Discussion:
logging in to YouTube (Google)
(too old to reply)
J. P. Gilliver (John)
2018-06-30 11:50:22 UTC
Permalink
Raw Message
In message <18bl8ymgoepkw$***@v.nguard.lh>, VanguardLH <***@nguard.LH>
writes:
[]
hosts intranet (local) IP address but Google Voice still works. I have
WebRTC disabled in both web browsers which means I can use Google Voice
in Chrome but not in Firefox.
Google has its advantages, though, over Firefox and why I continue to
use it. For example, Google came out with the Spectre mitigating
[]
I can log in to YouTube (now Google generally, but I had a YouTube login
before the takeover, if that's relevant) with my old Firefox 27, but not
my up-to-date Chrome. (This is on a Windows-7/32-with-Classic-Shell
machine, if that's relevant.)

When I click SIGN IN from a YouTube page, I get:

Sign in
Continue to YouTube
___Email or phone___
Forgot email?
Not your computer? Use Guest mode to sign in privately.
Create account NEXT

, where "Email or phone" is a line I can type on, Forgot and Create are
links, and NEXT is a button. If I type my email into the relevant line
and either press enter or click NEXT, nothing happens. (Well, the NEXT
button darkens briefly, so the click is registered.) If I click Forgot
or Create, again they darken briefly which shows the click has been
registered, but nothing else happens.

I _don't_ get any error message of _any_ sort - not even "you are
already logged in"; I've even tried logging out via Firefox in case that
_was_ the problem, and it didn't make any difference.

I wondered if it was due to some entry in my hosts file that is causing
the problem, but surely that would prevent me from being able to log
back in via Firefox 27, which I _can_ do. FWIW, the sign-in page in
Firefox 27 looks different:

Sign in to continue to YouTube
[picture of me]
[my email]
Password box
Sign in button

It's obviously using cookies or something as it knows it's me and
displays my picture and email. But, if I type my password and press
enter, it logs me in. (The email I'm trying, in Chrome, is the same one
as is pre-filled for me in Forefox 27.)

Obviously, my concern is that eventually, they'll break their system so
that I can't log in at all with Firefox 27 - plus, various aspects of
YouTube don't work properly with it anyway (but do with up-to-date
Chrome). OK, some people have strong objections to logging in to YouTube
(and thus Google) anyway, but that's outside the scope of this puzzle.
(I mainly use it for adding comments in YouTube.)

I have far fewer - only six! - addons to Chrome; the only one that could
conceivably have any effect is their own "Google Analytics Opt-out
Add-on (by Google)"; it would have been ironic if that was the cause,
but I've just tried unticking it, and no change. And I don't think I've
disabled scripting or whatever - I can login to and use, for example,
ebay, and many other sites.


Any suggestions? [Unhelpful ones, such as "stop logging in to YouTube",
will of course be ignored (-:!]
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Reality television. It's eroding the ability of good scripted television to
survive. - Patrick Duffy in Radio Times 2-8 February 2013
Mayayana
2018-06-30 13:09:37 UTC
Permalink
Raw Message
"J. P. Gilliver (John)" <G6JPG-***@255soft.uk> wrote

| Any suggestions? [Unhelpful ones, such as "stop logging in to YouTube",
| will of course be ignored (-:!]

You can lead a horse to water..... :)

I wonder if it could be two different server functions.
You mention a password for FF but email/phone for
Chrome. My guess would be that the page FF goes to
is sending the password to one server/script while the
Chrome page sends email/phone to a different server/
script -- and that your account is not updated for the
new system.

But then you mention the Chrome page not working
at all. In that case I'd look for 3rd-party script being
blocked. Do you have NoScript? That can easily tell
you what external script/cookies links are being used,
which you could compare to your HOSTS file. I think
uMatrix can also tell you that.

