It seems like EFF fought for youtube-dl and GitHub used their letter as legal firepower to bring the repo back online. If GitHub were fighting for the developer they would have funded the attorney, right? Though from their blog post it does look like they are taking steps to fund defense in the future as well as other steps to improve the situation.
Reading EFFs claim is pretty interesting, they state that saving a copy of a video is only one function of youtube-dl. I think the biggest problem is the name is called "youtube download", it is sort of difficult to downplay that saving a copy is only one function when the name implies it is the main purpose of the program.
AFAIU the argument is more that youtube-dl is effectively a web browser and doesn’t do anything that a web browser doesn’t do. Further, it does not include any “secret” key for DRM circumvention like might be bundled with e.g. Chrome in the case of Widevine, where browser vendors agree to protect the secret key.
"youtube-dl stands in place of a Web browser and performs a similar function with respect to user-uploaded videos. Importantly, youtube-dl does not decrypt video streams that are encrypted with commercial DRM technologies, such as Widevine, that are used by subscription video sites, such as Netflix."
"We presume that this “signature” code is what RIAA refers to as a “rolling cipher,” although YouTube’s JavaScript code does not contain this phrase. Regardless of what this mechanism is called, youtube-dl does not “circumvent” it as that term is defined in Section 1201(a) of the Digital Millennium Copyright Act, because YouTube provides the means of accessing these video streams to anyone who requests them. As federal appeals court recently ruled, one does not “circumvent” an access control by using a publicly available password. Circumvention is limited to actions that “descramble, decrypt, avoid, bypass, remove, deactivate or impair a technological measure,” without the authority of the copyright owner."
The (English) phrase is used verbatim in the (German) 2017 LG Hamburg claim and verdict. It is not explained there, nor did the claimant explain where they got it from. I’m assuming that it’s based on a misunderstanding of “rolling codes” [1], an actual cryptographic technique, which isn’t applied here (the only overlap is that the “s” parameter of the YouTube video URI varies for certain videos; and, well, the key in rolling codes also varies).
Interestingly that verdict also claims that URL encoding is a valid, effective encryption measure (I’m not kidding! See [2]; the German word here is “Prozentcodierung”, i.e. percent-encoding).
The court in question (LG Hamburg) is infamous in Germany for its technically illiterate, consistently laughable verdicts in IT-related cases (this isn’t a recent thing — it’s been going on for about two decades).
Right, but the law makes no mention of secret keys, it just says you can't go around anything that controls access to a copyright work; and you can't provide tools to do so. The actual legal definition of tools covers both actual technical purpose as well as marketed purpose. Rebranding, say, OBS as "Recorder for YouTube" and talking about how you can use it to get around YouTube's downloading protections by screencapping the entire video would possibly constitute a 1201 violation.
There's also another question of law, though: does 1201 apply when only the intent of the DRM has been circumvented, as opposed to it's technical scope? In other words, does pointing a camera at a monitor constitute circumvention of DRM under section 1201? Most DRM can't actually validate, say, that a human is watching instead of a camcorder. (Let's ignore pesky things like Cinavia which are more akin to post-piracy frustration techniques, and easily circumvented with any kind of Free media player.) Likewise, YouTube's rolling cipher can't really validate that it's not sitting inside of an instrumented browser that will dump whatever URLs it grabs. Our hypothetical OBS rebrand wouldn't actually be a 1201 violation unless the law specifically covers things that DRM can't technically enforce but would like to.
The rebuttal to your reasoning is in the letter. Basically a federal judge has previously ruled that utilizing a publicly available password is not circumvention of a copyright protection mechanism. The code containing the "sig" (as google calls it) or "rolling cipher" (as RIAA calls it) is available to anyone by viewing the JavaScript. This sig / cipher being public means it is not a copyright protection mechanism.
The detail of the “publicly available password” case [1] is quite interesting. It’s not directly analogous to the YouTube system, but as the EFF points out, the RIAA’s reliance on German law has its own problems.
> When Petrolink learned that one of its largest customers, EOG Resources, might switch over to Digidrill’s visualization service, Petrolink took action. Instead of paying Digidrill for access to the corrected drilling data via LiveLog, Petrolink obtained a laptop running DataLogger – along with the corresponding USB security dongle – and then, after realizing DataLogger used an open source Firebird database, managed to gain access to the database by using Firebird's default administrator username and password. Armed with this access, Petrolink developed a program named “RIG WITSML” (dubbed “the scraper” or “the hack”) that could be installed on an MWD company’s computer running DataLogger in order to – in real time – query corrected drilling data from the DataLogger database and transfer that information to PetroVault for visualization. Petrolink then began installing this RIG WITSML program on MWD computers running DataLogger at more than 300 well sites.
> This sig / cipher being public means it is not a copyright protection mechanism.
I can see this as ending up with Youtube being forced to require sign-ins. Massive expense for Google. Then Youtube-dl adds one parameter for the password, and we're back to square one.
Google quickly kills any iOS/Android app that offers offline playback functionality for YouTube, so I can't imagine they love youtube-dl. They probably only haven't made a stink because it might attract more attention to a tool primarily only known about in techhead circles.
I think the difference is that offline playback and background playback on iOS/Android can be unlocked through YouTube Premium so those apps directly interfere with YouTube's bottom line. YouTube-dl I don't really see as directly competing with that because it's not trivial to download a YouTube video from it to your phone.
And given how unlikely people are in the wider non-technical audience to god-forbid, run a command line program, I guess they really just don't care.
They do take easily accessible apps that use youtube-dl under the hood pretty seriously. I guess it depends on how much of an effort it is for them vs how much of their bottom line ytdl is cutting into.
Yes it does. I go to the page (ad), copy the URL, and youtube-dl.
More critically, Youtube relies on network effects and people using it. Part of the reason we share family videos, educational content, and other things is so it's, well, shared. For me, the reasons to use Youtube-dl are:
1) People in bandwidth-constrained settings. If I post my videos, and colleagues in some countries can't watch them, I'm going elsewhere.
2) Remixing. If I can't make collages of family videos, I'm going elsewhere.
Youtube can serve masters like me, where it's an effective platform for sharing videos I want people to watch, and where the goal is dissemination. It can serve masters like the RIAA and the MPAA, where the goal is monetization and control. It will have a hard time serving both.
I suspect if it tries, people like me will go to someone who caters to us. A YouYesYouNoNotTheRIAAYesYOUTube. If we do, I think there will be enough of a network to start to syphon people off, and eventually, cat videos and Aunt Alice will be on YYYNNTRYYT.com, while corporate video will be on DRMed Youtube.
Perhaps more importantly, the number of people using youtube-dl because it allows you to watch videos without ads almost certainly pales in comparison to the number of people just using adblockers. Youtube-dl makes you wait.
Downloaded videos often get remixed into other videos that generate ad revenue. Commentary, reaction videos and compilations are substantial parts of youtube.
How many people downloaded Shake It Off with youtube-dl vs. the people who watched it from the official YouTube app or stock Google Chrome? youtube-dl does not nearly threaten their revenue in any tangible way.
Yes, but is there any indication that they work against youtube-dl in some specific way? Adversarial actions like changing youtube to render youtube-dl non-functional?
Youtube has to listen to the RIAA's demands because music and music videos are a huge portion of their traffic. The music industry could decide to move all that to Spotify if they chose.
They took that poison pill already, I really, really doubt they ever new pop music stops being part of youtube in the future, the audience is too large. It would be like them taking music off of the radio because people could record it on reel-to-reels. They might stomp around a bit and try to use the law to get what they want, but when push comes to shove the big labels will keep their music on youtube.
I am not that afraid that google would require sign-ins for everything. Even google with its massive market dominance should be pretty scared of given such a clear opening for a competitor, and being accessible without a login is a huge feature in order to get market share quickly compared to a competitor that does not.
The developers are not responding to the issue, and from what I understand it is borderline impossible to fix, because there is an entire security team behind the Google login protection. The only workaround is to login with a browser and copy the cookies from it to youtube-dl.
I'm pretty sure that is what they mean, yes. It is a nice tool. Lets you write HTTP(S) templates with parameters and whatnot, save them in groups, send them, handle the response, etc.
Why not simply create a youtube-login command that does nothing but launch an electron instance that lets you login into youtube and then returns the cookie?
youtube-dl could then call that command to obtain the cookie.
Content with a certain age threshold triggers login. The last time I looked at this, embedding these videos was still possible without logging in. So there are definitely ways in accessing the content without authentication.
Hm. If embedding works maybe my ad-blocking is sufficient; or I just haven't come across any that require it. I mostly just watch woodworkers/machinists/electronics/etc. Sort of conceivable it could be age restricted but would also be surprising.
Yes, it would be problematic if, for example, Samsung was marketing their latest flagship as "Our dark-light technology means you can take nearly pixel-perfect video of movies while you watch them in the movie theatre!"
> Likewise, YouTube's rolling cipher can't really validate that it's not sitting inside of an instrumented browser that will dump whatever URLs it grabs.
What is the criteria for differentiating between youtube-dl and a "browser"?
In this case a “browser” is a YouTube client that copyright holders are happy with, because it doesn’t provide any simple way of saving offline copies.
Sure, it would be "effectively a web browser". But it would also require a secret key. If the program is not licensed to hold the key, that could be considered circumvention.
I even sidestepped the obvious of loading widevine.so, running it, symbolic execution, etc. It's mostly a thought experiment to show how everything is stupid in the end.
I'm afraid in a few months/years, we'll see the hardware security level to become mandatory for Netflix, etc. And then YouTube.
In the old days, someone who wanted to send you this kind of content would build and sell hardware for you to receive and play it (like a DVD player).
Online streaming services have, in part, scaled so quickly because they run on the general-purpose computers that people already own. So they don't need to bear that hardware cost. These general purpose computers have been fertile soil to grow and nurture the seeds that software companies scatter to the winds.
How interesting it would be if it comes full circle with specialized hardware being required on each PC to receive the content stream.
That kind of "pull the ladder up behind you" strategy would be a natural thing for today dominants players to try. They benefited from an open playing field, but now they no longer need it. If they succeed, they have established a massive moat to stave off competition. If they manage to get it into standards and legislation, then undoing it would require a tectonic shift.
Google is especially well positioned for this - Chrome, Google Search, Android and Youtube being potentially very effective places to do DRM media gatekeeping. "don't be evil" had to go from their mission statement. Maybe "universally accessible" will be next...
The way they do it is to bake DRM mechanisms into platforms. Intel ME, AMD PSP, Apple T2 chip/SE, those secondary computers bear the DRM hardware features, so end product manufacturers don’t have to handle it.
It's still going to be hardware everyone already owns, just with specific features. It's not a separate purchase of a dvd player, you're buying a phone that has the licensing chip built in
Isn't the Widevine password essentially public as it is distributed to the client where it was extracted? Or was the Widevine key somehow stolen from Google's private repository?
There are multiple widevine keys, some are in CPU memory (shipped with the client software), some are in trusted enclaves on devices. Some of the trusted enclave keys have been dumped from hardware (nexus 6 for one, iirc) and eventually those keys were revoked or downgraded
I wonder if the RIAA will now be putting pressure on YouTube to use the same DRM as Netflix, so that when a video is downloaded they can’t use this ‘it’s just a browser guv’ defence because there would then have to be some circumvention to make it work.
But it doesn't really work: If you protect your house with no lock, not even a door, but just a little rope with a sign on: "Do not jump over or duck under this ribbon, or cut it!", that's, for the DMCA, enough - so you get into fun games where you claim that, say, a long random unique key that is right there in the HTML youtube.com serves which links to the video is a 'security measure' and that 'I shall read the URLs in this <video> tag and download what I find there instead of showing it on the screen' is 'circumventing this'.
How far can you stretch the meaning of 'circumventing access-control measures' before, in court, you lose your argument? I don't think anybody quite knows yet, but surely github doesn't want to be on the hook for it without microsoft's legal team and management signing off on the risk.
Furthermore, separate from DMCA's hacking provisions, there is simply the concept of who is responsible for any copyright infringement caused by stuff github hosts. As per 17 USC §512 (the so-called 'safe harbor provision'), the idea of claiming 'hey I just host this stuff, I'm not responsible for this, why dont you take it up with whomever uploaded this' is codified: You can do that, but it does mean that you _MUST_ take down the content in response to a takedown notice, and if you don't, then you are now liable any infringement that content makes.
The idea is that the owner of the data files a counterclaim notice, at which point the hoster (github) is free to re-host everything without opening itself up to liability, but only if, as per 17 USC §512, they do so 'no less than 10 days and no more than 14', and github did it in 1 day, so whoopsie there I guess.
