Hacker News new | past | comments | ask | show | jobs | submit login
Asking Microsoft to resign from the RIAA over YouTube-dl takedown demand (sfconservancy.org)
367 points by pabs3 9 months ago | hide | past | favorite | 74 comments

Not only should they resign from the RIAA, they should reinstate the code, and sue the RIAA for reputational damages resulting from the perjurious DMCA notice.

The RIAA knowingly issued a takedown where there was no copyrighted content. That is perjury. It is spelled out in the DMCA. If they wanted to sue under the "no circumvention" clause, they could have. But they chose to misuse the DMCA takedown process again. Just once I'd love to see them put in their place for the rampant abuse of the system.

Did you read the letter? There's only one sentence there that's submitted under penalty of perjury and it's obviously true.

This was not a DMCA 512 notice.

"This was not a DMCA 512 notice."

It is remarkable how few people commenting on the web are noticing that.

A notice under section 512 needs to identify both the material infringed and the infringing material.

The letter identifies some works that may be infringed, e.g., VEVO videos listed in youtube-dl's documentation.

However it does not identify the location of any infringing material, e.g., an unauthorised copy of a VEVO video.

It cannot be a valid DMCA 512 notice.

The letter instead refers to section 1201 which includes a prohibition against enabling circumvention of copyright protections.

The argument is that youtube-dl violates that prohibition.

Online debate about the applicability of the DMCA in this case should focus on section 1201 not 512.

For example, is youtube-dl "primarily designed for the purpose of circumventing a technological measure that effectively controls access to a work protected [by copyright]" Do most YouTube video URLs use enciphered signatures. Not IME. Does the rolling cipher "control access" to YouTube videos, or does it just control downloading. Etc.

1201. Circumvention of copyright protection systems

(a) Violations Regarding Circumvention of Technological Measures.

(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that-

(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

Something I've been wondering about... if youtube-dl is found to be illegal due to "circumventing a technological measure", what does that mean for adblockers? I imagine ones that simply block certain requests would be relatively safe, but many sites will refuse to work unless the adblocker takes additional steps to hide itself.

That feels more like "circumventing a technological measure" than youtube-dl. Are they in danger?

Wrong way to view the ad problem

The right way is that ad networks are circumventing your cognitive and technical measures you installed to avoid ads

Same with spam, etc

The laws are not one-sided recipes for this social form over that one.

The full line is "circumventing a technological measure that effectively controls access to a protected work".

What is the misuse here? The DMCA makes it illegal to distribute software whose intention is to circumvent technical measures that prevent access to copyrighted materials [1]. youtube-dl's own documentation provides instructions on downloading copyrighted music videos and its test suite uses copyrighted material as well. It's pretty hard, although not impossible, to claim that the intention of the software isn't to engage in copyright violations given those two facts.

Okay so you make a counterargument that maybe this qualifies as fair-use or falls under some other exemption. Maybe you're right, maybe you're not right, that's for a court to decide. The RIAA's lawyer is not here to defend youtube-dl's position on the matter, youtube-dl has the responsibility of defending itself and demonstrating why it chose to use copyrighted music videos as the key example and use case.

You can object to the law and you can even provide a defense for youtube-dl and counter the takedown notice, but you can't say that RIAA's lawyer abused the DMCA takedown process by defending its client.

[1] https://www.copyright.gov/policy/1201/#:~:text=Enacted%20in%...

The misuse of the DMCA takedown notice is that none of the content in the repository was copyright to the RIAA or to an entity the RIAA represents. That's it. The DMCA takedown process is emphatically not the avenue to remedy an alleged circumvention tool as defined by the DMCA. The DMCA allows relief through the courts in that case, a route the RIAA chose not to persue because it is easier to misuse the takedown process. The DMCA takedown process is intended only to remedy the situation where your or your clients' copyrighted content is hosted without permission - any other use is perjury. You can read more about how a claimant must identify the specific infringing content in a takedown notice here [0].

[0]: https://en.wikipedia.org/wiki/Online_Copyright_Infringement_...

You are referencing section 512 of the DMCA, but that's not what the RIAA issued to Github. The RIAA issued a notice in reference to section 1201 of the DMCA and Github has a specific complaint process for violations of that section, and I quote "Complaints about Anti-Circumvention Technology" [1]. That was the form that was used to make the complaint to Github. A link to the details of that complaint along with instructions on how to submit a notice for such violations can be found below. So what exactly is Microsoft or Github suing the RIAA for given that it is Github which provides a complaint process for technologies that circumvent section 1201 of the DMCA.

[1] https://docs.github.com/en/free-pro-team@latest/github/site-...

