Permanently Opt-In to YouTube's HTML5 Beta Test

An option to permanently opt-in to YouTube's HTML5 beta test would greatly enhance the Torbutton user experience. Bonus points if the option would work even if cookies are disabled.

Trac:
Username: katmagic

changed milestone to %TorBrowserBundle 2.2.x-stable

added MikePerry201504R TorBrowserTeam201504R component::applications/tor browser milestone::TorBrowserBundle 2.2.x-stable owner::mikeperry points::3 priority::medium reporter::katmagic resolution::wontfix status::closed tbb-bounty tbb-torbutton tbb-usability-website type::enhancement labels

It appears that HTML5 can be enabled by setting a single cookie, "PREF", to "f1=10000000&f2=40000000".

Trac:
Username: katmagic
Cc: mikeperry to mikeperry, the.magical.kat@gmail.com

Trac:
Cc: mikeperry, the.magical.kat@gmail.com to mikeperry, the.magical.kat@gmail.com, erinn

f1 is not relevant to HTML5. It is the f2 piece that means HTML5.

This lack of full understanding here is what worries me. What if the user already has a PREF cookie? Can we always just slap that f2 value on the end? What if it already has an f2 piece? Should we replace it? Or is it a bitstring that we need to bitwise or? Is it hex, or octal, or wtf?

Trac:
Component: Torbutton to TorBrowserButton
Keywords: youtube, html5 deleted, N/A added

If someone could investigate how flashblock, greasymonkey scripts, and other addons are handling this, that could give us some more confidence on a solution. At least we can track them for changes if they notice edge-case breakage in that solution and we do not.

Trac:
Milestone: N/A to TorBrowserBundle 2.2.x-stable

Since we only care about supporting TBB with this, we can probably be blunt and just hardcode an f2 value that gets set every time the cookies are cleared.. We still should look at flashblock and the greasemonkey scripts for reference.

Trac:
Points: N/A to 3

Replying to mikeperry:

Since we only care about supporting TBB with this, we can probably be blunt and just hardcode an f2 value that gets set every time the cookies are cleared.. We still should look at flashblock and the greasemonkey scripts for reference.

Turns out Katmagic wrote one of the greasemonkey scripts. However, it apparently has issues sometimes. It hits an infinite loop, and it also has a mechanism for changing the PREF value instead of just setting it initially.

Katmagic - why did you do the reset piece? What happens if you do this in TBB:

1. Hit New Identity in Torbutton's dropdown
2. Use a cookie editor to set a cookie with PREF=f2=40000000;domain=.youtube.com
3. Go to youtube and try the following a. watching some videos b. logging in c. creating an account

Try this a few times. Do you still hit your infinite loop? Does logging in remove your ability to view HTML5 vids? Does creating an account?

Katmagic: You disappeared last night. What was the final word? This feature can only work from certain exits?

It looks like Youtube made it for us. Now both youtube.com videos and embedded videos outside supports automatic HTML5 playing which is great news. Look at: https://tails.boum.org/forum/Youtube_is_now_automatically_HTML5_enabled/

So are we going to reconfigure NoScript to prevent blocking Youtube videos by default?

Trac:
Cc: mikeperry, the.magical.kat@gmail.com, erinn to mikeperry, the.magical.kat@gmail.com, erinn, tails@boum.org

Wow, I think this officially qualifies as first good news I've heard all year.

As for auto-allowing these objects, there are two issues with the ideas on the tails forum page:

1. Unchecking the "Apply these restrictions to untrusted sites too" checkbox will allow font-face and WebGL to get auto-loaded in our default config, and will also cause flash to auto-load for people who have discovered how to dig through our layers of disabling in order to enable it. I will instead mail Giorgio and inform him that the "Audio/video" checkbox doesn't seem to be working right with Youtube. He is usually pretty prompt with stuff like this.

2. I am still not 100% sure I want to make audio and video codecs autoplay without the user clicking on them.. Have they had enough auditing and trial by fire to reduce the vulnerability rate to something acceptable? Firefox 9 had at least one video vuln..

However, if people think that NoScript click-to-play is too confusing, I could be persuaded to turn it on, pending Giorgio's fixes to allow just audio/video.

Hmm, maybe not allowing all audios/videos but what about fixing this in a way that only Youtube videos can auto-play. Can torbutton or another thing do this or only Noscript?

Also I think dailymotion too has changed the way html5 works. I now see the html5 player automatically but cant get any video to work. It says "Media not supported" in every video also on [http://www.dailymotion.com/html5]. Can we do anything about this too?

Any news from Giorgio regarding the "Audio/video" checkbox issue?

Created #5266 (closed) for the NoScript issue. Marking this one not a bug because the opt-in period is over for html5.

Trac:
Status: new to closed
Resolution: N/A to not a bug

It would appear the opt-in url is required again :/.

Trac:
Status: closed to reopened
Resolution: not a bug to N/A

This is probably something we want to consider attempting again if FF17-ESR doesn't magically solve all of our woes here. (Maybe the opt-in is back for us because FF10-ESR is kind of old and lacks some features they think they need/want).

Trac:
Keywords: N/A deleted, tbb-bounty tbb-usability added

Trac:
Keywords: tbb-bounty tbb-usability deleted, tbb-bounty tbb-usability-website added

Trac:
Parent: N/A to #7006 (closed)

Trac:
Parent: #7006 (closed) to N/A

Replying to cypherpunks:

Hmm, maybe not allowing all audios/videos but what about fixing this in a way that only Youtube videos can auto-play. Can torbutton or another thing do this or only Noscript?

Also I think dailymotion too has changed the way html5 works. I now see the html5 player automatically but cant get any video to work. It says "Media not supported" in every video also on [http://www.dailymotion.com/html5]. Can we do anything about this too?

Could be worth checking out the viewtube greasmonkey script (https://userscripts.org/scripts/show/87011). Would need to be vetted and modified to stop inserting http (no TLS) elements in TLS sites though. Also it doesn't seem to work half the time, but the idea is there.

Trac:
Username: tempacc

For the record, someone suggested on #10628 (moved) that we replace the Firefox user agent string with an IE10 or IE11 user agent string. This actually works in that many YouTube videos that wouldn't play before, suddenly play successfully when the UA is changed. Mike pointed out that this could end up breaking a bunch of other sites, however.

someone suggested on #10628 (moved) that we replace the Firefox user agent string with an IE10 or IE11 user agent string. Mike pointed out that this could end up breaking a bunch of other sites, however. Why you want UA was permanently changed? Changing it for YouTube more reasonable move. Some add-ons already exists with such functional to play HTML5 from YouTube. TBB could include it or do some simple and verified piece with changing UA for YouTube only. Or you could to ask Google "WTF?!"

Trac:
Keywords: tbb-bounty tbb-usability-website deleted, tbb-torbutton, tbb-usability-website, tbb-bounty added
Component: TorBrowserButton to Tor Browser

Trac:
Cc: mikeperry, the.magical.kat@gmail.com, erinn, tails@boum.org to mikeperry, the.magical.kat@gmail.com, erinn, intrigeri

YouTube always works for me with HTML5 these days. This ticket is done?

Trac:
Status: reopened to needs_review
Keywords: N/A deleted, TorBrowserTeam201504R added

Trac:
Keywords: N/A deleted, MikePerry201504R added

I still have had to throw &html5=1 on the occasional video in recent memory. However, I don't believe it is worth the complexity and potential non-video-related breakage to try to rewrite all youtube urls to add this suffix. Closing as wontfix.

Trac:
Resolution: N/A to wontfix
Status: needs_review to closed

closed

changed time estimate to 24h

mentioned in issue #4069 (closed)

mentioned in issue #4328 (closed)

mentioned in issue #7006 (closed)

mentioned in issue #10628 (moved)

mentioned in issue #14707 (moved)

mentioned in issue #14707 (moved)

moved to tpo/applications/tor-browser#3347 (closed)

mentioned in issue tpo/applications/tor-browser#14707 (closed)