I agree with Seth, this particular YouTube frontend/proxy seems to be
more focused on offering an alternative viewing experience rather than
privacy.

One interesting thing I have noted which may improve privacy (but still
does not outweigh the risk involved) is that this site provides video
playback without requiring JavaScript, so it maybe suitable for general
purpose use for users who do not wish to have JavaScript enabled.

One of the points made earlier though, is that this isn't entirely accurate.

If you're talking about security, there's still a SSL/TLS link between
invidious and Youtube over which your content must pass. The user has to
assume (and I *hope* it's true) that Invidious will properly verify the
cert that Youtube presents to ensure that there isn't a MiTM.

But, added to this, what you as the user are doing is inserting a third
party into the mix who's acting as a deliberate MiTM. Invidious could
(probably isn't, but has the ability) be injecting something nasty at any
point. That's no reflection on the intentions of the Invidious' operator,
they may simply get compromised by someone who sees them as a juicy target
- After all it seems unlikely that they've got the resources to put into
security that Google has.

So, whilst your initial connection has potentially gained some security (by
going over Tor), your security posture is weakened because you've inserted
a new potential attack vector, and just moved the point of origin for the
original one (the SSL/TLS connection) as well as also outsourcing the task
of verifying that TLS connection to a third party (who may very well be
ignoring invalid/expired certs for all you know at time of connection).

What you _have_ gained is some level of privacy. Youtube cannot see your
source IP, and neither can Invidious. But that's not the same thing as
increasing security - that's obviously ignoring any profiling that Youtube
still manage to do on you, though.

TL:DR - Security is weakened, Privacy is (potentially) strengthened