Reading EFFs claim is pretty interesting, they state that saving a copy of a video is only one function of youtube-dl. I think the biggest problem is the name is called "youtube download", it is sort of difficult to downplay that saving a copy is only one function when the name implies it is the main purpose of the program.
"youtube-dl stands in place of a Web browser and performs a similar function with respect to user-uploaded videos. Importantly, youtube-dl does not decrypt video streams that are encrypted with commercial DRM technologies, such as Widevine, that are used by subscription video sites, such as Netflix."
Interestingly that verdict also claims that URL encoding is a valid, effective encryption measure (I’m not kidding! See ; the German word here is “Prozentcodierung”, i.e. percent-encoding).
The court in question (LG Hamburg) is infamous in Germany for its technically illiterate, consistently laughable verdicts in IT-related cases (this isn’t a recent thing — it’s been going on for about two decades).
There's also another question of law, though: does 1201 apply when only the intent of the DRM has been circumvented, as opposed to it's technical scope? In other words, does pointing a camera at a monitor constitute circumvention of DRM under section 1201? Most DRM can't actually validate, say, that a human is watching instead of a camcorder. (Let's ignore pesky things like Cinavia which are more akin to post-piracy frustration techniques, and easily circumvented with any kind of Free media player.) Likewise, YouTube's rolling cipher can't really validate that it's not sitting inside of an instrumented browser that will dump whatever URLs it grabs. Our hypothetical OBS rebrand wouldn't actually be a 1201 violation unless the law specifically covers things that DRM can't technically enforce but would like to.
> When Petrolink learned that one of its largest customers, EOG Resources, might switch over to Digidrill’s visualization service, Petrolink took action. Instead of paying Digidrill for access to the corrected drilling data via LiveLog, Petrolink obtained a laptop running DataLogger – along with the corresponding USB security dongle – and then, after realizing DataLogger used an open source Firebird database, managed to gain access to the database by using Firebird's default administrator username and password. Armed with this access, Petrolink developed a program named “RIG WITSML” (dubbed “the scraper” or “the hack”) that could be installed on an MWD company’s computer running DataLogger in order to – in real time – query corrected drilling data from the DataLogger database and transfer that information to PetroVault for visualization. Petrolink then began installing this RIG WITSML program on MWD computers running DataLogger at more than 300 well sites.
I can see this as ending up with Youtube being forced to require sign-ins. Massive expense for Google. Then Youtube-dl adds one parameter for the password, and we're back to square one.
Alternatively, the NewPipe app available on F-Droid can be used to both play videos in the background and download them.
They do take easily accessible apps that use youtube-dl under the hood pretty seriously. I guess it depends on how much of an effort it is for them vs how much of their bottom line ytdl is cutting into.
A downloaded video doesn't generate ad revenue.
More critically, Youtube relies on network effects and people using it. Part of the reason we share family videos, educational content, and other things is so it's, well, shared. For me, the reasons to use Youtube-dl are:
1) People in bandwidth-constrained settings. If I post my videos, and colleagues in some countries can't watch them, I'm going elsewhere.
2) Remixing. If I can't make collages of family videos, I'm going elsewhere.
Youtube can serve masters like me, where it's an effective platform for sharing videos I want people to watch, and where the goal is dissemination. It can serve masters like the RIAA and the MPAA, where the goal is monetization and control. It will have a hard time serving both.
I suspect if it tries, people like me will go to someone who caters to us. A YouYesYouNoNotTheRIAAYesYOUTube. If we do, I think there will be enough of a network to start to syphon people off, and eventually, cat videos and Aunt Alice will be on YYYNNTRYYT.com, while corporate video will be on DRMed Youtube.
At that point, we'll have a replay.
Youtube-dl has an integrated search function, so you actually don't have to open the video in a browser at all.
That's secondary to the rest of your comment, but I thought it was worth noting.
They took that poison pill already, I really, really doubt they ever new pop music stops being part of youtube in the future, the audience is too large. It would be like them taking music off of the radio because people could record it on reel-to-reels. They might stomp around a bit and try to use the law to get what they want, but when push comes to shove the big labels will keep their music on youtube.
They absolutely need eachother and can't afford to be nasty to eachother.
People will literally just give up and straight up do something else if content is behind a auth-wall.
The developers are not responding to the issue, and from what I understand it is borderline impossible to fix, because there is an entire security team behind the Google login protection. The only workaround is to login with a browser and copy the cookies from it to youtube-dl.
That's really easy to do with postman.
Looking quickly online, maybe you're meaning this one?
And your response is regarding whether it should be referred to in the definite article.
It just works. Every time. It’s gotta be one of the most unappreciated tools out there right now.
youtube-dl could then call that command to obtain the cookie.
Maybe there's Red-only content that isn't advertised/recommended to non-subscribers?
I suppose right clicking and selecting view source is ok, but reverse engineering a code out of a hardware chip isn't?
Because any kind of DRM basically has a key in the possession of the user. There are just different levels of difficulty to read that key.
Yes, it would be problematic if, for example, Samsung was marketing their latest flagship as "Our dark-light technology means you can take nearly pixel-perfect video of movies while you watch them in the movie theatre!"
What is the criteria for differentiating between youtube-dl and a "browser"?
I'm afraid in a few months/years, we'll see the hardware security level to become mandatory for Netflix, etc. And then YouTube.
Online streaming services have, in part, scaled so quickly because they run on the general-purpose computers that people already own. So they don't need to bear that hardware cost. These general purpose computers have been fertile soil to grow and nurture the seeds that software companies scatter to the winds.
How interesting it would be if it comes full circle with specialized hardware being required on each PC to receive the content stream.
But it doesn't really work: If you protect your house with no lock, not even a door, but just a little rope with a sign on: "Do not jump over or duck under this ribbon, or cut it!", that's, for the DMCA, enough - so you get into fun games where you claim that, say, a long random unique key that is right there in the HTML youtube.com serves which links to the video is a 'security measure' and that 'I shall read the URLs in this <video> tag and download what I find there instead of showing it on the screen' is 'circumventing this'.
How far can you stretch the meaning of 'circumventing access-control measures' before, in court, you lose your argument? I don't think anybody quite knows yet, but surely github doesn't want to be on the hook for it without microsoft's legal team and management signing off on the risk.
Furthermore, separate from DMCA's hacking provisions, there is simply the concept of who is responsible for any copyright infringement caused by stuff github hosts. As per 17 USC §512 (the so-called 'safe harbor provision'), the idea of claiming 'hey I just host this stuff, I'm not responsible for this, why dont you take it up with whomever uploaded this' is codified: You can do that, but it does mean that you _MUST_ take down the content in response to a takedown notice, and if you don't, then you are now liable any infringement that content makes.
The idea is that the owner of the data files a counterclaim notice, at which point the hoster (github) is free to re-host everything without opening itself up to liability, but only if, as per 17 USC §512, they do so 'no less than 10 days and no more than 14', and github did it in 1 day, so whoopsie there I guess.
At that point it does turn into a fight between claimer and counterclaimer: The idea behind those 10 days is that the supposed real content owner can then go file in court against the counterclaimer; merely filing a lawsuit is enough: Show that to the hoster (github), and they can no longer re-enable the content without then being liable for infringement by doing so.
You can't file a counterclaim until your content is removed.
Yeah, that means an utter bozo can take your content down for at least 10 days and there is nothing you can do about this. The DMCA is not particularly well designed in this manner (it doesn't protect against trolly crud well, and getting a barratry verdict in the US is borderline impossible). But that's how it works.
In github's shoes, the fact that youtube-dl doesn't infringe is relevant only insofar that they are willing to ride that notion allllll the way to the gavel in the ensuing court case, because they will be defendants if they ignore the takedown request. Presumably they weren't going to just do that without at least a close look by microsoft's legal team, and a signoff from the big wigs for the likely millions this will cost, given that US law in these matters is... well, have you ever seen one of those shows where 2 people are on a beam and trying to knock the other one off with a giant q-tip? US law is like that, except the ends of the q-tips are moneybags.
No. There must be an effective technological measure (objectively, according to the state of the art); see https://www.law.cornell.edu/uscode/text/17/1201 (a)(1)(A): No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
You need access to the key hole, a blank, and a file. The lock leaves scratches on the blank until it's been file down to the right spot
This letter spells out in clear, convincing and explicit detail why the RIAA was wrong.
Profit-making Github and Microsoft could have performed this analysis and championed developers themselves, but it was the non-profit EFF that actually did the work.
EFF deserves more credit than just a link for fighting against this shit.
The EFF isn't just some non-profit, it's the premier legal entity defending internet freedom. This is squarely in their wheelhouse.
And why would one assume that Github or MS do not have such experts? They undoubtedly have the technical know-how, and the primary findings in the letter are of a technical nature, or even obvious to technically savvy people. And the court decisions referred to are not about fair use or free-as-in-freedom.
Well, that's what they are actually doing now; factually, it does not matter whether there was a letter by EFF or not; they should have come to the same conclusion even without the EFF; moreover, Github/MS are not accountable to the RIAA; conflicts of interest are not an issue here; in fact, to meet the due diligence a hoster would have to check whether a DMCA request meets the formal requirements and is well substantiated, otherwise the hoster could even be liable to pay damages to the unjustifiably blocked project.
Although it probably has good intent, this is largely PR.
Pretty decent rules of thumb.
And at a higher level ... who cares if they did it maliciously or because they "panicked", you can't ever know that anyway and either one means you can predict what they will do in similar situations.
Sounds like cynicism is your hobby, buddy.
I can't imagine the fallout from this didn't wipe several times that off of github's valuation.
If github had done this before the EFF letter, it would have been something else. With the EFF letter, they have zero liability to reinstating the repo, and are borderline legally required to do so.
Feel free to highlight them here.
I'd rather cut this problem off at the head than sit around and establish legal defense funds if possible. I'm glad GitHub and Microsoft could help contribute to this victory though.
I don't understand what you mean by this! I know it's an expression or a way of saying something, but I don't understand what you mean
UBI + no anti-piracy would clearly be a huge improvement for the vast majority of artists and art itself. Let's just do that.
If both parties get anti-DRM legislation into the platform in random places you can be assured they will listen. If both parties see their big supporters as against something they will listen. Politicians do not want money, contrary to what you might think: they want a power, and in this country that means they need votes. Money (for ads) is one way to get votes, but real humans doing real work is at least as powerful.
After the last four years I have now blocked all social media and all american news sources in my house with the expressed intent of not hearing a word about politics, news, etc... It has taken a massive toll on how I feel day to day, I found my personal relationships waning, and made me feel uncomfortable meeting new people. I'd rather pay someone to involve themselves with this kind of world, not be involved in it myself.
Cutting the head off the snake is about removing the point of control from an organisation.
Yep, it's much cheaper to ensure employees to give money to EFF ;)
Why is this comment downvoted? It's highlighting one of the most common misunderstandings that laypersons have regarding video download/streaming. Most people think that you can "view" content on the internet without downloading it. In this context, a tool which purports to "download" content, you know... sounds like it's nefariously doing something that the "viewing" tool (like a web browser) doesn't do.
Is there? When "streaming" video, there most certainly is a copy of the bits being stored on a disk to ensure that the video "stream" plays cleanly and without interruption.
Are you making the claim that "streamed" video is never buffered/stored on disk? That's an odd claim to make. I'm no expert on video streaming, but I would be very surprised to find that all video streams are only stored in RAM and not on disk.
I may well be wrong about that. Perhaps someone more knowledgeable could chime in.
With more secure DRM systems the OS literally never gets access to the video buffer, protected by hardware, in order to even send it to disk.
yes, at some point actual human intentions must come into play. you can't defend stuff like CP by saying "it's just some EM pulses, what's the big deal?". or "no I'm not invading your privacy with my IR camera, you are broadcasting in the IR spectrum!".
in this case the implementation does blur the line a little bit. what if the browser's memory gets swapped out to a page file on a (spinning) hard drive? even if the cache gets "deleted" after closing the tab, it might be quite a while before the sectors containing that protected sequence of bits get overwritten. is this infringement?
Because if it's just querying for metadata that anyone can already query for...your point seems immaterial as to the legality of the tool?
I've been in several situations where this would have been incredibly handy, but never realized it was possible.
There's all kinds of cool stuff you can do with youtube-dl. For example 'ytsearch20:kittens' will get a playlist of the first 20 search results for 'kittens'.
For Microsoft to pay for the lawyers to take it down (via their RIAA membership payments) and also pay for the lawyers to keep it up seems... rather silly.
I think this is a very very good / exemplary reaction.
Surely they already had the legal manpower when the youtube-dl removal started making waves. The fact that they did nothing for over three weeks and are publishing this blog post right after the issue was fixed by someone else (EFF) makes it hard to believe their "changes".
They probably published this off the back of a signed off proposal and may start implementing off the back of it early next year.
I'm not sure why this is so unrelatable to you but for me, daily business is, that things just take 1-3 weeks.
Legal manpower still means, that people interrupt their current tasks, which they properly have plenty of, to reprioritize something, others might even not care about at all or never heard of.
I stay with my statement and i have enough live experience, that i don't expect a 3 minute solution and answer from github.com
Instead they found a million dollars (!!!), wrote a blog post with explicit commitments, but then waited on somebody else to step up. It just doesn't add up.
Then you need meetings.
You need to 'coordinate' your message or whatever.
You need to talk to the legal department and stuff.
What is not 'adding up'?
And why is it an issue that it took a little bit?
GitHub's CEO claimed he cared, October 27: https://twitter.com/natfriedman/status/1321221940774723584
The fact that he didn't get a coordinated message or anything at all in the following three weeks shows how much he really did.
Microsoft also has a program for matching employee donations to non-profits, so its likely Microsoft has also given money to the EFF as well.
They would most definitely have a case that the name makes it appear to be a youtube product. Would a cease and desist for the name only somehow imply that google has no issue with the functionality?
Because I know not protecting your trademark can lead to dilution. And by issuing takedown notices, they are showing that they are aware of the existence of this usage of the youtube trademark.
I think its for this reason that they don't go after these projects very aggressively.
That they haven't done it (make youtube-dl's life harder) yet just means they might do it tomorrow, not that they don't care.
By expressively taking the side of the accused (such as paying their attorney), Github could have opened themselves to being liable for whatever youtube-dl does.
Having the EFF as an independent party sidesteps that issue.
I'm somewhat baffled they managed to get the repo reinstated given that's very much a violation of the DMCA.
There are many videos on YouTube that are 100% legal to download.
I'll let the lawyers debate that whole thing, but IMO I think that was a bit of a mistake / bad idea. Granted, fixable, but maybe a lesson of something to avoid.
Under DMCA, neither writing a script like youtube-dl nor using it is prohibited (making an unauthorised copy of a video could be fair use).FN1 Section 1201 however prohibits distributing the script to others. Thus, the author of the script who "releases" (distributes) it is not necessarily the only one who might be violating the DMCA. Any recipient of the script who distributes it further, e.g., Microsoft, could be violating the DMCA as well.
FN 1. Section 1201 prohibits distributing technology that is designed to circumvent either "access controls" and/or "copy controls". Similarly, the act of circumventing "access controls" is prohibited. However, the act of circumventing "copy controls" is not explicitly prohibited. Making unauthorised copies, e.g., downloading YouTube videos, is subject to the defense of fair use. It is arguable that youtube-dl is only designed to circumvent "copy controls". As others in the thread point out, there are generally no "access controls" on YouTube videos, e.g., password protection. There could be exceptions. If youtube-dl is designed to circumvent geographic or age restrictions, would those be considered "access controls".
Aside from DMCA concerns, Google's Terms of Service for YouTube would appear to prohibit use of youtube-dl:
"The following restrictions apply to your use of the Service. You are not allowed to:
1. access, reproduce, download, distribute, transmit, broadcast, display, sell, license, alter, modify or otherwise use any part of the Service or any Content except: (a) as expressly authorized by the Service; or (b) with prior written permission from YouTube and, if applicable, the respective rights holders;
2. circumvent, disable, fraudulently engage with, or otherwise interfere with any part of the Service (or attempt to do any of these things), including security-related features or features that (a) prevent or restrict the copying or other use of Content or (b) limit the use of the Service or Content;
3. access the Service using any automated means (such as robots, botnets or scrapers) except (a) in the case of public search engines, in accordance with YouTube's robots.txt file; or (b) with YouTube's prior written permission;"
Would these TOS be enforceable if challenged. #1 makes no allowance for fair use. What do you think.
I'm at least one of those who requested EFF to take a look on "The RIAA’s attack on YouTube-dl is not a DMCA 512 infringement" thread.[0,1]