
YouTube's ban on “hacking techniques” threatens to shut down infosec YouTube - KirinDave
https://boingboing.net/2019/07/03/nobus-r-us.html
======
Fudgel
Other discussion:
[https://news.ycombinator.com/item?id=20346865](https://news.ycombinator.com/item?id=20346865)

------
peter_d_sherman
The problem here is that "hacking techniques" to a black hat are also, equal-
and-oppositely, _legitimate security research and prevention_ \-- to a white
hat / security researcher / ethical hacker...

In other words, they're aspects of the same thing...

The idea that you're going to ban something because one aspect of it has a
negative social purpose is philosophically unsound... We don't ban videos on
electricity or electrical engineering because people can be electrocuted... We
don't ban videos on chainsaws because they could be used to cut a person in
half... We don't ban videos on cars because they could be used to run people
over... Everything in the universe can be used for a positive or negative
purpose, when you start banning things because some people use these things
for negative purposes, you misunderstand that those effects are caused by the
actor, _not the information and /or the tool that's being used_...

~~~
paulcole
> The idea that you're going to ban something because one aspect of it has a
> negative social purpose is philosophically unsound

Uh, guns?

~~~
scrollaway
We're not banning knives though, are we? Guns are different, and they're
banned for the same reasons that, say, carrying around a bioweapon is banned.

\- Their primary purpose is to inflict harm.

\- The harm caused is potentially / easily lethal.

\- Their existence escalates nearly all situations.

\- They're dangerous items that can very easily cause accidental harm.

~~~
gambiting
"we"? In the UK you are not allowed to carry a knife with you, unless you just
bought one and are bringing to home or are a certified chief who needs one for
work, or are going camping.

~~~
ololobus
Hmm, how is it actually regulated? So, e.g. if I am going to my friends and
carrying a bottle of wine altogether with pocket knife bundled with a
corkscrew to be sure I will be able to open it, then I am in a grey zone or
even illegal?

~~~
Veedrac
As long as it's a small, non-locking pocket knife, you're fine. If it's
larger, you're fine as long as you have a good reason (eg. needed for work).

~~~
MertsA
That's dangerous advice in many areas of the United States. In NYC if a police
officer finds any kind of folding knife, regardless of how harmless, if he
wants to arrest you he probably can under NYPD's absurd perversion of the law
by considering it possession of a drop knife. If the officer can open the
knife by holding it and flicking it open via inertia then he can arrest the
victim for possession of a drop knife. They usually don't hold the handle to
try and flick it open either, they'll hold it from the tip of the blade as
that makes it very easy to just arrest anyone with a pocket knife.

[https://news.ycombinator.com/item?id=15372404](https://news.ycombinator.com/item?id=15372404)

The first man mentioned in that article was convicted and sentenced to 6 years
in prison on the sole charge of possession of this knife.

[https://www.amazon.com/Sheffield-12113-One-Hand-Opening-
Lock...](https://www.amazon.com/Sheffield-12113-One-Hand-Opening-Lock-
Back/dp/B0001WBSK8)

~~~
namibj
Try with a slightly-stuck Opinell. You're more likely to throw the knive or
cut/puncture your finger than you are to flick it open. You can push it open
with the thumb while retaining the handle with the ring? finger, but that's
not flicking.

------
ChrisAntaki
> Yesterday, Youtube froze Kody Kinzie's longrunning Cyber Weapons Lab channel

Did his channel get unbanned? Kody's website links to this active channel with
its first video uploaded in Oct 2017:
[https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g](https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g)

edit: Yep looks like the ban was a mistake ️

> In a subsequent comment, a YouTube spokesperson confirmed to The Verge that
> Cyber Weapons Lab’s channel was flagged by mistake and the videos have since
> been reinstated. “With the massive volume of videos on our site, sometimes
> we make the wrong call,” the spokesperson said. “We have an appeals process
> in place for users, and when it’s brought to our attention that a video has
> been removed mistakenly, we act quickly to reinstate it.”

[https://www.theverge.com/2019/7/3/20681586/youtube-ban-
instr...](https://www.theverge.com/2019/7/3/20681586/youtube-ban-
instructional-hacking-phishing-videos-cyber-weapons-lab-strike)

~~~
piokoch
It is always same story. If a problem concerns someone "well known" who is
able to attract attention, than Google, Facebook, etc. are stepping back.

If it were some random "amateurish" hacker channel, it would be banned and
nobody would give a crap. The problem is that many valuable things started as
some "amateurish" stuff put together by some clever guys in a garage.

~~~
kdbg
I'll actually be a counter example to that, I recently started a security
podcast with a couple friends, talking about the latest in exploit development
and mitigations, and whatever news we find interesting.

Shortly after we uploaded our 4th episode we were banned on Youtube. We
appealed the ban and were allowed back on pretty quickly (hours) and we are by
no means a large channel even now (~50 subs).

~~~
sinjid
What's the name of your channel? :)

~~~
kdbg
Day[0] -
[https://www.youtube.com/channel/UCXFC76FDHZRVes6_lZqwLBA](https://www.youtube.com/channel/UCXFC76FDHZRVes6_lZqwLBA)

We are not putting out any new episodes right now though, I'm currently off on
a long-distance hike.

~~~
kylebarron
What trail? I'm reading this from northern California on the Pacific Crest
Trail

------
torified
The internet promised so much, but is being ruined by corporations and
governments.

I can't help but feel the ruining is accelerating.

I hope the infosec community can come up with some kind of decentralized way
to actually share free speech. If anyone is capable, they are.

