They always could. What appears to be happening is that channels now have the option to turn on “a switch” so that content wont play if a VPN is detected. Most VPN ip addresses are well known, because they arent a secret. Everyone who uses the VPN goes through it.
If you come across the above message, its because the content creator turned it on. I had it come up with “stick to football”. Its the only thing that it comes up with. I just unsubbed and wont watch anymore. Im not turning off my VPN for anyone or anything. Id rather just go with out. I encourage all of you to do the same.
You could probably just record the users ID and it’s IP address. IP addresses that see a lot of different user IDs are either VPNs, companies or universities.
Another thing that only very large companies can do is see the response time and compare packet size from different servers to narrow down your location, effectively defeating the VPN in a lot of cases.
Hypothetically, a specific amount of bytes gets sent to server B, response time indicates it was received 300 miles away which matches the response time of going from Server B to Server A where the user lives.
Of course it’s still important to use a VPN, if only because those big companies don’t want us to.
The latency to your VPN server is a constant added to the latency between your VPN server and whatever servers you are connected to. As long as the user’s VPN service doesn’t use different VPN servers for different destinations, it is impossible to determine the location of the user behind the VPN based on latency, and in general it is impossible to determine how far a user is from their VPN server because of varying latency introduced by the user’s own network or by bad infrastructure at the local ISP level. You can only know how far they aren’t based on the speed of light across the surface of the earth.
But, without a VPN, this is a real attack that was proven by a high school student using some quirks of Discord CDNs. Even without using Discord’s CDNs, if somebody wanted to locate web visitors using this technique, they could just rent CDN resources like nearly every big company is doing. Of course, if you have the opportunity to pull this off, you normally have the user’s IP address and don’t care about inferring the location by latency. The reason why it was notable with Discord was because the attacker was not able to obtain the victim’s IP address.
You say what I described is impossible but it’s been demonstrated by researchers such as “CPV: Delay-Based Location Verification for the Internet” by AbdelRahman Abdou with the Department of Systems and Computer Engineering, Carleton University Ontario.
Furthermore, on top of that method, if a company has access to data from servers in multiple places along the chain between endpoints, then they can see that a series of packets of specific size are traveling in a specific direction, narrowing down the location of the other endpoint. A company like Amazon, whose AWS servers make up almost 30% of the internet.
One of the more convoluted methods to defeat this approach was to simply add more stops along the chain, fragment the encrypted data into multiple parts, and pass it along random paths to the endpoint. I believe, but I could be wrong, that Tor utilizes this method. The problem with that is: it’s slower.
This…sounds a bit like bs. Can you share a more detailed writeup? At best you could get a radius, but that wouldn’t really be helpful
I imagine they could compile large datasets of ping times and server locations and do some extrapolation. I don’t think it ever goes past a best guess but they’d have an idea (if what this person said actually happens).
Companies dont really need to know where you are. They just need to know where you aren’t. If you are not within a certain threshold of response time to certain cdn servers, then its reasonable to assume that you are outside their contractually obligated broadcast region.
Yeah there was a cool paper on Delay Response method by AbdelRahman Abdou with Department of Systems and Computer Engineering, Carleton University called “CPV: Delay-Based Location Verification for the Internet”.
The other method I mentioned, checking packet size and general direction, would require accessing data along multiple stops before reaching the other endpoint with which to compare the sizes of encrypted data packets and use that to identify what is traveling where, which either has not been demonstrated or the companies utilizing it haven’t admitted to it, yet. It’s not a stretch to think it’s happening, though, with massive companies like AWS and CloudFlare or telecom giants like AT&T.
Or they are just home users behind a CGNAT, which more and more ISPs use.
And even if they aren’t, home users usually have dynamic IPs, meaning it can change.
VPNs aren’t hard to detect, especially if you’re using a major service.
100% this, I work in cyber sec and it’s very easy these days for services to detect this.
What about TOR browser?
That’s even easier. The list of exit nodes is public.
Feel sorry for the guy in the datacenter using Netflix on his brake.
Must be hard to see all the way down in the foot well.
using Netflix on his brake.
Offering Xzibit some new ideas
Yo, we heard you like watching Netflix on your break, so we put big screen tvs on your brakes so you can watch Netflix on your brakes while on break.
Oh, so what they’re really saying is that a platform owned by GOOGLE has trouble FINDING the best content?
Everyone knows.
If you find what you’re looking for the first time, they can’t serve you as many ads.
Can’t argue with that, there goes my oneliner 🤣
It’s time to switch to Newpipe or Invidious, YouTube clients focused on privacy, without adverts and without Google’s clutches.
Been trying out Invidious lately. Nice stuff if it is not down for a reason or two.
Oh! Speaking of a devil. It is down right now!
I haven’t used Invidious, but I’ve never had.an issue with PipePipe being down.
newpipe won’t work for much longer. Google is mandating android apps be signed by them, and you can sure as shit bet that newpipe, which eats into their profits, ain’t gonna get signed
Oh no! I’ll miss you, Newpipe.
This isnt new. Its been happening for years. There is a post about this on lemmy every few weeks. It just doesnt happen consistently, so people always think that they “discovered” this for the first time.
But this is even dumber than before, you can’t even login to bypass. What about people living in a country where youtube is blocked. I guess Google just says “fuck 'em”?
What about people living in a country where youtube is blocked. I guess Google just says “fuck 'em”?
Yyep.
If you’re using a VPN, you’re likely anonymized and not directly making YouTube any money. Those are leeches, as far as a Google accountant is concerned.
They said logging in doesn’t make it go away. Being logged in means they can already track you, so this is pretty ridiculous of them tbh.
Being logged in means they can track what you watch. Being logged in via a VPN means they can’t track your location.
Literally valuable information.
I guess Google just says “fuck 'em”?
Yes, 100%, absokutely correct.
Google is a company.
Companies do not care about you. You are not a person, you are a number.
Google is a
companymulti-billion dollar corporation.CompaniesMulti-billion dollar corporations do not care about you. You are not a person, you are a number.(Well ok, there is plenty of small business who also don’t care about you, that’s not my point).
Probably part of the age verification bullshit
I see. I havent had a Google account for like 8 years, so i didnt notice the difference.
A few days ago I gotta message from google saying they “can’t verify my age” (meaning they want gov ID I’m sure) so I’m forced to use safe search and other stuff too.
Fuck. That!
Why is YouTube blocked?
Free access to “radical” ideas doesn’t bode well with conservative governments.
Authoritarianism.
The real highlight is the contradictory text.
To continue, turn off your VPN/Proxy. This will allow YouTube to locate the best content".
“We refuse to serve you anything other than the best ‘located content’.”
A fat lie. Combining refusal with the completely unrelated supposed service improvement of location-based content. To disingenuously sound like they’re doing you a service.
The “best content” being ip-located ads, probably.
probablyTIL ads are content!
Listen at this point, we either re-upload our favorite creator’s content to other platforms. Convince them to join alternatives or help out *their replacements" on those alternative platforms to grow.
Either way I do not respect content-creators that do not support alternative platforms (& decentralization) on principle
Listen at this point, we either re-upload our favorite creator’s content to other platforms. Convince them to join alternatives or help out their replacements on thise alternative platforms to grow.
I am with this, tired of using a yt frontend to watch videos (sometimes real website), and no reuploads nor have alternatives.
I vote for all of what you said
I mean… detecting (some) VPNs is as trivial as
fetch('https://github.com/NazgulCoder/IPLists/raw/refs/heads/main/output/vpn-ipv4.txt').then( res => res.text() ).then( res => console.log( res.includes( "1.2.3.4" ) ) )thanks to https://github.com/NazgulCoder/IPLists/
FWIW though I did try, connected via a random VPN from ProtonVPN from Argentina… and it wasn’t in that list. So it’s not perfect. Also ProtonVPN has apparently today 13K servers according to https://protonvpn.com/vpn-servers
That being said I can imagine that Google, which is literally built on crawling the Web, has all the infrastructure and expertise needed to have such lists and up to date ones.
I’m not justifying blocking VPN here, only trying to clarify that unless you self-host in a rather specific setup (i.e. not relying a popular cloud provider but truly self hosting) it’s technically not hard to block VPNs.
Understanding is the first step to fighting draconian policies.
Yeah, detecting the VPN isn’t really difficult at all. VPN providers sometimes try to cycle through IP addresses to make it harder, but there’s only so much they can do.
This isn’t really noteworthy, especially when you consider how many services require a sign in when you’re on a VPN anyways. It’s shitty, but not really surprising; They want to be able to tie your traffic to you, not just to a random VPN server. Hell, even without signing in, they probably have your browser fingerprinted. If you’re privacy focused, you probably have a lot of privacy based extensions, in a privacy based browser. And that makes you easy to fingerprint.
“This will allow Youtube to locate the best content” 🤡
It’s so insulting they add flavour text like this as if to call you a fucking moron to your face
“We know what’s best for you”
It seems like most people will believe any technical-seeming message shown to them.
But I don’t want the best content.
I want the old YouTube
When I see content blocks like that anymore, I just leave the content behind and go elsewhere. Malicious companies will not get my clicks. They can fuck right off.
Good sign though, means they are getting desperate. It is our duty to starve them of traffic.
Sure, but there are also lots of other ways around it. Non-chrome browsers (or Chromium-based browsers) still allow for good extensions that can block YouTube ads.
Firefox + uBlock Origin still works great, even when all the front-ends are broken.
My ISP has started throttling YouTube to ~2mbps when viewed from desktop. Using a VPN gets around this and lets me watch in HD. Luckily I’ve not encountered this error yet, but if I do I guess it’s no more YouTube for me, 480p is just way too blurry to put up with.
Why would your ISP do that?
They’re 5g based, so I suspect it’s within the terms of service somewhere that they can limit the streaming quality? Historically I’d only ever noticed deprioritization, never a hard bandwidth limit.
Rip net neutrality
I wonder if there’s any workaround besides VPNs like changing DNS or something?
Phone->revanced
Smart tv->smart tube next
I don’t ever watch YouTube on my laptop but I’m sure there are utilities available.
Revanced is only in android right?
I think so. Only apple product I ever had was an iPod, so I’m extremely unfamiliar with their ecosystem.
youtube sucks ever since googol bought it. I cannot believe people still use it.
This happens via simple lists of IP addresses, no? I.e. the VPN has a limited number of exit IPs and once it’s known who they belong to, they’re easy to block?
Yeah, it’s pretty trivial to do, and it’s honestly surprising it took YT so long to do it.
Well, they need to make sure the right people are watching the right propaganda.
They lobby both parties, people are just talking about the Trump donations now as he is currently in power
That only covers political donations, not outright payoffs.
If money is speech, what is a company “saying” when it donates to both parties?
