[HN Gopher] LibRedirect - Redirects popular sites to alternative...
___________________________________________________________________
LibRedirect - Redirects popular sites to alternative privacy-
friendly frontends
Author : riffraff
Score : 366 points
Date : 2025-06-22 06:07 UTC (16 hours ago)
(HTM) web link (libredirect.github.io)
(TXT) w3m dump (libredirect.github.io)
| anthk wrote:
| X.com works bet with lightbrd.com instead of xcancel with
| captchas.
| HelloUsername wrote:
| lightbrd also needs cloudflare captcha
| teddyh wrote:
| Try nitter.tiekoetter.com.
| jorvi wrote:
| I have never seen an xcancel captcha..
| pndy wrote:
| Neither do I - just the usual "verifying your request"
| screen: https://i.ibb.co/MyWRVtFj/xc.jpg
| mslansn wrote:
| Which is a PoW CAPTCHA, but a CAPTCHA nonetheless.
| CaptainFever wrote:
| However, if your JS is disabled (or if you're running
| LibreJS), you do get redirected to a CAPTCHA which only
| works sometimes.
| bmacho wrote:
| A web extension is an unnecessary security risk. A userscript
| will do it just fine.
|
| edit: one of my previous attempt:
| https://news.ycombinator.com/item?id=35229211
|
| I actually have made it extensible, with closely coupled source
| of rules and domains; but then I lost it Edge forgot all my
| userscripts :(
| londons_explore wrote:
| User scripts have super wide permissions. For example a user
| script scoped to YouTube.com can make payments from any cards
| you have saved in Google pay.
|
| And most user scripts are so long a typical user won't be able
| to spot a couple of malicious lines amongst 10k lines of
| minified webpacked libraries.
| bmacho wrote:
| > And most user scripts are so long a typical user won't be
| able to spot a couple of malicious lines amongst 10k lines of
| minified webpacked libraries.
|
| Exactly!
|
| That's why you should use 3 lines for it instead, that are
| - inspectable - not updateable by the Chinese/Russians
| - written by you anyway
| rvnx wrote:
| You also have to weight the benefits versus the "risk".
|
| For example, if you use FreeTube with SponsorBlock to improve
| your privacy and block ads, in fact you are sending to
| Cloudflare 100% of your YouTube watch history, and to
| SponsorBlock ("sponsor.ajay.io").
|
| With Piped instances it's even worse, essentially escaping
| Google's tracking just to give our data to random strangers.
|
| If you are worried, just run a second Chrome session with
| NordVPN and uBlock Origin in a loose jurisdiction and browse
| YouTube unlogged.
|
| It's easy, simple, and you have the benefits of an audited
| platform and that reasonably legally confirm they don't store
| logs unless the court forced them: "we never log their
| activity unless ordered by a court never log their activity
| unless ordered by a court", but for that, the court has to
| find you as a user, which can be very complicated in
| practice.
|
| So much better than random strangers.
| latexr wrote:
| > If you are worried, just run a second Chrome session with
| NordVPN
|
| I feel like I'm on YouTube already.
|
| It's not like they are free of criticism either.
|
| https://en.wikipedia.org/wiki/NordVPN#Criticism
| HK-NC wrote:
| I'm happy to give my watch history to some unknown in
| exchange for never ever seeing an ad.
| hashiyakshmi wrote:
| >If you are worried, just run a second Chrome session with
| NordVPN and uBlock Origin in a loose jurisdiction and
| browse YouTube unlogged.
|
| If you actually did this you would know that it works for
| all of a week or two before YouTube stops letting you watch
| videos until you login.
| Devorlon wrote:
| I found that hopping to different VPN servers is a mildly
| inconvenient workaround for that.
| heavensteeth wrote:
| SponsorBlock doesn't send video IDs to the server.
