I just have to open a topic that has an embedded YouTube video, and I instantly get youtube.com cookies saved on my browser. This is something that I don’t want. Is there a way to disable embedded content?
I can’t reproduce this behavior, there should be no interaction with YouTube until you play the video.
Use nuMatrix (uMatrix fork), it will block those cookies.
So yet again I got 3 YouTube cookies without ever playing a video. It might be caused by one linking a video in a new post or opening a topic that has one embeded. I think that only the most neccesarry cookies should be stored. GrapheneOS Forum is a good example:
No persistent cookies or similar client-side state for anything other than login sessions, which are set up securely using
SameSite=Strict
,Secure
,HttpOnly
, andPath=/
flags, prefixed with__Host
and have server-side session tracking with the ability to log out of other sessions.
Again, I’m not able to reproduce this issue. You need to share a step by step reproduction, but this is not standard behavior that is occurring on our end.
For reference to others reading this:
We do not have any embedded content in the first place, this is merely an image (hosted on our domain):
It’s only after you click the image that it is replaced with an iFrame, which is the same behavior as if you clicked a link to that content anyways. We therefore do not consider this to be a privacy concern.
I tried to reproduce this and wasn’t able to, even though these cookies still sometimes appear. The only explanation is that I probably accidentally click the image when browsing or engaging in a topic, and then I get those cookies, which is not difficult to do on mobile when using a touchscreen.
I’m sorry for the false alarm.
You can make embedded thirds party videos, including YT videos “click-2-load” meaning the embedding will not load, and you’ll see a link for the video instead. See Gorhill explanation and a filter list
Link to a video demonstration of this behavior:
External MediaI have had the same problem. I think its when an admin links external content
no youtube embeds are directly loaded
youtube embeds are directly loaded
Oh, makes sense then. Looks like I was right about this issue existing.
Bump.
You quoted another post about black mirror.
On Firefox using uBlock Origin and Strict Tracking Protection, no cookies are stored. This could be because the browser you are using doesn’t have proper content blocking.
BTW, this is what click2load looks like. YouTube doesn’t store cookies anyway (with proper protections), but this is nice to be sure.
No the forum automatically loads a preview. Its clickable links to the forum posts showing it.
It directly loads a Youtube iframe
Youtube does offer a non-cookie domain for embedded content youtube-nocookie.com
. So instead of
https://www.youtube.com/embed/0uQVzK8QWsw?feature=oembed&wmode=opaque
forum can use
https://www.youtube-nocookie.com/embed/0uQVzK8QWsw?feature=oembed&wmode=opaque
even when after clicking an image.
I do not think the latest assessment that this is occurring when team members post YouTube links is accurate, because @jordan has no special privileges (mod/admin) on the forum, and when I post YouTube links this issue does not occur.
However, out of an abundance of caution we will limit this anyways.
YouTube links will now appear like so: