Skip to content

Instantly share code, notes, and snippets.

Last active April 23, 2024 16:42
Show Gist options
  • Save ajayyy/9bfec83d57ea34f5182658ec8445aa9d to your computer and use it in GitHub Desktop.
Save ajayyy/9bfec83d57ea34f5182658ec8445aa9d to your computer and use it in GitHub Desktop.

Privacy Policy for DeArrow

DeArrow is a browser extention that allows you to submit titles and thumbnails for YouTube videos and fetch titles and thumbnails that other people have already submitted.

It consists of one server that handles titles and timestamps of when thumbnails occur (they are screenshots at specific timestamps), and another server that acts as a cache of the thumbnail images themselves.

Also see the terms of use.

Log Files

Almost all data that is collected through this extension can be downloaded from Some more sensitive data such as votes and hashed IPs are stored in a private database.

The only things I keep are:

  • Information you submit (submitted titles, thumbnails, reports, and votes on existing submissions)
  • A hashed version of your userID (a randomly generated value assigned when you first install the extension), only if a submission or vote has occurred
  • The time the submission happened
  • A hashed + salted version of your ip address for ratelimiting. This process makes it close to impossible to retrieve the original value if they don't have access to the salt.
  • The name of your client (if using an extension, another port, etc.)

The extension also makes requests to YouTube URLs to generate thumbnails and get metadata, such as video duration, of videos.

Requests sent to the server while using the extension

Each time a video title or thumbnail is displayed on screen:

  • An anonymous request is sent asking for the submissions for that video
    • If a thumbnail is submitted, or the "Show screenshot from random timestamp when no submissions exist" option is enabled, it will then send a request to the thumbnail generation/cache server to generate a thumbnail at the given timestamp
    • This request contains no personally identifiable information and no IPs are logged connected with this request

If you disable using the thumbnail generation/caching service:

  • All querying requests will use the prefix of the videoID hash to decrease the server's ability to know what exact video you were looking for. This returns a list of videos that potentially could be the one you are looking for
  • This is not used when the thumbnail generation/caching service is enabled since the raw videoID is needed to generate the thumbnail

Each time you submit, vote, or make a report:

  • A request with your userID and the segment ID is sent
    • A hashed IP is stored with this information to help prevent spammers

User counting

For every request:

  • A hashed + salted (salt rotated every 48 hours) IP address is temporarily stored without the actual request details
    • This allows the stats page to have count the number of users of the API
    • This data is stored in a seperate program from the main server and stored in memory. Form more details on how it works, see here

Extension Local Storage

This data stays on your device

Each time you submit:

  • This submission is stored on device to show it even if another submission has more votes
  • This can be disabled in the options


By using this browser extension or API, you hereby consent to the Privacy Policy.

Data Access/Deletion Requests (GDPR)

Please email me with your request.

Error logging and Cloudflare

Cloudflare's proxy is used to reduce load on the servers. It logs some information itself that I cannot control, such as the number and location of connecting IPs. More information can be found at

I sometimes need to enable error logging in nginx. This does log IPs associated with connection errors (not all requests), but I will delete these logs within 72 hours whenever that is enabled.

Additional Info

If you have additional questions or require more information, contact me through email at You can also ask me questions on Discord (@theajayyy) or Matrix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment