Skip to content

Instantly share code, notes, and snippets.

@ajayyy

ajayyy/SponsorBlock Privacy Policy.MD Secret

Last active Sep 24, 2020
Embed
What would you like to do?

Privacy Policy for SponsorBlock

SponsorBlock is a browser extention that allows you to submit segments in YouTube videos and fetch segments that other people have submitted.

Log Files

Almost all data that is collected through this extension can be downloaded from https://sponsor.ajay.app/database.db. Some more sensitive data such as votes and hashed IPs are stored in a private database.

The only things I keep are:

  • Information you submit (segments, votes)
  • A hashed version of your userID (a randomly generated value assigned when you first install the extension)
  • The time the submission happened
  • A hashed + salted version of your ip address. My server can check if the same IP is posting too many things. No hacker or anyone who downloads the database file from the above link should be able to get any personal info. The IP is hashed (one-way function) which makes a hacker have to use brute-force if they want to determine the IP of a transaction and makes it impossible if they don't have access to the salt.

The extention also optionally logs whenever you skip a segment. This is used to let other users know how much their submissions have helped others (leaderboard). The skip tracking is completely anonymous and can be disabled in settings.

Requests sent to the server while using the extension

Each time you browse to a new YouTube video:

  • An anonymous request is sent asking for the segments for that video.
    • This request contains no personally identifiable information and no IPs are logged connected with this request

Each time you skip a segment: IF you have skip tracking enabled:

  • An anonymous request is sent with the ID of the segment to record one skip
    • This request contains no personally identifiable information and no IPs are logged connected with this request

Each time you vote on a submission:

  • A request with your userID and the segment ID is sent
    • A hashed IP is stored with this information to help prevent spammers

Each time you submit a segment

  • A request with the video ID, your user ID and the submission is sent
    • A hashed IP is stored with this information to help prevent spammers

User counting

For every request:

  • A hashed + salted (salt rotated every 48 hours) IP address is temporarily stored without the actual request details
    • This allows the stats page to have count the number of users of the API
    • This data is stored in a seperate program from the main server and stored in memory. Form more details on how it works, see here

Children's Information

Children under 13 are not allowed to use this service.

Consent

By using this browser extension or API, you hereby consent to the Privacy Policy.

Additional Info

If you have additional questions or require more information, contact me through email at dev@ajay.app. You can also ask me questions on Discord (Ajay#1922).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.