|
| https://github.com/ajayyy/SponsorBlockServer/issues/25
| lucb1e wrote:
| (*anymore, as of late 2020 from a quick look. The parent
| comment may not have been wrong about that, just outdated
| info)
| lvass wrote:
| Terrible advice. Not only youtube will precisely
| fingerprint you, nordvpn/tesonet/oxylab will also get data
| on you.
| rvnx wrote:
| Way better than the recommended "privacy" instances.
|
| NordVPN only sees that you connect to YouTube, they do
| not see the pages or videos that you are looking at, and
| from the perspective of YouTube, they only see requests
| from a very popular VPN where are millions of users.
|
| If you use the "privacy" instances, these "privacy"
| websites and Cloudflare knows precisely which videos you
| are watching.
| lvass wrote:
| Recommended by whom? I'm just saying your advice is
| terrible in general and takes no regard to how easy and
| powerful fingerprinting is nowadays, in google's
| perspective the only difference to using that VPN if
| you're "just" running chrome is that it also knows when
| you use a VPN, in other words, just giving one more data
| point. Also the average user is likely to install some
| nordvpn app if following your advice, which is a security
| nightmare, remember that company sells residential
| proxies.
|
| Also IIRC for youtube, alternative frontends don't tend
| to rely on someone else's endpoints.
| lucb1e wrote:
| > worse, essentially escaping Google's tracking just to
| give our data to random strangers
|
| I'd much rather send random tidbits of information, that
| are nearly useless in isolation, to strangers than to the
| central tracking corporation
|
| In the end, there is no way to reveal what information
| you're interested in when retrieving data, short of
| retrieving a ton of data and doing the filtering client-
| side, which is also an option with these third parties if
| you so desire
| eviks wrote:
| The extension links to 50+ services, your script - to 1. Do you
| now suggest that every single user should figure out how to do
| it properly and replicate the extension in a script for no
| better alternative (you could instead spend part of that time
| reading the extension code and using your private copy)
| bmacho wrote:
| I don't think that not having all the services is a problem.
| On the contrary, I think it is an advantage for userscripts,
| that those only have the redirects a user explicitly adds.
|
| Tho I probably should've demonstrated first that it is
| possible, before advocating for it. The script I linked
| indeed only works for one website. Multiple websites with
| multiple rules, each with a list of instances (that often go
| offline for a time, so it is worth keeping them around, and
| make switching easy) indeed complicates it a bit.
| eviks wrote:
| So what exactly is the advantage of having to code all the
| rules yourself for every service you want to use??
|
| > complicates it a bit
|
| a bit of an understatement
| bmacho wrote:
| > So what exactly is the advantage of having to code all
| the rules yourself for every service you want to use??
|
| "having to code all the rules" is not that hard, in most
| cases you can just pass the whole URL, and the instance
| accepts it.
|
| Advantages: you don't get unwanted redirects from
| services, and you don't get unwanted redirects to
| instances. (Even tho the information about the instances
| will likely be concentrated at libredirect github issues.
| Chances are that some random person on the internet who
| has paranoid activities as a hobby will look into the
| instances, so you don't have to.)
|
| - - -
|
| I don't use many redirects. Nowadays I use exactly 0. But
| if I needed a redirect for example to xcancel, I would
| use my user-script as I had done it in the past before I
| lost it. I definitely wouldn't install a browser
| extension for it.
| eviks wrote:
| > in most cases a slice(,) will do it since the relevant
| id is at a fixed position in the URL.
|
| In all cases that also involves actually finding the
| URLs, then there are non-most cases where a slice
| wouldn't do it.
|
| > Nowadays I use exactly 0
|
| Exactly. If you ignore actual uses everything becomes
| trivial
| 1oooqooq wrote:
| just disable auto update and have the same bad usability as
| user script.
| Akronymus wrote:
| I personally prefer to use redirector to do it. It has served
| me quite well so far.
|
| https://einaregilsson.com/redirector/
| udev4096 wrote:
| Totally unrealistic. Instead either lock down extension
| permissions, use different browser profile or better yet use
| QubesOS for spinning up disposable browser VMs
| hexagonwin wrote:
| can a userscript run before the page loads...? afaik it's not
| possible, so the browser gets to make double requests.
| bdhcuidbebe wrote:
| Farside extension, 847 stars: https://github.com/benbusby/farside
|
| Using venrable farside.link
|
| https://sr.ht/~benbusby/farside/
|
| https://farside.link/
|
| Why use your offering?
| iLoveOncall wrote:
| Maybe for the fact it as 4 times as many stars on GitHub if
| that's what you care about?
| imiric wrote:
| This comment could've been phrased better, but Farside does
| have an important feature that LibRedirect lacks, which is
| automatic instance selection based on reachability. Instances
| routinely fail and new ones are added, so automating that
| aspect instead of requiring manual instance selection by the
| user is a powerful feature.
|
| Anyway, thanks for mentioning it!
| MallocVoidstar wrote:
| Using Farside means the initial redirect goes through Farside,
| so they are capable of knowing what videos you're watching,
| what tweets you're looking at, etc. You have to trust them not
| to monitor this. Using a client-side extension means only the
| instance you use knows this.
| imiric wrote:
| It's a Go project that seems trivial to self-host. By your
| logic we shouldn't trust any of the instances of the
| alternative services either since anyone could be monitoring
| their use as well.
| pndy wrote:
| Overall it works but the problem lies in instances that tend to
| die-off pretty fast. There were homebrew "hubs" solely providing
| redirects out of pure kindness to many big sites and services but
| now it seems it's hard to find one that works without being
| blocked/rate limited. Big sites and services fight back, which
| isn't really surprising.
|
| Privacy Redirect was prob the first extension that introduced
| this idea. It did the job as well but up until bad-actors figured
| out they can redirect people to their dangerous sites.
| kelvinjps10 wrote:
| I love this extension
| Razengan wrote:
| How long before browsers disable these kinds of in-user-favor
| workarounds?
|
| Like Apple removing the "Disable JavaScript" menu option from
| Safari and moving it into Developer Tools, which can be detected
| by websites before you can disable JS >:(
| reddalo wrote:
| I think the real question is: should we keep using browsers
| that are developed by ad companies? And the answer is no, we
| should just use Mozilla Firefox.
| v5v3 wrote:
| We should all use Tor browser alongside Firefox.
|
| Download today people https://www.torproject.org/download/
| progval wrote:
| Mozilla is an ad company now: https://www.mozilla.org/en-
| US/advertising/ https://blog.mozilla.org/en/mozilla/mozilla-
| anonym-raising-t...
| fsflover wrote:
| This is not at all comparable with the big companies.
| udev4096 wrote:
| > Like Apple removing the "Disable JavaScript"
|
| That's so fucking good. I love the cope from Apple users
| hsbauauvhabzb wrote:
| Do any of these YouTube extensions retrieve videos in a way which
| is unassociated with my IP? I'd really rather not get my google
| account banned, or my searches rate limited. These aren't
| happening now, but I believe they will in the future to the point
| where I actively avoid using any tooling from my home connection,
| and vps' seem to be blocked by YouTube already.
| pimeys wrote:
| If you have a dynamic IP at home, run it in your homelab and
| access it through Tailscale everywhere. I highly doubt YouTube
| will block the whole IP block for home users.
| hsbauauvhabzb wrote:
| That doesn't solve the issue of my google search traffic and
| fingerprint from coming from the same source as yt-dlp.
| v5v3 wrote:
| VPNs are not blocked by YouTube.
|
| Neither is viewing YouTube using Tor Browser.
| 4ad wrote:
| I want the opposite, an extension that will redirect all crappy
| frontends to the canonical sources (which work better and I am
| logged-into, I can comment, etc).
| fmbb wrote:
| Don't almost all of them show a link to the source anyway?
| lucb1e wrote:
| So... press the 'clone' button on the repository and swap the
| mapping from twitter.com -> nitter.net to nitter.net ->
| twitter.com?
| johnisgood wrote:
| Proxigram? I doubt I could run that on Android.
| lucb1e wrote:
| ...care to elaborate why you can't visit a website on Android
| and how this is relevant to anyone else?
| johnisgood wrote:
| It is on the list of "LibRedirect", and it seems to be a
| self-hosted front-end to Instagram, not something one could
| just simply download from F-Droid and use.
| lucb1e wrote:
| Oh you mean that it's a website and not downloadable
| software, right
| johnisgood wrote:
| Yeah, I thought I found a FOSS, easy-to-use frontend to
| Instagram that could replace the Instagram app. :/
| patchtopic wrote:
| time to get rid of the freeloaders with Anubis?
| https://anubis.techaro.lol/
| swayvil wrote:
| "privacy friendly". Now there's a modern euphemism.
| Retr0id wrote:
| What is implied?
| b0a04gl wrote:
| tis is great for what it solves i don't wanna see ads, i don't
| wanna load 10MB of js just to read a tweet or watch a 2-min clip.
| redirecting to piped or nitter makes total sense. but what i
| would appreciate more is either selfhost or at least rotate
| through known good instances. currently it just serves half the
| intent. i don't often check who's running what. if you're gonna
| use it seriously, current assumption is the routing target
| instances is always up, clean and fast. some are slow as hell,
| some die without notice and a few probably log everything.
| currently also many of the list is dead out
| romaaeterna wrote:
| Nobody is setting up "privacy-friendly" frontends to track
| browsing data that they couldn't otherwise get without access to
| Google's/Twitter's/etc. logs? Because I think they are.
| Funes- wrote:
| Yeah, the possibility of any of them being a honeypot I'd say
| is real.
| lucb1e wrote:
| How could you ever prove that nobody is doing that? You can
| believe anything that way
|
| One can't prove god doesn't exist either, but as someone who
| made some privacy-friendly front-ends, I tend to expect honest
| intentions. If you find one that suddenly asks for your login
| data or sets tracking cookie, sure, be wary, just as with any
| other site that asks for data they don't need (see: literally
| every cookie wall, because if they had good intentions, it
| would fall under one of the five other reasons to use personal
| data and they wouldn't need to fall back to asking for consent)
| germanier wrote:
| Nothing. An acquaintance of mine develops a third-party
| frontend explicitly marketed as a privacy-friendly alternative
| and actively looks at lots of user data (which includes the
| full name) without disclosing. I honestly believe that it's
| only done for improving the service (and it helps tremendously)
| but I can't get through with arguing that this should be
| transparent.
|
| You could notice by closely reading the source code.
| udev4096 wrote:
| Don't use it. Stop shitting on everything you disagree on.
| Besides, privacy is not black and white. No one is implying
| such a ridiculous claim. Just because you grew up in a
| disgusting for-profit driven web, doesn't mean that everyone is
| trying to get you. Believe it or not, there are people who
| actually value privacy and actively voluntarily support
| decentralized and non-invasive parts of the web without hoping
| for any incentive. Besides, majority of private frontends are
| extremely fast and loads in an instant, which saves a lot of
| time
| userbinator wrote:
| They are all effectively proxies so you do have to trust them
| to some extent, but unless these frontends are run by a large
| company, I think they couldn't care less - and likely don't
| even have the resources to accumulate and analyse all the data
| that passes through them.
| wonger_ wrote:
| I just found out about an Android app where you can set up custom
| redirects for any links, OS-wide:
| https://github.com/TrianguloY/URLCheck
|
| It's a little finnicky to set up, but I'm enjoying it so far. It
| goes beyond alternative frontend redirects. You can strip URL
| params, check domains against a blacklist, and choose native apps
| to open links that match a pattern.
| TheLongLife wrote:
| I was very happy when I found about that app, It's very useful.
