search

iv-org / invidious

Invidious is an alternative front-end to YouTube
https://invidious.io
GNU Affero General Public License v3.0
16.39k stars 1.84k forks source link

[AGPL Violation] [GDPR Violation] invidious.site is running an unpublished modified source and is using trackers #1456

Closed SamantazFox closed 4 years ago

SamantazFox commented 4 years ago

It could be a good idea to either warn about it on the wiki page, or just completely remove the instance from the list.

Evidence: image

TheFrenchGhosty commented 4 years ago

Thank you.

Instance removed from the instance list.

Rules added to the instance list.

@wapfalls you seem to be the owner: You are currently violating the AGPL and the GDPR, explain yourself, publish your source code, and fix the GDPR violation.

wapfalls commented 4 years ago

@SamantazFox and @TheFrenchGhosty thanks for the heads up. Am not well versed with AGPL & GDPR. Since I noticed few youtube proxies on the web using my instance on their applications without permission, and that is adding heavy load on the instance, I thought of checking the traffic sources, and hence added the analytics code.

Now that I understand it violates rules, I have completely removed those codes. You may check for yourself on the source viewer. Let me know if you want me to produce any other evidence.

Thanks!

GitWaifu commented 4 years ago

does cloudflare hcaptcha violate anything?

Perflyst commented 4 years ago

As long as you don't modify the code without publishing the changes it should be fine. Putting Cloudflare in front is not good for privacy but it doesn't violate any license

TheFrenchGhosty commented 4 years ago

@wapfalls

Am not well versed with AGPL & GDPR.

AGPL require any modification that is done on a software not used for private use, to be published, under the same license with a proper explanation of the change. You didn't do that and kept the modification closed source, without any explanation for users.

GDPR require adding the ability for users to opt-in to the analytics or at least to be able to opt-out. You didn't do that, and the analytics was enforced.

Since I noticed few youtube proxies on the web using my instance on their applications without permission, and that is adding heavy load on the instance, I thought of checking the traffic sources, and hence added the analytics code.

This is a problem on every single instance. You are behind Cloudflare so it shouldn't be a problem for you since Cloudflare should be able to block scrapers (you can adjust the "force" at which Cloudflare filters requests). To check the traffic source: Cloudflare should have everything for you, or your Nginx (or whatever reverse proxy you use) logs.

You may check for yourself on the source viewer. Let me know if you want me to produce any other evidence.

Checked seems clean. Instance re-added.

PS: Update your instance, you don't have the fix for the broken channels.

wapfalls commented 4 years ago

Thanks @TheFrenchGhosty

Will update the instance for the fix.