alt.hn

6/22/2025 at 6:07:48 AM

LibRedirect – Redirects popular sites to alternative privacy-friendly frontends

 https://libredirect.github.io

by riffraff

6/22/2025 at 9:29:59 AM

Overall it works but the problem lies in instances that tend to die-off pretty fast. There were homebrew "hubs" solely providing redirects out of pure kindness to many big sites and services but now it seems it's hard to find one that works without being blocked/rate limited. Big sites and services fight back, which isn't really surprising.

Privacy Redirect was prob the first extension that introduced this idea. It did the job as well but up until bad-actors figured out they can redirect people to their dangerous sites.

by pndy

6/22/2025 at 2:06:42 PM

Seems related, so I’ll share here. I wrote an “awesome” list of privacy-focused front-ends[1] for a variety of services. Haven’t been updated in a while, but I figured it’s still valid.

[1]: https://sr.ht/~jamesponddotco/awesome-privacy-front-ends/

by jamesponddotco

6/22/2025 at 2:58:16 PM

Instagram doesn't actually work, right? All frontends are down, and it doesn't seem to work locally either.

by krick

6/22/2025 at 10:47:19 PM

That is correct, there's no alternative front-end that still works. Self-hostable open source ones, that is—you can still find random ones on search engines that aren't open source.

by jamesponddotco

6/23/2025 at 3:01:14 AM

gallery-dl still works, but doesn't have a web frontend.

by pabs3

6/22/2025 at 3:31:08 PM

One word - Imginn

by plastic_bag

6/24/2025 at 11:59:18 AM

when I see my partner doomscrolling, I think that is for the better.

by prmoustache

6/23/2025 at 4:06:29 AM

imginn works for now

by ruined

6/22/2025 at 2:01:23 PM

I just found out about an Android app where you can set up custom redirects for any links, OS-wide: https://github.com/TrianguloY/URLCheck

It's a little finnicky to set up, but I'm enjoying it so far. It goes beyond alternative frontend redirects. You can strip URL params, check domains against a blacklist, and choose native apps to open links that match a pattern.

by wonger_

6/23/2025 at 1:30:34 PM

Nice, I was looking around for something like this and found this Android app instead: https://codeberg.org/hermeticvm/linkahest

I started using this last week and it's simple and useful. My main challenge was that I use YT/Reddit/X apps but I hate how the recipients I shared links to posts or videos with often couldn't access it without having to disable ad blockers or having to login first.

by jasonvorhe

6/22/2025 at 5:59:12 PM

I was very happy when I found about that app, It's very useful. It goes beyond just redirects, it's able to remove tracking elements from links, unshorten links, remember which app to use to open specific domains and more. You almost need an app like this on Android because of its shitty share menu.

by TheLongLife

6/22/2025 at 9:08:37 AM

A web extension is an unnecessary security risk. A userscript will do it just fine.

edit: one of my previous attempt: https://news.ycombinator.com/item?id=35229211

I actually have made it extensible, with closely coupled source of rules and domains; but then I lost it Edge forgot all my userscripts :(

by bmacho

6/22/2025 at 9:14:54 AM

User scripts have super wide permissions. For example a user script scoped to YouTube.com can make payments from any cards you have saved in Google pay.

And most user scripts are so long a typical user won't be able to spot a couple of malicious lines amongst 10k lines of minified webpacked libraries.

by londons_explore

6/22/2025 at 9:26:45 AM

You also have to weight the benefits versus the "risk".

For example, if you use FreeTube with SponsorBlock to improve your privacy and block ads, in fact you are sending to Cloudflare 100% of your YouTube watch history, and to SponsorBlock ("sponsor.ajay.io").

With Piped instances it's even worse, essentially escaping Google's tracking just to give our data to random strangers.

If you are worried, just run a second Chrome session with NordVPN and uBlock Origin in a loose jurisdiction and browse YouTube unlogged.

It's easy, simple, and you have the benefits of an audited platform and that reasonably legally confirm they don't store logs unless the court forced them: "we never log their activity unless ordered by a court never log their activity unless ordered by a court", but for that, the court has to find you as a user, which can be very complicated in practice.

So much better than random strangers.

by rvnx

6/22/2025 at 11:57:34 AM

>If you are worried, just run a second Chrome session with NordVPN and uBlock Origin in a loose jurisdiction and browse YouTube unlogged.