The discovery problem is an illusion. If you build it, they will come.

~~~
yusi-san
>I hope the infosec community can come up with some kind of decentralized way
to actually share free speech. If anyone is capable, they are.

There are decentralized/open/ethic friendly services alternative to big
corporations services. In the case of Youtube there's PeerTube[1] for exemple
(even if in that case there's a IP leak due to the p2p protocol if I remember
correctly).

The sad thing here is that people decide to stay on the "big" services due to
the network effect, and few people decide to boycott them just to follow
principles.

[1][https://joinpeertube.org/](https://joinpeertube.org/)

~~~
pbhjpbhj
In some video sectors people issue "preview" videos on YouTube (for discovery,
network effect) and have a full video elsewhere that doesn't have to comply
with YouTube's terms.

That would probably work here until YouTube move on to "can't signpost content
that's not allowed here".

~~~
krilly
This approach implies that YouTube actually pays attention to the details of
their terms, rather than just using wide sweeping keyword filters.

~~~
pbhjpbhj
It seems to work in the sector I was thinking of (lewd ASMR).

I guess if YouTube blocks content by keywords we'll need to get creative with
the thesaurus or ROT13.

------
bouncycastle
It's like banning Karate & Judo because it teaches violence. (When it actually
improves personal security/safety)

~~~
keyle
YouTube is less and less about You.

~~~
narrator
It's like they've got too much content anyway, so why not just start banning
stuff?

~~~
DarkWiiPlayer
Ironically, they remove the videos that people watch, not the thousands of
terabytes of videos with 3 clicks in the last 6 years.

~~~
mikro2nd
It would be sad if they removed the videos with 3 click in the last 6 years,
because those are the ones of your granddaughter, living thousands of km away,
taking her first steps, or reading her first reading primer by herself. These
are the things that help families stay in touch. Just because they don't
attract mass clicks (and aren't _intended_ to) does not detract from the value
they have for the small number of viewers to whom they matter.

~~~
CraneWorm
WTH, don't keep that stuff on YT.

~~~
mikro2nd
Well,... for some people that seems to be the easiest way to distribute it to
the whole (widely dispersed, extended) family.

What would you suggest as an alternative?

~~~
CraneWorm
I'd recommend Firefox Send
([https://send.firefox.com/](https://send.firefox.com/)) or maybe Dropbox.

~~~
hdfbdtbcdg
Or whatsapp or signal... Or google drive. Just not YouTube.

------
userbinator
What's next, cracking and reverse-engineering? Debugging? (Anti-authoritarian)
_programming_?

As usual, Stallman tends to be quite prescient:
[https://www.gnu.org/philosophy/right-to-
read.en.html](https://www.gnu.org/philosophy/right-to-read.en.html) (perhaps
more like "right to watch" in this context.)

~~~
jammygit
I always think he’s mostly right, but a little too uncompromising, but then
everything he says comes true. I don’t know how he predicted so far ahead at
the time, it’s humbling.

As a software author working at startups, am I part of the problem? I don’t
understand how to make a good living without locking down the code to some
extent, with few exceptions (it’s hard to found red hat)

~~~
userbinator
I think he was a bit off with regards to source code/open source, because
while having source code helps in understanding and modification, it's not
essential; you could similarly imagine a world in which open-source wasn't a
huge movement but instead the right to reverse-engineer (or basically,
_understand_ ) software was guaranteed, and it would have as great an effect
on freedom; perhaps even more so, because now it'd be the norm for people to
disassemble/decompile anything they wanted, and the lack of any "chilling
effects" would greatly increase advances in program analysis in general. It
could even be argued that the rise of open-source lead to a decrease in
interest and skills of RE.

In fact, PC magazines of the 80s and early 90s used to contain articles
specifically about patching software to do interesting things, complete with
instructions of the form "change byte at X to Y"; AFAIK they didn't violate
any copyrights because they didn't distribute copyrighted material. Then
there's the whole series of "undocumented DOS/Windows" books written by people
like Matt Pietrek, Andrew Schulman, and Mark Russinovich; all of which
required substantial amounts of reverse-engineering and analysis, but instead
of them being persecuted, two of them now work at Microsoft.

"If you outlaw freedom, only outlaws will have freedom."

~~~
ohazi
Sometimes I wish people had developed an expectation that commercial software
should come with the source code, rather than as (only) a binary blob.
Licensing terms could be the same, but people would look at you funny and feel
cheated if you tried to sell them a binary blob.

~~~
cyphar
This was a shift in viewpoint -- earlier in the life of computers, the
hardware was seen as the really valuable part of a computer. So companies
would provide the source code because that was simpler (the software was "just
a toy"). But then software became the valuable component, and so businesses
(as is a recurring theme in capitalism) didn't want to give away something
that might be potentially profitable. And so we now have proprietary software.
This shift in viewpoint by users was an intentional move, pushed by soon-to-be
proprietary software businesses.

~~~
ohazi
I think you may have missed my point. I _want_ businesses to profit off of
their software... I just _also_ want them to provide customers with the
sources used to produce the software they just paid for.

Copyright law can still apply. Just because I have your sources doesn't mean I
can go and use them in my own software, or re-implement your patented
algorithm.

"But how can I be sure that my customer isn't stealing my work?"

Well, ask someone to look at the source code they provide to _their_
customers. Remember, we're in an imaginary world where source-included is the
_normal_ way to sell software, and anyone peddling binary blobs is seen as
shady.

~~~
teddyh
You having the sources does not change the incentive of the software’s
creator. The unwanted functionality (which the software creator is pressured
to include) will instead be put in:

1\. Obfuscated code. This is a classic, employed back in the day when raw
machine code wasn’t quite as much of a barrier like it is nowadays. Less
common now since its importance has lessened, but still ever-present, and
could be re-employed instantly.

2\. The very design of the software. For instance, the software might require
a phone number for every user, and this is baked in at the very fundamental
design level, making it impractical to change. Other design choices might
encourage you to share your contact lists, for say, backups, and your data is
now leaked.

3\. The software is merely a collection stubs calling a cloud service. Very
common now with so-called "apps" for phones. This design has come to its
pinnacle with “web page apps”, where only the front-facing UI portion sits on
the user‘s control, and the rest runs remotely.

This is why “shared source” and the like _is not enough_. The end user must
have the practical ability to, _reasonably easily_ change the software, either
by themselves or by hiring anyone they like and/or trust to do it for them.

------
fimdomeio
The thing that bores me the most is that the sentence not event makes sense.
"Showing users how to bypass secure computer systems". If you can bypass a
computer system, in which way can it be considered secure?

~~~
drukenemo
Because every security system is potentially flawed, contain bugs and
therefore is vulnerable to hacking.

~~~
ajsnigrutin
But knowing the flaw makes it insecure.

~~~
monocasa
It was insecure whether you knew it or not.

~~~
madmulita
So, it's not protected by YT's definition.

~~~
monocasa
Yeah, YouTube's definition is self serving, and breaks apart for many
important use cases. Their real definition is "we allow/block whatever makes
us look good in the court of public opinion", and to think they have any real
definition beyond that is a fallacy.

~~~
pbhjpbhj
I expect it's a slight more meta metric, I doubt they care about the court of
public opinion beyond its relevance to company profit.

~~~
monocasa
Sure, but the medium term relevance to company profit isn't a metric you
meaningfully have until it's too late to do anything about. You can actually
react to the court of public opinion, and reacting to that will pretty much
give you a level of CYA as a decision maker, so there's not really a down side
on that end.

------
aiscapehumanity
Overbearing youtube, 10 years from now if it's still a medium it may be a far-
cry from an expressive and genuine platform (Even worse-so than it is now).
How long until biohacking, and other things are blocked based on the same
sensitivity triggers for the topic?

~~~
stcredzero
_Overbearing youtube, 10 years from now if it 's still a medium it may be a
far-cry from an expressive and genuine platform_

Yahoo's not the place it was in its heyday. Facebook's not the place it was in
its heyday. Even Google's not the place it was 10 years ago. I don't think
anyone is immune. The best you can do it to make sure the trajectory is
positive. Netflix isn't the place it used to be. I think that's positive,
though.

 _How long until biohacking, and other things are blocked based on the same
sensitivity triggers for the topic?_

All the really cool stuff _should_ disappear from YouTube. That's just the
natural order of things. They no longer want to be edgy. They want to be fat
and happy off those big establishment corporate dollars. They've positioned
themselves to be the next cable. That just means they want to be the current
"vast wasteland."

[https://en.wikipedia.org/wiki/Television_and_the_Public_Inte...](https://en.wikipedia.org/wiki/Television_and_the_Public_Interest)

The faster YouTube becomes the next cable, the better. The less time the
public discourse spends squished under the pressing thumb of the corporate
oligarchs, the better.

~~~
pizzazzaro
Short of moving hacking tutorials to pornhub, is there anywhere out there more
interested in serving our fringe cases?

~~~
mr__y
I'm not sure if using hidden services is considered a viable solution here on
HN, but it seems to to me to be the solution. Don't know any video streaming
services but I assume that such sites already exist. The main selling point
would be relative difficulty to take down a specific video through a legal
action. I assume that youtube takedowns are either results of complaints/legal
threats that they have received or a preemptive action to avoid such legal
problems happening in future, i.e. their legal department assessed that the
risk of such motions in future to be likely. On the other hand, considering
bandwidth requirements for video streaming deanonymization of such service
appears to be relatively easy, hence possibly some service centered around
ipfs would be viable.

------
2Ccltvcm
YouTube needs to accelerate their banning process so they can become solely
focused on mainstream psychological brainwashing clickbait. This way my
favorite creators can actually move to other freer platforms and get paid
without fascist payment processors and trying to abide by YouTube's insane
terms and conditions. YouTube is going the way of cable TV channels dedicated
to infomercials. The interesting stuff will be purged soon. The writing is on
the wall. Backup and escape while you can. It will not get better.

~~~
xfitm3
I donated to youtube-dl and started archiving my favorite channels.

------
bayareanative
Corporate, ad-supported platforms are inherently prone to arbitrary
censorship... they always have been and always will be. If you want freedom,
viewer/donation-supported distribution not tied to corporate interests is the
only way to go. But, you have to get someone to pay or it all comes crashing
down.

------
tjpnz
Now might be a good opportunity for Pornhub to offer a reskinned version of
their site. They already have the infrastructure and people do host non-porn
related content there.

~~~
sterlind
Fantastic idea, and honestly Pornhub's values are a good match. They're used
to hosting explicit, controversial content, resisting even copyright takedowns
(unfortunately), yet they do a good job of keeping outright atrocities off the
platform (e.g. snuff films, child porn etc.)

But how would they make money off it? Infosec expats from YouTube are probably
the most likely population to use ad-block of anyone!

~~~
tdxcbkifxx
Political extremists

Potentially dangerous science experiments

------
beecat
Solution: Publish your infosec tutorials as fetish videos on pornhub.

I bet they have a better monetization model for creators anyways.

------
kgwxd
I've noticed quite a few free software enthusiast posting their content to
LBRY[1]. Doesn't seem like a perfect solution for every type of video getting
messed up by YouTube lately, but I think infosec could find a good home there.

[1] [https://lbry.com/what](https://lbry.com/what)

~~~
crankylinuxuser
Absolutely not.

