YouTube is currently experimenting with server-side ad injection. This means that the ad is being added directly into the video stream.
This breaks sponsorblock since now all timestamps are offset by the ad times.
For now, I set up the server to detect when someone is submitting from a browser with this happening and rejecting the submission to prevent the database from getting filled with incorrect submissions.
Has any federated service ever been in trouble for GDPR?
I think for that to happen, it would have to be on a server hosted in the EU, owned by a corporation, with a user that just happened to report them for violations.