>with youtube-dl and vlc, what data am I giving up by using
>that tiny bit of JS used for making URLs readable?

What you've asked is an extremely good question, and the answer should be made absolutely clear: At present, the JavaScript engine does not implement *any* functionality which threatens the privacy or security of the user.

As a member of the security/privacy camp of software freedom myself, this means I have no direct qualms with the current use of JS. However, there are still two reasons that it is important an alternative is developed:

*User choice. Stallman has unequivocally declared his dissatisfaction with the current state of affairs, and so I am sure there are at least a few others who must also be unwilling to accept it.

*The precedent set. Although the current state of affairs isn't too bad, the implication of "functionality over philosophy" made by this and other items of evidence published in the thread linked from the original post suggests it could get far worse if EME takes hold. Granted, that's still hypothetical thinking- but with all major browsers now aboard, how much of a fight do we expect from Alphabet when the never-content producers come knocking.

That said, please be aware external sandboxing is not (yet) needed- the limitations of the interpreter do that inherently.

>The non-free JS is needed, AFAIK.

Not quite. In general, the video signature can be obtained relatively easily just by downloading the page and applying some regular expressions. The exceptions only come from a subset of videos with 'signature encryption' (an unusual form of DRM). These appear to map quite nicely onto the types of media which come with DRM everywhere else- music videos and movies.

Reply via email to