• Synnr@sopuli.xyz
    link
    fedilink
    arrow-up
    19
    ·
    edit-2
    8 months ago

    You know that ?si= at the end of the YouTube URL that is copied when you share a video from within the YouTube app?

    That’s an individual tracking ID specific to you. So if you’ve ever shared a YouTube video on lemmy, reddit, Facebook, tiktok, or anywhere else without removing that code one time, anyone at Google with access to the ID system can now link you to that account with your real name, IP address and time accessed, device name, etc.

    • JohnnyEnzyme@lemm.ee
      link
      fedilink
      arrow-up
      6
      ·
      8 months ago

      While I see that x10,000 with google links, I don’t recall I’ve ever seen it for YT videos.

      As a google user, what… what am I doing wrong? 😕

      • Synnr@sopuli.xyz
        link
        fedilink
        arrow-up
        8
        ·
        8 months ago

        As a google user, what… what am I doing wrong right?

        Using a browser instead of the YouTube app?

        Unless you’re talking about Google links then yes. Amazon too, along with many other services. There’s a ClearURLs Firefox add-on to remove them automatically.

        But it’s insidious with YouTube because people are much more likely to share YouTube videos on a public forum, and they just randomly started doing it one day.

        • JohnnyEnzyme@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          Using a browser instead of the YouTube app?

          Bingo. I’m using Chrome app on WinX desktop. (and yes, I’m a total idiot who’s taken too long to switch over to FF & linux)

          Amazon too, along with many other services. There’s a ClearURLs Firefox add-on to remove them automatically.

          Cool. Myself, I just manually clear that tracking rubbish in the URL field, but I get that such is way easier on desktop browser.

          You’re using Google, that’s about as wrong as it gets in the privacy space.

          And I’m also using Gmail! :S
          So just for gits & shiggles-- how badly would you say I might be hurt by my foolishness, at this rate?

          @[email protected]

          Btw, Nebula-- are you able to federate back and forth with Mastodon & Lemmy as a single stream? I’d love to see that.

        • Nebula@mastodon.social
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          @Synnr @JohnnyEnzyme what do you mean by right?

          You’re using Google, that’s about as wrong as it gets in the privacy space.

          But OK, let’s say your threat model allows for use of Google in specific circumstances. You should set up your account in an isolated browser container in hardened Firefox, and only use it for YouTube. No other browsing in that container. Use a VPN maybe?

          Then idk sip some more koolaid and pat yourself on the back.

          • Synnr@sopuli.xyz
            link
            fedilink
            arrow-up
            4
            ·
            8 months ago

            User asked why they never see &si= on their links on Android. @Synnr said they may be copying the link from the browser, which suggests they don’t even have the YouTube app installed, as it ‘never happens to them.’

    • TheAnonymouseJoker@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      8 months ago

      I have used NewPipe, UntrackMe and URL Checker for years at this point, and have maintained URL sanitisation practice for probably over a decade. Enjoy the powerlessness, feds. I do not even open YouTube website to watch videos.