If you actually did this you would know that it works for all of a week or two before YouTube stops letting you watch videos until you login.

by hashiyakshmi

6/22/2025 at 1:34:05 PM

I found that hopping to different VPN servers is a mildly inconvenient workaround for that.

by Devorlon

6/22/2025 at 12:06:09 PM

SponsorBlock doesn't send video IDs to the server.

https://github.com/ajayyy/SponsorBlockServer/issues/25

by heavensteeth

6/22/2025 at 3:07:12 PM

(*anymore, as of late 2020 from a quick look. The parent comment may not have been wrong about that, just outdated info)

by lucb1e

6/22/2025 at 12:12:05 PM

Terrible advice. Not only youtube will precisely fingerprint you, nordvpn/tesonet/oxylab will also get data on you.

by lvass

6/22/2025 at 12:19:32 PM

Way better than the recommended "privacy" instances.

NordVPN only sees that you connect to YouTube, they do not see the pages or videos that you are looking at, and from the perspective of YouTube, they only see requests from a very popular VPN where are millions of users.

If you use the "privacy" instances, these "privacy" websites and Cloudflare knows precisely which videos you are watching.

by rvnx

6/22/2025 at 12:45:41 PM

Recommended by whom? I'm just saying your advice is terrible in general and takes no regard to how easy and powerful fingerprinting is nowadays, in google's perspective the only difference to using that VPN if you're "just" running chrome is that it also knows when you use a VPN, in other words, just giving one more data point. Also the average user is likely to install some nordvpn app if following your advice, which is a security nightmare, remember that company sells residential proxies.

Also IIRC for youtube, alternative frontends don't tend to rely on someone else's endpoints.

by lvass

6/22/2025 at 9:43:33 AM

> If you are worried, just run a second Chrome session with NordVPN

I feel like I’m on YouTube already.

It’s not like they are free of criticism either.

https://en.wikipedia.org/wiki/NordVPN#Criticism

by latexr

6/22/2025 at 3:03:57 PM

> worse, essentially escaping Google's tracking just to give our data to random strangers

I'd much rather send random tidbits of information, that are nearly useless in isolation, to strangers than to the central tracking corporation

In the end, there is no way to reveal what information you're interested in when retrieving data, short of retrieving a ton of data and doing the filtering client-side, which is also an option with these third parties if you so desire

by lucb1e

6/22/2025 at 10:42:46 AM

I'm happy to give my watch history to some unknown in exchange for never ever seeing an ad.

by HK-NC

6/22/2025 at 9:21:17 AM

> And most user scripts are so long a typical user won't be able to spot a couple of malicious lines amongst 10k lines of minified webpacked libraries.

Exactly!

That's why you should use 3 lines for it instead, that are

   - inspectable
   - not updateable by the Chinese/Russians
   - written by you anyway

by bmacho

6/22/2025 at 12:36:49 PM

[flagged]

by danielspace23

6/22/2025 at 1:33:58 PM

Critique and distrust of an (authoritarian) government is not racism.

by Muromec

6/22/2025 at 4:15:23 PM

Fear of people who look different or live on the other side of a line is having a moment.

by add-sub-mul-div

6/22/2025 at 10:16:48 AM

The extension links to 50+ services, your script - to 1. Do you now suggest that every single user should figure out how to do it properly and replicate the extension in a script for no better alternative (you could instead spend part of that time reading the extension code and using your private copy)

by eviks

6/22/2025 at 10:40:45 AM

I don't think that not having all the services is a problem. On the contrary, I think it is an advantage for userscripts, that those only have the redirects a user explicitly adds.

Tho I probably should've demonstrated first that it is possible, before advocating for it. The script I linked indeed only works for one website. Multiple websites with multiple rules, each with a list of instances (that often go offline for a time, so it is worth keeping them around, and make switching easy) indeed complicates it a bit.

by bmacho

6/22/2025 at 10:56:56 AM

So what exactly is the advantage of having to code all the rules yourself for every service you want to use??

> complicates it a bit

a bit of an understatement

by eviks

6/22/2025 at 11:10:24 AM

> So what exactly is the advantage of having to code all the rules yourself for every service you want to use??

"having to code all the rules" is not that hard, in most cases you can just pass the whole URL, and the instance accepts it.

Advantages: you don't get unwanted redirects from services, and you don't get unwanted redirects to instances. (Even tho the information about the instances will likely be concentrated at libredirect github issues. Chances are that some random person on the internet who has paranoid activities as a hobby will look into the instances, so you don't have to.)