| It goes beyond just redirects, it's able to remove tracking
| elements from links, unshorten links, remember which app to use
| to open specific domains and more. You almost need an app like
| this on Android because of its shitty share menu.
| jamesponddotco wrote:
| Seems related, so I'll share here. I wrote an "awesome" list of
| privacy-focused front-ends[1] for a variety of services. Haven't
| been updated in a while, but I figured it's still valid.
|
| [1]: https://sr.ht/~jamesponddotco/awesome-privacy-front-ends/
| krick wrote:
| Instagram doesn't actually work, right? All frontends are down,
| and it doesn't seem to work locally either.
| plastic_bag wrote:
| One word - Imginn
| jamesponddotco wrote:
| That is correct, there's no alternative front-end that still
| works. Self-hostable open source ones, that is--you can still
| find random ones on search engines that aren't open source.
| scosman wrote:
| Any good YouTube options (including self host)? I've tried a few
| and they always seem to be down more than up.
| az09mugen wrote:
| Did you have a look at peertube ?
| https://joinpeertube.org/en_US
| stinos wrote:
| I did, seemed to fall in the same category of sometimes
| working, sometimes not. I'v been trying various alternatives
| on/off for the past 5 years or so but unfortunately nothing
| really ever sticks.
| az09mugen wrote:
| Thanks for your feedback
| tgv wrote:
| https://grayjay.app/ perhaps? It's a locally running
| application. Don't know how privacy friendly it exactly is, but
| they claim they collect very little information.
| mikae1 wrote:
| Redirector[1] makes it easy to set up your own redirects. I
| prefer that.
|
| [1] https://addons.mozilla.org/en-US/firefox/addon/redirector/
| rasengan wrote:
| Looking under the hood, some of these things seem like they might
| be moving your data from one place that might not have your best
| interests to another place that doesn't seem to have a revenue
| mechanism?
|
| Take for example nitter - it says its using an unofficial twitter
| API. I'm assuming this means its using one of these third party
| services that provide an API to something that doesn't
| necessarily have an API or has limited access thereto.
|
| If privacy is the purpose, this seems to be missing the point.
| bramhaag wrote:
| > Take for example nitter - it says its using an unofficial
| twitter API. I'm assuming this means its using one of these
| third party services that provide an API
|
| You misread that. It actually says: Uses
| Twitter's unofficial API (no developer account required)
|
| In other words, it's an internal Twitter API that's not meant
| to be used for applications like this.
| b00ty4breakfast wrote:
| the privacy stuff is fine(if not a bit suspect since we're still
| relying on the goodwill of the instance hosts to not be sketchy)
| but for me the biggest benefit for these third party front-ends
| is that my crappy laptop isn't constantly being pushed to the
| limits of it's capabilities just so I can read some gosh-darn
| text.
|
| And reddit is not even close to the worst offender in that
| regard. Seriously, when did displaying words on a screen become
| so resource intensive???
| hexagonwin wrote:
| have you tried old reddit?
| IlikeKitties wrote:
| > Seriously, when did displaying words on a screen become so
| resource intensive???
|
| When Indians discovered React
| userbinator wrote:
| The no-JS / reduced-JS aspect of some of these frontends is
| particularly interesting, since it implies that the JS wasn't
| ever necessary --- except perhaps its only purpose was to be
| privacy-invasive and user-hostile.
| charcircuit wrote:
| This is just going to normalize adware / phishing. These front
| ends can show ads or ask for users personal information.
|
| Redirecting people from trusted sources to these other sites is
| very risky and opens up opportunities for malicous people to
| exploit this. That's not even considering this extension is
| compromised or purchased and these dangerous permissions that it
| has are used against you.
| pstuart wrote:
| It would be nice to have a containerized host of all these
| services to have them easily on hand as needed. One more task for
| Claude to handle...
| silentpuck wrote:
| Removing telemetry from daily tools feels like taking back a
| little control every time.
___________________________________________________________________
(page generated 2025-06-22 23:00 UTC)