Peertube: Privacy of the viewers

Do you have any idea how we could inform user about this?

For your second point it would be more difficult, because user would need to download 2 others videos which could be difficult for people behind a low bandwidth download speed.

Do you have any idea how we could inform user about this?

A banner "This website use peer to peer for the video, other may know you are watching that video" with a link to a section in the privacy page that explain it better could help.

For the other point, it could be an option "improve your confidentiality and help the server by sharing more videos"

Banner are not always the perfect way to inform users but can be an idea...
Not sure if there is anything to do to, at least, try to make the IP address less identifiable...

For the second point, I think it can be easy to track an IP address, then deduce from the videos that address has been watching the similarities between the videos and then actually knows which videos were indeed watched.

Good point @Massiliane. But I don't think it would be easily feasible to make the IP address less identifiable.

I added some messages (https://github.com/Chocobozzz/PeerTube/commit/22b59e8099947605085cf65a440f07f37fce6b65):

• For embedded videos we display a small message under the video title
• When we are on a peertube instance we display a confirm modal the user needs to accept (only once, then the validation is stored in the local storage)

I think that when https://github.com/Chocobozzz/PeerTube/issues/123 will be implemented, the P2P feature between viewers will be an opt-in option in the player.

@tdelmas

A banner "This website use peer to peer for the video, other may know you are watching that video" with a link to a section in the privacy page that explain it better could help.

For the other point, it could be an option "improve your confidentiality and help the server by sharing more videos"

Also, you could recommend using a VPN that allows for using torrenting, right?

@WildYorkies Sure, a VPN or Tor or any other tool that hides your public IP.

@WildYorkies Yes, a VPN that you trust or Tor may help, but it's depending of your threat model.

With a VPN or Tor, if in the same time that you watch that video, you publicly post your identity (e.g. in a forum without https asking your email for post a comment), then a bad actor can link your identity to the video you watch.

I think that the warning and opt-in option mostly solve the problem. Thank you @Chocobozzz

I was thinking about this privacy banner and I'm not sure the behavior is matching what privacy-concerned user might expect. As far as I understood, the video has autoplay, which means that as soon as one browse a video page, their browser will start downloading the video (and eventually leaking IP address etc). So, it seems that when the user ends reading the banner, it's already "too late".

A possible workaround I can see would be to have the following workflow:

• At first visit, disable autoplay / autoseed, and display the banner. When the user clicks on the banner, the video would start playing / seeding normally. Then, leave a cookie to remember this.
• When the user comes again and has already clicked once on the banner, the banner might still be shown (for informative purposes), but autoplay / autoseed would be done as is currently done.

Not sure if this would deserve its own issue or not.

At first visit, disable autoplay / autoseed, and display the banner. When the user clicks on the banner, the video would start playing / seeding normally. Then, leave a cookie to remember this.

Unfortunately, this will happen on all instances the user visits, every time it visits a new one, so it's not very practical.
I don't know if on embeds you start to connect to other peers after or before clicking play.

I don't know if on embeds you start to connect to other peers after or before clicking play.

You connect to the tracker and maybe to other peers only when your press play.

You connect to the tracker and maybe to other peers only when your press play.

Ok, so the current behavior is just perfect for embeds. :)

Unfortunately, this will happen on all instances the user visits, every time it visits a new one, so it's not very practical.

I thought, comparing to Mastodon for instance, that users would browse the network of available videos from their instance (just as you browse all the toots from your Mastodon instance). Then, this means only one alert will be displayed.

Not sure disabling autoplay would be so painful and not practical if it only happens for the first time on a new instance (I'm kind of biased on this, as I tend to simply disable autoplay everywhere, from within my browser as I dislike videos and audios playing automatically when I browse).

Related discussion happens on #685 now.

Good point @Massiliane. But I don't think it would be easily feasible to make the IP address less identifiable.

I added some messages (22b59e8):

* For embedded videos we display a small message under the video title

Is it really necessary to have the warning message "Watching this video may reveal your IP address to others" for embedded videos? I think all it serves to do is potentially put non techy people off from watching peertube videos. With the scenario of someone tracking your IP being very difficult in practice why make an issue out of it? Having the issue explained in /about/peertube is already enough.

Is it really necessary to have the warning message "Watching this video may reveal your IP address to others" for embedded videos? I think all it serves to do is potentially put non techy people off from watching peertube videos. With the scenario of someone tracking your IP being very difficult in practice why make an issue out of it? Having the issue explained in /about/peertube is already enough.

https://github.com/Chocobozzz/PeerTube/issues/2932