Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Couldn't you just scrape HTML from YouTube's site? That's not the most efficient route, but a public API call returning enough info to generate the site's viewer URL gives which info to go scrape the page for the video itself


That doesn't work. The video URL is not in plain text in the HTML. They send you encrypted data and you have to decrypt it using javascript that they also send you. It is, therefore, an encryption measure, which is illegal to break under the DMCA


The DMCA was a huge mistake


Imagine that I write my CV in a plain .txt file, but then add it to self-extracting rar and send it to you. If you open the file with notepad it will be kind of unreadable. If you execute it, you can read the .txt file. Did you just broke my encryption?

It is the same, they may send you the URL encrypted (more likely obfuscated), but then they also send you the code. In this case, they are giving you all you need to decrypt it. You just run their code that they sent to you.

IANAL, but if I post my username/password here, I should not be able to sue you that you hacked my account.


Encryption isn't broken by Invidious, nor by youtube-dl or anything else. Youtube sends a bunch of Javascript, Invidious interprets it and runs the code. Unless Google wants to prove that running secret_youtube_sauce.js can only be ran by specific user-agents on their own website otherwise it's DMCA infringement, they can try. If they win, you've got a bigger problem anyways, since they would win the right to only allow Chrome to access Google properties.


The OP used a misleading term. It’s not “breaking” encryption that’s illegal, nor is it occurring.

What is illegal is circumventing any measures at DRM that involve encryption.

> Unless Google wants to prove that running secret_youtube_sauce.js can only be ran by specific user-agents on their own website otherwise it's DMCA infringement, they can try

This is exactly the implication here. It’s not copyright infringement, it’s DRM bypassing which is a separate law. The implication is that google wouldn’t have sent you the content (encrypted or not) if the user agent (or whatever) was different. Therefore, you’re deceiving them and illegally bypassing DRM.

> If they win, you've got a bigger problem anyways, since they would win the right to only allow Chrome to access Google properties.

IIRC YouTube used to not work right on Firefox, intentionally. Also lots of Google properties are behind a Chrome-wall (eg their LLM generative search results)

IANAL, but that’s the gist of what’s happening here.


Are the devs American? If not, does the DMCA even have jurisdiction?


Non-Americans are obviously not subject to US law. However unfortunately most countries have patent/copyright/dmca-like legislation for no reason whatsoever


Ah right, it's been years since I delt with DRM'd video and I completely forgot the URL itself wouldn't be visible in the html




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: