-
Notifications
You must be signed in to change notification settings - Fork 541
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(Feature Request): Count extension user dislikes #109
Comments
It could also estimate actual dislikes based on that, just take the ratio of yt api likes (which will hopefully remain public) and extension likes and solve for the unknown yt dislikes by assuming the same ratio between extension dislikes and yt api dislikes. |
It does not have to be an oauth integration. Any Sybil resistance method would work, e.g. scraping user data to ensure someone is logged in. Also, undisliking would have to be taken into account, which would require scraping the user's dislike state from the page. |
whats a Sybil resistance method? |
That basically sound like client side security... |
I do not think they will leave the like/dislike ratio in there as you could actually just calculate it from the likes * ratio. |
Whatever mechanism is chosen, it should optimize for accuracy and low API server load for good scalability. This extension will probably be used by tens of millions of people, so the server-side overhead should be minimized where possible. If accuracy/Sybil resistance can be accomplished without the oauth overhead, it would be beneficial. The more work that is done client-side, the more scalable the system will be. I'm not entirely familiar with the API used by Google/ThemTube, but the ideal system would be for the client to use some authenticated result from the API that is easy and quick for the server to verify. |
Yes, extensions can read & edit cookie data. And, I am against using cookies for identification. Even better way
|
this will still not prevent users from spamming the endpoint. It can be easily exploited by scraping millions of channel IDs and sending them to the server. They are not unique nor authenticated, anyone can grab a random channel ID, hash it and start a dislike storm against a video. So the only options I see for having unique, authenticated, youtube api independent dislikes:
My personal preference would still be google oauth because extension maintainer will not need to maintain user data and they are hard to mass-create. Also, most people on youtube will have a google account anyways so it kind of makes sense. I am also not sure if a dislike history would be that useful, but as that seems not too hard to implement, why not |
(I was going to append my previous comment with this) All of this👇 makes only makes sense if using OAuth is not possible (otherwise - ignore it) By "cryptography magic", I meat, whichever way to generate, store and send keys. That even includes - if a cookie is required by the extension to store this database. Aim of "cryptography magic":
If the ID is to be made more anonymous (might be a bit overkill)
|
Ok, lets use hash of channel with cookie hash Anyways OAuth is better. |
Some pages are only accessible to channel owner. An inconvenient idea is to ask user to make a private video/playlist & verify if that is accessible. Maybe, a combination of all of these can be used
Can the owner of this repo confirm, if its possible to use OAuth for long. |
How would you verify a cookie hash? It could be any made up string put into a hashing algorithm, channel IDs can be scraped and how are you going to verify that the settings page is actually accessible? The client could just lie about it, except for when you send an unhashed session cookie to the server for it to verify it.
|
My initial idea was to use cookie hashes for verification once the user is registered. ⚠ I am temporarily ignoring
Here is my incomplete plan for registration-
Now for Verification part (after registration), I have 2 options:
For verification for ownership before registration & before signing-in - check (I am not sure how):
Notes:
|
So the missing bit is some sort of information that can be used for verification and is only available to the user logged in, but is also not confidential. I have one idea that may be relatively non-complicated to the end user: Ask the user to change their account name temporarily to something with a verification code send by the server:
Those endpoints should be extremely ratelimited to prevent bruteforce |
related: ajayyy/SponsorBlock#1039 (comment) |
Maybe yall would be interested in https://gun.eco ? It's a decentralized database that would be perfect for this situation. |
I think the best idea is to go with Google OAuth for authentication and this project might also be a good candidate for AWS Lambda backend? Serverless should scale well without too much hassle setting up. |
AWS Lambda and Google OAuth both are not free.
|
That's a good option & if user permits,
Problem:
That leaves us with 1 question: (or should we use the ability of making private/unlisted playlists instead?) |
That's a good option |
Instead of changing username, lets use Channel info for that purpose (after user permits). |
So the process should roughly look like this?(👇 for registration and subsequent sign-ins)
(👇 only for registration/sign-ups)
After that, we have many ways to verify the user. I think instead of relying on any one, we should use a combination of these. |
This would be fairly easy if one of the exposed Google auth APIs created a JWT signed with a private key (edit:
At this point, the client has a token that can be verified by the server as authenticating that user, and the database does not have to store any auth data throughout the entire process since it is all handled by encrypted tokens. The tokens would be unforgeable without compromising the key(s) stored in the server environment. As for the hashing scheme, I do not understand its purpose, so I cannot comment as to whether or not it would work. It seems like an unnecessary complication. If the goal is to optimize privacy for further API actions, then the channel ID can be included in the final token in a hash form rather than in plaintext, and even then the token will only be decryptable by the API server. |
Yes, using channel hash was for privacy. Your method is really good, |
I had these aims in my mind for the process:(& I have added some)
Feel free Add More and subtract |
@sy-b :
I don't see why we would want to do that on every sign in. Why not just create a very long lasting JWT (which contains a userid) and send that to the server every time? |
Iirc, when Dr. Adam Back invented hashcash, he made the difficulty parameter tunable to adapt to increasing computer power and network utilization. Perhaps instead of authenticating users, we just need some metric for adjusting the proof-of-work difficulty to throttle clients as an adaptive way to combat spam, lowering the difficulty after the spam attack/high throughput period ends. |
it's technically correct, but I doubt if it's effective against any dedicated attackers. |
|
what about using captcha?
does that mean a call is counted even if it fails? That would be stupid
|
Yeah, that was one of the suggestions
Might reduce vote submissions. Users prefer "hassle free" set up.
👍, but I would like the default to be "On". Captcha surely raises the bar, but well committed adversaries can simply use Captcha solving services . |
Or we can self-host this https://github.com/ericwang401/captcha
(not serious; repo link edited; actual link https://github.com/ericwang401/chess-captcha)
|
@sy-b your link is messed up |
yeah 😅 |
Could also just make a custom proof-of-work system with tunable parameters. JavaScript is a pain in the ass compared to python, but could do something like this without too much development effort. It would be ASIC resistant in the sense that it can be made memory-intensive, and in the sense that if someone developed an ASIC, it could be invalidated by incrementing the tuning parameter. |
👍 Assuming that we are going to implement just enough defenses, this can be fine. Maybe we can stack multiple solution on top of each other. |
from: https://softwareengineering.stackexchange.com/a/115120
|
Two ways of registration --
Now I've gotta learn chess. How? More youtube videos? |
What if you could verifiably get the API response without getting user credentials? |
Imagine if we make an app for creators which periodically auto-submits dislike data while running in the background. Can we get top 67% of creators to use it? If creators themselves submit their data, then there's hardly any point of using users' data. This can reduce the "dislike bombing incentive" (on RYD's DB). |
Not sure what you mean?
That would be great. Add a flag/attribute: IsCreatorDataPresent
You can't create a culture.* You can't even get 20% of the people vote on the same issue. You can't even get 20% of the people to care about to vote. * unless you plan to become a cult leader. |
Remember that TLS modification method? We should be able to use that for dislike button. The basic idea:
Benefits
Drawbacks
🤣For some reason this exists: "Save the world"?!? 🤨 |
For those who don't know / can't remember/find the TLS modification method: 2 variants were suggested The discussion starts from here @SyntaxBlitz's variantexplanation starts from here https://discord.com/channels/909435648170160229/912841275974234122/926315380270571531 His first post: TL;DR - My Variant(This is the summarization as posted on 30 Jan 2022) Aim: Ask the client to get the data and submit it to RYD but make sure that the client doesn't modify it. Note:
For TLSv1.3 RYD --> Client : Sends 'client hello' to the client for the YT server Client --> YT : Sends the 'client hello' received from RYD to YT YT --> Client : Responds with 'server hello' Client --> RYD : Generates a key for symmetric encryption (optional). Sends the response and the key (optional) to RYD. RYD Server : Verifies (using certificates) that the response is from YT. Calculates the symmetric key for YT (I'll refer to it as YT key). And uses this along with the client's key to generate a unidirectional proxy re-encryption key. I'll refer to this as PRE key. This PRE key can only re-encrypt ciphertext encrypted with the client's key. RYD --> Client : Sends the RYD key to the client. Client : Generates the request using the creator's API key. Encrypts it with the client's key. Re-encrypts it with the PRE key. Client --> YT : Sends the encrypted request to YT. YT --> Client : Responds to the requests. Client --> RYD : Sends the response to RYD. RYD Server : Decrypts the response with the YT key. Done! If you missed this:
Important NoteThese posts have not been updated. |
using this I do have some ideas, but I am unable to aggregate enough time. Maybe I can in somewhere between September & October. |
The idea is to use established hash algorithms to derive pseudorandom data which applies operations on other pseudorandom data, then hash the result. As long as the hash algorithms used to generate the pseudorandom data are secure, then the rest follows logically without requiring cryptography experts. The wrinkle with my proposal is that SubtleCrypto provides just 4 hash algorithms from 1 family, so it can't be as ASIC resistant as the python version with 8 algorithms from 4 families. It is also worth noting that YT is not very good at preventing spam accounts. Idk if anyone else has been on YT recently, but every comment on every video gets a response from a spam bot account. Whatever YT is doing is clearly not enough, so I suggest adding hashcash to the system on top of whatever YT-specific system is used. Comment spam and dislike spam are not mechanically identical, but the logic is. |
I did end up posting a more in-depth explanation of the TLS shenanigans method (and something resembling a proof-of-concept) here: https://github.com/SyntaxBlitz/yt-dislike-fetcher |
Another idea - What if we use the hash of userID in |
Privacy Paranoid Folks might say - "You collect the videoID, then YT's userID and you also have hash of our IP address. Which means you know what we are watching!" |
You can't have it both ways. Dislike is user data. Voting is providing user data. The flow of information doesn't disappear no matter how you change the method. |
Possible solution: We can send |
Tor is okay for polling, but voting is vulnerable this way. How can you tell a user from a sweatshop monkey? |
Can you explain? |
Honestly, when this extension moves to anything other than straightforward HTTPS requests from my computer to the API server, I will quit using it. It's not worth risking my digital security against strangers on the open web just for some youtube videos. I'm only watching certain subscribed channels and occasional very focused searches, and no new channel subscriptions for a while. I don't care too much about like/dislikes anyway. |
No description provided. |
Extension or Userscript?
Extension
Request or suggest a new feature!
From my undestanding, right now this extension only fetches data from the youtube api and archives / displays it.
I would suggest adding a extension (dis)like count. So when people connect their Google account and press the dislike button, it will send a request to the backend and show that below the normal like / dislike ratio.
Ways to implement this!
This could be implemented by using Google OAuth to make sure users don't spam the dislike endpoint.
Then you just add an event listener on the like / dislike buttons and send an authenticated request to the backend. Below the yt like count you just add another like / dislike ratio (maybe just a bar that shows the values on hover, but that is a design thing.)
Can you work on this?
The text was updated successfully, but these errors were encountered: