Why you should always use YouTube's Privacy-Enhanced Mode
YouTube launched a new feature on the site recently that it called Privacy-Enhanced Mode. You find the option when you open the embed options on the site to embed video code on third-party websites.
YouTube videos can be embedded on third-party sites like mine directly so that visitors to my site can play the videos without having to click through to YouTube first.
Privacy-Enhanced Mode is a new option that YouTube added to the embed preferences that improves privacy when embedding videos on third-party sites.
When enabled, YouTube won't store information about visitors to pages on your site that have YouTube videos embedded on them unless visitors interact with those videos. Think of it as click-to-play; unless you click, YouTube promises that it won't store information about you.
The mode was added in the wake of the European Union's launch of GDPR, the General Data Protection Regulation, on May 25, 2018.
Default YouTube video embeds set cookies on user systems as soon as they open web pages with embedded YouTube videos. Google may use the cookie to deliver targeted advertisement, add information to the user's profile, or track the user.
YouTube Privacy-Enhanced Mode
Privacy-Enhanced Mode is disabled by default when you open the embed options and needs to be enabled manually.
Here is what happens when you check the box:
The default YouTube embed code without privacy-enhanced mode enabled looks like this:
<iframe width="560" height="315" src="https://www.youtube.com/embed/tYYYciJrfns" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
The YouTube embed code for videos with privacy-enhanced mode looks like this:
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/tYYYciJrfns" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
The core difference is that YouTube uses a new URL to deliver the video to the site. Instead of using the main domain youtube.com, it uses youtube-nocookie.com.
Whenever you see a video that uses the nocookie domain, it is set up with the privacy-enhanced mode.
Since enabling privacy-enhanced mode for a video is just a change of the URL, it is relatively easy for webmasters to replace all embedded YouTube videos on their sites with the new code as you simply need to replace https://www.youtube.com/embed/ with https://www.youtube-nocookie.com/embed/.
How that is done depends on the site and the technology that you use. If you have access to phpMyAdmin, you could run the following command on the wp_posts table if you use WordPress.
Note: Create a backup of the table before you run the command.
update wp_posts set post_content = replace(
post_content, 'https://www.youtube.com/embed',
'https://www.youtube-nocookie.com/embed');
You may also want to run the following command if you embedded videos using HTTP instead of HTTPS (usually the case if you started to embed videos many years ago.
update wp_posts set post_content = replace(
post_content, 'http://www.youtube.com/embed',
'https://www.youtube-nocookie.com/embed');
The embedded video still works afterward and users benefit from this as it blocks YouTube from collecting data unless they interact with the video on the page.
I have replaced the URL of all YouTube videos embedded with the privacy version on Ghacks.
Thanks for the great information!
As of September 1st 2020, invidio.us has closed down.
To see this content, please select another instance,
or visit directly on YouTube.
There are many sane choices like the invidio.us project (and the many instances) out there.
Why would you use youtube.com when sane choices like the invidio.us project (and the many instances) exist?
https://invidio.us/
https://addons.mozilla.org/en-US/firefox/addon/privacy-redirect/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search
https://addons.mozilla.org/en-US/firefox/addon/invidition/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search
THANK YOU!!!
youtube-nocookie is not GDPR compliant. Indeed it does not generate “classic†cookies but does set local and session storage cookies one of which fingerprints the device.
Any idea if this changes load times at all?
Any idea if this changes load times at all?
Beware of US, China, Russia from stealing the data.
You have a sane government who values privacy, you lucky ducky..
Here in the “greatest nation on the planet” most folks go on the motto ‘You ain’t do nothing illegal, You ain’t got got nothing hide.’ and of course “how do we turn this into a profit.”
Privacy-Enhanced Mode (youtube-nocookie.com) has been around for years….
Here’s what I do — I don’t watch YouTube videos in a browser at all. I have a tablet that is used only for streaming media, and watch YouTube videos exclusively there, using the YouTube app.
New feature? The YouTube nocookie mode has been around for almost 10 years. Maybe what’s new is the name?
Here’s an article on it from 2009: https://www.cnet.com/news/youtubes-new-nocookie-feature-continues-to-serve-cookies/
Privacy is basically going the way of the Dodo bird and I fear for it’s future.
Probably only legislation can save it but don’t hold your breath.
It is a constant fight even for tech savy people let alone the majority of people who don’t even know what third party cookies are.
Privacy should be default settings and it is time companies like Google are bought to task.
Maybe something will be done, IDK. It would be nice to have all privacy settings clearly documented instead of just a few. Meanwhile, do what you can to protect your privacy; if they can take who knows what from you, you can try and stop them. Tech companies are owed no special treatment; they’re playing big brother and distract with flowery, inane, nonsense prose that users mostly ignore because it’s so disconnected. They treat us like idiots, we can do the same!
Privacy? Block the US, UK, China, Russia, Israel, & Iran for a start. Those are the biggest spies.
Don’t forget the even bigger spies: Facebook, Google, etc.
The government. google shares data all willy nilly with with no transparency and no repercussion.
Just disable third-party cookies in your browser setting.
@jack
You’re right about 3rd-party cookies but… that only works as long as you are not saving YouTube cookies.
This is not about what the user should do, it is something that should be done by webmasters.
In some kind of utopia maybe.
If you want something done properly, do it yourself.