[Discussion] New instances rules #149
Comments
|
PS: while we won't come back on some rules, like the mandatory publication of the source code, because of AGPL license, I want to have your thoughs on ads/tracking, and if you encounter(ed) any difficulties with the previous or current rules. |
|
I think it is paradox to put any sort of tracking/ads/analytics in any instance because I personally use Invidious just to escape youtube tracking. |
|
Tracking should clearly be disallowed since it's against what Invidious stands for. |
@11Tuvork28 Mhh, yeah. Thanks for your input :)
I'd say no. Sponsoring is when a specific company or other organization provides ressources (hardware or monetary) for an instance to run. Similar to what is done with some IRC networks (libera.chat, e.g)
The idea is for us to gather the opinions of everyone. we'll then see if anything has to be changed, e.g if some rules (like uptime) are too strict, or if everyone agrees that analytics (even selfhosted) are bad, we'll change that. |
|
These rules don't really have any effect on my particular instance, so I'm fine with them, and agree with the sentiment of having the instance list curating to the extent of having a baseline for privacy, maintenance, and reliability. |
|
I think it is a big irony to have something like invidious that is meant to get rid of ads and trackers and make youtube user friendly, to then have invidious instances add ads and trackers. I mean probably they should be allow to do anything they want with their instances, but for the official invidious list would not be a good idea to let such instances on the list. I want to escape youtube's ads and trackers and use invidious to then see other kinds of ads and get tracked!? As for "sponsored by" that's still an advertisement regardless of the intent. I agree that's less aggressive than other forms of advertisement, but I think I am old enough to realize that such ads will never be just that, they will morph and become more aggressive. But overall I think is a good idea to not let ads and trackers on any instances on your official list. |
|
One last point, I think is unfair to remove the ads from my youtube videos via invidious, to then advertise your stuff while people watch my videos. Even "sponsored by" at the top of the page when people come across my youtube videos, I think you are using my content to make a profit, be it monetary or get free hosting or whatever. This may be a great reason for youtube to say that invidious is profiting off of youtube's content and servers. But if you are purely a platform that removes ads and trackers, then you are like an ad-blocker, and not an ad-blocker that blocks some ads and insert theirs. So it may be a good idea overall for the invidious project to protect itself from giving reasons to youtube to take invidious down. |
|
No problem! While a lot of people use Invidious to escape Google's intrusive advertisement, such a rule could ensure people don't take advantage of a possible loophole. |
|
Instances shown in the list must be safe. |
|
It would be a good idea to display instances using trackers or Clownflare separately. |
Agreed! I forgot Clownflare included trackers. Guess having people die under their business is not their only mistake. |
|
So, something like 2 or 3 lists would be a good idea:
|
Most antibot protection use cookies or JavaScript, so that way it's clear where those come from. |
Do agree with disclosing this, though it was brought up in #148 that there are many methods that don't affect end users. |
|
The first rule:
Seems absolutely pointless to me... I don't understand the reasoning behind this, and I only see this as a waste of hosting costs, which can be quite expensive at some geolocations. I've also whitelisted |
We keep adding new instances that go unmaintained after a months and never get updated. We basically want instances to updated and to be kept updated for at least a month before we add them to the list. |
We don't want user to be directed to an instance, they create an account, and loose everything because the instance is never maintained afterwards. This is not the best experience of invidious |
Might be better to implement some sort of trial period for instances in that case. It's a lot easier to run an instance for less than ten people than it is to have one open and visible to the public. Not sure on the implementation, but I think being able to run a very small instance for a month is not much an indicator of being able and willing to run it long-term. |
|
After thinking it over I think that any sort of analytics should be forbidden. As for making multiple lists, that just looks like it will confuse end users more. Why not just remove instances that use trackers? |
As everyone said already, this is confusing. it's just better to have a single list. Though, I think a similar idea could work. Basically, there should only be one official list, with all of the restrictions we've agreed upon here. However, there should also be a standardized way to record instances and their respective attributes down for an instance list, something like what #76 uses. For example: - url: https://example.com
country: US
status:
url: https://status.example.com
# The image and text attributes below are for anyone that wishes to render the list into something more user friendly.
image: assets.example.com/status/invidious-uptime
text: Status Page
privacy_policy: https://example.com/privacy_policy
ddos_mitm_protection: null
owner: example
modified: yes
source: https://github.com/example/invidious
changes: https://github.com/example/invidious#changes
ads: yes
sponsors: yesNaturally, this would allow the community to create lists of their own, with varying restrictions. Integration can then been built into Invidious, which would allow an (advanced) user to select which list they'd want to use, and the specific attributes they'd want / don't want on the instance they get automatically redirected to. Most users can and likely will just use the official list, though for those that wishes for less restrictions and more instances to choose from, the option is there. |
Mmmh, yeah. So one list, with strong filters by default, but where we could register other "lower-privacy" instances, right? |
|
Follow up to a discussion we had on Matrix: Rules 11 restrict the design too much, specifically the "in the footer" requirement. Some suggested replacement that were shared in the Matrix room:
|
|
Just saw the pr and have some questions:
does rate limiting in nginx count as such?
