Open rsfinlayson opened 5 years ago
Facebook has complex phishing protection and it won't be easy to work around this. I'd recommend using --cookies
with an export of your Facebook cookies.
Would it work to use "App passwords" or whatever the English version of facebook calls it?
Apparently I cannot login with an App password through youtube_dl if I create one (using Git version 25b83c2a0e29c75372f0ce26d2b4ecf493e8b28c on Fedora 30), I only get (note the URL is made up):
[debug] System config: []
[debug] User config: []
[debug] Custom config: []
[debug] Command-line args: [u'--no-call-home', u'--cookies', u'cookie_jar.txt', u'--username', u'PRIVATE', u'--password', u'PRIVATE', u'--verbose', u'https://www.facebook.com/some.friend/videos/1237891234567890/']
[debug] Encodings: locale UTF-8, fs UTF-8, out UTF-8, pref UTF-8
[debug] youtube-dl version 2019.05.20
[debug] Python version 2.7.16 (CPython) - Linux-5.0.16-300.fc30.x86_64-x86_64-with-fedora-30-Thirty
[debug] exe versions: ffmpeg 4.1.3, ffprobe 4.1.3
[debug] Proxy map: {}
[facebook] Downloading login page
[facebook] Logging in
WARNING: unable to log in: bad username/password, or exceeded login rate limit (~3/min). Check credentials or wait.
[facebook] 1237891234567890: Downloading webpage
[facebook] 1237891234567890: Downloading webpage
And since the video is "for friends only", no joy.
Pidgin (purple-facebookchat) can use app passwords... but seems I need to use the "real" facebook password for youtube_dl.
Locked out because of this and now it won't let me unlock it because "Sorry, this feature isn't available right now"
Just happened the same to me when trying to download a video that required --username and --password params. The video downloaded fine. But 20 minutes later I got logged out from the browser. Now it ask for a password or social security id scan youtube-dl version: 2020.01.15
Exact same issue here, and to make matters worse, Facebook's system for unlocking an account locked this way is broken and you have to use other resolution methods.
Are any of you using Facebook over Tor and the .onion address? That could be part of the problem. I think the cookie idea is probably the best way to deal with this problem AND to keep transport the same (proxy via socks5 Tor or not, but be consistent).
No, this was over a vpn.
I was connecting straight to Facebook. I'll try the cookie trick next time.
Same here, straight to facebook (no tor, no proxy, no vpn), always used cookies (it's a private video) downloaded with cookies.txt, tried both with the same cookie and with a new cookie every time after a fresh login. After a couple minutes it locks me out, asks to change password etc. And it goes on for days locking me out several times saying someone might have used my account.
Any idea?
Cookies used to be a good workaround. But they don't work anymore - after just one cookie use, Facebook locks me out right away. I think they found some way to detect youtube-dl, and we need to innovate to stay one step ahead.
Bump, have the same issue, with both username and password and with the cookies method. Though the cookies method seems to give more time before you get locked out.
I’ve run into this issue, also, over the last couple of weeks. I have to use my Facebook login credentials to download videos (I didn’t have to do this before, FB must have changed something) and then FB locks my account after successfully downloading the video. I’ll try the cookies suggestion next time to see if I have any luck with it...
I'm still getting locked out :(
soon afterwards, Facebook locks my account
straight to facebook (no tor, no proxy, no vpn)
after just one cookie use, Facebook locks me out right away
Just guessing here:
Without cookie, fb will probably detect headless login pretty easily (fake-useragent and such will probably not be enough to prevent this).
With cookie exported from your real browser, fb will probably detect headless login pretty easily (e.g. embedding browser signature in the cookie, and cross-referencing the use of that cookie server-side with some delay -> lock).
There are probably many more detection techniques they can employ...
One way to make it really hard for them, is by actually using a headful browser to get the page source:
I'm pretty sure that like this they will have no option but give you a fresh cookie and register this new 'device' as trusted.
Might not be a viable option for this lib due to their size (?), but just want to coin frameworks like playwright that can achieve this 'real user' like flow.
Hi, just wanted to let you know that the procedure below works fine to me:
https://webapps.stackexchange.com/questions/58690/how-can-i-download-non-public-facebook-video/92332
Using the parameter "add-header", and add my cookies.
But the weird thing is that this is only if I use youtube-dl version 2021.03.03. With the most recent version (2021.04.07), however, I am still getting kicked out from Facebook! So seemingly something has been changed to its detriment, in between...
I also experienced this issue and I think I would be bothered to read this entire discussion, but I think I have the idea of it. I think I should stick with inspect element for now.
Please follow the guide below
x
into all the boxes [ ] relevant to your issue (like this:[x]
)Make sure you are using the latest version: run
youtube-dl --version
and ensure your version is 2019.01.24. If it's not, read this FAQ entry and update. Issues with outdated version will be rejected.Before submitting an issue make sure you have:
What is the purpose of your issue?
The following sections concretize particular purposed issues, you can erase any section (the contents between triple ---) not applicable to your issue
If the purpose of this issue is a site support request please provide all kinds of example URLs support for which should be included (replace following example URLs by yours):
Note that youtube-dl does not support sites dedicated to copyright infringement. In order for site support request to be accepted all provided example URLs should not violate any copyrights.
Description of your issue, suggested solution and other information
Downloading videos from Facebook (with --username --password ) works OK, but soon afterwards, Facebook locks my account, saying:
"We’ve detected suspicious activity on your Facebook account and have temporarily locked it as a security precaution. It’s likely that your account was compromised as a result of entering your password on a website designed to look like Facebook."
This requires me to change my Facebook password each time this happens.
It appears that Facebook is somehow detecting youtube-dl downloads, and flagging them as 'suspicious'.