Picture in Picture on netflix

ad91arawi

Hi

it appears that pip doesn't work on Netflix is there a solution?

thanks

Hadden89

@ad91arawi Some sites prevent browsers to go PIP. You can try an extension
https://chrome.google.com/webstore/detail/picture-in-picture-pip-vi/eaeedemddlledlghhjebjgdmhjekgegd

abernh

@Hadden89 So you are a Vivaldi user, because of its security and privacy features I guess, and you recommend a random Chrome extensions and grant it full access to your browser sessions?

Why? Can you vouch for the extension in any way?

Who are the developers? Is the extensions source open source?

I am currently a little frustrated because I found not a single extension that was in any way confirmed secure and/or privacy friendly - I'd be glad if you have more information on the topic.

Hadden89

@abernh I only provided a workaround. Of course, you can report this as a bug to see if v devs can implement for not supported sites or using a js bookmarklet code (some user had posted before)

luetage

@abernh @Hadden89 didn’t recommend a random Chrome extension, but a specific one which might or might not help. There’s a difference there. And if you’re concerned about its security, maybe you should check out the extension yourself. I mean, how could you possibly know whether you can trust anyone? I doubt @Hadden89 is open source. You can audit extensions without installing them by using CRX Viewer ☛ https://chrome.google.com/webstore/detail/chrome-extension-source-v/jifpbeccnghkjeaalbbjmodiffmgedin Good luck.

abernh

@Hadden89 yes, this is a workaround - but making such a suggestion without also stating the not-that-obvious-security-risk-one-takes-when-installing-extensions seems to me short sighted.
Because I am concerned and I saw that you are a highly valued member of the Vivaldi community, I wanted to know more about your process and why you recommended this specific extension.

@luetage well, about the "random" or not they wrote in Picture in Picture on netflix:

You can try an extension

with the emphasis on "an" - which makes it in my opinion a random choice otherwise they would have written "this". But that's the problem with text -- it allows for way too much "hair splitting" and therefore I felt the urge to my (maybe way to harsh) inquiry about the selection process and any background knowledge to said extension.

To make my point clear:
one can not simply suggest "an" extension as a quickfix if you can't also vouch for said extension -- because you give them ALL ACCESS to ALL browser sessions ALL the time where they operate on your sessions authentication level.
Some extensions simply start "liking" and "viewing" random videos in the background on Youtube and drive their own agenda while you think it is only-a-PiP-extension.
Others simply gut you for everything they see as valuable (key logging for passwords, access to any account you ever open in your browser).
So If you suggest an extension you automatically imply that you see no possible harm coming to the user you offer this as a solution to their problem - otherwise you would also state your concerns that one has to take into consideration.

You can audit extensions without installing them by using CRX Viewer ☛ https://chrome.google.com/webstore/detail/chrome-extension-source-v/jifpbeccnghkjeaalbbjmodiffmgedin

This is awesome - thank you very much for that tip. I'll have a look into it.

abernh

@Hadden89 I reviewed the extension (using CRX Viewer recommended by @luetage ) and it is indeed a good one.

• no external scripts are included
• no external URLs are called
• all data is handled within the extension
• (and the code is not obfuscated but very well structured and written)

I'll recommend using it as a possible replacement for the existing broken Vivaldi PiP extension.

abernh

@luetage said in Picture in Picture on netflix:

I mean, how could you possibly know whether you can trust anyone?

That's true. The general rule of thumb is still:

• if somebody is putting their reputation on the line then you have a good chance that you might be able to trust them

In this case we have several authorities that might be checked

1. the person who is suggesting the extension (Vivaldi community veteran)
2. the person who wrote the extension (https://github.com/lunu-bounir)
3. the entity that hosts / advocates for the extension (add0n.com)

Let's take your suggested CRX Viewer as example

• I didn't check your background (1)
• but the extension directly links to the developers Github repo with 1k stars (2)

The 1k stars repo was enough for me to install the extension and have it disabled by default until I want to check an extension, minimizing the possible "harm done" while making a conscious decision to trust this source.
After installing it I saw it already limits itself to the Chrome extensions store urls, yet another green flag.

Going for the actual source (2+3) seemed not possible for me on the suggested PiP extension (before using the CRX Viewer) as the developer does not share its source code in a public repo.
Therefore I asked the person making the suggestion if they can backup on their claim that this is indeed a trust worthy fix for the No-Pip-Problem.
Especially because I'll have to have this extension active on all pages by default.