YouTube doesn't have copy protection for downloads; there is nothing to circumvent. These tools just add a user interface for downloading. If you subscribe to Youtube Premium, Youtube itself gives you downloading.

This is not like breaking encryption on DVDs.

Your device has to download the data in order for the video to be viewed. Streaming is a form of downloading; a copy of the data passes through your equipment, and is retained for some duration of time.

Yes Youtube does have copy protection for downloads and in fact the reason why certain specific music videos were chosen to be part of youtube-dl's test suite is to test the circumvention of Youtube's copy protections! It's literally in the documentation of youtube-dl's test suite what Youtube's mechanisms are along with how to circumvent them.

It doesn’t matter. Chrome and youtube-dl are both downloading a video and letting the user play it. Youtube-dl is nothing more than a specialized browser.

If Chrome does something, any other piece of software is allowed to do it.

Chrome doesn't create a copy of the video on the users HD by default. That's what matters, if Chrome did start doing that (by itself without an extention) I'm sure the RIAA would be suing Google over that.

> Chrome doesn't create a copy of the video on the users HD by default.

Sure it does. That's how it buffers and caches things.

Even if it doesn't leave a copy on the HDD, a copy in RAM is still a copy.

But all of these things are happening inside of my own computer. YouTube already sent the bits and bytes to my computer and I am allowed to do whatever I want with those bits and bytes.

There's nothing illegal about keeping a copy of something that was in memory and anybody arguing otherwise should be viewed as an enemy of humanity.

The media player can save the video in such a way that the Youtube site doesn't know that this happened. That makes a convincing argument that there is in fact nothing in Youtube that can be called copy protection.

> I'm sure the RIAA would be suing Google over that.

Probably, but it could not reasonably sue on the basis that Google's web browser is circumventing copy protection in Google's video site. They could still sue that way unreasonably of course.

RIAA's claim against youtube-dl / Microsoft is not a §512 infringement / takedown / safe-harbour act.


HN discussion: https://news.ycombinator.com/item?id=24888234

Downloading copyrighted music per se is not illegal. This is not the same as intentionally circumventing a digital rights protection mechanism. In some countries (but not in all) it is illegal to download copyrighted music if it was illegally uploaded. But we don't have to assume in the first place that Youtube videos were illegally uploaded. And not to forget that many titles on Youtube are licensed under CC-BY, so in any case they can be legally downloaded and even shared.

You are braking the TOS by downloading videos from YouTube so it’s not legal.

YouTube's TOS is not law.

Also, Youtube's TOS is not Gihub's TOS, and is not the RIAA's TOS.

If this standard form contract is relevant at all (depending on country and other factors), it has nothing to do with copyright. As far as copyright is concerned, see e.g. https://en.wikipedia.org/wiki/Sony_Corp._of_America_v._Unive....

I don't have to agree to TOS in order to download, hell, I don't have to do so even when I am using the service.

> I don't have to agree to TOS in order to download, hell, I don't have to do so even when I am using the service.

I believe TOS violations per-se aren't covered by the DMCA, but by the CFAA (Computer Fraud and Abuse Act) instead.

In any case, DOES the YouTube TOS actually forbid the use of alternate clients to download and view videos?


Interesting. Does the RIAA have standing to enforce the TOS, or only YouTube?

Doesn't YouTube offer a premium service that allows d/l of videos?

Youtube red or something I think it's called.

What's the difference in using youtube-dl to d/l copyright video or using youtube premium to d/l said copyright video.

Note: I have not used youtube res service so idk how it works

You don't get access to the file itself, it's only viewable inside the Youtube app. It's DRM'd content, subject to Youtube's corporate decision making (they might revoke access and wipe the video at any time), or put arbitrary limits on it that wouldn't be there if you had the actual file itself. Basically the content producer (like a music label) lends Youtube their content, and then Youtube lends it to you.

What is illegal according to the DMCA is not the same as what is legal to include in a DMCA Takedown Request. This is a specific extralegal process for streamlining disputes over copyright hosted on a third party's platform.

It's like if someone is loitering outside of a store the store owner doesn't have the right to arrest them and lock them in a cell in their basement. There's a process that needs to be followed by people. Just because loitering may be illegal, and you have the right to post a no loitering sign, doesn't mean you can enforce that on your own.

DMCA Takedowns are an exception that allows parties to quickly remove copywriten material from distribution that comes with heafty penalties (whatever the judge thinks is reasonable) for when something like this goes to court and it's found that the takedown is invalid.

Except the RIAA did not issue the specific S512 notice that you, and many other posters are mistakenly referring to. The RIAA sent a notice in reference to S1201 [1] which is specifically about circumvention and which Github explicitly has a section about titled "Complaints about Anti-Circumvention Technology" and linked below [2].

[1] https://github.com/github/dmca/blob/master/2020/10/2020-10-2...

[2] https://docs.github.com/en/free-pro-team@latest/github/site-...]


> ICE contracts...You know, the guys who forcibly castrate women

Whatever your feelings on ICE, this story was never substantiated and you shouldn't be repeating it as though it's an established fact.

This is how disinformation spreads. People just casually repeat things as if they're common knowledge. Soon everybody just "knows", no matter whether it was ever true to begin with. It's lazy and irresponsible. Stop it.

"According to ICE ... two such procedures have been performed on detainees there since 2018."

"ICE officials on Tuesday promised to cooperate with an investigation" (Reported 15 Sept 2020).


"Two such procedures" refers to two hysterectomies. Not forced hysterectomies. Presumably medically necessary ones. It is conceivable that out of thousands of detainees over two years, there might be two who needed a hysterectomy for some reason, and ICE provided them with the necessary medical care, as determined by the doctors in their employ charged with looking after the welfare of the detainees.

> The report did not detail any detainees who said they had received a hysterectomy against their will;

Right there in the same article.

Even the whistleblower's statement implies that there is one doctor doing it (though again, this is unsubstantiated), not that it is an official policy of ICE as the comment above implies. ("the guys who forcibly castrate women")

I'm not trying to say ICE is great or never did anything wrong. I don't know. I'm saying we can't go around casually repeating unsubstantiated rumors as though they are gospel truths - even if they really, really seem like they would be true because they totally confirm all of our preconceived notions about the subject. Information is sloshing around the world faster than ever and this kind of sloppiness is literally destroying civilization.

It does make me think whether GitHub is fitting place for open source projects anymore.

I think GitHub is fabulous. I love the service and I think its great as a central place to look for and contribute to open source projects better than options we had before.

But issues like this does clearly show an area of misalignment and conflict of interests.

GitHub is most definitely worthy as a node on the network of an open source project, with the caveat that in the event of loss, the project should be able to rapidly spin back up on GitLab or any other git-based project management system (my fork of youtube-dl was nuked as part of the DMCA takedown, but I was able to restore the tarball the Internet Archive had to my personal GitLab instance, for example).

This isn't a call to move from GitHub wholesale (churning between git hosts isn't an effective use of resources imho), but to build more durability and resiliency into distributed version control systems (Keybase-esque identity management, signing every commit, etc). Just as the Internet Archive and others are championing a distributed web [1], technologists must champion distributed development systems. Perhaps a reasonable target is to be able to perform a "git pull" from IPFS? As Gilmore said [2], interpret censorship as damage and route around it.

[1] https://www.google.com/search?q=distributed+web

[2] http://kirste.userpage.fu-berlin.de/outerspace/internet-arti... (First Nation in Cyberspace, TIME International - Dec. 6, 1993, No.49)

> to build more durability and resiliency into distributed version control systems

I'm following Git-SSB and Holochain.

Apart from IPFS, any others you've found?

This is also based on SSB


Open Source needs open source infrastructure, so in retrospect GitHub was never really the best place for hosting open source projects.


What is open source infrastructure though? Can there ever be a public-owned and operated server?

You could make a pretty good case for Sourcehut.

The code is all open source, and is decently simple to self host if you feel inclined.

I would say that infrastructure that runs open source is a good start. Secondly you probably also want the data to be publicly available and for the configuration to be public and for there to be mechanisms to contribute changes back to all of these. Some of the Linux distros operate in this way.

It may well be the watershed moment. Microsoft wants to be seen as committed to the open ecosystem, and now we get to see the implications of what will happen with any conflicts of interest they have. I hope they're internally aware of the impact this scenario has.

Gitea/Gogs are great (self-hosted) alternatives. They preserve GitHub's UI and more importantly are just as fast. UI and speed are usually most people's complaints about Gitlab.

There's a reason I have several backups of code that I care about, hosted under different usernames on different platforms.

People end up getting banned by these companies without any notice, and sometimes without cause.

Microsft and GitHub comply with the laws, there is no conflict of interest here. Open source doesn't mean illegal.

The problem is not GitHub or MS, the problem is the current law about copyrighted content, tools, fair usage, counter procedures, etc.

It's fascinating what some people are demanding.

AFAIK (not a lawyer) DMCA requests are presumed correct so the hoster has to take the content down, with a later process to handle a dispute.

Microsoft is a site that hosts projects for free while following the law. They have no interest in defending a project legally (besides, maybe, PR). Why would they?

The request isn't clearly fraudulent, the RIAA's case is shaky, but it's something one could defend in a court and maybe even win with, provided a strong imbalance of money to spend.

> presumed correct so the hoster has to take the content down

Absolutely not. The hoster won't enjoy a safe harbor (for the specific accused infringement) if the request is properly formed (which they seldom are, including this one) and they they do not take the material down, but they are under no obligation to do so.

[And as other posters have noted-- in this case a copyright infringement isn't even alleged; they're complaining under the anti-circumvention provisions which have no notice and takedown or safe harbor at all.]

> maybe even win with

In a U.S. court? You really think so? If you're right then in my opinion that's proof that the law needs fixing.

It's the "Imbalance of money" part that's critical to that.

And unfortunately, yes. I think so.

Remember, Google v. Oracle has hit the Supreme Court. The only reason it's gone on so long is both sides can afford to keep throwing money at it.

What happens when one side can't?

Counterpoint: in the dancing baby case, Prince lost.

Money is less important to the outcome of a trial than people think it is.

IMO it's chance. Depends very much on the judge, which unfortunately all have a different take on the law.

Does anyone know when Microsoft joined the RIAA and what MS had to say about that? I'm curious what reason MS gave for it, if any.

The RIAA was founded in 1952 so it couldn't have been a founding member, yet I can't find any news or press release with permutations of "Microsoft joins RIAA". Based on archive.org's oldest copy of the RIAA website's members page, it was a member since 2016 at least.

Not sure, but they've been on good terms since the Zune era at minimum.


IMO open source projects need open source tools. I use gitlab for example.

The problem here is that Microsoft has interests now on GitHub, same as Nvidia has interest on ARM. Sure they will assure blablabla bla bla... seriously, do not even try to denny interest on expensive acquired stuff

Projects != services instantiating the project.

Gitlab wouldn't fix the problem here - if Gitlab were owned by Microsoft, even if fully FOSS, Microsoft would probably do the same thing.

The problem here is that Microsoft has plenty of interests, and protecting Github's sanctity is not #1 on that list.

IMO this is the problem with FOSS services running on a corporate of under base. We aren't their main source of money, so they have perverse incentives.

Unfortunately gitlab.com does not run the Open Source version of the GitLab codebase, it runs the mixed proprietary & open source version.

Here is the real test of Microsoft's resolve in their desire to woo the developer community.

If it’s like telemetry it’ll be double down and silence the critics.

I'm still here ;)

> While we'd prefer that Microsoft would simply [...] reject their DMCA requests

Yes, they should and could have done that, all the more so, since justification for the request is on thin ice.

> Microsoft can take the easy first step of resigning from RIAA in protest

What should that be good for? Rather they should use their influence there to prevent such nonsense in the future.

Microsoft employees! raise the issue, make yourselves heard!, this is a horrible precedent to the developer community and a shot in the coffin for centralised git repositories!

how? microsoft is big. and every time there is somekind of hot topic around microsoft, I try to find if someone is discussing it internally. to this date I have not able to find any written internal discussion (which actually makes sense in a way :P). maximum you get is some discussion in cafeteria or smoking area, but no follow up in yammer, teams or mail. I'm probably doing something wrong...

I know why. Same reason why we didn't say shit when Uber was burning from the inside and our CEO was on drunk rampages with seedy women in the car.

The US has no labor laws protecting the employee. Saying something can easily get you fired, next day. They don't have to give a reason.

A protest would require a non-trivial amount of people all coordinated in a 24 hour period or so to come forward with demands.

Now that would be a nice MS :heart: OSS statement.

Because what's MS to gain from this, other than some goodwill from some subset of people, if they did it specifically to stand up for OSS?

Microsoft is not a powerful member of the RIAA. Their resignation would only strengthen the case that technology companies and recording artists are at odds.

The RIAA are not "recording artists". It is a group that protects a media industry, not the artists within that industry or all music creators generally.

This and many of their actions hurt independent musicians.

Don't fall for their gaslighting, there are many artists that they do not represent.

I'm slightly cynical that Microsoft will actually listen, but applying pressure from inside seems like useful advocacy.

Why is Microsoft even an RIAA member in the first place?

Good question.

Microsoft Store online marketplace dropped books and music in 2017: https://www.bbc.com/news/technology-47810367

Humanity for centuries has decided that information is potentially dangerous. Those in power get to choose what information that is.


Modern day version:

RIAA thinks ideas/instructions about how to record music will destroy the record industry.

Twitter thinks that some ideas from the NYPost will harm democracy.

The NYTs thinks that revealing anonymous sources will harm democracy (because their inside sources would be fired).

etc. etc.

Freedom of speech in the broadest sense is not the equilibrium state of cultural norms.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact