[sbarre]

> Requires user to visit a malicious site

YouTube embeds are such universal things on the web, I doubt anyone would even think twice about security concerns coming from seeing that on a third-party site.

Because it's Google, right? /s

[Nextgrid]

Do you actually need to see it? The exploit should work fine even if the player is not visible.

[satya71]

Strangely, I almost never allow YouTube embeds (or for that matter any embeds) using uMatrix. I click the pop out link that appears in its place.

[sthnblllII]

Nice. What amazes me is how most of big tech's efforts on web development have gone into making you 0.01% more likely to click on an ad, and almost none of has gone into cleaning up the privacy nightmare of 25 years of hacks with clean browser-based protocols.

[sbarre]

That's actually a really good idea, I should do that too.. Thanks!