search

boidushya / better-lyrics

Better Lyrics for Youtube Music - Enhance YouTube Music with beautiful time-synced lyrics, multilingual support, real-time translations and more ✨
https://better-lyrics.boidu.dev
GNU General Public License v3.0
71 stars 6 forks source link

Please open source your lyrics API backend #13

Closed MulverineX closed 2 months ago

MulverineX commented 2 months ago

It's difficult for privacy enthusiasts to recommend/use this extension because your API server is not open source. Also, it would be a good resource for other projects.

boidushya commented 2 months ago

I totally understand your concerns about privacy. While I appreciate the idea of open-sourcing the backend, I don't have plans to do that right now. The API server doesn’t inject any scripts with the data it returns, so it really shouldn’t be a privacy issue. However if you still have doubts, I encourage you to go through the code to see for yourself. I hope this clears things up, and I’m always open to any more questions or feedback you might have.

boidushya commented 2 months ago

On second thought, if more people are interested in this, I'll open source it.

MulverineX commented 2 months ago

My privacy point is due to your backend getting youtube IDs along with each user's IP address. This can be abused for data aggregation, which some people would be concerned about.

I don't have plans to do that right now.

I'm curious what your reasoning is for this?

MulverineX commented 2 months ago

@boidushya bump on above comment

boidushya commented 2 months ago

Since there doesn't seem to be much interest at the moment, I'll be closing this for the time being. If there's more interest in the future, I'll be happy to reopen it. Also reasoning

MulverineX commented 2 months ago

I dont wanna get super deep into it cuz I'm not 100% sure about the DMCA laws here but TLDR , you can assume its some sort of a wrapper around musixmatch

@boidushya

There's low quality DOM scrapers that do this everywhere, and there's a https://github.com/LuanRT/YouTube.js -esque reverse-engineered API client that exists already:

https://github.com/Eimaen/MusixmatchClientLib

IMO GitHub has proven they will protect reverse-engineering/scraping projects as long as they're not attempting to reverse true service DRM or abuse clear mistakes/exploits in API design.

Its not good policy to hold this stuff to your chest like this, you're actively avoiding contributing to the open-source community.

All of this aside, the privacy concern is still real here, this private API access in your extension is not designed in a zero-trust manner, and lots of users will refuse to use this extension at all because of that.

I do understand why you have built a backend here though, Google doesn't like to keep extensions on the store that use scraping techniques.

Tortillas-IT commented 2 months ago

Yeah, i'm a bit concerned about your API server, too i agree with @MulverineX to ask you if you can open source your API backend.