, when they were presumable trying "punishing" users with adblockers, and it worked as a charm to get me disengage from the youtube rabithole. A lot of such addiction dynamics work based on how fast getting the reward is, and these interuptions disturb this.

zimpenfish

> I often fall for watching a few of them and loosing 15 minutes of my life.

If you're on iOS, set a time limit (Settings → Screen Time → App Limits → Instagram). Doesn't stop the initial scrolling but the "you've run out of time" pop-up is a good breakpoint. You can bypass it and give yourself another 15 minutes but making that choice is also a good breakpoint / reinforcement.

arnvidr

Hit that "For you" at the top and select the "Following" feed. Only the posts from the people you follow, no suggested posts, no ads.

rwmj

Until the company decides to unilaterally reenable that setting to "help you get more from their service".

david_arcos

That's not persistent :(

soraminazuki

YouTube still provides RSS feeds for individual channels. Combine that with mpv's yt-dlp integration and you can avoid the official web frontend altogether.

I don't know how long it's going to last though, with the current trend of rug pulls and enshittification.

rwmj

Youtube have been gradually cracking down on yt-dlp by blocking IPs that download (presumably without watching the adverts, or some other method to fingerprint it). Currently it's mostly annoying as I have to rotate through IPs every few days. But I imagine it'll get worse and worse until I stop watching youtube.

account42

I've been using the same IP for ages and never had problems with yt-dlp as a whole - it's always just some specific videos where it won't work.

ffsm8

Pretty sure it's only gonna get deleted if either a) enough people use it so that a MBAs notice or b) the way it's accessing the data blocks a feature that an MBA wants

desdenova

Or just use a localhost invidious instance.

Telemakhos

There are ads on YouTube? I guess my browser blocks them so well that I didn’t know.

The real problem here is that the AppleTV experience is so much worse than an ordinary web browser experience. Apple locked the hardware down to the point that it benefits YouTube’s ad profits more than it benefits the end consumer who pays for it.

focusedone

I never see ads on Linux, Windows or Android. Occasionally I try to watch YouTube on an iPad and am shocked at how frequent and irritating the ads are.

Same with browsing the web on an iPad outside of the home pi-hole'd network. Howwww do people deal with this every day?

The iPad is a work-issued device so I don't often use it for personal things. Every time I do it's a reminder of how irritating it is to do so.

It's kindof odd; before being issued an iPad I thought they were only useful as content consumption devices. Turns out it's super handy for quick remote access to work resources but locked to an ad-infested wasteland for general web browsing and streaming media. Who knew?

Fokamul

I've opted to installing opensource youtube app with Adblock and sponsor block. LGTV Webos is so great, there is easy way to become "developer" and it will open official way to install homebrew apps on your own TV. Yeah, since you own it, it can be possible to do what you want with it.

Fu** you to all Golden-cage devices like Apple, Samsung, etc.

giancarlostoro

I prefer not to use the OS on my TVs and opt for never letting them online, I just hook up my Apple TV to it, this gives me complete control over my TV as things should be.

timcobb

If we're getting to the point where we need to decrypt things and reverse engineer protocols, maybe we should... not use these devices? Maybe we should opt out of this economy? Maybe we should do other things to entertain ourselves?

wat10000

I realize it’s anathema to a lot of people, but you could just... pay for stuff. YouTube has an ad-free premium option.

ZaoLahma

While I do agree with you, I am a bit concerned about the recent developments with "paid, but still has ads" subscriptions and how Youtube might slip towards such practices as well as soon as they have a large enough number of paying customers. Their premium might suddenly not be so... premium.

chgs

And then you cancel. I did that with Amazon, will do it with others when I start seeing ads.

kittoes

I totally get it. That said, YouTube premium is worth every single penny and has only gained features over time; no other subscription I have comes close in terms of value.

bcye

Have they not already with Premium Lite or whatever it is called?

ToucanLoucan

With respect to that, YouTube premium has been around for over ten years, the majority of which I've been a subscriber because adblocking on Apple TV (my primary YouTube experience) is far too much of a fuckabout for me to willingly engage in it, and they haven't yet done it. I think Google is well aware of the fact that Premium with ads is an utter non-starter as a product. What would you even be paying for then? This isn't like TV+ or Prime where you have exclusives, almost everyone who posts to YouTube would happily jump that ship given enough reason to.

And while there are still ads (sponsored segments) I personally have less problem with those since those are substantial money for the creators I enjoy, and a lot of the ones I watch actually manage to make them pretty funny. And hell, a couple I've even used their codes for shit over the years for. Like, an ad is an ad and some people hate all of them, but I can personally say I've engaged with ads from creators I like at an exceptional rate compared to... virtually every other type of advertising I've ever encountered.

dsco

I wish I could do this for Spotify. Paid plans still include ads.

They cram ads into podcast episodes which themselves also have ads, so you'll get the read ads + Spotify's local ads + Spotify laughs all the way to the bank.

I believe over time not having ads will be a thing of the past, and you'll instead pay for fewer ads. Like where else are people going to go for exclusive content?

HelloMcFly

I've never heard an ad on Spotify, so this is true only for podcasts then, correct? In that case I can at least be thankful that Spotify is the worst option for listening to podcasts.

JKCalhoun

Just buy the content and play it from your local devices. I use streaming simply for "auditioning" new music (and there are podcasts, YouTube channels that do that without a subscription, FWIW). I prefer then to buy the tracks from Bandcamp. Hopefully the artists get a bigger slice of the revenue that way.

null

[deleted]

jvolkman

YouTube premium also includes ad-free YouTube Music. Yes there are still sponsorships in podcasts as usual, but no injected ads.

FuriouslyAdrift

I highly recommend Radiooooo. They're DJ curated and very good. Dirt cheap for what you get.

Hamuko

I don't really listen to much Spotify but I feel like just the free plan in Firefox with uBlock Origin gave me an ad-free experience the last time I used it.

timcobb

> Spotify laughs all the way to the bank

FWIW, I don't think Spotify makes much, if any, money lol

noja

It's not that simple. It's common enough now to classify some ads as.... not adverts. So even if you pay for no ads, you get ads.

kittoes

Completely untrue in the case of YouTube Premium. I literally haven't seen an ad for over a decade now.

onion2k

Or you can opt out. Both options are equally valid.

I won't pay for YouTube because the consistency of YouTube is massively variable. Sometimes channels I watch skip 6 months between videos. When I do watch stuff its usually in the background or when I just have a few minutes spare. Spending money to fill that time is unjustifiable unless it's a really low amount, and YouTube Premium isn't low enough yet.

Oddly though, if I could buy 100 'skip this ad' tokens for $10 that I could use when I'm pushed for time, but just suffer the ads when I'm not, I'd seriously consider it.

wat10000

You can, but the complaint rings hollow when we’re talking about a service with enormous amounts of actual good content, and a straightforward non-abusive paid plan. If you don’t think it’s worth it, that makes complete sense. If somebody decides there isn’t anything worth paying or watching ads and just bails out, totally sensible. But this “ads are so terrible we should just abandon the service” thing is weird here. YouTube is an example of doing it right. They use ads to support a free tier, and have a paid plan that removes them. They don’t do nonsense where they take your money and still show you ads. They don’t serve unvetted ads that infect your computer with malware or mine cryptocurrency. If people won’t even consider paying for this (not merely deciding it’s not worth it, but refusing to even consider it as a possibility) then I have to conclude that they just think they’re entitled to get stuff for free.

fzeroracer

I think most people don't have a problem paying for something that gives proper added value.

But what's happening is that companies are degrading the basic experience and expecting people to either be OK with it (like Roku's increasingly intrusive ad experience) or to pay up to avoid it (like with YouTube).

x187463

Perhaps on review of specific ad presentation practices, you could argue for a degradation of experience, but showing adds more or less within YouTube to free users seems like an acceptable method of generating revenue.

As an aside, the fact that people pay for cable and still have 4-7 minute ad-breaks every 15 minutes make anything YouTube does pale in comparison.

carlosjobim

> but you could just... pay for stuff.

Careful... In the Kingdom of the Netherlands your comment will be considered by a court of law as aggravated assault.

null

[deleted]

Etheryte

Netflix shows ads to paying customers. We've seen the same playbook across a wide variety of products and services, it's only a matter of time until paying users get milked too.

wat10000

When that happens, I’ll stop saying “just pay for it.” But until it does, I’ll continue paying for YouTube and being befuddled by people who get upset at their ads.

FuriouslyAdrift

I've gone back to pirating everything. I can afford to pay for all the services, it's just the service and content quality has gotten so bad that it's just not worth it. I DO pay for content from other markets (French, Israeli, and Japanese), just not mine.

It's just like vehicles. There isn't a single vehicle sold in my market that I would pay anything for (ok, maybe the Ford Maverick). There's a bunch in other markets (Europe, South America, Asia), just not mine.

timmg

> I've gone back to pirating everything. I can afford to pay for all the services, it's just the service and content quality has gotten so bad that it's just not worth it.

If the content is so bad, then why the need to pirate it?

JKCalhoun

OP said content quality so I'm assuming the streaming is shittier quality than, for example, BluRay quality you might get from torrenting.

FuriouslyAdrift

I stick to old stuf from the 1930s to 1990s

I will say the Criterion Channel is excellent and I do subscribe to them.

lordleft

I've started reading a great deal more. I'm tired of wrangling with my entertainment.

selykg

I started reading a great deal more at the start of the pandemic. I've kept it going since and it has been a real boon. I also switched back to physical books because I actually own them..

cookiengineer

I can recommend "minitube" [1]. It's super minimalistic, and requires you to actively search for things to find them. No ads, no feeds, no short videos, nothing - just playlists for search terms. Uses yt-dlp and mpv behind the scenes, so it's using less than 5% CPU on my small Intel NUC machine, too.

I can't stress enough how it is soooo much better in terms of what type of content I consume now. Mr-Beast-cutting-style dumb videos ain't stand a chance to get my attention now.

Ironically, the author built it to be a children-safe environment to consume YouTube.

[1] https://flavio.tordini.org/minitube

42lux

Choice is a luxury for most.

ajsnigrutin

The problem is, that there is no alternative yet for that.

Movies are not an issue, there's piracy, music is not an issue, there's piracy, books are not an issue, there are libraries... and piracy, but youtube is still limited, and the only way to avoid the ads is to buy another device (computer), thus turning pretty much any smarttv (with features you paid for) into a dumb display (that you mostly cannot even buy anymore).

acdha

The alternative is paying for things you like so the people who make them can continue doing so. If you don’t think YouTube is worth paying for, it might be a good idea to reconsider the amount of time you spend on it or whether you want to help promote it.

davidcbc

> but youtube is still limited, and the only way to avoid the ads is to buy another device (computer)

YouTube premium is cheaper than another computer and works on all devices.

x187463

It's crazy how that option completely evades many people's reasoning on the subject.

ajsnigrutin

But you still get in-video ads ("this video is sponsored by shadow raid vpn"), that (on a computer) you can skip with sponsorblock.

timcobb

Alternatives:

- Not consuming exploitative entertainment

- "Piracy"

JKCalhoun

I like the download-YT-content-locally then play. A project hit the front page recently that used yt-dlp to more or less do this.

alistairSH

Piracy isn't an alternative - it's illegal/immoral.

But, the good news is there are two alternatives for all of the above... pay for the content. Or, don't consume the content.

timcobb

"Piracy" of digital goods is an oxymoron... I don't think it's immoral. If you pay publishers, the creators don't get paid. And about the legality, well, just ask Meta what they think about torrenting.

EDITED for tone.

ajsnigrutin

Piracy offers the best service there is. You used to be able to buy DVDs, vhs tapes, etc., and you'd get the media, and even then you had to sometimes fast forward through ads.

Now, it's impossible to buy media in many cases, even if you click "buy", it might be gone after a month, because some contract somewhere expires, there are ads even in paid plans, there are limits, to what I can do with that media, and more and more services require you to continue paying for content you already "bought".

When they fix the "buy" button to actually mean "buy", and when they remove ads from "no ads" plans, i might reconsider. Until then, they're not getting any of my money anyway, piracy or not.

metabrew

I would love to pay for youtube premium, but i have a google workspace/apps/own-domain/whatever the hell they call it now account, and loads of stuff (like youtube premium) isn't supported.

neilo40

I had that issue. I just created a new account solely for YouTube

Havoc

Same. It’s wild that Google can’t sort that out

carlosjobim

Make another account.