Since the two pages you get perform different tasks,
it can't be assumed they're the same. They're either
different URLs or Youtube is checking the userAgent on
load and customizing the page.
J. P. Gilliver (John)
2018-06-30 14:05:06 UTC
Permalink
Raw Message
Post by Mayayana
| Any suggestions? [Unhelpful ones, such as "stop logging in to YouTube",
| will of course be ignored (-:!]
You can lead a horse to water..... :)
I wonder if it could be two different server functions.
You mention a password for FF but email/phone for
Chrome. My guess would be that the page FF goes to
FF used email as well, but had pre-filled it in for me. I've just
"opened a private window" in FF, and gone to YouTube - the Sign in
button has appeared, so it's not reading cookies or whatever (doesn't
know I'm already logged in). I click it - it goes to
https://accounts.google.com/ServiceLogin?uilel=3&continue=https%3A%2F%2Fw
ww.youtube.com%2Fsignin%3Fhl%3Den-GB%26app%3Ddesktop%26next%3D%252Fsuppor
ted_browsers%253Fnext_url%253D%25252F%26action_handle_signin%3Dtrue%26fea
ture%3Dsign_in_button&service=youtube&passive=true&hl=en-GB#identifier,
which now shows an "Email or phone" box and a Next button. Entering my
email, so going to the subsequent page that has a password box, results
in a successful login. (Despite lots of warnings that the browser is no
longer supported!)
Post by Mayayana
is sending the password to one server/script while the
Chrome page sends email/phone to a different server/
script -- and that your account is not updated for the
new system.
When I click SIGN IN in Chrome from a YouTube page, it goes to
https://accounts.google.com/signin/v2/identifier?passive=true&hl=en-GB&ui
lel=3&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fnext%3D%252F%26ac
tion_handle_signin%3Dtrue%26hl%3Den-GB%26app%3Ddesktop&service=youtube&fl
owName=GlifWebSignIn&flowEntry=ServiceLogin, which has the page I
described before - an "Email or phone" box and a NEXT button, along with
a few other things.
Post by Mayayana
But then you mention the Chrome page not working
at all. In that case I'd look for 3rd-party script being
When I say it doesn't work at all, I mean nothing happens, apart from a
brief flash of different colour of the button or link when I activate
them. It isn't replaced by another page, what's in the address bar
doesn't change - nothing moves.
Post by Mayayana
blocked. Do you have NoScript? That can easily tell
you what external script/cookies links are being used,
which you could compare to your HOSTS file. I think
uMatrix can also tell you that.
The only extras I have in Chrome are:
Blank New Tab Page
Easy! Show Title Plus
EditThisCookie
Google Analytics Opt-out Add-on (by Google)
Show Title Tag
Video DownloadHelper [not enabled]

(Chrome is not my _default_ browser). I can't see _any_ of those
blocking scripts (apart from the Analytics Opt-out, but I tried
disabling that and it made no difference).
Post by Mayayana
Since the two pages you get perform different tasks,
it can't be assumed they're the same. They're either
different URLs or Youtube is checking the userAgent on
load and customizing the page.
I assume the latter. They certainly _look_ (now that I've invoked the
Private Browsing function in Firefox 27) as if they perform the _same_
function, i. e. logging me in by prompting for email.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Radio 4 is one of the reasons being British is good. It's not a subset of
Britain - it's almost as if Britain is a subset of Radio 4. - Stephen Fry, in
Radio Times, 7-13 June, 2003.
Mayayana
2018-06-30 15:18:35 UTC
Permalink
Raw Message
Post by J. P. Gilliver (John)
FF used email as well, but had pre-filled it in for me.
That's probably FF remembering form fields, rather
than a cookie.

I don't know what to make of all that, but it does
seem like you're getting different scripts. The two
URLs are different. They then each load the same
URL, but with different parameters. The basic
differences are like so:

next=/supported_browsers
next_url=/
feature=sign_in_button
passive=true

next=/
flowName=GlifWebSignIn
flowEntry=ServiceLogin

There's no explanation for that based on simply
using different browsers. But Google webpages
are extremely complex, with a lot of script. It's
hard to know what they might be doing. It could
also be a bug on their end.

I wonder what would happen if you enter the
FF URL into Chrome.
J. P. Gilliver (John)
2018-07-01 06:31:33 UTC
Permalink
Raw Message
Post by Mayayana
Post by J. P. Gilliver (John)
FF used email as well, but had pre-filled it in for me.
That's probably FF remembering form fields, rather
than a cookie.
Well, the page (in Normal Firefox) also shows my Google picture, which I
wouldn't have thought would be remembered in anything. (Neither the
email nor the picture appears in a Firefox "Private Browsing" window.)
Post by Mayayana
I don't know what to make of all that, but it does
seem like you're getting different scripts. The two
Seems likely - the two pages look different, and behave differently
(well, the Chrome one doesn't do anything).
[]
Post by Mayayana
There's no explanation for that based on simply
using different browsers. But Google webpages
are extremely complex, with a lot of script. It's
Obviously too much so for their own good in this case!
Post by Mayayana
hard to know what they might be doing. It could
also be a bug on their end.
I wonder what would happen if you enter the
FF URL into Chrome.
Here's what I've just done:
Opened a new Private Browsing window in Firefox 27.
Gone to youtube.com.
Clicked SIGN IN.
Copied the URL to Chrome. It was
https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fwww.youtu
be.com%2Fsignin%3Faction_handle_signin%3Dtrue%26next%3D%252Fsupported_bro
wsers%253Fnext_url%253D%25252F%26feature%3Dsign_in_button%26app%3Ddesktop
%26hl%3Den-GB&passive=true&uilel=3&service=youtube&hl=en-GB#identifier

I get what looks like the same page as I've had before in Chrome.

Here's what I get: Loading Image...
Shows the two windows side by side (I've narrowed the Firefox-private
one so you can see all the Chrome one). Below is what's in the Chrome
URL bar now - I don't know why it's different from the above, as it was
cut and pasted _from_ the above; either it immediately redirected, or
has changed as a result of my trying to enter an address and press enter
or click NEXT. However, _whatever_ I do on the Chrome window (enter any
address, including the fake one shown, and press enter or click NEXT;
or, click on the Forgot ... or Create ... links), Nothing Happens - it
just sits there.

https://accounts.google.com/signin/v2/identifier?continue=https%3A%2F%2Fw
ww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26next%3D%252Fsuppo
rted_browsers%253Fnext_url%253D%25252F%26feature%3Dsign_in_button%26app%3
Ddesktop%26hl%3Den-GB&passive=true&uilel=3&service=youtube&hl=en-GB&flowN
ame=GlifWebSignIn&flowEntry=ServiceLogin#identifier

I've just fired up IE11 (I had to look to see what it was - I never use
it), entered youtube.com, and clicked Sign In. It takes me to

https://accounts.google.com/signin/v2/identifier?continue=https%3A%2F%2Fw
ww.youtube.com%2Fsignin%3Fnext%3D%252F%26hl%3Den-GB%26feature%3Dsign_in_b
utton%26app%3Ddesktop%26action_handle_signin%3Dtrue&hl=en-GB&passive=true
&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin

, which looks identical to the Chrome window, with the _exception_ that
it has "Google" in coloured letters (image rather than text) above "Sign
in". But if I type in an email and press enter or click NEXT, it behaves
as the Chrome one does - i. e. nothing happens.

I'd be interested to hear what _you_ see with any of the above URLs in
any of your browsers - and, if you get something that looks like what I
see in Chrome or IE, whether _anything_ happens if you enter an email (a
fake one will do) and press enter or click NEXT.

Incidentally: YouTube's normal functions - the playing of video clips,
searching for same, chaining to other video clips - works fine for me in
Chrome, if I use their services _without_ signing in; I just can't (for
example) leave comments, vote a video up or down, or similar. Just like
anyone else using YouTube "anonymously". (Which I've put in quotes as
I'm sure they do know enough about me from tracking etcetera.) Works
better than in Firefox 27, in fact; some of those normal functions don't
work in that old browser (videos usually play sound-only, for example).
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

If liberty means anything at all, it means the right to tell people what they
don't want to hear. - Preface to "Animal Farm"
J. P. Gilliver (John)
2018-07-01 07:23:51 UTC
Permalink
Raw Message
STOP PRESS:

I just tried:

o blanking my hosts file (taking a copy of course!)
o reload on YouTube login page on Chrome

and this time, it actually let me log in.

So YouTube's login, when accessed using up-to-date Chrome, obviously
loads something from a different site (or set of sites) than their login
when accessed with Firefox 27.

Poor script/webpage design, though, to have designed a page that appears
to do nothing, rather than generate an error message.

I've restored my hosts file, and was still able to vote for a video, and
add a comment to one. Let's hope it remembers enough cookies etc.! But
at least I know how to get round it again if I have to.

(No, I'm not going to work through all of my hosts file to see which was
the line it needed!)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Some people don't seem to be happy without a reason to be unhappy -
Roderick Stewart <***@escapetime.myzen.co.uk>, in uk.tech.broadcast 2017-8-10
Mayayana
2018-07-01 12:57:13 UTC
Permalink
Raw Message
"J. P. Gilliver (John)" <G6JPG-***@255soft.uk> wrote


| (No, I'm not going to work through all of my hosts file to see which was
| the line it needed!)

Here's what I find it that page:
(I keep a handy VBScript on my desktop to extract
URLs from a downloaded webpage, for use with HOSTS.)

accounts.google.com
fonts.gstatic.com
ssl.gstatic.com
www.youtube.com
www.gstatic.com
support.google.com
www.google.com
accounts.youtube.com
lh3.googleusercontent.com

Though some of those, like the gstatic URLs,
will allow Google to follow you around online if you
enable them. You apparently don't mind, but anyone
who doesn't like Google's spying should be aware
that many commercial sites now load fonts from
Google. Generally for no good reason. I suspect it
might be part of Google analytics package. And a lot
of commercial sites want to use Google analytics. By
allowing Google to spy on their customers they get
to share in the data. Even a lot of smaller sites use
GA because they don't know how to read their own
server logs, or because their websites are not
directly hosted on a real server that has logs. (For
instance, I doubt people who put their site on
Wordpress or Wix get server logs. It's sort of like
setting up a site on one's own ISP -- a limited
functionality for people who want to build a website
using drag-drop techniques. If they can figure out
how to add Google analytics code then Google will
give them access to a visitor report.)

The URLs above are only the ones that are not
obfuscated. There could be others. Google's
webpages are incredibly messy; obfuscation on top of
obfuscation. And almost pure script. It's not a webpage
at all. It's a very large piece of secretive software.

It's become fashionable to "minify" and obfuscate such
code. So even if you try to read it, it's very difficult to
figure out what it's doing. In some cases the code itself
is encoded in Base64 or some other encoding. Then when
that's decoded you just get something like:

a=function(b,c,d,e,f)

The first landing page even uses deliberately nonsensical
CSS code to make it unreadable:

<div class="kRoyt MbhUzd" jsname="ksKsZd">

I don't know what "jsname" is. It's not a valid HTML
attribute. So it may be a custom thing that Google's
using.

Also worth noting is that Google is using code to
block bots. But I don't know the details of that.

|
| Poor script/webpage design, though, to have designed a page that appears
| to do nothing, rather than generate an error message.
|

Yes. That's surprisingly common. But I wouldn't
rule out the possibility that they're trying to break
other browsers. I'd consider it more likely than not.
Google have become very pushy about their walled
spyware garden.

