Tag: software recommendation

#0039: How to access the URL address of YouTube video adverts

Otto

#0039: How to access the URL address of YouTube video adverts

Preamble

If you are anything like me: then at one point or another you have come across an interesting YouTube advert. One that you may have wished to save for whatever reason. This article is a brief guide as to how to go about doing that. Primarily, this article is focused upon quickly acquiring an advert video’s unique URL. This is the direct address of the video itself. This can be done as and when an advert appears, without using any external tools.

However, once you have acquired an advert video’s URL – you may then wish to apply additional tools to download the video file itself. A few of which are recommended below. By the way, this method only works on desktop PCs. (I.e. not mobile device OSes such as Android or iOS.) This is because the specific steps illustrated here require a typical desktop web-browser. Although, there is very likely an alternative method for mobile operating systems; that achieves this same goal. However, that method is outside the scope of this article.

A note on the time sensitive nature of information presented herein

Please be advised: since the information presented here pertains to a specific niche functionality within the live version of the YouTube website. A website that is in a state of constant iterative development. I cannot speak to the forward looking accuracy of this information.

In other words: This method may cease to work on any given day. This is especially true if any significant changes are made to any of the website functions referenced within this method. Or even to underlying/invisible support functions not mentioned. The likelihood of which increases with time elapsed since initial publication of this article. This method works as of December of 2023.

[2026-05-14] EDITOR’S NOTE: This method works as of May of 2026. I kept the original written date in to demonstrate how long some of these articles can remain in stasis. I.e. Done. But not published for whatever reason.

What is an “unlisted video”?

Before we go on, we need to understand something of the nature of the files that we are after. Within the context of the YouTube website: an unlisted video is a video with zero discoverability. Basically, it does not show up when using either YouTube’s video search functionality; or a third party search engine like Google, Bing, or DuckDuckGo’s video search functionality. This is because search services of this kind only return publicly listed videos. In addition, unlisted videos are also not served to users via recommendation algorithms, for the same reason. They are simply not in the pool of applicable videos. You could even navigate to a specific YT channel that hosts known unlisted videos and they would not appear.

The “unlisted” status is typically used for videos that are intended to remain undiscoverable to the general public. Although these videos can still be distributed, albeit in an alternative and limited manner by design. Broadly speaking there are three main ways to distribute unlisted videos. Manually, private directories, and distribution algorithms.

Manually. This is usually done by the video owner providing the recipient(s) with a direct URL address. (E.g. via email, Whatsapp, X, or whathaveyou). Simple. The second method is by listing the video address in a directory somewhere for selective/limited discoverability. For example using YouTube’s (comparatively excellent) infrastructure to host videos that are then linked behind a paywall in a member’s only section of a third-party website. Such as in the case of a WordPress hobby blog wanting to deliver videos to its paid membership as a premium user perk.

Imagine a blog where someone paints Warhammer 40K miniatures, and writes about their painting techniques, choice of paints, tools, and general work-flow. It’s all images and text. In addition to this they have a 3 hour long video of painting the miniature in real time, for premium members who wish to see the methods implemented in this manner. WordPress cannot natively host this video, however you could embed the video into the article, and have a banner over it asking the user to log in to access it. (Please verify this claim.)

Now, this type of thing was more prominent before YouTube started hosting members-only videos itself. Likely as a response to this exact phenomenon. Since it used to cost them money hosting and delivering the media in this manner, albeit with no reciprocal benefit. I don’t even think YT runs adverts on unlisted videos by default. “Think” being the operative word here. I just don’t see many people actually seeing the unlisted video in its default state to enable an ad to be ran on it. In addition many unlisted videos would be delivered in a particular way where a pre-roll ad would not be viable. For example if the unlisted video was an advert itself (look below).

2026-05-18_ChatGPT_chatlog:_info_on_YouTube_premium’s_video_download_function
2026-05-18_chatGPT_chatlog_image_960x1892

So why are we discussing unlisted videos? Unlisted videos are specified here because all of the videos (that I have encountered) being actively used for advertisement purposes are unlisted in status. Only existing on YouTube’s servers for the purpose of being served to an audience under select conditions. Such as a 15 second video configured for an un-skippable pre-roll ad spot, or a 3 minute skippable video designated for a mid-roll ad spot. And since these are the exact videos that we are trying to acquire, we must acquaint ourselves with the circumstances and characteristics that they are presented in, and with respectively.

Tools used

  • Desktop computer (laptop) running a Linux Mint OS
  • Mozilla Firefox (web browser)
  • (optional) OS built-in screenshot software
  • Xed (text editor program)
  • 3rd party video downloading programs/services
  • “Easy Youtube Video Downloader Express” (Firefox add-on program)
  • “youtube-dl” (Linux terminal program)
  • “turboscribe.ai/downloader/youtube/video” (website service)

Method: Step-by-step

1) Quickly pause the advertisement video before it ends.

2) Right-click on the video and choose the “Stats for nerds” option.

This will give you a pop-up containing detailed information regarding the currently displayed video. Note that, at the time of writing, YouTube’s right-click menu for advert videos has significantly less menu items than their regular videos. Including the menu item “Copy video URL”. Which is basically what we are trying to do here.

3) Look at data labelled “Video ID”.

It’s an alphanumeric code that should look something like this: “MEOZkf4imaM”.

4) Copy that code.

Either highlight it with the mouse, right-click and select “copy” from the drop-down menu. Or if that ability is disabled for whatever reason, then use the keyboard shortcuts CTRL-C CTRL-V to copy and paste the URL. You could even manually type the code into a text editor. Be mindful however: it is case-sensitive. Additionally, I would recommend taking a quick screenshot at this point for future reference. Just in case it all disappears whilst you’re faffing about with this.

[2026-05-14] EDITOR’S NOTE: YT no longer allows this text to be highlighted. Let alone copied to clipboard. It now needs to be manually transcribed by eye into a text document. This is an example of an underlying or invisible functionality that was changed in the interim of time. The loss of being able to highlight this text has made the process notably more laborious.

5) Use the basic YouTube video URL address below as a template, and swap out the alphanumeric video code within it for your one.

Example: “https://www.youtube.com/watch?v=dQw4w9WgXcQ

6) Input this modified URL into the browser address bar, and press enter.

Done. That should bring you to the actual webpage containing the unlisted YouTube video for the advert.

7) (optional) download the video using additional tools.

At this point you may decide to use third-party tools to download the video file itself. Tools such as the Firefox addon “Easy Youtube Video Downloader Express”. Alternatively, the Linux console program “youtube-dl”: could be used to download the video by inputting the URL alone into it. Another option is to use an online website that downloads YT videos like “turboscribe.ai” – just to name a random one that worked at the time of publication. Not necessarily recommending it here.

Note: please keep in mind that YouTube itself does not want third-party services like the ones mentioned downloading its videos. As this competes directly with a paid service they provide. Namely YouTube Premium, which offers a local video download functionality amongst other services. However a YTP downloaded video is inferior to a third party downloaded video.

This is because the YTP video has a whole host of limitations imposed upon it. Such as only being viewable via the YouTube app. As well as copy-protection, and timed deletions. Basically the app functions as DRM software for the video files stored locally on your device. Curbing users’ ability to manipulate the files as they wish.

This is simply a no-go for me because the main reason I download files is to archive them. The second reason is to play the videos on random ancient devices that serve specific purposes. Such as my tinkering workbench’s android tablet which is solely used to host device manuals/documents and relevant YouTube tutorial videos. This use-case demands files not have any copy protection, nor have any app dependencies, or internet linked features such as timed deletion.

Because of third parties providing a superior service to YouTube itself in this regard; one that affects it’s bottom line. There has been a long going game of cat-and-mouse in regards to YouTube changing the technical format of how it hosts and serves its videos. This is in order to curb the utility and usability of third party tools of all stripes. In a similar vein as to how it handles/fights Ad-blockers. So try out lots of different tools and use whichever works at the time. Also don’t be surprised when the tool that you have become comfortable using for a while, suddenly ceases to work. As that is simply the way of things here. Adapt, adjust, and move on.

Example use-case: blog article

Say I want to write an article about YouTube allowing actual – I mean alleged (no sue plz) scammers to advertise on their platform. I could use the above method to acquire evidence (a copy of the video ad) that I can then store locally without limitations. This is so that it can’t just randomly disappear at a moment’s notice. Case in point – the videos are still up at the time of publication. (Probably because it costs them nothing to leave them up on YT.) However the website that the videos link to is gone-ski. AND their domain is currently (2026-05) available to purchase on the market! Double-dong done-ski!

https://self-sufficiency-network.com/energy/create-unlimited-free-electricity

Just in case they come back from the dead: I’ll say that in all seriousness – obviously these guys are NOT scammers. They just have a method of “harnessing an endless supply of free electricity in the ground” that can be used to power your house. For free. For ever. Which for some reason they can not articulate the basic principles of without invoking fanciful conspiracies of “big energy companies” hiding a “simple device” for a “100 years”. These types always tell a story, spin a narrative in this manner. Then push their audience to click the link in their bio and probably send them money at the least.

The video even ends with a odometer-style counter quickly ratcheting up numbers so you know they are serious. Evoking a sense of urgency as you sympathetically visualise your energy bill rise. With these NOT scams – they either use something like this, or a countdown timer – to evoke a similar sense of urgency. Time is running out! Limited time offer! Hurry before they are all gone! Simple FOMO. (Almost sounds like Latin, eh? Pricks.)

The whole video presentation is obviously targeting non-technical laymen people. The fear angle working especially well on the vulnerable, as it dangles hope in front of them. Hope for a better tomorrow, that could easily be attained with little effort on their behalf. A simple and accessible solution for their life problems. I hate this kind of stuff. Everything from the clueless desperation of the herd, leading themselves to slaughter; to the merciless predation of the scavengers, targeting the weak and the sick. It is a part of our humanity that I do not like dwelling on.

On a more personal note. (Feel free to skip.) Honestly I cannot relate to these types of people in the slightest. I don’t even want to put my face on the consequence-less crap that I write here. Mostly because I want it to stand on its own merits in the void. But also for privacy reasons. As I like having a small online footprint – since it allows me to be nimble in social situations and very often it gives me the opportunity to curate a first impression with a new party. Something that you cannot do when your personal life (or face) is online.

Look at these people: their faces are forever linked to this (alleged) scam for anyone willing to look them up. It is a forever black mark against them. One that could potentially undermine all future prospects. Business, employment, romance, anything – and at any time. You could be halfway through a deal, when the other party are sent this vid of you (allegedly) scamming online a decade ago. And they would be in their right to sever the relationship on the grounds that you may not be an ethical actor. At the very lest it would erode trust/credibility, making future deals less likely. It could genuinely be a reason as why a current employer may sack you, if your work requires elevated trust. Such as working with money or vulnerable people.

The internet is forever… and unforgiving. Don’t forget that. Learn from the mistakes of others. Think of it this way, imagine if any of these men walked into your shop/life. Knowing that they participated in organised (alleged) scams in the past. Would you do business with these tools, even if it happened a while ago? I personally wouldn’t – let someone else take the risk on ’em.

Video Examples

Please note: the featured videos below are used here under fair-use for the purpose of criticism.

American English version

https://www.youtube.com/watch?v=6kz3mkD6LCo

British English version

https://www.youtube.com/watch?v=VvDsH8Fkxd

Acronyms used

DRM – Digital Rights Management
FOMO – Fear Of Missing Out
OS – Operating System
PC – Personal Computer
URL – Uniform Resource Locator
YT – YouTube
YTP – YouTube Premium

Closing thoughts

Firstly, did you enjoy the mini-article within this article. It got preachy quick didn’t it?

Back on task. I like simplicity in most things as a rule. This method is not an exception. Here, I tried to use as few external tools as possible. Using only my default desktop web-browser (any will do) and YouTube’s native functionality in order to access “unlisted” videos. Couple with with common/default OS tools like a text editor, and screenshot program.

As a side and final note: I always find the comments to be interesting under unlisted videos (if they are present that is), because they tend to be made by a select type of individual. The generally inaccessible nature of the video’s homepage acts as a filter for normal people. They tend to say things that are screen-grab worthy. If they haven’t already been deleted that is. Enjoy it when you come across it. Honestly it makes me feel like a net diver. Seeing things that are a little bit off the beaten path like this. It’s cool.

Anyway. Thank you for reading.

ss_yt_eg_unlisted_comments_960x955

Links, references, and further reading

https://www.reddit.com/r/youtube/comments/jiignt/do_your_downloaded_videos_get_deleted_after_you/
https://www.yourvideofile.org/
https://github.com/yt-dlp/yt-dlp
https://turboscribe.ai/downloader/youtube/video
https://logos-world.net/wp-content/uploads/2020/04/YouTube-Logo.png
https://www.linuxmint.com/

2026-05-18_chatGPT_chatlog_image_960x1892
2026-05-18_ChatGPT_chatlog:_info_on_YouTube_premium’s_video_download_function

#0016: Software recommendation: Firefox Monitor and haveibeenpwned?

Otto

#0016: Software recommendation: Firefox Monitor and haveibeenpwned?

https://monitor.firefox.com/

https://haveibeenpwned.com/

Preamble

In a bid to make more immediately useful content, I’d like to start recommending some of the various tools that I use. In this case it is an online service. Namely Mozilla’s Firefox Monitor; or more to the point, it is actually the website: haveibeenpwned.com (HIBP), which Firefox Monitor uses to enable it’s service.

What do they do?

In essence Firefox Monitor and HIBP are used to check whether or not an email address is associated with a recorded data-breach. Keyword: “recorded”. It does this by using a database of known breaches provided by haveibeenpwned.com.

The purpose of this service is to allow people to ascertain whether or not, an online account (and the user information there in) associated with the email address: has been compromised in a known data breach; and thus in need of immediate remedy. Things like: changing passwords, recovery phrases, and generally being aware that any potentially sensitive information associated with that account, such as: full name, mother’s maiden name, GPS location, education, birth date, telephone, city, school, or business information has now circulated within the hacker community.

Additionally, it helps to know which company is to blame for the spike in volume of spam and phishing emails, that will most certainly accompany said breach. I don’t know about yourself, but that’s something I’d certainly like to know.

Why is this service important?

It is my belief that every solution begins with awareness, the awareness of the problem. Only then can we move to better the situation. This tool gives you exactly that.

In my opinion, the main reason why I think this tool is important is because the companies involved in the data breaches themselves are loath to make their customers aware of them. Even though it is in their user’s best interests; it is not in the businesses best interests to advertise any breaches beyond the legally mandated/enforced minimum. Furthermore, who knows what that actually even is when dealing with global or multinational companies that operate over many legal jurisdictions. This is especially true when dealing with larger companies with entire legal teams at their disposal.

This service is important because (still just my opinion): companies in general tend to quietly patch any security vulnerabilities as they find them, and move on hoping no-one has noticed. This is especially true when there is no internally confirmed security breach.

Whenever a confirmed breach does happen, the first thing that the company responsible does is downplay the scope and severity of it. This may (and probably does) include: not even publicly reporting the breach until it is already made public elsewhere, often at a much later time. In many cases there is even resistance to acknowledge fault after the breach is made public. This is most likely a bid to exonerate themselves of any potential legal liabilities involved.

At the very least acknowledgement of fault could be seen as weakness. Weakness that will shake public confidence in the company and/or service. Therefore it is in their best interest to maintain the general illusion of control and/or competence. It’s corporate PR 101. It’s just a shame that the company and it’s users’ interests don’t align within this circumstance.

Why should people use these tools?

Both Mozilla Firefox Monitor and HIBP are free to use publicly available tools. Both tools come from reasonably trusted sources. Firefox Monitor is the product of an open-source community driven effort, giving it a certain level of transparency. And HIBP was developed by Troy Hunt, an authority on the topic of digital security. Even if you don’t know who Mr Hunt is (and I didn’t prior to this post), the fact that the Mozilla team decided to use his HIBP database for Firefox Monitor means that they are vouching for it.

More importantly, the tools themselves can assist an individual with regards to protecting their personal information online. They do this by allowing the individual that exact thing that I mentioned earlier: awareness. Awareness of whether or not that person’s email associated account information has been circulated, and which company is at fault for it.

For example: if you used the tool and because of it now know that, an account associated with your email with company X has been breached; and along with that breach your “security questions” were revealed. Then now you know to both remove, and not to use those particular security questions, with any future account … ever. As they are basically permanently compromised. Forewarned is forearmed.

taken from https://github.com/mozilla/blurts-server

Difference between Firefox Monitor and haveibeenpwned?

Firefox monitor is a very slimlined version of the HIBP tool that gives the lay user just what they need, without overwhelming or putting off said lay user. It is rather idiot proof; merely requiring user’s to input their emails and press enter. That’s it. Firefox monitor also has been bundled in with a few basic articles on good security protocol, that may be helpful to the average user. Common sense stuff a lot of it, but you know what they say about common sense.

Although Firefox is the simpler tool to use, it must be said that HIBP is a far more robust tool. And the one that I recommend. This is because in addition to searching email addresses, it allows searching via: passwords, and domain names. The website also allows users to browse a catalogue of breached websites without running a search. Extracts below.

Ever wondered how many accounts have been breached because they used the password “love”? Wonder no more. According to HIBP, its 356006 times.

I have also perused a nice little selection of companies from HIBP’s catalogue of known breaches that you may find interesting.

Personal experience with a data breach.

Just an aside if anyone is interested. From reading the above “Why is this service important?” section, you might have gotten the idea that I may be ever so slightly cynical about the companies involved in security breaches like these.

Frankly speaking, whenever data breaches do happen, I do not consider the corporations involved to be “victims” of cybercrime, as many others seem to do. It is a nauseating sentiment. One that condones bad behaviour. This is because it is my personal belief that the vase majority of the cases are due to one core thing: a dereliction of duty. Them failing in their duty to protect the data that they collected. Little more.

In addition to consuming the various news articles about data breaches over the years. Ones that had the general themes of corporate incompetence. Like for example: employees carrying around sensitive data on unencrypted thumb-drives, only to lose them on the train. I also have a few examples of companies that leaked my very own personal information. All of this has coloured my opinions thus.

The most memorable is the online virtual tabletop gaming website roll20.net. The thing that rubbed me the wrong way about them is that at no point during the process did they ever take any accountability for allowing it to happen. They did eventually outline what information was taken, but they never offered an apology for their lax in security. Instead they covered it up with boiler plate (legal friendly) corporate speak.

Example: “The investigation identified several possible vectors of attack that have since been remedied. Best practices at Roll20 for communications and credential cycling have been updated, with several code library updates completed and more in development.” Assuming that is indeed true, the same could literally be said by any company involved in a similar data breach – just change the names.

Although from what I understand by reading the article that they linked in their post, technically (purely technically) this appears as though it’s not their fault. But rather it was due to the underlying technology that they used. At least that is the implication presented. I’d argue that they still made the decision to use said tech, and thus vouched for it by doing so. Making them responsible, at least tangentially. At least enough for a simple sorry. The closest their customers got to an apology was a “Frankly, this sucks.” Writing it in an official company blog post that they passed for a conclusive public report; authored by Jeffrey Lamb, the Data Protection Officer.

I remember thinking at the time that whoever was writing this was good at the bland formalities of corporate speak, but otherwise is (and excuse my French): a fucking dickhead. You have to keep in mind reader, that they only knew of their own data breach because of a third party report. One that was published months after the fact. The report was published in February of 2019, and the breach happened (according to Mr Lamb) sometime late 2018. No apology warranted, not even for missing the hack, until a third party told you about it months after the fact. They then go on write their conclusive report in august of 2019. So nearly a year, between data breach and the final public debrief, where they outline exactly what data was exposed. I call that incompetence. “Data Protection Officer” more like resident salary sucker.

The ultimate lack of accountability is what really rubbed me up the wrong way here. And why would they be accountable, there is little in the way of consequence it seems for these messes. There are even examples of customers defending roll20 in the comments, referring to them as “victims” of cybercrime. They aren’t the victims here idiot, you are! I’ll include some choice examples of this for your entertainment. Its customers like that, that make businesses feels like they don’t have to be accountable either for their actions, or in this case general inaction with regards to proactively protecting customer data. Please read through the example comment thread.

You really can’t reason with people like that. They have too much emotional stock in a corporation to admit to themselves that they got screwed by it. There were even people actually praising roll20 for it’s meagre efforts. A sum total of 2 blog posts, some notice tweets/emails, and for patching a hole in their own boat. Thanks roll20, stellar job. Shame about all my cargo sinking to the seafloor for the bottom feeders to enjoy. I mean you only lost my full name, my IP address (so my physical location), my password, oh and some of my credit card data. Don’t worry about that roll20 (not like you would), that’s my problem. Fuck those types of customers. Wankers.

Moving on. Another example of a gormless entity losing my data is ffshrine.org. A final fantasy fan site that I registered with in 2010 I believe; and haven’t used that account since 2010. Ideally, they would have flagged the account as non-active and deleted it after a couple of years. But alas, instead they just kept whatever details I gave them for the five years until their 2015 data breach. Where they lost subscriber passwords and email addresses. No warning email post event, nothing. Radio silent. I had a similar experience with tumblr back in the day. Radio silent. No accountability. Are you sensing a theme here, dear reader?

Closing thoughts.

I have written far more here then I initially wanted to, so I will keep this summary short. Tools like haveibeenpwned and Firefox Monitor are things that you as an individual can use to help protect yourself in cyberspace. They can help you take proactive measures to safeguard your own data. They can also show you evidence that the large corporations really aren’t as professional or as infallible as they like to appear.

And that when, they make mistakes; mistakes such as losing your data. It is often you that has to bare the brunt of the repercussions, with little if any repercussions to them. Maybe they incur a temporary stock dip. But the fact of the matter is, they’ll recover from it. However whatever data you provided them for safe keeping, well that’s now permanently out there. Enjoy.

For example. To this day I still get phishing emails that say something like: “hey MY_FULL_NAME, YOUR_BANK has detected multiple login attempts using PASSWORD_FROM_FFSHRINE.ORG to login. We have frozen your account because we suspect fraudulent activity. Follow the obviously dodgy link provided and give us your security questions to fix this.” Although I can recognise a phishing scam when I see one, many technology illiterate users can not.

And make no mistake, the companies that were lax in their security. The one’s that have the attitude that breaches happen; are the exact ones to blame for the perpetuation of the black market information economy. An economy that preys on people; the real victims. The people who trusted these corporations with their data, thinking it in safe hands. Not the corporations themselves whose lack of diligence and general incompetence allowed for the data that they were trusted with to be exposed.

Jeez… that got a bit preachy towards the end. Didn’t it? Sorry about that. It’s just seeing companies fobbing off their responsibilities, and then seeing customers with Stockholm syndrome defending these same companies against criticism – really ruffles my feathers.

Anyway, thanks for reading.

References, links, further reading.

https://github.com/mozilla/blurts-server

https://monitor.firefox.com/

https://monitor.firefox.com/breaches

https://monitor.firefox.com/security-tips

https://haveibeenpwned.com/

https://haveibeenpwned.com/About

https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches

https://blog.roll20.net/post/182811484420/roll20-security-breach

https://blog.roll20.net/post/186963124325/conclusion-of-2018-data-breach-investigation

Hacker who stole 620 million records strikes again, stealing 127 million more