A small C++/Go/... proxy can do the same thing with much, much less overhead. Been there, done that - for something well-defined like this, it is more stable and less work than fighting mitmproxy.
Routing everything through the proxy will degrade performance even with SNI interception.
Same with pfSense - a plain Linux server and a simple iptables rules set would do the job without having to fight against all the pfSense abstraction layers.
Write a .proto file with just enough of the reverse-engineered proto fields to auto-generate code and flip the flag. Cheaper than the Python implementation and easier to update when the proto changes.
Ignoring unknown field tags is an important Protobuf feature - it allows for compatible schema changes without breaking existing deployments.
It would, but it would also decrease the video quality. I'm not opposed to letting my kids watch YouTube, there is a lot of good quality content there, but having some agency in what they pick would be a lot better than the current behavior of short after short after short. Just like snacking on fast food.
Interesting points and some things I've been exploring too:
Video quality does decrease, and sometimes that's good a good thing.. :)
- Lower video quality is lower resolution = less addictive.
- Decreasing saturated colors reduces children's brain heroin. (Try to put the tv in normal or movie color mode and see the addictiveness fall off).
- Lowering the sound helps kids hear less of the background addictive noises and strain their hearing a little more and can help them get tired.
- Lowering brightness can help with as well.
- Kids device for viewing could be different than adults to allow filtering and shaping.
As for content, I agree.
- Recently I heard there's more and more fraudulent content under official channels that includes bad content inside the good stuff. This needs to be caught.
- Managing access to shorts is important, if not limit outright.
Do you have a youtube premium account that removes ads by chance?
I never got used to shorts/reels/etc, but it is troubling to see kids addicted to them. I have been thinking that by forcing some pause between videos it would remove some of their addictiveness.
It does. Sometimes I click on an interesting short and then keep swiping to see if anything else is interesting. When the app takes ten seconds to load, I go do something else because there's no real value in the shorts.
I gotta say, I don’t get that perspective. The content is one thing, but YouTube is super reliable for me, streaming or watching. I can easily stream in 4k 60FPS from OBS and YouTube has never had issues ingesting it, though I generally do 1440p because my computer is slow. When watching, I have never had an interruption on my wired Apple TV even for 4k/60FPS.
I do hate the pushing of shorts and the algorithm that seems to have a 3 video memory, but aside from that I’m pretty happy, I don’t get the weird right wing stuff or creepy videos pushed at me or my kids.
For me the content is not the main problem, rather the consistent bloating and enshitification of the player and interface over the years. Nowadays I don't bother anymore and just use mpv and ytdlp to play the few videos I'm interested in.
I don't even bother using scripts, I just manually paste the URL of the video I want to watch into mpv. It's not slow enough for me to have to deal with the garbage Youtube interface.
You want someone to show you how to write a C++/Go program to forward traffic? There are a lot of tutorials online that can already demonstrate this for you. :)
Can you put together a guide in response showing where the inefficiencies are and how to mitigate them with more simple software?
It sounds like the author was aware of at least parts of your comment. The post is very thorough. They benchmarked using python and c++ and the final impl doesn’t even decode protobuf. They used various mitm solutions. They are using pfsense for more than just “it’s muh security router”—they are vlanning and vpning the traffic so they can target inly the appletv on their network.
Your comment is cheap and dismissive. The author’s post is not. You owe it to the community to put your money where your mouth is.
Not sure what kind of answer you are looking for? I did not criticize the author's post. It was an enjoyable read, and I personally would have given up a long time before going to such impressive lenghts. The fact that the app isn't using certificate pinning is really interesting and the sheer amount of hacker spirit and determination is extremely wholesome.
I am, however, very familiar with this particular engineering challenge (specifically, attempting to build on pfSense and using mitmproxy scripts in production), so I wanted to share my personal experiences to hopefully save someone else some time and frustration while attempting the same thing.
https://github.com/elazarl/goproxy is pretty nice Go library for writing proxies, I used it once. Supports both HTTPS passthrough and MITM. Here's a trivial example MITMing connections to www.google.com and rejecting requests to https://www.google.com/maps while allowing everything else through:
-k is to ignore cert error; note how we don't need it for apple.com due to passthrough.
Remember to use your own cert rather than the hardcoded one in "production" (a trusted network like your home of course, probably a bad idea to expose it on the open Internet).
Routing everything through the proxy will degrade performance even with SNI interception.
Same with pfSense - a plain Linux server and a simple iptables rules set would do the job without having to fight against all the pfSense abstraction layers.
Write a .proto file with just enough of the reverse-engineered proto fields to auto-generate code and flip the flag. Cheaper than the Python implementation and easier to update when the proto changes.
Ignoring unknown field tags is an important Protobuf feature - it allows for compatible schema changes without breaking existing deployments.