A few years ago Microsoft had a site. I don't
remember exactly what it was now, but I think it
was something like a survey for Windows developers,
about what they wanted to see in products. At
any rate, it was along those lines. Not meant for
the general public.
I went to the site and found it broken. A big
discussion ensued in one of the programming groups.
It turned out that MS had craftily broken the site
for anything but IE. No messages or warnings. It
was just broken. Interestingly, a number of party
line programmers thought I was being anti-Microsoft
to even suggest that. I had to prove it with code
samples. :)
J. P. Gilliver (John)
2018-07-01 19:37:45 UTC
Permalink
Raw Message
Post by Mayayana
| (No, I'm not going to work through all of my hosts file to see which was
| the line it needed!)
(I keep a handy VBScript on my desktop to extract
URLs from a downloaded webpage, for use with HOSTS.)
accounts.google.com
fonts.gstatic.com
ssl.gstatic.com
www.youtube.com
www.gstatic.com
support.google.com
www.google.com
accounts.youtube.com
lh3.googleusercontent.com
Of those, the only ones in my hosts file were ssl.gstatic and
www.youtube, and www.youtube was actually commented out. So ssl.gstatic
could be the one - or, as you say, another one that's obfuscated beyond
the capabilities of your VBscript.
[]
Post by Mayayana
The URLs above are only the ones that are not
obfuscated. There could be others. Google's
webpages are incredibly messy; obfuscation on top of
obfuscation. And almost pure script. It's not a webpage
at all. It's a very large piece of secretive software.
Along with many webpages these days )-:.
[]
Post by Mayayana
Yes. That's surprisingly common. But I wouldn't
rule out the possibility that they're trying to break
other browsers. I'd consider it more likely than not.
Google have become very pushy about their walled
spyware garden.
But in this case, pleasingly, it's their own Chrome in which it didn't
work for me!
[]
I was going to add at least a comment to that line in the hosts file,
but something's preventing me saving the modified hosts file. I had this
a few months ago, and I can't remember what it was, other than that it
was something highly unexpected. It's obviously happened in the last day
or two, as I was able to save a completely blank one when I discovered
that that's what was stopping the login page working.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Where [other presenters] tackle the world with a box of watercolours, he
takes a spanner. - David Butcher (on Guy Martin), RT 2015/1/31-2/6
Mayayana
2018-07-02 21:01:59 UTC
Permalink
Raw Message
"J. P. Gilliver (John)" <G6JPG-***@255soft.uk> wrote

| I was going to add at least a comment to that line in the hosts file,
| but something's preventing me saving the modified hosts file. I had this
| a few months ago, and I can't remember what it was, other than that it
| was something highly unexpected.

Blocking HOSTS edits has become common
because malware sometimes tries to edit it.
So AV and firewalls may interfere, along with
Windows file restrictions.
J. P. Gilliver (John)
2018-07-02 21:11:07 UTC
Permalink
Raw Message
Post by Mayayana
| I was going to add at least a comment to that line in the hosts file,
| but something's preventing me saving the modified hosts file. I had this
| a few months ago, and I can't remember what it was, other than that it
| was something highly unexpected.
Blocking HOSTS edits has become common
because malware sometimes tries to edit it.
So AV and firewalls may interfere, along with
Windows file restrictions.
I didn't remember what the offender had been the last time. I managed to
save the change this time by
o saving from NotePad+ as hosts.txt
o deleting hosts
o renaming hosts.txt to hosts (IIRR accepting a warning window on the
way)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Capital flows toward lower costs like a river to lowest ground.
"MJ", 2015-12-05
VanguardLH
2018-06-30 16:48:02 UTC
Permalink
Raw Message
J. P. Gilliver (John) wrote:

<snipped the quoting of my prior reply - doesn't seem relevant>
<this should have been a new thread instead of hijacking another>
Post by J. P. Gilliver (John)
I can log in to YouTube (now Google generally, but I had a YouTube login
before the takeover, if that's relevant) with my old Firefox 27, but not
my up-to-date Chrome. (This is on a Windows-7/32-with-Classic-Shell
machine, if that's relevant.)
Sign in
Continue to YouTube
___Email or phone___
Forgot email?
Not your computer? Use Guest mode to sign in privately.
Create account NEXT
, where "Email or phone" is a line I can type on, Forgot and Create are
links, and NEXT is a button. If I type my email into the relevant line
and either press enter or click NEXT, nothing happens. (Well, the NEXT
button darkens briefly, so the click is registered.) If I click Forgot
or Create, again they darken briefly which shows the click has been
registered, but nothing else happens.
I _don't_ get any error message of _any_ sort - not even "you are
already logged in"; I've even tried logging out via Firefox in case that
_was_ the problem, and it didn't make any difference.
I wondered if it was due to some entry in my hosts file that is causing
the problem, but surely that would prevent me from being able to log
back in via Firefox 27, which I _can_ do. FWIW, the sign-in page in
Sign in to continue to YouTube
[picture of me]
[my email]
Password box
Sign in button
It's obviously using cookies or something as it knows it's me and
displays my picture and email. But, if I type my password and press
enter, it logs me in. (The email I'm trying, in Chrome, is the same one
as is pre-filled for me in Forefox 27.)
Obviously, my concern is that eventually, they'll break their system so
that I can't log in at all with Firefox 27 - plus, various aspects of
YouTube don't work properly with it anyway (but do with up-to-date
Chrome). OK, some people have strong objections to logging in to YouTube
(and thus Google) anyway, but that's outside the scope of this puzzle.
(I mainly use it for adding comments in YouTube.)
I have far fewer - only six! - addons to Chrome; the only one that could
conceivably have any effect is their own "Google Analytics Opt-out
Add-on (by Google)"; it would have been ironic if that was the cause,
but I've just tried unticking it, and no change. And I don't think I've
disabled scripting or whatever - I can login to and use, for example,
ebay, and many other sites.
Have you tried the following?

- Try incognito mode. From a current instance of Chrome, use incognito
mode which opens a new window, or use the --incognito command-line
switch.

- Exit the web browser and use Task Manager to ensure there are no
remnant instances of the web browser process(es). Then load Chrome in
with any extensions (use the --disable-extensions command-line switch)
and retest.

- Disable all security software (anti-virus/malware, 3rd party firewall,
URL filtering, privacy software, etc), exit Chrome, load it again, and
retest.

- Boot into Windows' safe mode with networking to ensure no startup
programs are interfering with Chrome, and retest.

- Check that Chrome is NOT using a proxy (that you told it to use, a VPN
changed, or malware altered): Settings -> Advanced -> System -> Open
proxy settings). Looks like Chrome uses the proxy settings in the OS,
so I would think Firefox would also be affected; however, Firefox
presents its own proxy settings dialog instead of opening the one from
the OS. I don't know if Firefox is merely presenting its own dialog
that duplicates the OS dialog or if Firefox uses its own independent
proxy settings. Firefox tends to use internal functionality rather
than rely on platform-dependent functionality; e.g., Firefox has its
on internal certificate manager instead of using the OS' cert manager
(certmgr.msc), so a web browser using the global cert store from the
OS might work but not Firefox which is missing a cert.

- Firefox lets you do a reset. That creates a new profile. Chrome lets
you do the same using chrome://settings/resetProfileSettings (or go to
Settings -> Advanced -> Reset and cleanup -> Restore settings to
their original defaults -> Reset settings).

- A reset in Firefox creates a new profile, or you can do it manually
through Firefox's Profile Manager. Chrome has profiles, too. Go to
Settings -> People -> Manage other people. You can add and remove
users, so create a new user and test using that profile. See:

https://www.howtogeek.com/255653/how-to-find-your-chrome-profile-folder-on-windows-mac-and-linux/

- Under settings -> Advanced -> System, try disabling hardware
acceleration. Doesn't seem Youtube should use it just to deliver
streaming video but then maybe they do. GPU acceleration relies on
support from the video driver but too often the interface between the
web browser and driver doesn't work correctly.
Loading...