- - -

I don't use many redirects. Nowadays I use exactly 0. But if I needed a redirect for example to xcancel, I would use my user-script as I had done it in the past before I lost it. I definitely wouldn't install a browser extension for it.

by bmacho

6/22/2025 at 11:19:11 AM

> in most cases a slice(,) will do it since the relevant id is at a fixed position in the URL.

In all cases that also involves actually finding the URLs, then there are non-most cases where a slice wouldn't do it.

> Nowadays I use exactly 0

Exactly. If you ignore actual uses everything becomes trivial

by eviks

6/22/2025 at 5:59:48 PM

Totally unrealistic. Instead either lock down extension permissions, use different browser profile or better yet use QubesOS for spinning up disposable browser VMs

by udev4096

6/22/2025 at 6:39:14 PM

can a userscript run before the page loads...? afaik it's not possible, so the browser gets to make double requests.

by hexagonwin

6/22/2025 at 10:59:58 AM

just disable auto update and have the same bad usability as user script.

by 1oooqooq

6/22/2025 at 4:54:55 PM

the privacy stuff is fine(if not a bit suspect since we're still relying on the goodwill of the instance hosts to not be sketchy) but for me the biggest benefit for these third party front-ends is that my crappy laptop isn't constantly being pushed to the limits of it's capabilities just so I can read some gosh-darn text.

And reddit is not even close to the worst offender in that regard. Seriously, when did displaying words on a screen become so resource intensive???

by b00ty4breakfast

6/22/2025 at 10:25:30 PM

The no-JS / reduced-JS aspect of some of these frontends is particularly interesting, since it implies that the JS wasn't ever necessary --- except perhaps its only purpose was to be privacy-invasive and user-hostile.

by userbinator

6/23/2025 at 1:26:33 AM

I reckon a very large chunk of the JS on many mainstream websites is explicitly for data collection and advertising.

by b00ty4breakfast

6/22/2025 at 6:37:51 PM

have you tried old reddit?

by hexagonwin

6/22/2025 at 6:52:18 PM

[flagged]

by IlikeKitties

6/22/2025 at 1:48:13 PM

Nobody is setting up "privacy-friendly" frontends to track browsing data that they couldn't otherwise get without access to Google's/Twitter's/etc. logs? Because I think they are.

by romaaeterna

6/22/2025 at 3:49:06 PM

Nothing. An acquaintance of mine develops a third-party frontend explicitly marketed as a privacy-friendly alternative and actively looks at lots of user data (which includes the full name) without disclosing. I honestly believe that it's only done for improving the service (and it helps tremendously) but I can't get through with arguing that this should be transparent.

You could notice by closely reading the source code.

by germanier

6/22/2025 at 2:55:11 PM

How could you ever prove that nobody is doing that? You can believe anything that way

One can't prove god doesn't exist either, but as someone who made some privacy-friendly front-ends, I tend to expect honest intentions. If you find one that suddenly asks for your login data or sets tracking cookie, sure, be wary, just as with any other site that asks for data they don't need (see: literally every cookie wall, because if they had good intentions, it would fall under one of the five other reasons to use personal data and they wouldn't need to fall back to asking for consent)

by lucb1e

6/22/2025 at 10:29:34 PM

They are all effectively proxies so you do have to trust them to some extent, but unless these frontends are run by a large company, I think they couldn't care less - and likely don't even have the resources to accumulate and analyse all the data that passes through them.

by userbinator

6/22/2025 at 6:06:01 PM

Don't use it. Stop shitting on everything you disagree on. Besides, privacy is not black and white. No one is implying such a ridiculous claim. Just because you grew up in a disgusting for-profit driven web, doesn't mean that everyone is trying to get you. Believe it or not, there are people who actually value privacy and actively voluntarily support decentralized and non-invasive parts of the web without hoping for any incentive. Besides, majority of private frontends are extremely fast and loads in an instant, which saves a lot of time

by udev4096

6/22/2025 at 2:40:03 PM

Yeah, the possibility of any of them being a honeypot I'd say is real.

by Funes-

6/22/2025 at 5:32:50 PM

This is just going to normalize adware / phishing. These front ends can show ads or ask for users personal information.

Redirecting people from trusted sources to these other sites is very risky and opens up opportunities for malicous people to exploit this. That's not even considering this extension is compromised or purchased and these dangerous permissions that it has are used against you.

by charcircuit

6/23/2025 at 12:44:40 AM

Yeah, but these front-ends mostly aren't built for authenticated usage. The tracking done by the actual source sites is quantifiable and immense. Proxying is a good option for removing a lot of the tracking capabilities, especially via an instance you control.

by poly2it

6/23/2025 at 1:11:44 AM

>an instance you control

But most people are not going to do that. They are going to be redirected to a site with no guarantee of what is there. The domain could expire and someone else could register it, a hacker could replace one of the front ends with a phishing page, etc.

by charcircuit

6/23/2025 at 1:34:42 AM

I reckon one of these front ends serving ads will have trouble maintaining a user base large enough to justify the effort of serving ads

by b00ty4breakfast

6/22/2025 at 10:31:33 AM

Do any of these YouTube extensions retrieve videos in a way which is unassociated with my IP? I’d really rather not get my google account banned, or my searches rate limited. These aren’t happening now, but I believe they will in the future to the point where I actively avoid using any tooling from my home connection, and vps’ seem to be blocked by YouTube already.

by hsbauauvhabzb

6/22/2025 at 11:33:04 AM

VPNs are not blocked by YouTube.

Neither is viewing YouTube using Tor Browser.

by v5v3

6/22/2025 at 11:42:04 PM

Thank you.

by hsbauauvhabzb

6/22/2025 at 10:50:25 AM

If you have a dynamic IP at home, run it in your homelab and access it through Tailscale everywhere. I highly doubt YouTube will block the whole IP block for home users.

by pimeys

6/22/2025 at 11:30:01 AM

That doesn’t solve the issue of my google search traffic and fingerprint from coming from the same source as yt-dlp.

by hsbauauvhabzb

6/23/2025 at 5:15:29 AM

At a glance, it does not seem like they fixed the main issue with what they forked: Not being able to set up arbitrary targets.

I run my own instances for a few of the services they redirect to, and need to be able to point to these.

by snvzz

6/23/2025 at 1:33:58 AM

The YouTube alternatives always lag and are bad, unfortunately. I don`t know why.

The best way to watch YouTube videos is actually to download them with yt-dlp then watch with mpv later.

by fiatjaf

6/22/2025 at 10:54:36 AM

I want the opposite, an extension that will redirect all crappy frontends to the canonical sources (which work better and I am logged-into, I can comment, etc).

by 4ad

6/22/2025 at 11:01:13 AM

Don’t almost all of them show a link to the source anyway?

by fmbb

6/22/2025 at 3:12:29 PM

So... press the 'clone' button on the repository and swap the mapping from twitter.com -> nitter.net to nitter.net -> twitter.com?

by lucb1e

6/22/2025 at 5:34:16 PM

It would be nice to have a containerized host of all these services to have them easily on hand as needed. One more task for Claude to handle...

by pstuart

6/22/2025 at 2:27:09 PM

Any good YouTube options (including self host)? I’ve tried a few and they always seem to be down more than up.

by scosman

6/22/2025 at 3:30:09 PM

https://grayjay.app/ perhaps? It's a locally running application. Don't know how privacy friendly it exactly is, but they claim they collect very little information.

by tgv

6/22/2025 at 2:31:27 PM

Did you have a look at peertube ? https://joinpeertube.org/en_US

by az09mugen

6/22/2025 at 2:36:51 PM

I did, seemed to fall in the same category of sometimes working, sometimes not. I'v been trying various alternatives on/off for the past 5 years or so but unfortunately nothing really ever sticks.

by stinos

6/22/2025 at 2:39:51 PM

Thanks for your feedback

by az09mugen

6/22/2025 at 9:14:08 AM

Farside extension, 847 stars: https://github.com/benbusby/farside

Using venrable farside.link

https://sr.ht/~benbusby/farside/

https://farside.link/

Why use your offering?

by bdhcuidbebe

6/22/2025 at 10:46:09 AM

This comment could've been phrased better, but Farside does have an important feature that LibRedirect lacks, which is automatic instance selection based on reachability. Instances routinely fail and new ones are added, so automating that aspect instead of requiring manual instance selection by the user is a powerful feature.

Anyway, thanks for mentioning it!

by imiric

6/22/2025 at 10:52:17 AM

Using Farside means the initial redirect goes through Farside, so they are capable of knowing what videos you're watching, what tweets you're looking at, etc. You have to trust them not to monitor this. Using a client-side extension means only the instance you use knows this.

by MallocVoidstar

6/22/2025 at 11:04:10 AM

It's a Go project that seems trivial to self-host. By your logic we shouldn't trust any of the instances of the alternative services either since anyone could be monitoring their use as well.

by imiric

6/22/2025 at 9:42:49 AM

Maybe for the fact it as 4 times as many stars on GitHub if that's what you care about?

by iLoveOncall

6/22/2025 at 6:17:30 PM

Removing telemetry from daily tools feels like taking back a little control every time.

by silentpuck

6/22/2025 at 7:04:48 AM

X.com works bet with lightbrd.com instead of xcancel with captchas.

by anthk

6/22/2025 at 9:22:11 AM

I have never seen an xcancel captcha..

by jorvi

6/22/2025 at 9:35:20 AM

Neither do I - just the usual "verifying your request" screen: https://i.ibb.co/MyWRVtFj/xc.jpg

by pndy

6/22/2025 at 9:53:52 AM

Which is a PoW CAPTCHA, but a CAPTCHA nonetheless.

by mslansn

6/22/2025 at 11:53:15 AM

However, if your JS is disabled (or if you're running LibreJS), you do get redirected to a CAPTCHA which only works sometimes.

by CaptainFever

6/24/2025 at 5:59:06 AM

Just nitter.net is better than both of them.

by pabs3

6/22/2025 at 9:04:25 AM

lightbrd also needs cloudflare captcha

by HelloUsername

6/22/2025 at 1:57:06 PM

Try nitter.tiekoetter.com.

by teddyh

6/25/2025 at 7:09:42 PM

That also uses a captcha, not Cloudflare, but Anubis

by HelloUsername

6/22/2025 at 10:25:49 AM

How long before browsers disable these kinds of in-user-favor workarounds?

Like Apple removing the "Disable JavaScript" menu option from Safari and moving it into Developer Tools, which can be detected by websites before you can disable JS >:(

by Razengan

6/22/2025 at 10:42:10 AM

I think the real question is: should we keep using browsers that are developed by ad companies? And the answer is no, we should just use Mozilla Firefox.

by reddalo

6/22/2025 at 11:37:30 AM

We should all use Tor browser alongside Firefox.

Download today people https://www.torproject.org/download/

by v5v3

6/24/2025 at 8:06:38 AM

Firefox should be replaced with an actual private clearnet browser like mullvad browser that is using most of Tor browsers protection without the mozilla tracking and ads.

by akimbostrawman

6/22/2025 at 6:48:47 PM

[dead]

by MoonSzzS

6/22/2025 at 6:12:49 PM

> Like Apple removing the "Disable JavaScript"

That's so fucking good. I love the cope from Apple users

by udev4096

6/22/2025 at 10:08:21 AM

I love this extension

by kelvinjps10

6/22/2025 at 11:33:03 AM

Proxigram? I doubt I could run that on Android.

by johnisgood

6/22/2025 at 3:08:47 PM

...care to elaborate why you can't visit a website on Android and how this is relevant to anyone else?

by lucb1e

6/22/2025 at 3:48:35 PM

It is on the list of "LibRedirect", and it seems to be a self-hosted front-end to Instagram, not something one could just simply download from F-Droid and use.

by johnisgood

6/22/2025 at 5:10:10 PM

Oh you mean that it's a website and not downloadable software, right

by lucb1e

6/22/2025 at 6:29:51 PM

Yeah, I thought I found a FOSS, easy-to-use frontend to Instagram that could replace the Instagram app. :/

by johnisgood

6/23/2025 at 12:35:31 AM

thank you so much brother, the info is very helpful.

by nightcoders

6/22/2025 at 4:25:43 PM

Looking under the hood, some of these things seem like they might be moving your data from one place that might not have your best interests to another place that doesn't seem to have a revenue mechanism?

Take for example nitter - it says its using an unofficial twitter API. I'm assuming this means its using one of these third party services that provide an API to something that doesn't necessarily have an API or has limited access thereto.

If privacy is the purpose, this seems to be missing the point.

by rasengan

6/22/2025 at 4:58:21 PM

> Take for example nitter - it says its using an unofficial twitter API. I'm assuming this means its using one of these third party services that provide an API

You misread that. It actually says:

  Uses Twitter's unofficial API (no developer account required)
In other words, it's an internal Twitter API that's not meant to be used for applications like this.

by bramhaag

6/22/2025 at 1:38:07 PM

[dead]

by b0a04gl

6/22/2025 at 1:36:43 PM

[dead]

by fruworg

6/22/2025 at 12:55:32 PM

"privacy friendly". Now there's a modern euphemism.

by swayvil

6/22/2025 at 1:09:51 PM

What is implied?

by Retr0id