Skip to content

Instantly share code, notes, and snippets.

@ajayyy
Last active May 28, 2024 04:17
Show Gist options
  • Save ajayyy/aa9f8ded2b573d4f73a3ffa0ef74f796 to your computer and use it in GitHub Desktop.
Save ajayyy/aa9f8ded2b573d4f73a3ffa0ef74f796 to your computer and use it in GitHub Desktop.

Privacy Policy for SponsorBlock

SponsorBlock is a browser extention that allows you to submit segments in YouTube videos and fetch segments that other people have submitted.

Also see the terms of use.

Log Files

Almost all data that is collected through this extension can be downloaded from https://sponsor.ajay.app/database. Some more sensitive data such as votes and hashed IPs are stored in a private database.

The only things I keep are:

  • Information you submit (segments, votes)
  • A hashed version of your userID (a randomly generated value assigned when you first install the extension)
  • The time the submission happened
  • A hashed + salted version of your ip address for ratelimiting. This process makes it close to impossible to retrieve the original value if they don't have access to the salt.
  • The name of your client (if using an extension, another port, etc.)

The extention also optionally logs whenever you skip a segment. This is used to let other users know how much their submissions have helped others (leaderboard). The skip tracking is completely anonymous and can be disabled in settings.

Requests sent to the server while using the extension

Each time you browse to a new YouTube video:

  • An anonymous request is sent asking for the segments for that video.
    • This request contains a prefix of the videoID hash, and returns a list of videos that potentially could be the one you are looking for
    • This request contains no personally identifiable information and no IPs are logged connected with this request

Each time you skip a segment: IF you have skip tracking enabled:

  • An anonymous request is sent with the ID of the segment to record one skip
    • This request contains no personally identifiable information and no IPs are logged connected with this request

Each time you vote on a submission:

  • A request with your userID and the segment ID is sent
    • A hashed IP is stored with this information to help prevent spammers

Each time you submit a segment

  • A request with the video ID, your user ID and the submission is sent
    • A hashed IP is stored with this information to help prevent spammers

User counting

For every request:

  • A hashed + salted (salt rotated every 48 hours) IP address is temporarily stored without the actual request details
    • This allows the stats page to have count the number of users of the API
    • This data is stored in a seperate program from the main server and stored in memory. Form more details on how it works, see here

Extension Local Storage

This data stays on your device

Each time you skip a segment:

  • A sum is counted of the amount of time you have skipped in total

Each time you downvote or hide a segment: If you have downvote storage enabled:

  • A hash prefix of the videoID is stored locally along with a hash of the segment ID to keep that segment hidden when you watch the video in the future

Children's Information

Children under 13 are not allowed to use this service without permission from a legal guardian.

Consent

By using this browser extension or API, you hereby consent to the Privacy Policy.

Data Access/Deletion Requests (GDPR)

Please email me with your request.

Error logging and Cloudflare

Cloudflare is used as a caching proxy service in front of the SponsorBlock servers to reduce load on the servers and costs. It logs some information itself that I cannot control, such as the number and location of connecting IPs. More information can be found at https://www.cloudflare.com/privacypolicy/

If you would like to avoid cloudflare, you can change your server address (in the browser extension settings) to https://api.sponsor.ajay.app

I sometimes need to enable error logging in nginx. This does log IPs associated with connection errors (not all requests), but I will delete these logs within 72 hours whenever that is enabled.

Additional Info

If you have additional questions or require more information, contact me through email at dev@ajay.app. You can also ask me questions on Discord (Ajay#1922) or Matrix.

@JasonTable
Copy link

While I try to keep it's use to a minimum

Does this mean the CF proxy is not always turned on?

I appreciate the transparency though. Most sites don't disclose their use of the central middleman so thank you for doing so.

@ajayyy
Copy link
Author

ajayyy commented Apr 7, 2022

Yes, it's been on for a bit recently, but I plan on trying to disable it again after I'm done my exams. Right now the issue is maximum concurrent connections

@music-cat-bread
Copy link

This is first time I have read Terms of Service/Privacy Policy.
And I have to admit, you have done great job making it transparent and easy to read.

@godboot-bast
Copy link

ok

@cardeniajulien
Copy link

D'accord

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment