Avoid YouTube and Google Tracking Your Site Users with Embedded Videos
We all like adding image and video content to spice up our web pages, it adds interest and breaks up the reading. However, if you run a website like mine, where I'm keen on users' online privacy, embedding YouTube videos brings a moral dilemma.
This website is hosted from my home, via my home broadband connection, served using a Raspberry Pi. I did this not only to keep costs down, but also to be independent of snooping third parties.
I initially built the first pages of this site in 2015 before I was really aware of the Free Software Movement, GNU and heroes like Richard Stallman and Edward Snowden. Since educating myself in this area, I have looked at who my site was actually sharing data with, and found I had a few leaks in the form of embedded YouTube videos.
Offending Code
This line of iframe code allows you to directly play a YouTube video within a web page, and set some basic formatting:
<iframe width="640" height="384" src="https://www.youtube.com/embed/vkT1BCtm4SQ" frameborder="0" allowfullscreen></iframe>
Which does look nice on the pages, however, anyone simply visiting the web page gets silently tracked by YouTube and Google, even if they don't play the video.
Privacy Fix
I took screenshots of the YouTube still images, erased the offending code, added the images to my pages linked back to the YouTube video, example page here: Lightning Cockpit Info.
Experiments with Lightbeam for Firefox
Lightbeam is an extension for Firefox which allows users to see which of their visited sites are communicating with other 3rd party web services. (It's scary, and really makes you change your web browsing habits. Some of the worst offenders being the newspaper websites.)
It stands to reason that in order to play a video from YouTube, there needs to be communication between your web site and YouTube, but embedding videos was making my sites visitors trackable, which is bad if they care about staying anonymous.
Just visiting my web page with embedded video
by just visiting the page, the first 4 of these services were accessed, but by rolling the mouse pointer over the youtube video, the last two services appeared too:
Connected sites:
- i.ytimg.com
- www.youtube.com
- yt3.ggpht.com
- www.google.com
- lh5.googleusercontent.com
- fonts.gstatic.com
Playing the video on the page
Connected sites:
- i.ytimg.com
- www.youtube.com
- r1---sn-a5msen7s.c.youtube.com
- www.google.com
- r4---sn-q4flrnes.googlevideo.com
- r6---sn-vgqsrnee.googlevideo.com
- lh5.googleusercontent.com
- r1---sn-n4v7knll.c.youtube.com
- yt3.ggpht.com
- fonts.gstatic.com
- i9.ytimg.com
Clicking through to watch on YouTube
Connected sites:
- i.ytimg.com
- www.youtube.com
- r1---sn-a5msen7s.c.youtube.com
- www.google.com
- r4---sn-q4flrnes.googlevideo.com
- r6---sn-vgqsrnee.googlevideo.com
- lh5.googleusercontent.com
- r1---sn-n4v7knll.c.youtube.com
- yt3.ggpht.com
- fonts.gstatic.com
- i9.ytimg.com
- s.ytimg.com
Using image files as links instead
Reset the Lightbeam data and bring up a page with images linked to youtube videos instead, site visitors are completely not anonymous and not tracked:
Connected sites:
- NONE!
Clicking image to watch a video
By clicking on an image thumbnail linked to YouTube, Google and YouTube have no data on where the visit to Youtube came from. There are no links between my site and the corporate giants:
Connected sites:
- NONE!
