Got error: "Sign in to confirm that you're not a bot"

[DuplicantWood]

Official Instance

• The bug is reproducible on the official hosted instance, or is API-related.

Describe the bug

On my private instance and with some others i have tested in the public list i am seeing "Got error: "Sign in to confirm that you're not a bot"" instead of a video

Here is a link from a public instance with the same problem:

https://piped.r4fo.com/watch?v=2G-L0u_L0qU

To Reproduce

Open this url on this instance

https://piped.r4fo.com/watch?v=2G-L0u_L0qU

See error

Expected behavior

Video to play normally

Logs/Errors

org.schabi.newpipe.extractor.exceptions.ContentNotAvailableException: Got error: "Sign in to confirm that you're not a bot" at org.schabi.newpipe.extractor.services.youtube.extractors.YoutubeStreamExtractor.checkPlayabilityStatus(YoutubeStreamExtractor.java:1016) at org.schabi.newpipe.extractor.services.youtube.extractors.YoutubeStreamExtractor.onFetchPage(YoutubeStreamExtractor.java:876) at org.schabi.newpipe.extractor.Extractor.fetchPage(Extractor.java:60) at org.schabi.newpipe.extractor.stream.StreamInfo.getInfo(StreamInfo.java:77) at org.schabi.newpipe.extractor.stream.StreamInfo.getInfo(StreamInfo.java:72) at org.schabi.newpipe.extractor.stream.StreamInfo.getInfo(StreamInfo.java:67) at me.kavin.piped.server.handlers.StreamHandlers.lambda$streamsResponse$0(StreamHandlers.java:54) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) at java.base/java.lang.VirtualThread.run(VirtualThread.java:309)

Browser, and OS with Version.

Happens on multiple browsers and devices

Additional context

I'm assuming it's related to something google/youtube have done as invidious instances are having similar issues.

iv-org/invidious#4734

[opusforlife2]

Some instances are working, some aren't. But it's probably gonna spread to all of them.

[milutinke]

Is there any solution for this?

[00-kat]

Is there any solution for this?

Cobalt implemented OAuth, but other than that there's not been much in terms of solving this issue...

[milutinke]

Is there any solution for this?

Cobalt implemented OAuth, but other than that there's not been much in terms of solving this issue...

Well, maybe it would be good implementing it as an optional feature, so instances could continue running until there is a better solution.

[Anoerak]

Restarting all containers fixed it for me tonight.

[AndrewHoang1995]

Restarting all containers fixed it for me tonight.

Really !!!

[LivingWithHippos]

Restarting all containers fixed it for me tonight.

Didn't work for me, you probably got "B" tested ;D

jokes aside, I have another request that may warrant a separate issue:
I opened a page to use the share button and copy the original youtube link, but the error message "eats" away all the UI, I think it would be nice if a partial interface could still be shown in this case

[Tamarindo94]

This is happening to me on the majority of videos (~8 out of 10) and on different instances, to the point I had to go back to using vanilla youtube.
Sadly, I dont know enough about piped or youtube's inner workings to be able to help, but I hope I can bring more attention to this issue. My fear is that this change could make piped and other frontends unusable sooner than we think if a solution isn't found

[alimovlex]

Is there any solution for this?

Yes. Just obtain youtube API keys and paste the API_SECRET to src/main.js function at 127th line.

getAuthToken() {
            return this.getPreferenceString("authToken" + this.hashCode(this.authApiUrl()));
},

Everything works.

[alimovlex]

This is happening to me on the majority of videos (~8 out of 10) and on different instances, to the point I had to go back to using vanilla youtube. Sadly, I dont know enough about piped or youtube's inner workings to be able to help, but I hope I can bring more attention to this issue. My fear is that this change could make piped and other frontends unusable sooner than we think if a solution isn't found

You can host your own instance instead and paste the token as I have written above.

[AndrewHoang1995]

You can host your own instance instead and paste the token as I have written above.

If I use Docker, how can I rebuild it? I am looking forward to an update from the team regarding documentation and Docker for this temporary solution

[clot27]

This is coming so often on official (piped.video) instance, approximately 7 of 10 videos. I haven't tried to change instance yet, I have switched to invidious.

[opusforlife2]

I haven't tried to change instance yet

This is the best workaround though. Works 100% of the time. You rarely have to change it twice.

[danl76]

Your modify the main.js like this?

getAuthToken() { return this.getPreferenceString("authToken" + this.hashCode(API_KEY)); },

Where API_KEY = your yt api key

Also how do get into the docker container to modify main.js? I tried bash but that'd didn't work.

[alimovlex]

Your modify the main.js like this?

getAuthToken() { return this.getPreferenceString("authToken" + this.hashCode(API_KEY)); },

Where API_KEY = your yt api key

Also how do get into the docker container to modify main.js? I tried bash but that'd didn't work.

Unfortunately, no.

getAuthToken() {
            return this.getPreferenceString("YOUR_API_TOKEN_HERE" + this.hashCode(this.authApiUrl()));
},

API_KEY is API_SECRET in your profile.

[alimovlex]

You can host your own instance instead and paste the token as I have written above.

If I use Docker, how can I rebuild it? I am looking forward to an update from the team regarding documentation and Docker for this temporary solution

I am not facile with Docker, unfortunately. Instead, I host my own private instance on a VPS.

[LivingWithHippos]

Your modify the main.js like this?

getAuthToken() { return this.getPreferenceString("authToken" + this.hashCode(API_KEY)); },

Where API_KEY = your yt api key

Also how do get into the docker container to modify main.js? I tried bash but that'd didn't work.

When bash doesn't work try sh ;D (or ash for alpine)

Where is the file located BTW?

edit:

I use these aliases in bash (or remove function for zsh) to quickly find and then enter a container with bash or sh (yeah I should env I know)

# get the container name if you don't remember, example: "dclist piped"
function dclist() {
    if [ -z "$1" ]; then
        docker ps -a --format "table {{.ID}}\t{{.Names}}" | (read -r; printf "%s\n" ""; sort -k 2);
    else
        docker ps -a --format "table {{.ID}}\t{{.Names}}" | (read -r; printf "%s\n" ""; sort -k 2) | grep "$1";
    fi
}

# enter a container with bash or sh, example: "dcsh piped"
function dcbash() { docker exec -it "$1" /bin/bash; }
function dcsh() { docker exec -it "$1" /bin/sh; }

[LivingWithHippos]

Partial docker instructions, untested, try only if you know what this means:

1. open your piped instance
2. right click -> view page source or whatever your browser calls it
3. find out the name of the javascript bundled file, mine is <script type="module" crossorigin src="/assets/index-WHXXydFZ.js"></script>

At this point you can either extract it from the container, change it and mount it back (easier, persist across restarts, may break the frontend if the containers are updated) or manually edit it in place (no time so will do this for now, may need restart of the container, may break anyway or just not work) or add the sed command to the start script (it's already doing something similar for the instance name)

5. enter the piped frontend container with its name, I used docker exec -it "piped-frontend" /bin/sh;
6. enter the assets folder with cd /usr/share/nginx/html/assets
7. swap the authToken with sed -i 's/"authToken"/"YOUR_TOKEN"/g' index-YOUR_FILE.js
8. ???
9. If you force refresh the page and check the sources again you can click on the js file and see if it has been changed or not

[enticedwanderer]

I've tried to do what above was suggested with the substitution of the authToken with an API key for Youtube Data v3 (plain API key not OAuth) and it just results in completely broken piped frontend. No trace or any message in the console. I have confirmed that it is substituted correctly in the browser with cache disabled (just in case).

What's supposed to happen when you swap out the hardcoded authToken string? Can someone provide clearer instructions on how to do this?

I'm also confused what "API_SECRET" referenced above is. Is it not the value of the API key?

[Bnyro]

Everything written above about patching getAuthToken() is not true, that authToken is only used to authenticate at Piped instances with your Piped account, it's not related to the visitor tokens used for extracting data from YouTube.

Obtaining YouTube API keys and only setting them in the frontend doesn't solve the problem at all, because the YouTube API key would need to be used at the Piped backend anyways ...

[Bnyro]

You probably want to save yourself that time and either get a new IP address that's not blocked from YouTube or put a proxy / VPN in front of your instance.

[milutinke]

You probably want to save yourself that time and either get a new IP address that's not blocked from YouTube or put a proxy / VPN in front of your instance.

Invidious made a IPv6 rotation tool, so that is another way of solving the issue. It needs a bit of setup, but works pretty good on a couple of instances I saw using it.

[bonswouar]

Invidious made a IPv6 rotation tool, so that is another way of solving the issue. It needs a bit of setup, but works pretty good on a couple of instances I saw using it.

Unfortunately lots of instances had their whole IPV6 /64 range blocked recently. I guess it depends of the provider

[Bnyro]

Unfortunately lots of instances had their whole IPV6 /64 range blocked recently. I guess it depends of the provider

Yes, all my Hetzner IPv6 ranges are blocked too since some days :/

[milutinke]

I heard https://stylenhost.com/ still works.
Maybe we should compile a list of providers that work and don't work.

[voidplayer]

libretube is working again now too

[bonswouar]

@kubo6472 On (some) private instances, Piped still work, always.
If the IP is clean you shouldn't have any problem

[voidplayer]

Is it possible to add the video to a playlist despite having this error in the browser?

The button is not showing despite being able to load comments (and thus acknowledging the url is okay)

Should i open a separate bug for this?

[Bnyro]

That's the same issue, so no.

[bonswouar]

Could you guys please stop commenting this issue with no new information, many people are following I guess and it's annoying to get useless notifications.
If you've got the same problem (and you probably do), just add a thumb up 👍 to the first post of this thread and hope & wait

And if you wanna chat about workarounds or whatever, the matrix channel is still here

[kubo6472]

Re this:

I wonder if it was affected by these changed, or does something very WebKit/Safari specific, that allows them to get the HTML5 player working...always.

Apparently, the Vinegar itself used Innertube and suffered from the same issues (the clicked link leads to this issue):

But the extension "Vinegar Extract" does something else. It doesn't use Innertube, and it replaces the YouTube video player, with the HTML5 player, but with ads, too.

I have currently still zero idea how they do it, but shall Piped be able to extract videos in all cases, even with ads, then let us block them/sponsorblock server-side ads, when that'll come/ well I'm willing to live with that, if it's possible.

[DWolf-19]

Why my comment was marked as off-topic? I think it contains some new info/my guess about issue solving.

[VitoItalianGamer]

What piped instances are still working?

[aryaoffixial]

Will this Spoof Streaming Data patch work for Piped Too? I don't think anybody mentioned this before Revanced Patches#3582

Revanced Extended working fine with this patch. I know piped using IOS spoofing too but revanced doesn't get "ios player response invalid" errors...

[mycodedoesnotcompile2]

Sad news: iv-org/invidious#4734 (comment)

Tip for people hosting in cloud: setup a (free) cloudflare WARP connection, and tunnel the trafic inside it. Youtube does not block, so far, Cloudflare IPs:
#3658 (comment)

[bnjbvr]

Regarding previous comment: it seems the code of piped-proxy supports setting up a PROXY env variable to reroute external traffic to it. I've tried using an instance of https://github.com/kingcc/warproxy or https://github.com/cmj2002/warp-docker alongside the piped-proxy instance, then changed the docker-compose section for the piped-proxy to include PROXY=warp:1080 in the env variable section, but it doesn't appear the traffic is getting routed through it. Am I missing something?

[edit] solution pointed to in the previous comment works great, thanks @mycodedoesnotcompile2!

[Silther]

please fix it

You are asking a group of people developing this project in their spare time to beat the countermeasures of a multi-billion dollar corporation.

[lilcheti]

Ok so which instances are working rn?

[mpeter50]

Those that you or your friends run for yourself. Public ones are being taken down by google.
Yeah it sucks, even more so that now even Invidious has fallen.

My solution for the meantime has been to either not watch youtube, or if the video would be useful, I download it with yt-dlp. That way I also preserve it for when the video would become unavailable, as we all know thats the fate of a lot of videos on youtube, for various reasons.

[lilcheti]

So if it's working with warp we better start developing an api to run on cloudflare workers

[mpeter50]

I'm not familiar with Cloudflare's services, but I would expect that workers running youtube proxies would get shut down, maybe even with penalties for the owner account.

However, using CF Warp may be helpful in itself, but of course we will see if a larger instance starts to use it. Apparently they are not forwarding the user's IP address to the destination anymore.
Does anyone know if a Piped/Invidious instance has tried doing this already?

---

Seeing the reactions to my previous comment, if anyong reading this is interested in downloading the videos for yourself, here is the yt-dlp config file I use. I hope it will be useful.

[voidplayer]

would it be possible to add a local .js extractor as an option? libretube has the option to do the extraction locally and thats how they bypassed this issue

Yes, it gives away the privacy temporarly but it also makes more difficult/impossible to block

[noodlejetski]

I got the same issue recently.

might wanna read the recent replies before notifying everyone participating in the discussion.