So, as far as I understand, PeerTube lets you self-host your own channel and even gives you an opportunity to create a custom domain? Does it mean that from a user’s perspective you should trust a maintainer in a lot of ways? How many security risks does it create? Is it possible for a malicious actor to create a virus-spreading PeerTube channel? Is it possible for a malicious actor to create a channel and upload a video that is malicious? Should I feel safe visiting PeerTube channels?
How does it compare to more traditional platforms? An LLM told me that usually when people upload videos to different websites their videos get decoded and therefore any possible viruses can’t spread, so videos kinda become “sanitized” when they are uploaded. However, I don’t really know if it really works this way and whether or not it’s a general practice. I also don’t know if it works if a person tries to download a video directly to their PC via a third-party service or a website’s built-in functions.
So, is PeerTube even a good alternative privacy-wise and security-wise? I don’t know if I should even start using it because of the concerns related to PeerTube channels being self-hosted.
PeerTube is not less safe to visit than any other website on the Internet.
Privacy Guides has a PeerTube channel: https://neat.tube/
Is it a custom domain? Yes.
Is it owned by a big-tech corporation like Facebook or Google? No.
Does it track you or load some 3rd party script? No.
It just let’s you watch videos without any fluff or algorithms in the mix.
Now, to answer some of the questions.
If you know what you’re doing, self-hosting and having your own domain is a cool thing, nothing dangerous with that.
I do have my own domain for example, same for quite a few people known and doing things on the Internet. It’s mostly a way to get rid of being locked down to a platform owned by somebody else (like having a Twitter profile).
You do visit a website, so I guess some trust is required yes.
But does it mean that it’s dangerous to visit websites that are not www.facebook.com or www.google.com and that you will catch some nasty stuff on there? Absolutely not.
At the same time, you probably do visit some of those daily. Like some forums, news, work or anything else during your Internet daily browsing. Haha, we’re currently on privacyguides.net.
Is it scary to trust somebody else than Mark Zuckerberg? Shouldn’t be.
You’d also be surprised how “big companies” don’t always care that much about your privacy/security and let nasty stuff slide into their websites/apps/hardware[1].
Big companies might also be more interesting targets because of money/communities behind them rather than a small independent platform that is non profit.
But back to the main topic, when you do visit a website you might consider being cautious of the following:
not downloading any random file and double-clicking on it, especially if it’s an executable like a .exe (or .dmg for MacOS), or even a .pdf/.xls because those are known for having scripts that could auto-run on your machine
any kind of script running on the client-side with JavaScript (example: to mine some crypto on your machine)
but this is where some browsers (or other tools) can come and block those on your computer
you could also entirely disable JavaScript on your entire browser, but unfortunately you won’t be able to use a lot of websites anymore because of how the modern Web industry is doing as of lately…
since you’re connecting to a website, they will also know where you come from thanks to your IP address. Does it mean you’re doomed? No, you can use a VPN to shield your real location a bit more. You can also pair that with more privacy-focused browsers.
Any of those points are valid whatever the website you visit.
But any kind of software can do nasty things, it being on your phone, fridge or public transport checker.
Just try to be mindful of your tech and you should be good 99% of the time.
Like, if you walk into a dark shady alley with a tag on a wall and there written www.get-some-quick-money-fast-trust-me-bro.com, maybe yes don’t visit that one.
Or plug random USB keys found in the street into your computer.
That’s basic digital hygiene.
Now, if we speak together for some time and you do share me your personal website, assuming www.what-or-what.com, it won’t be coming out of nowhere. I’ll be knowing you and it will be safer.
You probably never truly visited a website out of thin air but rather after reading/talking with a reputable source, like a friend’s reference you do trust.
Yes.
Just like on any website.
Will it hack or lit your computer on fire? No.
We do have safety nets as of today and browsers are not as vulnerable as they used to be back in the days.
As said above, don’t visit shady websites, execute random files on your system with full admin permissions or plug unknown found devices.
In theory, video files could lead to some vulnerabilities.
In reality, it will never happen because nobody got the time or money for such a thing.
Doing a phishing website is 50 times faster and beneficial to hackers than malicious videos on Peertube.
In short, don’t worry about advanced badass CIA over-engineered supply-chain attacks of hacking a high target criminal. Just don’t type your personal info/banking details into a website and you’re good.
What is PeerTube?
Just a place where inoffensive nerds try to get away from YouTube’s monopoly and share their hobbies in a more privacy-respectful way.
Just like a blog or MySpace website could be.
Nothing dangerous.
It’s mostly the beauty of the Internet back in the day, where anybody could share anything in their own space.
Without being victim of capitalism and walled platforms.
Also, it’s mostly cats videos or privacy tips haha.
YouTube is not “safer” than PeerTube per-say, they’re the same.
That’s the issue with LLMs. If you ask it in a specific way: “can my analog watch hack me somehow?”
It might answer yes because there is probably an arcanic way of achieving such a thing, found during the cold war or something. It will pretty much try to corroborate your vision of the world and make you happy rather than being realistic and replying
“yo bro, don’t worry it’s fine. Just enjoy your cat video ”
If you use some trustworthy tool for this, no reason to have any problems either.
The maintainers/developers of the tool might be serious about their work and do the needed work to make it safe for you to download.
It doesn’t load a ton of useless code that adds no value to your life, is not owned by a company that is meant to sell you ads or keep you on the platform thanks to some algorithm.
It is just: text + video from someone passionate enough to self-host their own thing.
especially companies selling you some IoT devices like connected IP cameras ↩︎
You are probably already exposed to a lot of potential dangerous things on a day to day basis already given the phone in your pocket that is running countless (closed-source) apps in the background.
If you’re not a US president or tech billionaire, you probably have nothing to worry about. No government or hacker group will come and mess up with your life.
Also, we have basic security on the devices we use daily. ↩︎
If we go into the details, they might have security teams to ensure that the platform behaves properly but at the same time, they are also running a BIZZILION of things in a house of cards kind of setup, it’s miles away from something more simple and bare bone like Peertube ↩︎
I think the question here is strictly from a security standpoint and not about privacy. Sites like google, facebook, youtube, etc… have a vested interest in being super secure (but not private) because having their users hacked is very bad for business and will hurt their reputation. User-hosted instances of PeerTube have no such concerns and could be more likely to try to run some phishing attempts. Ex. The end-user clicks on “download video”, but it downloads video.exe that could be a virus. I think that PeerTube instances are more likely to try stuff like that than the big boys. As long as the end-user exercises caution as they do on all other sites, they should be fine imo.
On that point, you are right. Peertube instances vary so even if the vast majority are safe, we can’t really audit whether there is, for example, an unsafe instance.
@WhatOrWhat This may be a question to ask Framasoft directly, which is the nonprofit maintaining Peertube.
It might be more fishy but at the same time, why would you visit such a place in the first place (if you don’t know the creator)?
Also, it might not be interesting of a target for hackers as a whole. Who cares about a small PeerTube instance with 200 views?
Meanwhile, getting to hack LTT’s session with cookies brings big gains!
Harder but far better of a win if you suceed.
But it is indeed phishing at the end of the day anyway yes.
And yes, you can always visit any blog/website and press on “download malware” on it, then run it on your machine. Again, just like any website on the Internet.
They do have an FAQ and this page also.
Otherwise yes, you can always ask the dev team but I’m not sure they’ll give an easy explanation as of why PeerTube is safe.
Or if they do, no need to start freaking out because…most of the software is buggy/unsafe to begin with.
Just looking at this and you’ll realize that vulnerabilities are plenty, but that doesn’t mean it’s unsafe to run or that you will feel the consequences directly.
Just like driving a car is a danger in itself, doesn’t mean you’ll get a crash if you leave your house.
”