Its more "decentralized crypto blockchain" nonsense. Nope, nope, and just
nope.

~~~
jeanlucas
LBRY would be perfect without blockchain. As someone that talks about
blockchain since 2016, I see no reason why they need a slow database

~~~
jiggytom
Care to explain how to make a censorship resistant system without a
blockchain? It's one of the best use cases for it, and everything LBRY
promises would not be possible without it.

[https://spee.ch/a/doyouneedablockchain](https://spee.ch/a/doyouneedablockchain)

------
rehasu
Well, well, well.

Does a high tech community need Youtube as a video platform though?

The famous German hacker community "chaos computer club" simply uses their own
platform to begin with: [https://media.ccc.de/](https://media.ccc.de/)

~~~
pluma
The benefit of YouTube isn't primarily video hosting. The benefit is
discoverability and (to a certain extent) community.

~~~
cuillevel3
It's the same with Github, sure you can host on your own domain, but "search
for voctoweb on Github" is so much easier than "oh just go to my homepage at
sdkljfsdl.sdf".

~~~
rehasu
If you use google instead of github search you can find it even if it's on a
self-hosted gitlab, though. And since both use git as API nobody is stopped
from forking from gitlab to github either.

~~~
pluma
Yeah good luck searching for something unfortunately named that doesn't
already happen to be super popular, though.

------
zouhair
This is what happens when you have no real public space on the Internet.
Corporations will hide under the guise of private property.

We really need to redefine the public space on the Internet.

~~~
dgzl
What do you suggest?

If you intend on redefining it in a way that takes away property rights, then
I won't support it and neither should you.

~~~
Dayshine
How about a trade-off, something like:

In order to receive "Safe harbour" copyright immunity for uploaded user
content, you have to have fairly lax rules on content (e.g. only blocking
actual criminal content, which is all youtube have done before this, right?).

If you want to significantly curate your content, you can't hide behind the
legal protection of "uncurated user content".

~~~
dgzl
> If you want to significantly curate your content, you can't hide behind the
> legal protection of "uncurated user content".

Is YouTube gaining some benefit from pretending to be an open platform? I'm
not sure what you're saying here.

Likewise, isn't copyright infringement is a criminal offense?

~~~
Dayshine
No, I'm suggesting changing laws.

Youtube currently benefits massively from
[https://en.wikipedia.org/wiki/Online_Copyright_Infringement_...](https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act)
as they are not directly liable for people uploading content they don't own.

I'm suggesting that we only let people have that immunity if they aren't
significantly curating their content.

If they significantly curate their content, they should be able to curate
copyright too.

~~~
root_axis
YouTube very aggressively curates copyrighted content. This idea seems like
the ideal way to stifle any competition to YouTube because the little guys
cannot afford to implement a sophisticated machine learning copyright dragnet.

------
StillBored
The "instruction hacking.." bit at the end seems a bit out of place given the
rest of the page. What it feels like is that its a poorly written attempt to
ban software cracking and the computerized version of the previous
"Instructional theft" ban without giving people the mental strings to discover
how to get free warez and bypass things like hotel keycards, free token cards
for the arcade/etc.

Frankly, I'm frequently surprised by what I stumble upon on youtube..

(better article with the TOS bits in question)
[https://www.malwaretech.com/2019/07/youtubes-new-policy-
on-h...](https://www.malwaretech.com/2019/07/youtubes-new-policy-on-hacking-
tutorial-is-a-problem.html)

~~~
bloaf
Obviously the spirit of the law is for youtube to have a way to remove "how 2
script kiddie" videos. But the letter of the law matters, and right now the
letters say they can ban just about any video discussing the details of
vulnerable systems.

~~~
StillBored
That is true, but youtube is full of things which basically violate these
principals. I will pick the second item "Extremely dangerous challenges"
because its nice and safe/generic to talk about. I think everyone understands
what they are talking about, but youtube has tons of instructional videos for
doing things which could severely maim/kill careless or poorly trained
individuals. The infamous Shanghi tower climb/etc video (83M views on just one
of the versions) is actually on the tamer side of this, likely only violating
a couple of the guidelines. Even, less scary are all the "this is how you run
a table saw" like videos.

So they have broad guidelines that don't seem to be blanket enforced.

~~~
duskwuff
> "Extremely dangerous challenges"

I think you're misinterpreting this part of the ToS. I don't think it's meant
to apply to videos of dangerous conduct in general. Instead, it's meant to
apply to videos which are explicitly presented as a "challenge" for other
users to complete -- along the lines of the ALS "Ice Bucket Challenge", but
explicitly harmful (think "Drink a Gallon of Bleach Challenge").

------
Lucadg
On the other hand everytime YT removes something interesting it makes it
easier for open alternatives to grow.

~~~
mr__y
Yes and no. While it solves users/audience problem for alternative platformm,
there is another barier of entry: bandwidth costs. I recommend anyone to do a
simple math excercise of simple multiplication: size of 20 minute 2K video *
50'000 views * price per GB of traffic on your favourite cloud/hosting
platform. To make the excercise more interesting now multiply whatever result
you got by the number of videos your platform is supposed to host. Assume this
number to grow each month. Also assume that some users will want 4K.

~~~
PavlovsCat
You can monetize from the start, and get the full cut. If the monetization
doesn't work out, you can pull the plug before the costs occur. You could
probably even code it so that you never serve more than you made in income.
You might also say you don't get to 50k views by multiplication, but by
addition. I mean, if your videos are _so_ popular that you get 50k hits in the
first minute of uploading one, your audience will between them find a way to
finance you.

> To make the excercise more interesting now multiply whatever result you got
> by the number of videos your platform is supposed to host.

Multiply income by the same amount though.

> Also assume that some users will want 4K.

I wouldn't assume that for all types of content anyway, and certainly not for
all connections. In this case, that some users don't get what they want
doesn't matter to those who don't want it. Whereas YT censoring things can
turn off even people who aren't interested in the censored content per se, on
principle, I doubt you'll find that with "not supporting 4k, because you only
got started self-hosting and making ends meet". People sometimes are
supportive of people in ways they aren't of companies.

------
captainredbeard
Next, they'll refer to these as "military grade software techniques" or
"military grade tools".

~~~
w8rbt
End to end encryption was once classified as a munition.

If the data is not end to end encrypted, then it is public.

Everyone should understand this.

~~~
captainredbeard
Encryption is still treated as munitions under ITAR.

------
mastazi
I believe this is a dupe, much wider discussion in this post:
[https://news.ycombinator.com/item?id=20346865](https://news.ycombinator.com/item?id=20346865)

------
olliej
We should just go through and report all the defcon and black hat talks, along
with most other security talks, including those by google researchers.

~~~
Rebelgecko
I reported Google's recent video about their CTF hacking competition. We won't
be safe as long as dangerous videos like that exist on Youtube.

------
markdown
The LockPickingLawyer, even with his 100M views, must be getting worried about
this.

[https://www.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ/](https://www.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ/)

~~~
bayareanative
Heck, anyone offering insider advice or education in many professions and
trades should be worried: medicine, nursing, legal, engineering, aviation,
maintenance (automotive, aviation, industrial and many more), physics and
more.

~~~
cf498
Its also nothing new, just look at the problems Cody'sLab had and has.

------
cf498
I dont think youtube can run their business without infocsec personal. But the
US community as a whole also doesnt seem to have a problem with working for
for 3 letter agencies, so its not really surprising that youtube doesnt have
to worry about their personal leaving. Please think about what kind of effect
your work has on the wider world. Some here are likely in the privileged
situation that changing the job because of your conscience is a possibility.

edit: I would add to think about the next generation of us and what example
those actions sets, but i dont think i have to. Too many people here already
grew up in an environment where taking jobs at 3 letter agencies is nothing
out of the ordinary and the head of the NSA gets to speak at DEFCON while kids
rot in jail for the same curiosity that made us who we are today.

------
jordigh
I wonder if this will give a boost to a new Peertube instance dedicated to
infosec content. Seems like this should be right up infosec's people alley.

Peertube uses web torrenting to distribute videos, so it should be possible to
host it without needing the massive delivery infrastructure of Youtube.

~~~
kstrauser
More about PeerTube:
[https://joinpeertube.org/en/](https://joinpeertube.org/en/)

I've volunteered my instance
([https://video.freeradical.zone](https://video.freeradical.zone)) to host
infosec videos, in accordance with the theme of my Mastodon instance at
[https://freeradical.zone/](https://freeradical.zone/) . This is explicitly
within my terms of service.

------
resters
This is what you’d expect a video sharing site run by a major defense
contractor to do.

------
quotemstr
This ever-increasing censorship is the inevitable result of buying into the
idea that speech can be "harmful" and that big tech companies have some kind
of "responsibility" to remove it.

~~~
mrhappyunhappy
Tell that to the surviving members of families who died at the hand of isis
who do their recruiting on Facebook of all places.

~~~
tomtompl
that's so shallow.

One could easily counter you with "tell that to the surviving members of
families who died at the hand of terrorists who walked into the europe without
a right to do so"

------
true_tuna
So like, no more defcon talks? That’d be enough to make me switch

~~~
toofy
As far as I can tell, defcon hasn’t gone anywhere and the one security
researcher who’s videos were taken down by mistake were promptly put back up
once the researcher pointed out the mistake to youtube.

------
foobar_
Banning is the new book burning.

------
zhangweifang
Maybe, PornHub will be the best website for “hacking techniques” video.

------
wybiral
I'm just going to shamelessly plug an open source Golang project I've been
developing to stream my own videos from my YouTube channel, but in a self
hosted privacy-focused way.

Builtin Tor onion service support so you don't need domains or a static IP
address, automatic RSS feeds, no database (the video data is read from MP4
metadata), and no JavaScript (the player is just HTML video).

In terms of self-hosting, obviously it's problematic if too many people access
it this way, but my experience so far is that modern video compression is
really good. I can get one of my 15 minute videos at 480p in around 50mb or
so.

That's like loading weather.com five times. And since it's streaming the
bandwidth is spread out enough to support plenty of connections (especially
with Golang's IO support).

Check it out:
[https://github.com/wybiral/tube](https://github.com/wybiral/tube)

------
toxicFork
This creates opportunities for niche driven video sites to show up, if they
have not already.

For example "YouTube for infosec".

The web is going to go more towards specialisation as the "one place for all
kinds of content of this format" model is becoming too big to handle. For
various reasons, from searching, to moderation, to curation.

~~~
eric_h
But video is the most expensive thing to transmit over the interwebs. How do
we afford it? Where do we get the interest to fund it?

------
heinrichhartman
The most upsetting thing for me is, that YT acts in both legislative and
executive functions here.

It's one thing to make a rule, to ban "hacking techniques".

But there should be an independent party who get's to decide whether a
particular video is about "hacking techniques" or not.

> Is teaching kids how to use wireshark(1) already hacking?

> How about the Chrome dev-console?

The current state of things, where:

a) a proprietary algorithm decides if a rule is violated or not and

b) you have no way to appeal decisions taken by YT,

is appalling.

Update: Well, there appears to be a YT-internal process to appeal censoring
decisions. But who knows how well that works. In the past, appealing to
copyright take-downs was practically impossible.

~~~
turok
The issue is that effective free speech is now facilitated by private entities
who are not legally beholden to it. The public forum is now privatised and
more and more monopolised.

------
anm89
I could almost see this being an attempt to try to back people off from
encouraging them to moderate. Pick something that they can make a very
plausible claim to be doing for "public safety" but that they know will cause
an uproar from respected voices in tech for being counter productive. Then
they can faux throw their hands up in the future and say, "it's in everyone's
best interest for us not to moderate".

I'm not really saying strongly this is the case, it's a bit tin foil hat, but
I wouldn't be shocked if it was true either.

------
motohagiography
This is fantastic news. The best possible way to get new platforms is to kick
technically competent hackers out of existing ones. We should encourage other
platforms to deplatform vulnerability researchers too.

------
reneberlin
[https://d.tube/](https://d.tube/)

Decentralized. Based on ipfs. Uses
[https://steemit.com/](https://steemit.com/)

Works like a charm

------
noobermin
Curious, googlers post here. Do any people who work on youtube read these?
While googlers do reply to these sorts of comment sections I've never seen one
from youtube do so.

------
eyeball
They’re killing off mousetrap Monday too.

“Cruelty to animals”

May they be infested with plague rats.

~~~
slig
And yet there are hundreds of videos of animals suffering (electrocution,
glue, etc) by non-English channels with hundreds of thousands of views and
they don't seem to care.

------
cy6erlion
Time to revive the cypherpunks! We are hackers we can crack the hell out of
these capitalists that are trying to shape reality or we can build our own
platforms, people go where the hackers go, the internet was created by hackers
lets take it back! www.gnu.org is a good place to start.

------
month13
[https://www.youtube.com/watch?v=LIdZ2oPyB1Y](https://www.youtube.com/watch?v=LIdZ2oPyB1Y)

Counterpoint; LiveOverflow (also a channel on YouTube featuring reverse-
engineering) had this to say on the manner, in very broad strokes, YouTube
monetization, and hosting, is a luxury and they as a private org can choose
what or what not to host.

------
peter_d_sherman
YouTube should just ban _EVERYTHING_ , I mean, absolutely every video --
except for highly edited, highly censored, Barney The Purple Dinosaur(tm)
children's videos, where the political party that is in power in the region of
the world where the video is shown -- gets to do ALL of the editing... <g>

------
paulcarroty
Most of people of course don't like the pressure, but it's looks too
classical: Youtube is a monopoly in video hosting. Monopolist always dictate
his own rules, so better be prepared to adventures.

My channel monetization was banned and I'm very grateful, there's a lot of
bigger things to do.

------
m0zg
They (and all other creators who produce anything that YT might at some point
deem even remotely controversial) should just move to BitChute. It kinda looks
ugly, but it basically provides the same functionality, without YTs
overbearing politics and hostility towards the 1st amendment.

------
xupybd
If there is any group capable of finding a new home and thriving it's the
infosec crowd.

This is another move from YouTube to limit their content to more advertising
friendly genres. I don't like it but it gives me hope there may be some
competitors rise up in that space.

------
unixhero
Time to start hoarding the ippsec videos, and lock picking lawyer for good
measure.

------
looterzz
Looking forward to Floatplane, youtube's terms and conditions have been awful
for years, not to mention the outright ban on anything even remotely
controversial and the automated tyranny.

------
ilaksh
I hope people will support distributed alternatives like BitChute.

~~~
kypro
BitChute is really nice. I use it quite a bit now. I've been trying out some
Reddit alternatives recently too. They all get hardly any traffic, but they've
reminded me how much I miss the "anything goes" culture the web had a decade
ago.

------
quantum_state
Is this considered to be “evil” that google said it would not do?

------
root_axis
Imagine a video site where you had to pay money to have your videos hosted. In
this scenario, the platform would be obligated to host your content as long as
it was legal.

------
macinjosh
"YouTube"? More like "OurTube". amirite?

------
gravy
Ah yes, the best way to combat "hackers" is to purge them to darker corners of
the web and remove their space to play freely and openly.

------
l33tbro
Can anyone else advise of some other infosec channels like Null Byte? I want a
chance to binge some of this stuff in case they disappear.

------
xwdv
Has everyone forgotten that you can easily just host your own website and
throw up whatever video content you want there?

I can’t imagine creating a ton of educational content and then having it all
depend on the whims of a single platform.

This is not the end of infosec or hacking videos.

~~~
hobs
Its much much much more expensive to host video content than anything else.

~~~
Nuzzerino
This time is different, because hackers are more likely to have the ability to
solve this problem (even if it weren't for the fact that YT already solved it
once more than a decade ago). YT probably made a big mistake here.

~~~
sn41
If I understand correctly, YT is able to solve it because it has huge data
centers which can cache the videos at appropriate locations all around the
world. Honest query: do you think an individual/small group can replicate
this?

Perhaps GNU can take this up as an initiative.

~~~
IceWreck
GNU doesn't have the money to pull this off

~~~
cy6erlion
What they need the most is contribution from coders

~~~
komali2
Eventually, somebody has to pay for electricity to spin the disks.

------
khnov
Every day I hate more theses big corporations that treat us like fucking
sheeps, rebellion is a duty in our time !

------
puskavi
Well, I think that almost 60% of these videos are totally useless and possibly
malicious. sucks anyways

~~~
aiisjustanif
They teach some people tools of the trade for their actual jobs.

------
chme
Lock-picking is probably next then...

------
techrich
This comes down to what advertisers want, they call the shots on the content
on youtube.

------
intopieces
Why do these things have to be on YouTube specifically? PeerTube exists.

------
scarejunba
It's inevitable. In Fahrenheit 451, books start getting banned because every
person who ever gets offended starts asking for the thing that offended them
to go away and people comply.

This is what happens to big targets. It's why it's important to preserve the
independent host.

~~~
darkpuma
That's an ironic book to reference in this context, since the book had such a
dim view towards video.

~~~
PavlovsCat
Not just video:

> > "And in her ears the little Seashells, the timble radios tamped tight, and
> an electronic ocean of sound, of music and talk and music and talk coming
> in, coming on on the shore of her unsleeping mind."

> _So, even as she rests, Mildred is surrounded by noise, by constant
> entertainment, just like she is during the day with her t.v. walls. Montag
> 's society uses these seashells for two purposes. The first is to control
> information, and hence, thought and potential rebellion. If they are the
> ones controlling what information you get, they can tell you whatever they
> want, giving only one perspective, and painting a rosy picture so that
> people are never discontented. They also use the shells to relay important
> information. For example, when Montag escapes at the end, they send a
> message through all of the seashells for everyone to look out for him, and
> to turn him in if they see him. They automatically have a huge civilian army
> at hand, through the use of the seashells. Secondly, if people are
> constantly "plugged in," they don't have any spare time for their minds to
> be on their own. If people never have silence, they never think, and so
> never have the kind of discontented thought that come from meditation._

> _Mildred stays "tuned in" so much that she really has no mind of her own. In
> this sense, she is a perfect citizen of her society. I hope that these
> thoughts helped; good luck!_

from [https://www.enotes.com/homework-help/fahrenheit-451-what-
tec...](https://www.enotes.com/homework-help/fahrenheit-451-what-technology-
mildred-use-go-99129)

------
systematical
Knowledge is power for the people. Best to keep the people powerless.

------
HocusLocus
money quote

"just ask all those American cities that are paying out to ransomware creeps
who got hold of a defect that the NSA kept secret so they could use it against
"bad guys."

------
todd8
Does this mean all those lock picking videos have to go too?

------
Wh1skey
At this point, it’s time to finally quit YT.

------
systematical
Don't be evil, unless ______.

------
malicioususer11
a black box im not allowed to look at? sounds like a fun security research
problem. :3

------
rv-de
One word: Vimeo.

~~~
patrickaljord
Vimeo recently banned Project Veritas (which is still up on youtube), Alex
Jones and plenty of other channels. Not sure it's a less censuring
alternative.

~~~
rv-de
I think every platform has the right to censor and also the duty to do so.
Like gore or cp etc. This shapes a profile for a platform. In vimeo's case
they distanced themselves from some conspiracy theory fanatics which is fine
with me. Meaning I endorse that profile as a visitor and who doesn't just
needs another platform.

And one reason why those outlets (like Alex Jones & Co.) often aren't accepted
around for long is because they attract rather garbled minds with some
tendency towards toxic social interaction.

~~~
yepguy
Do platforms have the right to collude with each other to deny service to a
particular individual? Even if you think Alex Jones is a crazy person (and he
is), you should still condemn Apple, Facebook, Spotify, and YouTube for
attempting to remove him from public discourse. If anything, it only made his
crazy conspiracy theories seem more credible.

~~~
rv-de
They have the right. I don't think censorship is a smart answer to
"alternative truths" or debatable content, though. They could just downrank
it. The solution must be free and public education enabling a majority of
society to make up their own mind in an informed and rational fashion.

------
enterx
first they came for alex jones.

------
tanilama
what do they trying to achieve?

------
vectorEQ
so use a different service?

------
Razengan
Every news about authoritarian overreach prompts some discussion about the
need for decentralization.

Yet, decentralization of services is moot if the underlying physical
connectivity layer can still be controlled/filtered from a single point. Then
there's the matter of discovering decentralized/distributed services.

We have literally _billions_ of devices capable of sending and receiving
signals, including millions of independent computing devices that are powered
24/7\. Do we really need centralized entities to keep our species connected?

~~~
atemerev
Regarding content and video distribution, we already have a working
decentralized platform: BitTorrent. We even have clients allowing searching
and previewing videos from torrents (PopcornTime and the like). The
infrastructure is already there, the only barriers are psychological at this
point.

~~~
Razengan
> _the only barriers are psychological at this point._

For me, the barriers are: eating up more than the file's size from my limited
ISP quota, and CPU and battery usage when unplugged.

The CPU and battery issues can be resolved by seeding only while
charging/idle/under a specific CPU temperature. One hemisphere could serve the
other while half the world sleeps every day/night.

As for data caps, we again see the need for decentralizing the physical
connectivity layer.

------
Uptrenda
A channel dedicated to creating point-and-click cracking tutorials for
complete [expletives] gets banned (go figure.) People cry: waahhh, free
speech, think of the [security researchers.] Sorry, but I fail to see how any
of this relates to infosec.

If it were really about security research then most of the content would be
about theoretical topics like classes of vulnerabilities, how PoCs work, how
to write basic shell code, links to assembly programming, and so on. But
instead these geniuses give us gems like: how to run [this script] to break
this [system version], a guide for tween dummies.

They distill their knowledge and weaponise it for use by anyone, and that's
not security through obscurity. That's knowingly building a loaded gun,
showing people that its cool to fire it, handing it to children, and then
saying: lol, don't use this okay, totally for research only! Yeah, sure.
Anything for dat ad revenue, right? Face it, none of the people watching these
videos are there for education.

The only people this benefits are the script kiddies. InfoSec researchers sure
as hell aren't using YouTube for their vuln disclosures and don't need to be
spoon fed cooking recipes for doing pen tests or R & D.

~~~
macspoofing
>People cry: waahhh, free speech, think of the [security researchers.]

What do you think free speech means? Speech you like?

And yes, think of not only groups you can think of like "security researches"
(sic) but all those groups you can't think of. These policies are a dragnet.
Yeah, they'll MAYBE catch some guys you think shouldn't be on there (and by
the way, I'm pretty sure YouTube was banning those guys anyway), but they'll
catch a hundreds times more. People who maybe doing peripherally related
things, like educational content, or historical content, or satirical and
comical content, or a mix of all those and infosec stuff, in all kinds of
languages, etc., etc. etc.

But you'll say "They can just appeal", and you know what, if Twitterverse
makes a stink about something, maybe it'll work, but 99% of those will never
appeal and that content will be lost. Or maybe they'll lose their appeal
because what constitutes infringement will fall on the interpretation of some
offshored minimum-wage worker (much respect to them), or capricious whims of
executives who don't want bad publicity.

>The only people this benefits are the script kiddies.

You sure about that? Really? Really really?

How about them reporters in censor-happy countries, I bet you they are script
kiddies too because they aren't programmers.

That's one example, but how about all those other groups you and I can't even
think of because we're just not that aware of all the things that happen in
the world.

And how do you think you learn about infosec? I bet a non-trivial amount of
InfoSec professionals started off as 'script kiddies'. In fact, I bet all the
good ones were 'script kiddies' (pretty sure Snowden was a script kiddie).

You know what the difference is between a vulnerability testing tool for use
in securing your network vs probing another for nefarious penetration?
Nothing.

\---

I fully get the motivation of these companies. They want safe content for
advertisers, so YouTube will never be a free speech zone.

What I don't get are cheerleaders, usually on the left now, who want these
behemoths to keep adding more and more restrictions. Who want a corporate
behemoth to act like their mommy and daddy and protected from things they are
afraid of and do the same for others too.

------
axilmar
I agree with youtube in this case.

Any video that gives an opportunity to malevolent people to do harm must be
banned from youtube.

But it must be banned from general purpose video viewing sites only, not from
the internet.

Specialized sites should be allowed to host these videos.

Altenatively, youtube must create a new category of videos that are viewable
only when the real identity of the viewer is confirmed.

~~~
lonnyk
> Any video that gives an opportunity to malevolent people to do harm must be
> banned from youtube.

What if those same videos help oppressed people do do good?

------
Nuzzerino
I'm on the fence about this.

Script kiddies have always been the proverbial joke, but if you ask me, this
category of hackers collectively is a bigger problem for the average person.
They usually can't do much damage individually, but when you have so many of
them that know how to cause even a minimal amount of mayhem and distraction
for others, that adds up as a burden to society.

I also have no respect for hackers that have no desire to put in the time and
effort toward the pursuit of becoming masters at what they do, and virtually
everyone who is watching hacking tutorials on YT is just looking for a
shortcut so they can hack a little bit on the side between League of Legends
games.

So good riddance to the videos (though not sure how much difference it will
make at this point).

However, the real issue here is that Google is applying changes to its
censorship policies at a gradual, subtler pace, rather than deciding on a
coherent principle and applying it consistently. There's too much fear that
Google will continue to tighten restrictions, and that next on the chopping
block will be either our favorite content or stuff we produce/upload
ourselves. Nobody really knows where it ends. This is something I'm definitely
_not_ okay with, and this ban is just another example of this trend.

~~~
mrhappyunhappy
Disagree. I found the channel to be useful and educational. For example, I
knew people could crack WiFi passwords but never actually understood how until
I watched null byte videos. Now I can be more vigilant about protecting my
WiFi. I really hate these generalizations about these wannabe hackers being
kids playing League. I’m 33 and I would venture a lot of people watching those
vids have legitimate interest in exploring the ethical hacker profession. You
may not get the proper education nor exposure but it’s a start. Also I feel
like mischief is part of adolescence that’s required to develop interest in a
more serious pursuit. As a kid I did plenty of this type of “hacking“ but on a
more basic level. This in turn made me more fascinated about how things work,
got me into game exploiting, which lead to virtual sales, e-commerce and
ultimately a decent paying job.

I’m not happy that today’s society wants to monitor and deter everything. It
leaves no room for exploration, growth, mistakes and learning.

~~~
Avamander
> I’m not happy that today’s society wants to monitor and deter everything. It
> leaves no room for exploration, growth, mistakes and learning.

YouTube isn't even the worst example of this. The digital surveillance in
schools really creeps me out the most.

~~~
brokenmachine
What kind of surveillance goes on in schools nowadays?

~~~
PavlovsCat
recently:

[https://news.ycombinator.com/item?id=20342264](https://news.ycombinator.com/item?id=20342264)
"Welcome to the K-12 Surveillance State"

[https://news.ycombinator.com/item?id=20312642](https://news.ycombinator.com/item?id=20312642)
"Schools are using unproven surveillance technology to monitor students"

