IP Leaked to googlevideo

[FireMasterK]

In some rare cases, google sends a 302 found instead of a 206 which can leak a user's IP address as the browser follows the redirect.

I have found a solution, for it but I'm not sure if it would work with #116.

[FireMasterK]

This was also reported by a user in the matrix group.

[pluja]

which would be the solution you are proposing?

[FireMasterK]

        location /videoplayback {
                include snippets/yotter-videoproxy.conf;
                proxy_pass https://$arg_host;
                proxy_intercept_errors on;
                error_page 301 302 307 = @handle_redirects;
        }

        location @handle_redirects {
                set $orig_loc $upstream_http_location;
                proxy_pass $orig_loc;
                include snippets/yotter-videoproxy.conf;
        }

The snippets file would just contain everything except the proxy_pass line, I've made a few optimizations to speed it up more:

proxy_buffering on;
resolver 127.0.0.1 ipv6=off valid=30s;
proxy_set_header Host $arg_host;
proxy_ssl_server_name on;
proxy_set_header X-Forwarded-For "";
proxy_set_header CF-Connecting-IP "";
add_header Access-Control-Allow-Origin *;
sendfile on;
tcp_nopush on;
aio threads=default;
aio_write on;
directio 512;
proxy_hide_header Cache-Control;
proxy_hide_header etag;
add_header Cache-Control private;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_max_temp_file_size 0;
keepalive_requests 1024;

I'm also working on writing a Go application to proxy requests using QUIC instead of Nginx which uses http/1.1, which should improve performance considerably as our current solution with Nginx has an extremely high TTFB, which I want to avoid.

[pluja]

Thank you! I will try to test today if I have some time.

About the go app, this would be pretty awesome!

[FireMasterK]

https://github.com/FireMasterK/http3-ytproxy

It's done, I'll publish a docker image we can include in Yotter soon.

[pluja]

Nice!

[FireMasterK]

Here are the performance improvements when using this with Invidious.
(A massive improvement compared to the 20-30 second TTFB before)

[FireMasterK]

Unfortunately, the QUIC library I used is extremely unstable, I will be switching to HTTP/2 and will switch back in the future to QUIC when the situation improves.

[FireMasterK]

This is now running on yotter.kavin.rocks, I'll require some feedback before I think about including this in Yotter.

[pluja]

Nice. I'll be testing then.

[vladimiry]

This was also reported by a user in the matrix group.

Can confirm this. The Invidious by the way leaks the IP the same way (at least the public instance I tried recently).

[FireMasterK]

@vladimiry can you help us confirm that it's fixed on yotter.kavin.rocks?

[vladimiry]

It looks fine on yotter.kavin.rocks during video playback (see umatrix screenshot taken in tor browser):

[FireMasterK]

Awesome! I'll add some instructions on how to set up the new go proxy.

[pluja]

So this new go proxy is using QUIC now?

[FireMasterK]

Nope, http/2 as QUIC seems to be causing issues, the maintainers of quic-go believe it's an issue on google end.

[FireMasterK]

I'm closing this as this was fixed in #132, I've added instructions for docker but not for those who run without it, I'll see if I can add instructions for those people too.

[vladimiry]

The issue got back some time ago, maybe a week or two. When the page with video gets loaded first time the request to yotter domain occurs but response of that request is 302 redirect to googlevideo domain. uMatrix blocks that requests to googlevideo and so the video doesn't start. You can clearly see the issue in browser's dev console.

[FireMasterK]

@pluja does your instance run the proxy I made? This shouldn't happen with it as it follows redirects.

[pluja]

Not yet. I need to put hands on it but I still didn't had time. Will be taking a look on it this next week!

[vladimiry]

By the way, it worked well/stable when I posted #122 (comment) but something like a month or two ago the playback started to get stuck on rewind or on its own after some time of playing well. So there is no stability anymore.

[pluja]

We'll look at this... 🤔

[FireMasterK]

I can't seem to replicate this on my instance 🤔

[vladimiry]

Thanks for looking into this. I just did more tests and noticed that it works more stable if I run firefox browser on a clean profile, so apparently, it has something to do with my browser setup (options, extensions, etc). I tried to disable some extensions, like CookieAutodelete (it had exclusions for the site though) and it got working better. Even if I enabled the extensions back it still works well. So the weird stuff happens on my side.