-
-
Notifications
You must be signed in to change notification settings - Fork 563
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Website] The "invidious (dot) snopyta (dot) org" embeds are broken (Error 403 - Forbidden) and are causing "suspicious" behavior. #1177
Comments
https://invidious.snopyta.org/embed/mVVP77jC8Fc and https://invidious.snopyta.org/embed/nzZ6Ikc7juw seem to play fine for me. Maybe there was an intermittent issue? |
The links, when visited directly, do seem to work, but the embeds are what's broken. Here is a urlscan result from just now: https://urlscan.io/result/b3d59b45-adab-44e5-bf7e-93626ea06bce/#transactions (The two embeds still have the error 403) This matches what I am seeing on my side, embeds not loading, 403 errors and the problem with it trying to download the embeds as files on iOS. |
The embeds work fine on three devices I used to quickly test them. Perhaps there's some geoblocking ongoing? I'm not sure... |
US: https://urlscan.io/result/d674c5d9-c11c-4cbd-89b2-b682e367f81d/#transactions Japan: https://urlscan.io/result/d674c5d9-c11c-4cbd-89b2-b682e367f81d/#transactions UK: https://urlscan.io/result/1c0282a0-f290-460d-a99c-41c8ab6bf0b4/#transactions Germany: https://urlscan.io/result/b3d59b45-adab-44e5-bf7e-93626ea06bce/#transactions Spain: https://urlscan.io/result/aff06caf-0c51-4c8e-ab92-a7d8fe154e2a/#transactions All show the embeds failing with error 403. Furthermore, https://www.browserling.com/browse/win/7/chrome/92/https%3A%2F%2Fappimage.org : Definitely looks more like a "geo-whitelist" if it works for anyone. |
Went on the site today and I’m having the same issue with it prompting me to download files when I’m on my iPhone with Safari. When on my computer I don’t get any such prompts, but as described in this issue the embeds don’t work and I get 403 errors. Just wanted to confirm that this is still an issue that also affects others. (I’m visiting the website from Sweden btw if that were to be related) |
Apparently that snopyta thing is limiting traffic. I think we should just go back to using YouTube for now, maybe using: https://www.youtube-nocookie.com/embed/nzZ6Ikc7juw @TheAssassin wdyt? |
It's not a "snopyta thing". This is just a public and very stable instance of Invidious. Within the EU legislation, all these embeds would require consent from the user, since in any case, data is transferred to the provider. Using a significantly more privacy friendly alternative instead of YouTube is not a replacement for this legal challenge (which should be solved). But at least it is significantly better than embedding those YouTube links, and I'm sure people won't file complaints as easily as with direct YouTube embeds. You might just pick another instance (https://docs.invidious.io/instances/) or use an alternative project like Piped. Alternatively, you really need to implement some kind of consent mechanism. A self-hosted Embetty instance might work for this purpose. For the record, if JavaScript is not available, all the embeds should be disabled (something Embetty can do in combination with a |
By the way, I've never seen any of these embeds fail, and I use a variety of hardened browsers on a variety of devices. Invidious instances occasionally fail (I'm sure the uptime is well above 99% for most of them, though). The embeds work fine for me (accessing from Germany using various browsers including Chromium, Firefox, Tor Browser): I can only speculate about the reasons the embed doesn't work for some users. I don't think that the instance we use blocks users from certain countries, but then again, I cannot tell for sure either. If you want to go back to using YouTube directly (which I clearly am not a fan of, but then again, I use Privacy Redirect, and I can recommend this to everyone else...), though, you really have to set up a consent-first system then. |
Relevant lines of code:
https://github.com/AppImage/AppImageKit/blob/website/index.jinja2#L336
https://github.com/AppImage/AppImageKit/blob/website/index.jinja2#L359
I tested it on my own machine and just in case using
browserling.com
and I think it's safe to assume the links are broken for everyone. Edit: Here is the urlscan.io result: https://urlscan.io/result/d674c5d9-c11c-4cbd-89b2-b682e367f81d/#transactionsThe biggest issue is that on mobile (or at least on my iPad using Safari), the website immediately upon visiting, is prompting the user to download the two embeds as files, which seems incredibly suspicious.
I would suggest either replacing the embeds with something else, or at least removing them entirely for now.
Here are the "real" YouTube links:
https://www.youtube.com/watch?v=mVVP77jC8Fc
https://www.youtube.com/watch?v=nzZ6Ikc7juw
The text was updated successfully, but these errors were encountered: