YouTube Fisher and online privacy.

Sep 15, 2013 at 5:12 PM
I am putting together a series of articles about protection of online privacy / anonymity. YouTube Fisher has interested me a great deal but I haven't found any info as to what protections it offers or vulnerabilities it suffers.

Normal YouTube viewing requires Adobe Flash, which is widely regarded as weakening measures aimed at privacy and anonymity. YouTube's HTML5 version is still in development.

I haven't held any illusions that YouTube Fisher is allowing me to download vids beyond the watchful 5 eyes of the NSA. But is there a way to configure YTFisher to run through Tor, which might make this possible?

The biggest concern is that a user could be communicating anonymously through Tor and other safeguards, and if he should download a vid could have his identity inadvertently revealed.

For this reason I'm inclined to advise people to line up several YTF windows and download them all at once while doing nothing else online which requires privacy.

Please share any insights you can. Much appreciated.
Developer
Sep 16, 2013 at 4:02 PM
I'm not sure what exactly you're looking for; I mean if you've got a specific question or looking for specific piece of information.

What I can tell you it that YouTubeFisher doesn't depend on any browser and doesn't require Flash to be installed anywhere. You can look at the source code to understand better, but YouTubeFisher just uses .Net DownloadString and WebClient classes for what it does.

The mentioned classes use your available internet connection and they don't provide any special layer of protection or so; finally if you reached YouTube servers they will know who you are and where from did you come.

I don't know how Tor works; if it's transparent to the clients, then YouTubeFisher will work with no issues (just an assuption), but if Tor requires some setup here and there then you need to test that yourself.

In short, YouTubeFisher just does HTTP requests to YouTube server, and HTTP by itself was not designed with security and privacy in mind... if you want that you need to implement your own protection layer or use other external tools.

Hope that helps
Sep 17, 2013 at 5:37 AM

Thanks for taking the time to respond. Your information was helpful.

I think if YTFisher sends regular http requests then this is susceptible to man-in-the-middle attacks, as well as the website itself (Google) knowing your IP address. It's what I thought but helpful to have that confirmed.

Tor is meant for regular browsing but there may be a way to channel YTF through it. If so people could download videos freely without much fear of Google recording your every download.

VPNs should offer some protection but some governments may have ways of cracking these connections.

It's worth considering these issues considering the lack of privacy on the internet today.

Cheers,
Ray

On 2013-09-16 22:02, TheBlueSky wrote:

From: TheBlueSky

I'm not sure what exactly you're looking for; I mean if you've got a specific question or looking for specific piece of information.

What I can tell you it that YouTubeFisher doesn't depend on any browser and doesn't require Flash to be installed anywhere. You can look at the source code to understand better, but YouTubeFisher just uses .Net DownloadString and WebClient classes for what it does.

The mentioned classes use your available internet connection and they don't provide any special layer of protection or so; finally if you reached YouTube servers they will know who you are and where from did you come.

I don't know how Tor works; if it's transparent to the clients, then YouTubeFisher will work with no issues (just an assuption), but if Tor requires some setup here and there then you need to test that yourself.

In short, YouTubeFisher just does HTTP requests to YouTube server, and HTTP by itself was not designed with security and privacy in mind... if you want that you need to implement your own protection layer or use other external tools.

Hope that helps