i have a simple nginx rule with a 302 to redirect |
That's to be discussed I guess (ping @SamantazFox ), the point of this rule is to "show" where the potential non-invidious cookies/JS come from (since most anti-bot use cookies and/or JS).
We should add a exception for /privacy (ping @SamantazFox ). This doesn't disqualify you. |
There are no cookies or JS to enable when simple rate-limiting rules are applied. |
This is why it has to be discussed: do we require it only when cookies/JS are added, or do we always requires it. |
Imho that souldn't count. Instance owners should be free to harden their servers agains abuse, as long as it doesn't require something client-side (JS/Cookies)
Let's say that this is a hack because we're not yet providing the tools for you to easily give a privacy policy URL (like we recently did with the source code). So no, it's perfectly fine to do so. Also, quite between the two points above: blocking some parts of the API using nginx rules or ensuring that a user has requested a wepbage before pinging the (That's something that sould be tracked in the instances list once rewritten, and we should also provide config options to disable the API if needed.) |
|
Piggybacking off of this to mention one instance (nerdvpn.de) which has recently started blocking access outside of certain whitelisted countries. I'm interested in knowing what you think about the practice? I think that at the very least, the list of instances should include some kind of mention, to let users know when an instance is only available within certain regions (and, if possible, a list of regions within which the instance is available.) Maybe there could be another list just for region-limited instances? For the time being there might only be this one, but there could end up being more in the future, and in that case it would be helpful to be able to tell them apart at a quick glance, against other instances who are available worldwide. Also, while geo-restricting access isn't necessarily a problem on its own, there may be a little bit of a problem with nerdvpn.de in this case, because they've had users signing up to the instance over time before suddenly revoking access, without providing some sort of way for the users to retrieve or delete their data (aside from using a VPN, which users shouldn't be expected to have to use.) Thoughts? |
|
I'm not fully understanding why nerdvpn.de is doing this. Maybe this is a move to limit the number of people signing up or protest the Russia/Ukraine situation? This is a screenshot from a Mauritius IP.
Before we make a decision I want to hear the server admins rationale behind this. (Also, isn't blocking Tor and VPNs a bit counterproductive for a privacy service?) |
|
For me an instance shouldn't block the access to a user, they can temporarily restrict the access with a rate limit method or a captcha (that work without JS ideally). But not completely disallow the access forever. If a maintainer of an instance struggle to handle the load, they can always ask for help. They shouldn't take a harsh decision without consulting the Invidious team. |
|
They're not blocking Tor or VPN, to be clear. The reason why you may end up being blocked when on a VPN, is if you are using a server located in a non-whitelisted region. It's definitely worded very poorly though. Anyway, the instance owner suddenly showed up with an explanation today, after over a week of nothing: |
|
Regarding this NerdVPN instance discussion, i noticed the discussion at places, like: #149 (comments at the very bottom, including what Ammako called him bringing it up with them), and especially just Sommerwiesel/invidious#6 after which i believe and understand what the instance operator is saying. Looks resolved to me |
I'd like to (re)open discussion regarding the new instances rules that were added in fd84d13. I know that those have already been discussed a bit in #74 & #76, but I'd like to collect the thoughs of the (currently in the list) instance owner themselves on that matter.
I'm myself, quite against any kind of tracking and advertisement (1) in the official list. In my opinion, the official instances list must be curated from any sort of anti-user system, as users will be sent on one of those when they use the automatic instance redirect option. And as a user myself, I wouldn't land on an instance filled with ads or trackers.
So @tio-trom, @unixfox, @artemislena , @hys0star, @TechnicalSuwako, @FireMasterK, @RiversideRocks, @namazso, @ItsSt0ne, @mintphin and @11Tuvork28, what are your thought on that?
Of course @iv-org/developers too!
(1): I don't consider writing "this instance is sponsored by [brand]" in the banner as an advertisement. Such things may be tolerated, imo.
The text was updated successfully, but these errors were encountered: