Every time you paste a URL into a video downloader, something happens on the server side. A request goes out to the platform, metadata comes back, the file gets fetched. The question is what happens to your URL - and your IP address, and your browser fingerprint - in between.
Most people don't think about this. They're focused on getting the video. But the URL you paste can carry more information than you'd expect, and what a site does with it matters.
What that URL actually reveals
A TikTok URL is just a video ID - pretty opaque. But a Facebook video URL sometimes contains your account ID if you copied it while logged in. An Instagram link might carry session parameters. A YouTube link can include timestamps, referrer info, and playlist context.
Beyond the URL itself, the server sees your IP address, your browser's User-Agent string, the referring page if you came from somewhere. All standard HTTP stuff - every website you visit gets this. But a downloader that logs and stores it is building a picture of what content you consume, when, and where you are when you do it. That's a different thing from just helping you download a video.
The ad-supported downloader problem
Lots of free video downloader sites run on advertising. That's a fine model in principle - same as any news site. The problem is that many of them use ad networks that also track user behaviour, drop third-party cookies, and pass data to analytics companies you've never heard of.
You've probably seen this play out. You paste a URL to grab a TikTok clip, and three days later you're seeing targeted ads for TikTok-adjacent products on completely unrelated sites. That didn't happen by accident. Some network got your browsing behaviour and sold it.
The better downloaders don't use third-party ad networks at all. The ones that do should at minimum be upfront about it in their privacy policy. Many aren't.
What MyVideoCity collects
Since you're reading this here, let's be specific. When you paste a URL and request a download, the server receives your IP address, your URL, and standard browser headers. The URL is used to fetch the video and is not stored beyond your session. No account means no browsing history to attach to.
The full details are in the Privacy Policy. Reading it takes three minutes. Any site that makes their privacy policy a 20-page legal document full of exceptions is telling you something with that choice.
Incognito mode doesn't do what most people think
Private browsing stops your browser from saving local history. That's it. It doesn't hide your IP from the server. It doesn't block the server from logging your request. It doesn't stop fingerprinting based on your browser's configuration.
Incognito is useful for keeping downloads off your local history. It's not a privacy layer between you and the site you're visiting. Those are very different things.
If you're genuinely concerned about IP-level privacy - and for most video downloads there's no real reason to be - a VPN routes your traffic through a different IP. But the VPN provider then becomes the entity that knows your actual IP. You're shifting trust, not eliminating it.
Red flags on sketchy download sites
A few things worth pausing at before pasting a URL into a random downloader you found via search:
Pop-ups asking you to install a browser extension. No legitimate video downloader needs an extension to work. Extensions have broad permissions - they can read every page you visit and every URL you type. Some malicious ones do exactly that.
Fake download buttons that look real but serve ads or redirect through installer pages. A legitimate download button is usually one, clearly labeled, and doesn't route you through three redirects. If you're clicking and nothing's happening but ads keep appearing, leave.
Sites that require an account to download. A downloader that doesn't need to store your history has no legitimate reason to ask for your email. If they want it, they want to market to you or sell your data. Probably both.
Vague or missing privacy policies. If a site processes thousands of requests a day and can't explain what it does with your data in plain language, that silence is the answer.
Browser fingerprinting
This one is less obvious. Even without cookies, tracking companies can identify your browser by combining data points that seem harmless individually: screen resolution, installed fonts, time zone, WebGL renderer, browser plugins. Together, they're often unique enough to track you across sites with no stored identifier at all.
This affects regular websites too, not just downloaders. But clearing cookies doesn't touch it. The only reliable countermeasures are browsers designed to reduce fingerprint uniqueness - Brave and Firefox with privacy settings enabled do this reasonably well - or running in a VM where the fingerprint is generic by design.
The actual risk for most people
Honestly? For occasional video downloads - saving something offline, archiving content before it disappears - the exposure is minimal. The content is already public. The URL isn't a secret.
The risk grows if you're downloading regularly at scale, in a jurisdiction where the content is sensitive, or if the site you're using is clearly built to monetise your data rather than help you.
Check whether the site loads third-party tracking scripts - your browser's developer tools show all network requests, and it takes 30 seconds to look. The sites that are genuinely private make this easy to verify. The ones that aren't hope you never check.