search

iv-org / invidious

Invidious is an alternative front-end to YouTube
https://invidious.io
GNU Affero General Public License v3.0
16.46k stars 1.85k forks source link

Using user cookies (or po_token and visitor_data tokens) to make Invidious functional again #5024

Closed aaferrari closed 1 month ago

aaferrari commented 1 month ago

I don't know if this is already being discussed elsewhere, but while I was reading this comment about the possibility of using Youtube session cookies on an Invidious server, it occurred to me that an option could be added to the preferences where the user can save those cookies for Invidious to take advantage of them (possibly some browser addon or userscript would be needed to extract the Youtube cookies).

That way the internal logic of the server would work like this:

  1. The user makes a request to https://some-invidious-instance.net/watch?v=xxxxxxxxxxx
  2. Does the PREFS cookie (if available) contain the Youtube session cookies? If so, the video page (and whatever else is needed) is requested using those cookies, otherwise the content is requested as usual.
  3. When requesting content without cookies, do you get the error "This helps protect our community/Please sign in to confirm you’re not a bot"? Then display an error page explaining the current problems along with a step-by-step guide on how to get the cookies from Youtube and save them in the preferences.

Another option could be to make an intermediate server that works as a cookie pool from which instances would get a random cookie each time it is needed, although that would require users to send their own session cookies (which could be a potential privacy issue if not done right, plus there is a risk that Youtube will block the accounts to which those cookies belong due to "suspicious activity" or something like that).

On the other hand, instead of cookies you could use po_token and visitor_data as this instance has been doing for the last weeks.

unixfox commented 1 month ago

Invidious already support cookies: https://github.com/iv-org/invidious/blob/master/config/config.example.yml#L163

And already recommend using po_token: https://docs.invidious.io/installation/#generate-po_token-and-visitor_data-identities

We are well aware of the different solutions. I have said in https://github.com/iv-org/invidious/issues/4734#issuecomment-2365205990 that we have not yet any solution to offer but we are working on it.