At that point it does turn into a fight between claimer and counterclaimer: The idea behind those 10 days is that the supposed real content owner can then go file in court against the counterclaimer; merely filing a lawsuit is enough: Show that to the hoster (github), and they can no longer re-enable the content without then being liable for infringement by doing so.
You can't file a counterclaim until your content is removed.
Yeah, that means an utter bozo can take your content down for at least 10 days and there is nothing you can do about this. The DMCA is not particularly well designed in this manner (it doesn't protect against trolly crud well, and getting a barratry verdict in the US is borderline impossible). But that's how it works.
In github's shoes, the fact that youtube-dl doesn't infringe is relevant only insofar that they are willing to ride that notion allllll the way to the gavel in the ensuing court case, because they will be defendants if they ignore the takedown request. Presumably they weren't going to just do that without at least a close look by microsoft's legal team, and a signoff from the big wigs for the likely millions this will cost, given that US law in these matters is... well, have you ever seen one of those shows where 2 people are on a beam and trying to knock the other one off with a giant q-tip? US law is like that, except the ends of the q-tips are moneybags.
> "Do not jump over or duck under this ribbon, or cut it!", that's, for the DMCA, enough - so you get into fun games where you claim that
No. There must be an effective technological measure (objectively, according to the state of the art); see https://www.law.cornell.edu/uscode/text/17/1201 (a)(1)(A): No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
This law article is utterly hilarious and self-contradictory.
No-one should be able to circumvent "a technological measure that effectively controls access", by definition.
If someone does circumvent a measure intended to control access, this proves that the measure was not, in fact, effective, thereby rendering the entire article inconsequential.
The lock at your door is also assumed to effectively control who can open it, but as we know keys can be dupplicated. However, it is not possible to copy it without access to your original key and the necessary effort. This is sufficient for the legislator. It would be different if you hung your key on the outside of the door a priori, like Youtube does.
GP was speaking metaphorically, following your (GGP's) metaphor. For some reason, you abandoned the metaphoric level and misunderstood this to be about real keys and locks.
For many and most physical keyed locks, you can decode the lock with special picks or impressioning tools. It can be pretty time and skill intensive though.
I don't believe that Github actually needed the EFF's writing for this, or that they don't have the necessary technical expertise themselves. That is probably rather a protective assertion not to lose face. But at least they seem to have learned something from it now and want to review such requests technically before they (unjustifiably) act.
Github links to the EFF letter [0] in the DMCA repo.
This letter spells out in clear, convincing and explicit detail why the RIAA was wrong.
Profit-making Github and Microsoft could have performed this analysis and championed developers themselves, but it was the non-profit EFF that actually did the work.
EFF deserves more credit than just a link for fighting against this shit.
The EFF is probably more qualified to respond to this, actually, since they have some of the most experienced lawyers there are when it comes to defending fair-use/free-as-in-freedom works from malicious DMCA notices. Microsoft's best play is just paying them, which other comments indicate they are doing.
The EFF isn't just some non-profit, it's the premier legal entity defending internet freedom. This is squarely in their wheelhouse.
> since they have some of the most experienced lawyers there are when it comes to defending fair-use/free-as-in-freedom
And why would one assume that Github or MS do not have such experts? They undoubtedly have the technical know-how, and the primary findings in the letter are of a technical nature, or even obvious to technically savvy people. And the court decisions referred to are not about fair use or free-as-in-freedom.
Because Microsoft's goals are not directly aligned with fighting DMCA and similar legislation. It takes more than being technically savvy to fight legislation like this; actually, I would say being technically savvy but not experienced will leave you in an unfortunate spot because you'll see through all the copyright stuff but be unable to effectively fight it in court.
The question was rhetoric. They have huge legal departments all over the world. Copyright, licensing and patent contract law are among the most important areas for these companies.
Yes, I've read it. That's why I came to my conclusion. Btw. nearly all of the facts in the referenced letter were expressed in HN discussions just a few hours after the takedown. From my point of view they were obvious.
I agree that they were obvious and, as you say, the HN conversations show that they occurred to many technologists. That said, I think there is an argument to say that the EFF was better qualified to write the letter. The reason being that MSFT wants to look like an impartial content host (to avoid being liable) and the EFF is explicitly an advocacy group. If MSFT advocates for content on that platform, it could be portrayed as a conflict of interest by the RIAA lawyers. I completely understand the optics of EFF doing the heavy lifting on this one.
> If MSFT advocates for content on that platform, it could be portrayed as a conflict of interest by the RIAA lawyers
Well, that's what they are actually doing now; factually, it does not matter whether there was a letter by EFF or not; they should have come to the same conclusion even without the EFF; moreover, Github/MS are not accountable to the RIAA; conflicts of interest are not an issue here; in fact, to meet the due diligence a hoster would have to check whether a DMCA request meets the formal requirements and is well substantiated, otherwise the hoster could even be liable to pay damages to the unjustifiably blocked project.
This. Github is acting like the knight in shining armor, but they really didn't do anything except respond to the backlash their complicit no-questions-asked removal caused.
On the contrary, they’re doing a lot, including establishing a $1M legal defense fund for developers and a technical team to review the validity of anti-circumvention DMCA notices. It seems like they’re doing a lot more than just paying lip service to EFF / developer freedom, and they should be commended for it.
They’re correcting a wrong because their reputation took a big hit in the dev community. Now there’s big talk of the dangers of not self-hosting your repo and the monoculture of using GitHub.
Although it probably has good intent, this is largely PR.
Being a rube isn't a great hobby either, that's why "fool me once ..." is a famous saying. As are the various versions of "who benefits?".
Pretty decent rules of thumb.
And at a higher level ... who cares if they did it maliciously or because they "panicked", you can't ever know that anyway and either one means you can predict what they will do in similar situations.
This isn't the first frivolous DMCA request GitHub complied with. A company owned by one of the largest tech companies in the world doesn't need to "panic" about something like this.
After Nat's cynically duplicitous comments and actions, it's hard to view this as anything other than PR. A $1 million expense is not a big advertising expense for github. It was a $7.5 billion sale. Microsoft spend 0.013% of that on this PR piece.
I can't imagine the fallout from this didn't wipe several times that off of github's valuation.
If github had done this before the EFF letter, it would have been something else. With the EFF letter, they have zero liability to reinstating the repo, and are borderline legally required to do so.
Open question to HackerNews: are there big tech firms that give lobbying money to free software lobbyists?
Feel free to highlight them here.
I'd rather cut this problem off at the head than sit around and establish legal defense funds if possible. I'm glad GitHub and Microsoft could help contribute to this victory though.
"Removing outdated or poorly written laws by paying off Congress is more effective than funding lawyers to litigate their misuse on a case by case basis forever"
We need stop the existence of mafia like extortion rackets that claim they protect artists but in fact they line their own pockets and pockets of the labels and at the same time artists can't afford to even eat well.
Now that musicians make proportionally more from live shows (the recorded music is just the advertisement for the the show), the idea that anti-piracy is for the artists themselves is even more preposterous.
UBI + no anti-piracy would clearly be a huge improvement for the vast majority of artists and art itself. Let's just do that.
Not all artists can do shows - e.g. disabled, but I believe true fans will buy a record. I wouldn't like someone like RIAA to pressure someone into paying just because they downloaded my song to check it out (and I wouldn't see the money anyway). These days we have great technology and companies like Spotify can pay artists directly. Labels these days can only provide financing (on mafia like terms) and influence gate keepers, but this is also changing. You can totally make a commercial grade record on your own without label involvement, same with videos, merch etc. and even gigs.
Don't lobby. go to your local caucus and change it from within. Note that I said Caucus: even in a primary state there is some form of caucus where the party decides things. You want to be in this system, this is where the party platform is decided on. This is where the people who are working behind the scene to elect someone make the plans. In turn this is where politicians go to find people who will work for them. Which in turn means this is where you can have a one-on-one meeting from the standpoint of someone important to listen to. (when you spend a few Saturdays knocking on potential voters doors for someone that someone listens to you)
If both parties get anti-DRM legislation into the platform in random places you can be assured they will listen. If both parties see their big supporters as against something they will listen. Politicians do not want money, contrary to what you might think: they want a power, and in this country that means they need votes. Money (for ads) is one way to get votes, but real humans doing real work is at least as powerful.
This sounds hopelessly naive. At the risk of starting a political flamewar, it’s really not possible for any individual to effect large scale change to policymaking beyond the hyper local level. It’s especially impossible to go against massive lobbying interests like the RIAA.
If someone wants to do that bit I'd say go ahead. Don't tell people not to pursue lobbying though.
After the last four years I have now blocked all social media and all american news sources in my house with the expressed intent of not hearing a word about politics, news, etc... It has taken a massive toll on how I feel day to day, I found my personal relationships waning, and made me feel uncomfortable meeting new people. I'd rather pay someone to involve themselves with this kind of world, not be involved in it myself.
The meaning is to deal with a problem before it grows worse. There are a lot of variances to the expression, 'cutting it off at the head'
'Nip it in the bud'
'Cutting the problem at it's roots'
They're all references to killing something before it grows more difficult to deal with.
I feel like the problem is already fully-realised in this case, so you can't "nip it at the bud" but have to stop the full-form yes? That goes along with "cutting it off at the head" moreso in my opinion.
I know you are dead serious and I agree, but this made me laugh at how such an obvious answer can be so absurd to the company itself since it's their window to the world of users. You and I would say that is their leverage in the fight of abusive DRM, yet they would argue it is what allows them to survive.
Given that Google is the author of the main browser-based content decryption module in use (Widevine), and Google also has a bunch of content provider partnerships to maintain, and they run YouTube, which in some ways relies on content owners not getting pissed off and suing it out of existence (content owners are the reason YT has ContentID, not because of any legal requirement)... I don't think it's in Google's best financial interest to fight against DRM. So they won't do that.
Whenever you watch a video you are downloading it. youtube-dl merely gives you control over where that stream goes, whether it's to a hard disk or to a media player like the regular Youtube.
> Whenever you watch a video you are downloading it.
Why is this comment downvoted? It's highlighting one of the most common misunderstandings that laypersons have regarding video download/streaming. Most people think that you can "view" content on the internet without downloading it. In this context, a tool which purports to "download" content, you know... sounds like it's nefariously doing something that the "viewing" tool (like a web browser) doesn't do.
This may be completely true in a technical sense, but that's not how the law works (see https://ansuz.sooke.bc.ca/entry/23). And while the same bits pass through your connection, this equivalence already breaks down right away: There is clearly a difference between persisting a media file to disk vs having it ephemeral in browser memory.
>There is clearly a difference between persisting a media file to disk vs having it ephemeral in browser memory.
Is there? When "streaming" video, there most certainly is a copy of the bits being stored on a disk to ensure that the video "stream" plays cleanly and without interruption.
Are you making the claim that "streamed" video is never buffered/stored on disk? That's an odd claim to make. I'm no expert on video streaming, but I would be very surprised to find that all video streams are only stored in RAM and not on disk.
I may well be wrong about that. Perhaps someone more knowledgeable could chime in.
That's again exactly the technical detail fallacy the comment you replied to is arguing against. No, they are not making the "odd claim" you suggest. They suggest that laws make the difference when deciding about infringement. E.g. by explicitly excluding temporary copies created while watching as intended, where it doesn't matter how the OS and the browser handle the memory internally, but a thing that results in a file on disk the user keeps is clearly different. (Similarly to how software being copied into swap-backed memory while you run it is not an illegal copy, whereas copying the file elsewhere might)
Certainly with DRMed video it is common for the video to never be buffered/stored on disk. Sometimes a few seconds is, but even that is uncommon, and more likely it would simply be retained in RAM now.
With more secure DRM systems the OS literally never gets access to the video buffer, protected by hardware, in order to even send it to disk.
An interesting question along these lines arose recently in relation to an Australian password disclosure law that related to accessing “computers,” which was used to compel disclosure of a smartphone passcode. To HN readers and the digital forensics people who pull data off smartphones, they’re obviously computers. But the judge was not convinced that a law written to allow access to “computers” in the early 2000s was intended to allow access to smartphones today, which contain far more personal information than the typical personal computer of 20 years ago. After all, if you asked someone “do you have a computer?” they would be unlikely to say yes based on their possession of a smartphone. And if you ask someone who streamed a YouTube video whether they “downloaded” it, I think in most cases the answer would be no. That’s why the tool is called “youtube-dl,” even though it is now used for streaming as well.
> There is clearly a difference between persisting a media file to disk vs having it ephemeral in browser memory.
yes, at some point actual human intentions must come into play. you can't defend stuff like CP by saying "it's just some EM pulses, what's the big deal?". or "no I'm not invading your privacy with my IR camera, you are broadcasting in the IR spectrum!".
in this case the implementation does blur the line a little bit. what if the browser's memory gets swapped out to a page file on a (spinning) hard drive? even if the cache gets "deleted" after closing the tab, it might be quite a while before the sectors containing that protected sequence of bits get overwritten. is this infringement?
I agree there is a legal/practical/moral difference between streaming and downloading something. But there's no need to obscure the technical difference by downvoting people when they point it out.
The point is that youtube-dl does more than just download videos. It can also be used for downloading metadata. I use -J to download metadata formatted as JSON.
Is that metadata protected by some sort of mechanism? Or is it just not queried by default using one's browser? I.e., is youtube-dl calling a public, unsecured API, or is it circumventing some sort of copy protection?
Because if it's just querying for metadata that anyone can already query for...your point seems immaterial as to the legality of the tool?
They're saying that sure, the name youtube-dl might well imply it's specifically for downloading things from YouTube, but that doesn't mean it's specifically for downloading video from YouTube.
Plenty of it? I regularly download the metadata and subtitles of entire channels or playlists so that I can search for specific words or phrases in thousands of hours of video. I know of no other way to accomplish this.
Subtitles are a perfect example of data that any normal browser downloads if you click CC, and can even be ^F'd if you click ‘Show Transcript’ on YouTube, but just happen to be orders of magnitude more useful if you control where they download to. I think you’re proving globular-toast’s point.
`youtube-dl --write-sub --write-auto-sub --sub-lang en --skip-download [URL]` (Then just use grep)
There's all kinds of cool stuff you can do with youtube-dl. For example 'ytsearch20:kittens' will get a playlist of the first 20 search results for 'kittens'.
According to their FAQ, c-span.org's search uses closed captioning to facilitate search (but they don't provide copies of those transcripts.) Perhaps that might suite your needs though.
GitHub is owned by Microsoft, who is a member of the RIAA who created this legal action.
For Microsoft to pay for the lawyers to take it down (via their RIAA membership payments) and also pay for the lawyers to keep it up seems... rather silly.
From the outside in, there are a lot of aspects of the legal system that look like this - welfare for lawyers. Unfortunately, fixing it requires changing the law and we've made of practice of sending a lot of lawyers to Capitol Hill who are very sympathetic to the needs of lawyers. It's probably the biggest self-perpetuating interest group there is.
Why didn't they start with youtube-dl though? They will defend developers and err on their side "going forward" but no not that one?
Surely they already had the legal manpower when the youtube-dl removal started making waves. The fact that they did nothing for over three weeks and are publishing this blog post right after the issue was fixed by someone else (EFF) makes it hard to believe their "changes".
In large organisations, with lots of tape actually getting the ball rolling on what is proposed with all the sign offs, funds allocated, people/resource allocated for the tasks.... It takes months, not weeks.
They probably published this off the back of a signed off proposal and may start implementing off the back of it early next year.
I'm not sure why this is so unrelatable to you but for me, daily business is, that things just take 1-3 weeks.
Legal manpower still means, that people interrupt their current tasks, which they properly have plenty of, to reprioritize something, others might even not care about at all or never heard of.
I stay with my statement and i have enough live experience, that i don't expect a 3 minute solution and answer from github.com
I didn't expect any "3 minute solution", but realistically they didn't even have to get the problem fixed. They could have pledged to assist youtube-dl by now, helped them file a counter-notice sometime this week (surely they can get 1 lawyer's time for pressing PR matters), and figured out how to deal with the human resource situation over the coming months.
Instead they found a million dollars (!!!), wrote a blog post with explicit commitments, but then waited on somebody else to step up. It just doesn't add up.
When Microsoft and the RIAA square off, the letter of the law isn’t really the battlefield. The battlefield is influence with the US Senate, and the EFF, while well regarded, is a Sancho Panza compared to Microsoft.
How has youtube not sent a cease and desist for the name youtube-dl?
They would most definitely have a case that the name makes it appear to be a youtube product. Would a cease and desist for the name only somehow imply that google has no issue with the functionality?
Because I know not protecting your trademark can lead to dilution. And by issuing takedown notices, they are showing that they are aware of the existence of this usage of the youtube trademark.
Youtube has to realize that a significant amount of content that people watch on its site is reaction, commentary, compilations, and other recycled content.
I think its for this reason that they don't go after these projects very aggressively.
> If GitHub were fighting for the developer they would have funded the attorney, right?
By expressively taking the side of the accused (such as paying their attorney), Github could have opened themselves to being liable for whatever youtube-dl does.
Having the EFF as an independent party sidesteps that issue.
Honestly, the name is problematic. Why do some developers insist on bad names? Stop the bad names .. unpronounceable crap like xoyx-mp4, zycx10 should also be avoided .. what's wrong with vidl, or something simple like that? .. I'm half joking, but it's worth underscoring.
The argument is that it doesn’t do anything that a web browser doesn’t do already, and there’s established precedent that it’s not “circumventing copyright” if it requires no secret knowledge.
"Downloading" doesn't mean "saving a copy" (unless you count "saving a temporary copy of its chunks in RAM"...). Most of my youtube-dl usage comes from its mpv integration, so the video is simply streamed directly for playback.
It support a gigantic amount of website, including audio one. Most of the time, I use it to have an offline copy of a podcast, radio show or some video that I might need to look at wherever I am not guarantee to have an internet connexion (very useful when travelling).
It also has a lot of useful option like downloading the audio only of a video, choosing the quality of the video/audio which might be hidden in the website you are trying to watch it from, download subtitle (this is just so useful), you can pass ffmpeg options also to post-process the video in one go, ... There is just so many thing you can do with it. One last example : one of my computer really struggle to watch video/stream directly from the browser (for whatever reason), but with youtube-dl I can stream directly to VLC/MPV and it use 1/10 the CPU comparing to watching the same video in the browser.
youtube-dl is a networked multimedia swiss army knife supporting many operations and manipulations of audio, video, metadata, and auxiliary content from many video and audio hosting sites and platforms, as well as serving as an access layer for several playback tools, including mps-youtube, mpv, and VLC.
Also their examples in their docs for youtube-dl included copyrighted content ...
I'll let the lawyers debate that whole thing, but IMO I think that was a bit of a mistake / bad idea. Granted, fixable, but maybe a lesson of something to avoid.
Actually it seems more like the EFF had nothing to do with it at all and the unit test patch is the reason it was restored - just like Github says in the blog entry.
Add to this that the original author recently posted a story about the origins of the youtube-dl script admitting it was designed to do:- download YouTube videos and name the downloaded files appropriately.
Under DMCA, neither writing a script like youtube-dl nor using it is prohibited (making an unauthorised copy of a video could be fair use).FN1 Section 1201 however prohibits distributing the script to others. Thus, the author of the script who "releases" (distributes) it is not necessarily the only one who might be violating the DMCA. Any recipient of the script who distributes it further, e.g., Microsoft, could be violating the DMCA as well.
FN 1. Section 1201 prohibits distributing technology that is designed to circumvent either "access controls" and/or "copy controls". Similarly, the act of circumventing "access controls" is prohibited. However, the act of circumventing "copy controls" is not explicitly prohibited. Making unauthorised copies, e.g., downloading YouTube videos, is subject to the defense of fair use. It is arguable that youtube-dl is only designed to circumvent "copy controls". As others in the thread point out, there are generally no "access controls" on YouTube videos, e.g., password protection. There could be exceptions. If youtube-dl is designed to circumvent geographic or age restrictions, would those be considered "access controls".
Aside from DMCA concerns, Google's Terms of Service for YouTube would appear to prohibit use of youtube-dl:
"The following restrictions apply to your use of the Service. You are not allowed to:
1. access, reproduce, download, distribute, transmit, broadcast, display, sell, license, alter, modify or otherwise use any part of the Service or any Content except: (a) as expressly authorized by the Service; or (b) with prior written permission from YouTube and, if applicable, the respective rights holders;
2. circumvent, disable, fraudulently engage with, or otherwise interfere with any part of the Service (or attempt to do any of these things), including security-related features or features that (a) prevent or restrict the copying or other use of Content or (b) limit the use of the Service or Content;
3. access the Service using any automated means (such as robots, botnets or scrapers) except (a) in the case of public search engines, in accordance with YouTube's robots.txt file; or (b) with YouTube's prior written permission;"
> To borrow an analogy from literature, travelers come upon a door that has writing in a foreign language. When translated, the writing says "say 'friend' and enter." The travelers say "friend" and the door opens. As with the writing on that door, YouTube presents instructions on accessing video streams to everyone who comes asking for it.
For those that haven’t experienced the joy of Tolkien’s writing, this is a reference to the Elvish inscription on the Doors of Durin in The Fellowship of the Ring, that is simultaneously a riddle and literal instructions on entering.
Fun fact, that inscription also contains of the few continuity errors in published Tolkien material. It starts with:
> The Doors of Durin, Lord of Moria
but as the Tolkien Gateway explains:
> The name Moria means "Black Chasm" and was a derogatory description of the place which the Dwarves did not like, and was given after Durin's Bane took over the city in the Third Age. It is therefore a mystery why that name appears on an inscription made in the Second Age, and made in consent with the Dwarves.
The most common "mitigating explanation" I see is that Tolkien, the "translator," perhaps used the name the reader would be most familiar with (Moria) instead of the city's real name (Khazad-dûm) when transcribing the door's inscription.
Another fun fact is that, the doors were built in cooperation between Elves and the Dwarves. Celebrimbor (also the guy who made all the rings except the one) and Narvi.
The friendship between an Eleven and Dwarven kingdom was kinda rare.
Definitely. Enmity between elves and dwarves is a deep theme in Tolkien's world. The Silmarillion presents several in-universe historical events responsible for that enmity. It's also foreshadowed by "God" (Eru) when he grants life to the dwarves.
Friendships between the elves and dwarves are as a result considered very special, which is why Gimli and Legolas's friendship in The Lord of the Rings is such a big deal.
Not OP, but I think he was referring to The Lord of the Rings: The Fellowship of the Ring (2001)[0] which grossed $887.9 million and won 4 Academy awards[1].
> Not OP, but I think he was referring to The Lord of the Rings: The Fellowship of the Ring (2001)
OP referenced "over 90% of HN readers", who are notoriously out-of-the-mainstream nerds[0], so he probably was referring to The Lord of the Rings (1978) [1] which grossed $33.7 million (which seems a lot less than the 2001 film, but is pretty similar as a multiplier on its budget.)
Of course not. That's why they said 90%. You could argue it's 50% or 23.2832%. But there is a percentage of HN which has seen the movie if the OP has seen it.
Obviously there's a percentage that hasn't seen/read it if you haven't either.
I personally agree, but there are some interesting counter-examples. For example, if someone discloses the credentials to an account but says nobody is authorized to use those credentials, I think it violates the CFAA to use those credentials. Even more-so if they only tell you their username, but the password can be inferred without direct disclosure (e.g., if the username is "thepasswordishunter2").
CFAA covers unauthorized access to computer systems - the only case I know of where CFAA was used to prosecute something akin to a DMCA 1201 claim was Sony suing Geohot for putting a tweezer to the RAM on his PS3. It's a novel legal strategy (in case you don't think DMCA 1201 is broad enough), but it was never entirely litigated in court as Geohot settled the case. I still don't think it would have passed muster in court, as it was akin to arguing that someone had violated the CFAA by hacking into their own computer that they forgot the password to. (Either that, or Geohot was poking at PSN and Sony knew this - I never followed that particular case thoroughly)
It's been a while since I've read about it, and I'm not a lawyer, but my recollection is that geohot said he deliberately kept his PS3 offline once it was compromised, and Sony's counterargument was (in effect, via some truly mind-bending equivocation) that geohot compromised the PS3 (the abstract computer for which authorization presumably proceeds from Sony) as opposed to his PS3 (the specific computer for which authorization presumably proceeds from geohot). Since the PS3 interacts with PSN, geohot had thereby gained unauthorized access to a computer used in interstate and foreign commerce.
It's one of those arguments for which I have a hard time deciding whether it's fiendishly clever, gratuitously obfuscated, or jaw-droppingly stupid.
I have become convinced that the RIAA lawyers emerge from their crypts every few years, generating a slew of copystrikes to justify their retainer fee.
Some guy wrote a tool to intercept the keys for level three on windows. Most streaming services offer only low-quality streams with level three, but big G dmca'ed the repo and most forks. Mirrors are still up all over, though; here's one: https://github.com/kipyegonmark/widevine-l3-decryptor
They are looking for that one time where people are either not paying attention or are too exhausted to care. What is the saying? We have to win every little battle, but all they have to do is win once.
> generating a slew of copystrikes to justify their retainer fee.
Considering how they were able to change social media to favor the copyright owners, I'm betting whoever is paying them feels the fees are justified.
This software makes it easy for people to download copyrighted movies and the RIAA attorneys (at least some) are acting in good faith to prevent people from breaking copyright law and causing their client damages. Can someone argue against me please?
(genuinely contribute to discussion by arguing against my own biases, call me a moron instead of downvoting)
Creating or providing a tool and using a tool are not the same action. Likewise, since there are legal fair use scenarios of copyrighted materials (short clips, criticism, satire, academic, etc) so even using the tool isn't inherently against the law and the person creating or providing the tools can't know and legally doesn't need to know the end user's intentions.
Copyright lawyers working for the highest profile abuser of copyrights absolutely know the very basics of copyright law and are therefore acting in bad faith.
So, similar to Popcorn Time then WRT providing vs using? The RIAA lawyers are bringing cases that are disingenuous, because they already know they're covered by fair use?
So to pick a worst case scenario, a pirate uploaded _Spiderman_ to Youtube with the intent of letting people get _Spiderman_ for free using this software. In that case, it's the uploader that's legally liable? Does the RIAA have a case?
Drug paraphernalia has a specific use (or at least, let's assume that for the sake of argument), but youtube-dl is more like a crowbar that has legal and illegal uses.
If I have a crowbar I can legally use it all day long for construction purposes. As soon as I'm caught breaking into a house with a crowbar, it's classified as burglar's tools. At no point is the hardware store or crowbar manufacturer liable for a burglary for selling me a crowbar.
I don't know what the laws are on possession, but before marijuana was legalized it was far, far easier to buy a bong than the weed to smoke in it. I'm wracking my brain to try to think of a piece of drug paraphernalia that is illegal to sell or illegal to possess in the absence of the drugs themselves.
In the state I live in it's illegal to to be in possession of any paraphernalia. Thats why you cant buy a bong anywhere, but can buy a water pipe at every corner store headshop.
That being said it's a petty misdemeanor that does not result in any jail time until your third infraction.
That piracy causes client damages is a debatable point. Studies have shown those who pirate software, movies, television, etc., will rarely use or consume that content if they didn't pirate it. I know way back when, when I pirated stuff voraciously, if I couldn't find something I just never read/saw/used it. Not once in my life have I spent days or weeks trying to pirate something only to turn around and pay for it. Some (not all) studies even show that in the case of software, piracy in some cases leads to legitimate use, i.e. purchasing.
Now there's no doubt that piracy violates copyright law. We can debate whether or not that's a good thing, whether the laws in question are just, etc., until the end of time. But it's not a foregone conclusion that piracy has any negative economic impact on copyright holders.
Git+your OS make it easy to acquire this software,
Your browser and OS collude together to make it easy to run it,
The elecric supply to your house makes it easy to run the computer that runs the OS,
...
Do you really want a world where this scumbags should go after everything that "makes it easy" to do illegal activities?
By this right, Zoom/ Google Meet / Teams have screen recording that would allow for this as well. How deep should we go down this hypothetical rabbithole?
Even if we take that as a given, my response would be: "Yes, so what?"
The software also a long list of legitimate uses, as was demonstrated by the various prominent users that spoke up.
I can use the camera on my phone to record a copyrighted movie, and thus circumventing the DRM, or just use a device like this: https://www.amazon.com/StarTech-com-USB3HDCAP-Video-Capture-... (analog VGA is probably preferred here, for lack of HDCP support).
And that is only necessary if we're talking about some modern DRM that makes your OS work against you, so you can't directly capture with OBS or something.
An awful lot of tools provide the opportunity for their users to break the law, and yet we still sell those tools and place the onus of following the law on the users. While guns are the obvious example, lockpicks are widely and freely available, as are a whole host of other items with which one could commit nefarious deeds.
Copyright law seems to be one of the only areas in which the fact that someone Could use a tool to commit a crime seems to be grounds for criminalizing the tool and not the act.
All who live in silicon Valley of course. You seem to have forgotten that "making world a better place" is a mantra repeated across the entire IT. I presume if Facebook employees actively think that, so can RIAA lawyers
I'm convinced the companies considered as 'evil' now didn't think they would at first either. Something something unintended consequences.
I mean Reddit; bastion of free speech or platform for hate speech? (they cracked down on that over the years)
Dropbox; File synchronization and sharing platform or child porn exchange?
Airbnb; Great way to find an affordable place to stay and / or rent out unused room, or platform for dodgy landlords that scam people with pretty pictures?
Coinbase: Platform for libertarian wet dream crypto exchange, or platform for laundering your ill-gotten gains?
Just to name a few YC examples. Everything can be used for bad things and make the world a worse place, and they don't always do the right thing.
But who goes into being an RIAA lawyer position thinking it’s going to be good at first? You have to have believed in the RIAA’s stance from the get-go because it hasn’t really changed.
I was at the Grammy’s one year and at the industry lunch the day before, I wound up at a table with a bunch of lawyers for the labels and the RIAA. It was an interesting position for me to be in, as someone who has been quite critical vocally of their positions and tactics since I was a teenager.
Anyway, everyone was cordial and professional and we didn’t really get into debate too much — and I was clearly the odd woman out, not a lawyer or in agreement with their position — but I walked away from the lunch with the belief that at least most of them absolutely believe they are fighting against what they see as abuse against copyright and ownership and that they see themselves as protectors of the industry, and to a lesser extent, artists. Now, I disagree that their tactics really succeed and would argue that ignoring the push of technology has hurt the music industry and especially artists, but I also accept that it is valid for people to have a completely different view from me. And it’s important to be exposed to that on occasion.
I’ll also say, as I was waiting for my Uber to take me to my next meeting, I saw valet bringing out $200,000 cars for many of the people I had politely been debating with earlier. I’m sure the money doesn’t hurt.
Not unlike my friends who work for tech giants that many of us find abhorrent but get $400,000 in stock grants a year.
Yep. You’ll often find there is nuance to these debates and people will justify their side by blowing the upsides out of proportion and minimizing the downsides.
They’re rent-seeking, and probably view themselves as necessary redistributors of wealth, like landlords, but for copyright enforcement and expansion instead of housing.
Having reddit crack down on hate speech makes it a corporate shill-chamber/chicomm focal point, along with an anti-1A and against American-rights. The evil is always there with these companies brother.
These are good questions /examples, except Coinbase? I'm sure there's something else that could be applied, but doesn't seem it's a place to launder money. They were the first to supply IRS/Treasury Department with detailed records of every customer transaction.
Not everyone here is directly involved in the startup culture and yes, technology and disruption can get shady. But "at least I'm not a lawyer" is a low, low bar to clear.
I work on managed databases. I actually do think that is a positive effect on the world, like many other obscure but important pieces of infrastructure.
Eh, I don't think that's fair. Lots of people here make society a better place, as do the companies and organisations they work for/contribute to.
Sure maybe you could argue that Facebook and Google don't make the world a better place. Maybe a bunch of other FAANG companies.
But not everyone here works for one of those. I don't, and I'd say my work probably improves society in a certain sense (depending on whether web development/UX design/usability work does that).
Well anyone who voluntarily enters into a work for hire arrangement is making society a better place. The employer wouldn't have done it unless they were benefitting and likewise for the employee. What is important is doing something people want.
That is definitely not the case. There are plenty of employers making things worse. One of my first jobs was for a telephone fundraising outfit. We'd cold-call people, manipulate and like to them, so they'd donate money for our charity of the week, and keep 85% of it.
Making society better requires actually making society better. You have to weigh the total societal positives against the total societal negatives.
OK let me qualify my answer. Voluntary financial arrangements are beneficial to society that do not harm others. The government in capitalistic systems enforces the rule that you can't harm one another arbitrarily. So an assassination contract would be illegal. Also, defrauding people with cold calls of their money is illegal. In short, LEGAL voluntary arrangements in a free market are beneficial.
That's progress, but you haven't accounted for negative externalities or the varying shades of "voluntary" that exist. Both of which occur in pretty much any job people take these days.
This is the Just World Fallacy. It's not necessarily true that spending money benefits society. You can spend money to harm society, with or without intention.
And this is just one (extreme) instance of “person A pays person B to destroy person C's value, for net harm”. Imo, the only failing of capitalism is that one can profit by destroying other people's wealth (though this is probably splitting hairs, given how varied the ills that come from that).
Everybody has their price. For some people, it's low enough that they'll actually do the evil things and not lose sleep over it.
Technology has had an impact on nearly any industry you can think of. As such, there is no shortage of tech work outside of ad tech. Ten years ago I worked on ad tech shit for Amazon, but I quit when I realized that made me a parasite.
I don't work in food delivery, but I'd say getting a pizza from point A to B is a hell of a lot more productive than being a lawyer for the RIAA.
There is zero need for a multinational between hungry people and food delivery. Inserting them raises costs, lowers service quality, and lowers revenue to restaurants.
Off topic, but I would like to note this thread's congruence to Snow Crash:
There's only four things we do better than anyone else:
music
movies
microcode (software)
high-speed pizza delivery
I was thinking more along the line of the people who actually deliver the pizza. It's an honest job, unlike being an RIAA lawyer or ad tech programmer. But next to either of those, even delivery app developers are saints.
> There is zero need for a multinational between hungry people and food delivery. Inserting them raises costs, lowers service quality, and lowers revenue to restaurants.
Nonsense.
Everyone I live with went from not ordering any food to using UberEats weekly because it's so much more pleasant than interfacing with every restaurant directly, having to carry cash to pay and tip, having on easy way to answer "what's open right now?", etc.
All these restaurants are getting money they would have never received from me had the app never existed. And everyone I know uses UberEats and will sheepishly admit they use it way too often.
You should talk to people who use UberEats before you assume it provides zero value to anyone, not sure what else to say. Maybe you can do the same for Uber as well.
Yeah, same. Years ago I did work for a medical advertising company. They were lovely, smart, creative people. But the more I thought about it, the more I didn't want to aid for-profit manipulation of people. I've stayed away from ads since, and never regretted it.
Exactly, I'm not fan of these type of lawyers, but they aren't even close to the same level of damage being done by people who work at places like Facebook.
I'm sure it's the usual case of a large enough salary helps you to forgot what a piece of shit you are.
It reminds me of the famous quote by Upton Sinclair: “It is difficult to get a man to understand something, when his salary depends on his not understanding it.”
While I agree with you, I'm pretty sure that a lot of people are grateful about food delivery given current events. At the very least, it kept some people employed and businesses in operation.
In their self view they ensure that artists earn money for their living, thus allow artists to survive. And there is some truth to it. Finding the right balance is hard ... but in my view they "rights holder industry" is too strong indeed.
I think its probably similar to medicine in that there is a gigantic industry of middlemen that suck money out of the system and make far more than the actual service providers
"The Value of Everything" by Mariana Mazzucato. Great book. Central thesis: there are value creators and value extractors. Value creation is very connected with most people's idea of "progress". But value extraction is parasitic, and dominates more and more of contemporary economies.
I'd agree. If copyright wasn't valid after death + 70 years
Of course they don't do only that, they also have to spend their time crafting abusive contracts and extensions in detriment of artists and in favour of big recording companies.
I'd be interested in seeing how much money from their suits gets to the artists, or even to distributors - or what effect on revenue their deterrence causes.
Right, these lawyers are parasites sucking blood not just from society in general, but also blood from most of the artists ostensibly represented by the RIAA. If any artists come out ahead from anything the RIAA's lawyers do, it's only the elite already-wealthy ones.
They made 820 million € in revenue, 128M€ are their "costs", 692M€ of that 15% are their fees, remainingnis split between labels and artists and artists got 316.5M€, thus a quite low fraction ... and in German law the creator is theoretically stronger positioned than in US copyright.
(Now this isn't 100% fair as analysis, as some of the payments to labels go to artits, as well and labels also do some marketing etc benefiting the artist ... and then there is this weird distribution mechanism where a successful artist gets over proportionally more ... but in the end: "small" artists only get a very tiny part of the cake)
To clarify: GP asked about "how much money [recovered from the lawsuits] gets to the artists". The revenue you're quoting is mostly not from lawsuits, it's regular license fees paid by broadcasters and event organizers.
It's not really a secret. The music industry has always been about concerts: radio play (or streaming, which uses the same revenue model) doesn't pay anything and artists get pennies on the dollar for record sales. The RIAA represents record labels more than artists.
This is neither here nor there but Nobel Prize winner Gerard 't Hooft has written an opinion piece on wrong-way drivers in science who seem convinced that everyone else is going the wrong way [1] (it's in Dutch unfortunately, but then the Dutch the word 'spookrider' (lit. 'ghostrider') is a lot cooler than 'wrong-way driver' IMHO).
It's a concept that's somehow always stuck with me whenever I hear about people who seem convinced everyone else is wrong.
The whole writeup is a tantrum on why you should stick to "well known" facts. Which sounds to me too much like asserting the truth of things without questioning them. Yes, there are a lot of fools out there whith a spookrijder complex that are a detriment to science. And I would assume a well-known professor would rightly get tired of their emails.
He only shortly adresses at the end that radical ideas are precisely what is needed for progress in science.
I do not think this dismissive mentality does the situation any good. If someone comes with a radical but stupid idea, you need to first recognize the merit in the idea, and then show why it is wrong. Bashing someone with "you cannot create free energy" will only encourage him to waste his time trying to prove you wrong.
I suspect a lot of these spookrijders are curious and fairly smart people, but who's ideas where offhandedly dismissed by a teacher one too many times.
'Everybody' thinks RMS is wrong. He has the worst case of Cassandra's curse I've ever heard of.
But I think it tends to not work like this. Incidentally, the flat earth thing is mostly a myth; literate people have know the earth is round since the ancient Greeks figured it out. Columbus was ridiculed for thinking the Earth was smaller than it really is (his critics were right) and the only reason his trip didn't end badly for him is shear dumb luck in running into another continent in his quest to reach Asia the looooong way around.
That educated people believed that the Earth was flat is largely a myth. Not only people knew the Earth was round since antiquity, but they also had a good idea about its diameter.
Heliocentrism was a bit more debated but for good reasons. Early heliocentric models were actually worse than contemporary geocentric models to calculate the motion of planets.
All that to say that "everyone else is wrong" doesn't happen often in practice, at least not among educated people. And when that happens, either the evidence is solid and it is generally well accepted or it is not, and there is no reason for others to accept it. The burden or proof is for the one who makes the claim.
To go back to heliocentrism, the reason it is the prevailing theory right now is because the model has been refined and now, it matches observation better than older models based en epicycles. It is not because of some philosophical reason about our place in the universe.
Spookrijder translates literally into ghostrider, which is a lot nicer than wrong-way driver.
The joke here goes that on the radio there is an all-bands emergency announcement about a ghostrider on A2, the main artery of the country, between Amsterdam and Utrecht.
In one of the vehicles on that road someone mutters 'A ghostrider? Bloody idiots, there's thousands of them!'.
I mean, if we believe it benefits us to have copyright laws, then obviously it benefits us to have copyright lawyers, and the rest is just implementation details. I'd wager 99% of people believe copyright laws are a net good.
> I'd wager 99% of people believe copyright laws are a net good.
If asked, a majority might say that (though IMHO nowhere near 99%). Their actions indicate otherwise, however, and a person's beliefs are better judged by their actions than by their words.
Everyone thinks they're saving the world. I'm sure the RIAA sleeps soundly knowing they're defending the rights of creative individuals to make a living and holding the line against the scourge of amoral nihilistic pirates.
> Everyone thinks they're saving the world. I'm sure the RIAA sleeps soundly knowing they're defending the rights of creative individuals to make a living and holding the line against the scourge of amoral nihilistic pirates.
Amoral Nihilistic Pirates would be a great name for a band.
Everyone is the hero in their own story. Few people actually gleefully play the scoundrel. The ability humans have to self-rationalize is amazing. And even when folks are doing something they know is wrong, often it gets justified in the balance: the victim deserved it, the perpetrator is Robin Hood and proceeds will benefit those who need it more, the action makes up for a historic injustice, etc ...
People may not play the scoundrel much, but I see plenty of people playing the ronin, the soldier of fortune. E.g., the contract programmer on a 6-month gig where they know the project is fucked, but as long as the check clears, it's not their problem. The sysadmin who doesn't much care what's on the servers. Plenty of others, for sure.
I doubt it. Every time there's an article on here about the latest outrage from $FaceGoogzon there's no shortage of well-paid rationalisers in the comments. I'd expect the same is true of the RIAA. Especially among their legal team: there are far more unseemly clients than the RIAA out there.
Yup. After the mortgage bubble burst, I saw a lots of posts from people in the industry who knew something was wrong, but as long as they kept making commissions, they weren't going to question anything.
I don't really think so. I think a lot of people are just doing something because it's a job. And a lot of people are sound with being sheep and just following the rules because they exist, and don't like the discomfort that comes with questioning everything on a deep level.
> I wonder if RIAA lawyers believe themselves productive members of society, or if they recognize themselves as the parasites they are.
At least one way they could rationalize their actions is by taking an outlandish but not uncommon view of property rights: that no one would bother to create anything without being able to profit from ownership of it, and the more they can profit the more they'll create.
There's also the even more outlandish view that whatever the market does is good for society by definition, so if the market pays you to do something you can assume it's beneficial to society.
I think if people are paid well enough, they can convince themselves that the harm they do is a net positive because it demonstrates that the system needs to change.
I wonder this about a large majority of corporate lawyers who somehow seem like members of a parasitic species which has found a host which they can exploit for resources by inducing changes in their behaviour, comparable to the way the Toxoplasma parasite makes mice less scared of cats [1].
It's a shot across the bow, to achieve a chilling effect. They've achieved a few weeks of downtime, for now, and sent a message to the project that they're being watched. It might well not be the end of hostilities.
I think you may be right about the fight not being over, I don't think they actually achieved any downtime. Youtube-dl didn't stop working for me while the takedown was in effect, and was even updated during that period.
In terms of usage, yes. In terms of development, we'll have to see. I am an optimist, but I have to recognise that good devs tend to skew away from opensource projects that are in lawyers' crosshairs, because they bring more trouble than fame.
The way I read it, the test cases weren't really the problem. The RIAA was alleging that the purpose of youtube-dl is to circumvent DRM and they try to back this statement up by pointing out that copyrighted works are being downloaded in the test cases.
Here is a bit of a discussion about it by seemingly knowledgeable people:
> > the source code expressly suggests its use to copy and/or distribute the following copyrighted works owned by our member companies:
> > Icona Pop – I Love It (feat. Charli XCX) [Official Video], owned by Warner Music Group Justin Timberlake – Tunnel Vision (Explicit), owned by Sony Music Group Taylor Swift – Shake it Off, owned/exclusively licensed by Universal Music Group
> Complainants are "confused" about actual infringement (which is prohibited by copyright law), and creating a method for infringing copyright. Under DMCA and US copyright law, copying is infringing, programming is not infringing. The complaint does not clearly allege unauthorized copying of another person's intellectual property, and their complaint is based on the theory that certain programming actions constitute copyright infringement. I don't actually think they are confused, I think they are testing the boundaries.
Hmm they seem to be taking it from the approach that RIAA was sending a takedown on the grounds that youtube-dl was infringing on the copyright of their members, but that doesn't seem to be what the actual takedown claims. Instead it's requesting takedown on the grounds that youtube-dl is breaking protection measures in violation of 1201, and the answer given doesn't really address that except to say that breaking protection measures isn't infringement (which wasn't what they claimed in the first place).
EFF represented youtube-dl to get the repository reinstated, and their lawyers instead tried to prove that YouTube doesn't have DRM, and that the test cases provided were neither suggesting other people to infringe, nor infringing themselves (falling under fair use). The full response is here: https://github.com/github/dmca/blob/master/2020/11/2020-11-1...
My experience has been that Github doesn't ever purge commits from the history. Even when you rewrite the history, all the dangling commits are still there and can be access. I've yet to find a way to force Github to do a gc so such commits are removed. Without Github running a GC on the repo, the commits will not be removed.
Pushed secrets in public repos are automatically archived by third parties so removing commits containing them would not be enough to prevent their use, just rotating the secrets is the way to go here.
Yes, and I unfortunately still see no argument related to the DMCA's provision that breaking copy protection is legal if you have a license to use the work. In this case, a license to use it via a specific browser is not mentioned, so you can rightly download it with anything.
This was the suspected cause for py-kms's reinstatement but as it related to Windows licensing.
It would have been fantastic if every test using RIAA copyrighted music had been replaced with public domain sources. Or, better yet, videos the maintainers created and uploaded themselves.
Just about all music you can find online is copyrighted. I think you mean that it applies the protection only to music where the copyright is held by a large organization.
The amount of publicity this generated for youtube-dl is astounding... I would love for this to be a ”the plan to get rid of youtube-dl backfired badly for RIAA” ending. But I guess RIAA is reviled enough already so nothing they do really matters. So I suppose the hope is that some political will to change the laws around this arises from it.
I don't think it's about whether they're reviled enough yet, but rather whether the actions they're taking are likely to engender effective activism and organised political opposition to their agenda.
In this case, it looks like they've discovered that the community isn't asleep at the wheel and that this isn't the hill they want to die on.
True. It seems we need to wait for a generation of media-consuming legislators to age into the Senate to get past The Eagles complaining that their music is being "pirated" on Tik Tok.
As someone who is old enough to have heard The Eagles when they first came out, this is hilarious. No offense to Eagles fans, but they were mostly forgettable Top 40 from the get go.
If the RIAA notice is to be believed, you've still admitted to a crime as you've bypassed YouTube's DRM, which is their hosting of the video in other public links.
Netflix sends the videos to your computer with a form of DRM and then uses a key from either your browser or hardware to unlock the content. That is nothing like YouTube, which sends both the links and the media to you unencrypted.
Youtube-dl's counter claim states that though those lines of code did not violate the DMCA, they have replaced them with videos without copyright music.
That sounds like they didn't really have any reason to make major label music videos part of the tests, it was just a developers personal preference. Though, it doesn't prove this is the case.
That commit details the replacement of the music videos with a generic test video, exactly what I said. I'm unsure how it is supposed to show it is not the case.
Incorrect. There's a single green line that has an alteration to replace a music video ID "UxxajLWwzqY" in a test case that actually only makes use of ID "BaW_jenozKc" ("Use the first video ID in the URL").
The removed "Test generic use_cipher_signature video (#897)" case did make use of ID UxxajLWwzqY.
I see what you mean, but the extractor file still features how to deal with videos containing the cipher, all that was removed was the tests. Testing the generic cipher video may have been ruled unnecessary as it's universal.
That's the partial win here - repo restored with tests referencing the RIAA related videos removed but the code dealing with the rolling cipher itself still intact.
And next time youtube makes one of their frequent changes to their website the extractor will break in some way. Somebody will work to fix it and make use of the same tests, only now some of them won't be in the public codebase.
Some clever people working for the RIAA might have suggested to their lawyers that they take down the youtube-dl repository to generate some publicity around the project.
And now they are pretending "What is this youtube-dl thing everybody is talking about recently?"
RIAA, you are heroes. That's very nice to promote underfunded free software projects like this.
> So I suppose the hope is that some political will to change the laws around this arises from it.
We had mass demonstrations across Europe with the Article 13 fiasco and nothing happened.
Revolutions aside, copyright will never be reformed anywhere in a consumer friendly manner - politicians are way too deep in the pockets of the industry.
All the parties that were pro reform in the "article 13 fiasco" will still get votes. Unless people grow a brain and start remembering things, they will just get away with anything unless it happens right before an election. Alas, we evolved from monkeys, not from elephants.
Rather interesting that GitHub decided to restore access 1 day after receiving the EFF's counter notice, instead of waiting 10 days.
As a brief legal recap, in 1998 the DMCA added §512 [1] to US copyright law, which established a mechanism for shielding 'service providers' from liability for content posted by users (known as 'safe harbor'), but only as long as they follow formal procedures (known as 'DMCA takedown') to respond 'expeditiously' to remove content when they receive a notification claiming infringement, but also to restore access "not less than 10, nor more than 14, business days" after receiving a counter notification claiming the removal was a mistake.
In the post, GitHub implied they removed the youtube-dl repo after receiving the RIAA's formal takedown notice in order to 'comply with laws', and the law also required them to restore access after receiving the EFF's formal counter notice. However, the counter notice was sent yesterday and they restored access 1 day later, not waiting the legal minimum of 10 days. In restoring access so quickly GitHub isn't fully complying with §512, opening themselves up to liability if the RIAA decides to pursue legal action.
Perhaps a symbolic gesture to restore access a couple weeks before they would have been legally required to restore access anyway, but nonetheless interesting to see their willingness to set aside §512 safe harbor protections in the future if their reading of facts suggest a takedown claim doesn't have merit.
The youtube-dl incident was not a section 512 takedown. There was no infringing material, i.e., content, to remove. The RIAA letter made no mention of section 512, referring instead to section 1201. Neither did this letter from EFF refer to section 512. This was not a section 512 takedown. The rules in section 512 do not apply.
The 'copyright violations' section of the RIAA letter (regarding the unit tests) was clearly a standard §512 notice alleging copyright infringement. Even if §512 wasn't explicitly mentioned, it's still a legally effective notification of claimed infringement.
> The rules in section 512 do not apply.
Assuming you're referring only to the §1201 'anticircumvention' portion of the claim (the main focus of the GitHub post), whether this portion is also subject to §512 rules is a little more ambiguous. §1201 defines a trafficking violation separate from copyright infringement itself, but some court rulings have established a requirement that §1201 violations establish a 'nexus' to copyright infringement in order to be valid. If this requirement holds, §512 safe harbor protections could indirectly cover §1201 claims as well. However, because there's a circuit split on the issue, unless GitHub is sued on this exact point it's impossible to say for sure what rules would apply in this specific case.
In any case, GitHub handled the 1201 takedown claim in reference to its established, documented process in handling takedown notices and counter notices [1], except for the fact that it didn't wait 10-14 days after receiving a counter notice before re-enabling this content. The deviation from their published policy is still itself noteworthy.
I could diasgree about the unit tests because I could argue the script only circumvents copy controls, not access controls (if any member of the public can access those videos on YouTube). Because the RIAA letter provided no location of an infringing copy to be taken down, I can argue the letter cannot be a section 512 notice. Further, the content taken down by Github in response to this letter was not an infringing copy.
It is not clear that the unit tests, if performed, amounted to anything more than fair use. Under the DMCA, it is not necessarily infringement for the script author to circumvent copy controls; section 1201 prohibits sharing copy control circumvention technology with others but does not prohbit the act of copy control circumvention.
If one wanted to make the argument that DMCA 512 safe harbor applies to a section 1201 notice, then I am surprised there has been no mention of "material that is the subject of infringing activity". This language is found in section 512 and in many standard DMCA notice instructions, e.g., Microsoft's
The youtube-dl script itself is not infringing material. However is it "material that is the subject of infringing activity". If the script only works to circumvent copy controls not access controls, then those unit tests, i.e., the making of unauthorised copies, that may have been performed by the developers, i.e., suspected "infringing activity", are subject to a defense of fair use. If it is fair use then it is not infringing activity and the script cannot be "material that is the subject of infringing activity".
> Assuming you're referring only to the §1201 'anticircumvention' portion of the claim (the main focus of the GitHub post), whether this portion is _also_ subject to §512 rules is a little more ambiguous. §1201 defines a trafficking violation separate from copyright infringement itself, but some court rulings have established a requirement that §1201 violations establish a 'nexus' to copyright infringement in order to be valid. If this is true, the §512 safe harbor protections could indirectly cover §1201 claims as well.
I don't think that even if the first is true, the second is true: even the courts that hold the "nexus" position don't, AFAIK, hold that Sec. 1201 liability requires that the trafficker be already liable for contributory infringement, only that there be a connection of the trafficked circumvention measure to infringement.
OTOH, if its not covered by the safe harbor provision, that doesn't mean notice of the violation is irrelevant; knowledge is explicitly relevant to one route to liability under Sec. 1201, and arguably necessary for any of the others; notice potentially take the host from being an exploited bystander to a liable trafficker, provided that they do not take action to end the trafficking on their platform.
> I don't think that even if the first is true, the second is true: even the courts that hold the "nexus" position don't, AFAIK, hold that Sec. 1201 liability requires that the trafficker be already liable for contributory infringement, only that there be a connection of the trafficked circumvention measure to infringement.
Good point and important distinction- not to say that courts holding the 'nexus' position have already established Section 512 protections for Section 1201 violations, just that I could imagine a legal argument extending the position along these lines. If Section 512 protects services from liability for user-provided software that contributes to copyright infringement, it should also protect services from liability for user-provided software designed for the circumvention of technological measures protecting copyright infringement.
At the very least in the absence of further clarity, it makes sense that GitHub seems to apply section 512 law consistently across Section 1201 claims in addition to copyright infringement claims, not only to simplify their legal procedures but also to leave such a theoretical defense available to them in case they ever need it.
> Perhaps a symbolic gesture to restore access a couple weeks before they would have been legally required to restore access anyway, but nonetheless interesting to see their willingness to set aside §512 safe harbor protections in the future if their reading of facts suggest a takedown claim doesn't have merit.
Do the DMCA legal requirements differentiate between good faith and tortuous takedowns? Meaning, is that 10-14 day range set in stone even if Github believes that the request was flagrantly over reaching or do they lose safe harbor protections right off the bat? Has this issue been litigated enough that there would be clear precedent?
After reading the EFF's letter a little more closely, I realize now that it wasn't even a formal DMCA counter notice representing the repository owners, just an informal legal rebuttal of the original claims. Oops. So GitHub wasn't legally required to restore access at all even after 10-14 days, since no official counter notice was ever received.
That makes it more significant (not merely symbolic) that GitHub chose to short-circuit its DMCA process to restore access and open themselves up to liability in this case.
Not true. The first sentence of the first paragraph make mention that the EFF is representing the youtube-dl developers. An attorney-client relationship.
> The Electronic Frontier Foundation represents the current maintainers of the youtube-dl software utility, a free software project that uses GitHub as a home for development.
Thanks for pointing out the mention of representation. However the letter still lacked two required elements for it to be an effective formal counter notice:
- §512(g)(3)(C): A 'statement under penalty of perjury' that the material was removed by mistake.
- §512(g)(3)(D): A statement 'consent[ing] to the jurisdiction of Federal District Court for the judicial district in which the address is located', and to 'accept service of process from the person who provided notification'.
These are also noted as requirements in GitHub's counter notice policy [1] numbers 4 and 5.
I think it's also telling that GitHub never referred to this letter anywhere as a 'counter notice', only mentioning it as 'new information' they received about the project.
Why did the EFF have to step in here? What did the EFF letter provide that GitHub couldn't have figured out itself? If GitHub really was "standing up for developers", why couldn't Microsoft's own army of lawyers figure this out?
If youtube-dl (or any OSS project) continues to use GitHub, I hope they have a backup plan ready at all times. Even if GitHub truly is on the right side, they've proven themselves to be a liability for legitimate projects.
> If GitHub really was "standing up for developers", why couldn't Microsoft's own army of lawyers figure this out?
I think the 'What we're changing' section is the real interesting part of this post regarding this. I read this section as a half-apology for not doing enough to stand up for developers in this case (allowing the repository to be taken down to begin with), and a promise to do more in the future to prevent this kind of thing from happening again. We'll have to wait and see if their future actions match this promise.
They reinstated the repo without going through the usual DMCA counter-notice process. Which would require youtube-dl to file a counter-notice, and then to wait some amount of time for the original complainer to respond, before reinstating the content.
I think there are few if any major other hosts who would have done this -- although perhaps with the example set here, more will going forward?
Honestly, I don't totally understand how you can get away with being as protective of the person receiving a takedown notice (in this case developer) as github has been, under the DMCA. It is unusual.
Compare for instance to gitlab.com's DMCA workflow. (Which it is amazingly awesome that gitlab has all their policies/workflows like this public and transparent, which github does not, true!). Following this workflow, youtube-dl would still be down, until/unless "there was a valid counter-notice and no response has been received from the plaintiff within 10 days of the counter-notice being forwarded"
So yes, I would say that github has already acted in a way to stand up for developers, in reinstating youtube-dl already, and in changing their policies for the future further. Even in their present actions, they seem to be really pushing at DMCA safe harbor allowances.
Yeah. The way I understand it GitHub is really putting their money where their mouth is. The easy way out is to push the liability onto the user by making them file a counter-notice. This way GitHub is taking on some liability.
I'm guessing youtube-dl might be a really strong case for GitHub if they'd happen to get sued, so it makes a lot of business sense to take a stand on it. The get much needed goodwill from the developer community and get to send a strong message they're not interested in being the messenger for weak DMCA claims.
GitHub/Microsoft management deserve credit for recognizing the long term value (to them) of pushing back hard against frivolous DMCA claims.
The thing is, Microsoft can actually afford a LOT of risk of legal bills in return of developer goodwill, apart from how strong a case it is. Especially since Github somehow seems to have been losing developer goodwill lately.
This is not a dig -- few companies can afford to take a legal risk that Microsoft can (even on a strong case, most companies couldn't afford the legal bills of standing up to RIAA), and it's GREAT that they are choosing to, setting a standard.
It will in fact be really hard for gitlab to do similar though, they can not afford a lawsuit from the RIAA like MS can. (And the RIAA is really unlikely to sue MS unless they really think they have to, cause they know they're outgunned_.
Did you read the new policies? It sounds like in the future it will be way more difficult to get repos taken down with DMCAs, and even for legitimate ones they'll allow devs to respond or fix the repo before it gets removed.
Maybe GitHub didn't nail it this time but in my opinion it takes some mental gymnastics to not see this post as a really positive turn from GH.
> it takes some mental gymnastics to not see this post as a really positive turn from GH.
So... why did the EFF have to step in here? GitHub deserves some credit, but I cannot give them all of the credit. As far as I can tell, this situation was at a stand still for the better part of a month until the EFF got involved.
The EFF's letter gave them the legal justification they needed to restore it. It helped.
The fact they restored everything in just a day after receiving it makes that pretty clear. They didn't need to evaluate their options much at all; as soon as they received it, the repo was back. I wouldn't even be surprised to learn that the EFF talked off the record with GitHub beforehand.
Why didn't they have "the legal justification they needed to restore it" before the EFF sent their letter? We're talking about Microsoft here. I do not believe they are so helpless.
Sure, it's a good change. Doesn't stop the title "Standing up for developers: youtube-dl is back" from being suggestive of Github being the one that stood up for YouTube-dl, which they didn't.
I suspect it has to do with the EFF being a more formidable legal opponent than Github on their own--also knowing that the EFF has their teeth in the issue, Github won't be dealing with it on their own if it goes to litigaiton.
> If youtube-dl (or any OSS project) continues to use GitHub, I hope they have a backup plan ready at all times.
I mean, I guess I understand the sentiment here, but really, most projects don't run this risk. Youtube-dl, on the other hand, is used by people to download copyrighted material. It's a natural target, and as a project maintainer/contributor you have to be aware of the legal setting in which your project exists.
GitHub is still hosting the full youtube-dl version history, including versions which include those supposedly infringing tests. Does copyright law end with HEAD on master? Those tests are still there.
This makes it especially obvious that the RIAA's problem with youtube-dl was never really the tests.
For example, you can find a LOT of copyrighted font files that were committed somewhere in GitHub, and then removed in a later commit once they realized they'd accidentally uploaded a copyrighted file.
But they're still always there in the history, effortless to download.
I'm not really sure what to make of that. I don't think it would really count as removal in court... but it seems rare and complex enough that it's not worth bringing up?
If GitHub received a DMCA takedown notice, they would be obligated to takedown the copies of the fonts listed in the notice, including if old copies were listed. I'm unsure if they could say "all releases before X" or would need to link each one.
If the copyright owners tried to sue the project for copyright infringement, IANAL but I would assume that the removal from head would show an attempt to correct the mistake and limit liability.
If the copyright holder sued an individual I imagine it would matter if they were mirroring the repo or just intentionally downloaded the copyrighted files for personal use.
On that note, does git as a protocol even have a clean mechanism for redacting history like this? If someone were to press this to the logical extreme, how could a developer most cleanly excise violating history from a repo using current tooling?
There is a way, its not very clean, git filter-branch and you will have to force push all branches, which is fun with large teams.
Unfortunately in larger repos with long histories its extremely slow, and uses a lot of IO. I used it previously to clean up large binaries that were included early on in a repo's history, making it take up way more space than needed.
I assume you would have to revert to the parent of the offending commit, cherry-pick the non-offending code, commit, then rebase the entire master branch on that new commit.
Then you'd have to repeat the process for all forks and branches. It'd be a huge pain, but I think it's doable.
I've never tried something like this, though, so there might be some complications.
With regards to copyright law and "distribution", there's no distinction. The tests are still being "distributed", just from a different URL. If youtube-dl was in violation before, they still are now.
This is a confusing result. I would not expect any copyright litigant to sacrifice legal advantage for the sake of an adversary's convenience in maintaining complete version control history.
Could there possibly have been a miscommunication over what "remove the tests" meant? Or an offer of compromise outside of legal necessity? Or a bad-faith fulfillment of a promise to "remove the tests"?
Does the fact that the RIAA is packed with stodgy, old corporate lawyers who most likely lack even superficial understanding of the term "version control" lack appropriate explanatory power?
Such "stodgy, old corporate lawyers" are going to become extremely antagonized should they discover that somebody pulled a fast one on them. All you'd have to do is open a web browser and click around to show them that the tests were still accessible.
So what's confusing is the youtube-dl side's strategy. Are they really trying to pull a fast one? That would be incredibly unwise, so I doubt it.
Everything just points to the dmca takedown request being treated as if it was invalid; the repository was restored more quickly than needed and without any real changes.
I suppose it depends on how the claim is formulated? Take the CraftBukkit[1] claim for example. In that case, all commits since a specific point, plus all forks, were taken down:
"Pages including infringing content: [...] infringing as of commit [...] and every subsequent commit, including all forks that contain this commit [...] and all forks that share a common first commit [...] and every subsequent commit, including all forks that contain this commit"
This made any effort for restoration futile, since most of the repo was being claimed.
Then when someone realizes to use the web interface to check out that old commit, the whole thing opens up again. Hopefully github's lawyers who OK'd this know a bit about git.
Or that they simply don't care about the specific infringement, rather they are just trying to chill the free-speech rights of software developers and fight a culture war on all fronts to expand the rights, privileges, power, and wealth of their clients.
Say what you will about Github and Microsoft, this was a classy move. A million dollars is a million dollars. "Putting your money where your mouth is".
"Nonetheless, developers who want to push back against unwarranted takedowns may face the risk of taking on personal liability and legal defense costs. To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims. We will immediately begin working with other members of the community to set up this fund and take other measures to collectively protect developers and safeguard developer collaboration."
What is really needed is a "counter-DCMA troll." So far as I understand DCMA, legal fees can be collected for a successful counter-claim.
With the rife DCMA fraud these days, someone could make a pretty penny. DCMA has provisions for claim fraud, it simply requires attorneys to creatively weaponize it (which unfortunately doesn't apply to YouTube, because their process is not DCMA/legal).
As I understand it, DMCA claim fraud requires legally proving bad faith, which is a quite high bar to clear.
There are no provisions for negligence (which is what most of these claims probably amount to - you could even make a good argument for depraved indifference, but there are no provisions for that either) or mistakes, it has to be intentionally fraudulent. Even if it was a completely BS takedown, you're left with proving malice rather than error.
> "Even if it was a completely BS takedown, you're left with proving malice rather than error."
True, but making the same "errors" over and over and over again without regard for the consequences starts to smell fishy after a while, almost like intimidation or a protection racket.
Since one presumes that Microsoft does not sell much music (didn't they shut down their music store a few years ago?), I can't imagine they've negotiated dues that scale linearly on Microsoft's total revenue - so, in fact, I'd expect that $1M is well beyond their RIAA dues.
Now, it's possible that MS is contributing money other than dues to the RIAA, but you can bound that a bit from their Form 990: https://projects.propublica.org/nonprofits/organizations/131... For 2017, they got under $100K in "contributions and grants" and $29MM in "program service revenue," which is later determined to be dues. They received no other significant revenue. So no donor could have possibly given them more than $100K.
(... also, why did the RIAA give $4K to the Kenai River Sportfishing Association?)
Why? They're complying with the license. It shouldn't be surprising to see them taking advantage of copyright law when it benefits them, then turning around and taking advantage of copyright law them it benefits them. It's quite a bit more benign than Disney making movies off of public-domain stories while lobbying to keep Mickey Mouse under copyright, since they didn't even lobby for it. The WordPress developers just gave them the code for free.
Free and open-source software isn't subversive. It's innovative, which isn't the same thing. It's certainly a new model, but the way you get a GPL violation removed from GitHub is with a DMCA takedown notice. Free and open-source software is a different and nicer use of the copyright system, but it's all still the same system at the end of the day.
And now that they've had a couple decades to get over their discomfort and they've realized that there's nothing subversive there, people who love copyright are totally fine with free and open-source software, because it furthers their goal of making money.
Unfortunately it seems difficult to discover how long they’ve been a member: https://news.ycombinator.com/item?id=24902985
They could theoretically have donated $2MM at $50K a year if they had joined back around the time when Bill Gates was railing about ‘theft’ of his BASIC (and others were replacing it with a superior ‘@copyleft all wrongs reserved’ one) ~45 year ago.
This is a great first step. We need to ramp up the pressure.
The newish Microsoft seems to be more understanding of this sort of thing with supporting Linux with Office and giving Windows 10 away for free.
This would instantly improve their reputation among the entire developer community. DMCA is an abusive mess that is constantly used to attack legitimate open-source work, research, or simply just by bad actors to take down literally anything they want from the internet.
The big websites like Reddit don't care about legitimacy, it's all automated agreement, I've seen entire subreddits taken down due to fake DMCA requests by someone who didn't like what the subreddit was about (And it was too small of a place for it to make enough noise to matter to anyone, nor did anyone try or know how to try). We hear small samples of it here on HN but who knows the amount of abusive and unwarranted DMCA notices that you never hear about.
Not if you are a company worth $1.6 trillion dollars.
But that $1 million dollars probably bought them a lot more in free press.
To put it into perspective, it would be like someone worth $1.6 million giving a homeless person $1, filming it, putting it on youtube and profiting off of it.
> Thanks Microsoft/Github.
Is this real?
Edit: Of course the downvotes. Not sure if employees of microsoft or people working in microsoft shops or the quality of people HN has attracted as declined.
For people saying nonsense like "A million dollars is a million dollars even if the company is worth 100 trillion dollars."...
Do you think forcing someone who makes $100 million to pay $1 million in taxes is the same as forcing someone who makes $2 million to pay $1 million in taxes? $1 million is still $1 million right? I guess the concept of proportionality is foreign to many here?
The "love" for microsoft recently is interesting. Facebook should look into buying that kind of love.
Ya but $1MM for a generic legal defense fund created and thus owned by GitHub (read: Microsoft) is pretty neutered. I’m sure their lawyers charge between $200-750/hr (pretty standard for a decent lawyer), so $1MM isn’t going to go very far. If they employ lawyers full time for this at 200-500k/yr, there won’t be many working on this team for very long.
Defending a medium complexity case against a deep picker (RIAA) will easy surpass that, and that’s just a single case.
The question is how can this be sustainable and not a trivial token?
Your metaphor is kind of silly, since it compares the EFF with the unhoused, but, playing along, it's more like someone worth 16 billion giving an unhoused person $10,000.
A million bucks is real money, EFF can do a lot of good with it. They're not going to buy a pack of chewing gum with it.
I'm old enough that I doubt anything will ever turn me around on Microsoft, it annoys me to no end that they bought Github. But by the same token, I'm big on the EFF, and I'm stoked that they scored some loot: I'll give Microsoft credit for that, but the only way I'm forgiving the company its past sins is if it liquidates the company and sets up a charitable fund for free software.
There's now a bulwark between developers and bad actors attempting to use Github and the legal framework against them. It is very probably that outside actual, valid legal justification, what the RIAA tried will never be tried again, thanks to the presence of that fund.
Great, now they can import the issues to a GitLab/Gitea instance hosted by the same Germans who refused to ever take down youtube-dl.org, and a few other places for redundancy, and not have to go through all this excess stress again.
I have trouble believing gitlab would just ignore a DMCA takedown request? This is what people believe? This is something gitlab has said?
Actually, I guess I'm not sure of the consequences to a company of ignoring DMCA takedown requests (whether or not they are US companies; but Gitlab is now btw), but I assume they are not good, or why do companies bother complying? Rather than assume, I should look into it.
The webhost had a different situation: neither code nor binaries were hosted with them. Although DMCA specifically doesn't apply to a German hoster of course, and uberspace is run by the kinds of people that'd probably try and take this to court instead of just rolling over.
I don't follow, a few days ago I downloaded the tarball of the code and 'binary' (it's a Python script) from their website. Both seemed to be hosted there.
This is a little meta, but you can use the the -I / --head argument to tell curl to download headers only. This will ignore the rest of the response and means you can eliminate all of those other flags. E.g.:
$ curl -I https://youtube-dl.org/downloads/latest/youtube-dl-2020.11.12.tar.gz
HTTP/1.1 302 Found
Date: Mon, 16 Nov 2020 19:10:37 GMT
Server: Apache/2.2.15 (CentOS)
Location: https://youtube-dl.org/downloads/2020.11.12/youtube-dl-2020.11.12.tar.gz
Connection: close
Content-Type: text/html; charset=iso-8859-1
It turns out that, often enough to be worth worrying about, servers do not return the same headers in response to a HEAD request as a GET request, so I always send a GET request when debugging strange behavior.
Same, but interestingly enough today when I click the link my browser Palemoon’s popup dialog (asking whether to open in an extractor app or just download) says the file is from https://gitlab.com.
Others in this sub-thread have identified that the downloadable releases are actually currently hosted on gitlab.com.
Gitlab has their internal workflow for handling DMCA takedown's public (as with most/all of their internal policies, which is cool!). https://about.gitlab.com/handbook/engineering/security/opera... It may be that they go a little bit slower with more chance for the alleged infringer to respond (with a counter-notice or voluntary takedown) than others.
But in the end, any major US company (or company doing business with the US) is probably going to comply with the DMCA, which says that if you get a takedown notice that is formatted correctly, you take down. Then there's a process with user filing a counter-notice, then the original filer having a chance to respond to THAT, etc., that you can see in the gitlab workflow, but most of that is just how DMCA works. "If there was a valid counter-notice and no response has been received from the plaintiff within 10 days of the counter-notice being forwarded" then the content might go back up.
> Actually, I guess I'm not sure of the consequences to a company of ignoring DMCA takedown requests (whether or not they are US companies; but Gitlab is now btw), but I assume they are not good, or why do companies bother complying? Rather than assume, I should look into it.
The request is essentially a precursor to a lawsuit, so the consequences are a potential lawsuit and all of the legal fees that go along with it.
If you want to put your everyday Amazon spend to good use by sponsoring EFF at no cost to you then checkout http://smile.Amazon.com and start sending the EFF money today.
Just wanted to share my most recent Amazon alt. This one is for books, and I was pleasantly surprised. Especially because that's where Amazon first entered the online market.
From the irc screenshot that was linked further down this thread [1], it reads that the "cipher circumvention code" needed to be removed? I can only see some rework being done in the past related to the extractors. [2]
So they gave up on this one, or is there more to come?
I think it is important to note that GitHub's parent company[1] Microsoft is a member of the RIAA[0], the group who initially filed this DMCA.
The cynic in me says this was deliberately pre-planned to garnet free press. That type of behavior would certainly be in-line for the company responsible for the Halloween Documents[2][3].
Even if we give GitHub, and by extension Microsoft the benefit of the doubt here, this is a lesson we should not soon forget: Microsoft will not go to bat for you, not unless you can wield the power of the HN/Reddit/Twitter/etc outrage machine to create a PR problem for them.
Don't rely on Microsoft to be the centralized underpinnings of the open source world. At worst, it paves the way for EEE[4] 2.0. At best, it creates a single centralized target for malicious actors, such as the RIAA.
I agree. Any globo-corp is going to do funny shit for PR. They operate on an entirely different level that most people don't really understand. This is really just a war game for them... and now they understand how much they can provoke their own users.
I sincerely doubt this was planned. If you’ve ever worked for a large global corp you would find it difficult to believe anything could be coordinated. Everyone involved at every level is trying to climb that ladder.
Are 1201 takedown notices even supposed to be a thing, or were they just invented by the RIAA and/or other overly enthusiastic copyright holders?
I was under the impression that DMCA notices were for the removal of infringing content, not alleged anti-circumvention tools. That's what the law seems to specify. The notification and takedown process is specified for infringement of copyrighted works, not distribution of anti-circumvention tools. EFF's explainer video seemed to concur with the assessment that DMCA notices are not appropriate for 1201 violations, only for removal of infringing content.
1201 enforcement appears to be through other mechanisms, such as criminal liability and statutory damages. Presumably those would require something more than a letter or notice claiming violation.
Right. GitHub seems to have made up a 1201 notice-and-takedown mechanism out of thin air, with this mechanism serving as Microsoft voluntarily doing favors for other big corporations rather than the fulfillment of some kind of legal obligation.
I find the GitHub announcement deeply unsatisfying for that reason: GitHub is unilaterally inventing a body of "law" that's going to meaningfully govern the lives of tons of developers in the future. This body of rules is "law" and not law because the entity doing the enforcement is GitHub and not some government, but GitHub still has enough power to cause injury if it decides it doesn't like you.
> GitHub seems to have made up a 1201 notice-and-takedown mechanism out of thin air
This crystallizes my discomfort with github's approach.
They should have said something like "Thank you for your letter. If we receive any 1201-related injunctions or directives from US courts or law enforcement directing us to remove this repository, we will quickly do so."
> I was under the impression that DMCA notices were for the removal of infringing content, not alleged anti-circumvention tools. That's what the law seems to specify.
My reading is that the DMCA expanded the definition of 'copyright infringement' to include 'circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner' (§1201), and so a DMCA notice specifying 'material that is claimed to be infringing or to be the subject of infringing activity' (§512) would work for the removal of anti-circumvention tools as well.
Infringement of copyright is defined by the statute and does not include the anti-circumvention 1201 provisions.
There is no legally-specified takedown procedure for a 1201 violation, and correspondingly no "safe harbor." The "takedown" here was more in the vein of a demand letter.
> Infringement of copyright is defined by the statute and does not include the anti-circumvention 1201 provisions.
Yeah, my mistake, you're correct the 1201 anti-circumvention provisions do define a new violation separate from copyright infringement itself.
However, there is a circuit split as to whether a violation of section 1201 requires a nexus to copyright infringement to be valid. If an 'infringement nexus requirement' is upheld, section 512 may still cover section 1201 violations by shielding service providers from any copyright infringement liability that would establish a nexus with the circumvention tool.
I don't see this particular issue ever being resolved by the courts in any case, so there's still quite a bit of ambiguity in this connection between the two sections of the DMCA.
The ACLU has had a bit of a paradigm shift recently, from "defend any speech" to "defend any speech we do not think is abhorrent". That's not necessarily a bad change, or a good change, depending on where you stand. I am just wanting to point out that the ACLU isn't necessarily "remaining", more "reinventing" these days.
Here is a fresh Glenn Greenwald writeup on it (which is just one opinion, of course):
There's a lot of "trust me" in this article that simply isn't backed up by the ACLU's own outline of it's free speech position: https://www.aclu.org/issues/free-speech
It is one thing for an individual in the organization to have a nuanced view of the issue and another thing entirely for the organization to have backed off a maximalist view of the right. I encourage you to read the ACLU's position (which interestingly includes "We’ve called on big social media companies to resist calls for censorship.").
> striking down Washington D.C.'s handgun ban by a 5-4 vote, the Supreme Court's decision in D.C. v. Heller held for the first time that the Second Amendment protects an individual's right to keep and bear arms, whether or not associated with a state militia.
This ruling is the crux of the matter. And ACLU's interpretation (against it) seems very logical. Sadly there's no putting the genie back in the bottle though.
Well this was a wild ride from start to finish. Anyone got a count on how many times someone suggested distributing YouTube-dl via a blockchain in all these discussions?
Also, how come Google hasn’t asked for it to be taken down given that it has YouTube in the name?
I think the RIAA is going to be shocked and flabbergasted that 1) the community, and I mean the respectable corporate parts of the software development community really rallied together to fight this and 2) that their argument for how this is infringement fizzles to nothing when you look at the wording of the DMCA as pointed out by the EFF's legal note.
The real question is will we see a push from RIAA lobbyists to amend the wording, or see this go to court.
I can't imagine the political turmoil in the org that led up to this. It wasn't simply a quick sting that would fade, the mass protest on the site was probably the biggest wake up call. MS could easily have pissed away the 7.5+ billion they paid for all the developers that use github.
I think github's CEO was keen to restore it [0], probably on a matter of principle but also probably on how much negative advertisement it brings them, in terms of 'trusting' github as host.
I am sure they had MS's legal team advise them on what they can get away with.
This is called "making a virtue out of necessity". I don't believe that Github actually needed the EFF's writing for this, or that they don't have the necessary technical expertise themselves. But at least they seem to have learned something from it now and want to review such requests technically before they (unjustifiably) act.
We need some billionaire to step in and lobby against organisations like RIAA to make them illegal. First one who does it, will be forever remembered as the one who saved artists and their fans. RIAA only protects labels who obtain
rights to art in questionable manner (just read so many stories about artists being cheated by the label).
We need something that will be paying artists directly and there is technology to solve that. RIAA is a cancer and must go.
A world where corruption has been labelled as lobbying and everyone seem to accept that. People only vote on who can line their pockets and hope they have some semblance of morals. Unfortunately there is no other way to make change in area protected by massive wealth.
Labels must go too. Artists legitimately needed them when distribution required physically producing and distributing media to stores. With the advent of the internet, this is no longer required, so these middlemen serve no practical purpose any more. They're an unfortunate holdover.
Small labels are nothing like the big ones, just like small software shop is nothing like Google. We need laws that will require companies to split once they reach certain thresholds otherwise this is just getting nasty. At certain point companies get unfair competitive advantage and they have so much money they literally can buy laws to make sure any competition is kept at bay.
So it seems that the dealbreaker was that one of tests that downloaded copyrighted material (see the last commit [1]). Seems like a reasonable thing to not do, and just replace those tests with just random cat videos.
I was under the impression that those obfuscation methods were exclusive to certain YouTube partners, including the RIAA members. If youtube-dl stopped supporting that method, it would still be a useful tool for the bulk of its use cases and the RIAA would no longer have any leg to stand on since it'd no longer be able to download their members' videos.
That would only move the problem. That plugin would still need a Git repository, an issue tracker, tests, and an update mechanism. Or are you trying to say you don't care if this specific part of yt-dl gets deleted from the internet by RIAA?
It decouples the thorny part of yt-dl from the mainline and reduces risk of complaints in the future.
I do care if this part gets deleted, that's why I think it should be hosted somewhere more reliable than GitHub. There are other options which aren't as polished, but may be better for hosting risky code like this, including self hosting.
In my experience many videos have it, not necessarily ones associated with the RIAA (or perhaps the overzealous[1] content detector just thinks there's some of their content in there), so it's definitely necessary to decode the algorithm for youtube-dl to work on not just RIAA content videos.
IMHO giving the client both the key and the algorithm to decode the content should not count as any form of protection, but the lawyers don't care...
Breaking copy protection is only illegal if you do not have a license to the work. Removing the protection breaking code isn't necessary, and everyone needs to stop pretending that it is.
This same clause of the DMCA is the suspected reason for py-kms's reinstatement after a takedown: it's perfectly legal to break the Windows license scheme if you already own a license to Windows.
Since this affects only tests, they could easily change the relevant scripts to download a list of test videos at runtime. I bet the RIAA github-scrapers would not "see" it. Just serve statically a rot13-encoded list of URLs from pastebin or something, and Bob's your uncle.
Based on what I saw in past discussions, I'm pretty sure that the takedown was not a run-of-the-mill scraper-based takedown (it makes no sense to be taken down just for linking to videos which, at best, is what any scrapers would have seen in the original test code). It was very much an intentional, manual one with actual lawyers behind it.
There are multiple sides to "defending" a project like this. One of them is avoiding to trip the run-of-the-mill scrapers. The takedown was serious but we don't know what triggered the lawyers' attention in the first place. IMHO a simple runtime obfuscation would remove that particular attack vector, once coupled with some plausible deniability (i.e. deleting all downloaded data once tested). At that point, YTDL is still on RIAA's generic shitlist (which will require other mitigations to survive) but at least doesn't get flagged every week by a scraper.
Github did not stand up for developers here at all. It is wonderful that in the future they might, but it seems to me like they missed/have been missing a chance to really stand up for devs. The DMCA is being used far too often for abusive aims for my tastes and I hope that some reform is around the corner (Maybe more real incentives to not file false claims).
Nat Friedman, Github's CEO, personally joined the #youtube-dl IRC channel and initiated working towards the reinstatement of the project.
If the CEO personally taking a stand and working against this DMCA request, if the fact that all DMCA requests are publicly archived, if the fact that youtube-dl is already back up, do not convince you that GitHub had the right motives here, I don't know what to tell you.
This really is great to see, but it’s clear from their careful wording that the google takedown of the recent widevine l3 repository won’t be reversed:
> And our reinstatement, based on new information that showed the project was not circumventing a technical protection measure (TPM)
It's kinda pointless to reverse that takedown. You can find it elsewhere, and Google plans to revoke the key in Q1 2021 after increasing/changing the obfuscation on widevinecdm.dll.
Competition in the source-control space is a great thing. I am not entirely convinced that they would have done the right thing without the threat of losing developers en-masse to competitors.
Sadly, I don't think there is any risk for them for "losing developers en-masse to competitors".
Everyone who seriously considers to leave the platform has already left when they were acquired by MS and/or continued to work with ICE, and both of those only caused a miniscule amount of people to leave.
This is in no way meant to offend you: You thought about it, but you didn't, just like most people do. It's easy to say you would do something, but actually going ahead and doing it and going against the mainstream is a whole other thing entirely. If that's the data point you want to offer, than it seems like it was just supporting my point.
(And who am I to judge, I've resigned to using Github as well...)
> Every single credible 1201 takedown claim will be reviewed by technical experts, including when appropriate independent specialists retained by GitHub, to ensure that the project actually circumvents a technical protection measure as described in the claim.
huh. Can you still take advantage of DMCA "safe harbor" if you are independently applying legal judgement to whether they would have a good chance of winning in court before deciding to comply with them?
No, the EFF stood up for the developers. GitHub only looked for a legal scapegoat to reverse the decision in a legally-protected way. That's not what "standing up for" means.
>Sergey, one of the youtube-dl developers, tells us that he is happy with all the support they have received from the EFF, GitHub, as well as the public at large.
>“EFF’s help was invaluable. We’d like to thank EFF and Mitch Stoltz personally for their incredible support and dedication. We’d also like to thank GitHub for standing up for youtube-dl and taking potential legal risks by allowing youtube-dl to keep the rolling cipher code,” he says.
>“We’re also grateful to all the tremendous amount of support and offers received lately (we physically were not able to respond to everyone) and all youtube-dl users,” Sergey adds.
Truly surprising and welcome response from GitHub. I did not expect them to go this far for developers at all. As a FOSS developer myself, I wish more companies would treat DMCA requests like this.
"As a result, Section 1201 makes it illegal to use or distribute technology (including source code) that bypasses technical measures that control access or copying of copyrighted works, even if that technology can be used in a way that would not be copyright infringement."
Section 1201 does not "make it illegal" to use of copy control circumvention technology. It does not prohibit use of copy control circumvention technology. It prohibits use of access control circumvention technology.
Don't take my word for it. Read what is published by the Copyright Office about Section 1201.
"As envisioned by Congress, section 1201 seeks to balance the interests of copyright owners and users, including the personal interests of consumers, in the digital environment. It does so by protecting the use of technological measures (also called technological protection measures or TPMs) used by copyright owners to prevent unauthorized access to or use of their works. Section 1201 contains three separate protections for TPMs. First, it prohibits circumvention of technological measures employed by or on behalf of copyright owners to protect access to their works (also known as access controls). Second, the statute prohibits trafficking in devices or services primarily designed to circumvent access controls. Finally, it prohibits trafficking in devices or services primarily designed to circumvent TPMs used to protect the copyright rights of the owner of a work (also known as copy controls). Copy controls protect against unauthorized uses of a copyrighted work once access has been lawfully obtained. Because title 17 already forbids copyright infringement, there is no corresponding ban on the act of circumventing a copy control."
FWIW: My fork is now back up -- I got a friendly support email from GitHub, and based on their suggestion I opened a support ticket to have them delete my current fork/url and then I simply reforked the original repo.
I guess this is best outcome one could expect from dealing with such a situation xD
> To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims.
At the end. While I hope it won't be needed, I hope it will be useful when the need arises.
Doubtful as the law would likely need updated to allow for that.
They'd basically have no way to enforce the punitive counter-measures. They could certainly hit a company with an invoice, but that company could just ignore it. As Github ignoring future 1201 violation claims from that company would open Github up to liability, regardless of the reason for ignoring the claims.
Just spitballing, but maybe Tortuous Interference. The Youtube-DL developers and users have an advantageous business relationship with GitHub/Microsoft, which was interrupted and permanently harmed by the frivolous claim. Github has done this to mitigate the harm, but people will continue to question whether Microsoft will reliably serve, etc.
YouTube-DL could potentially argue Slander of Title, which is well established in terms of claiming ownership of another person's copyright. Claiming someone else's intellectual property is inherently illegal seems pretty similar.
It would be hard for YouTube-DL to prove damages, but with a showing of intent there could be room for punitive damages based on what the RIAA thought they stood to gain.
They could throw few millions at lawyers to draw a law that makes organisations like RIAA illegal and then put forward few more millions at congressmen and lobby for its passage. That would make real difference. RIAA estate should be confiscated, sold and proceeds distributed among artists (not labels)
Would be stupid and naive to ignore or belittle every other contribution but open source and hacker culture has pushed the human race forward by leaps and bounds within just last two decades alone.
gitlab.com has their DMCA processing workflow online (as they do most of their policies and workflow documents, which is awesome and few if any other companies are as transparent).
My reading of it is that under that gitlab workflow youtube-dl would still be down. Unless/until "there was a valid counter-notice and no response has been received from the plaintiff within 10 days of the counter-notice being forwarded". (Unclear what happens if there is a valid counter-notice and a response from plaintiff HAS been received, the workflow stop there!). This did not happen here, github reinstated without either a formal counter-notice (that EFF letter is not formatted like one), and definitely without waiting 10 days for a response from plaintiff.
Gitlab's workflow there is a totally typical DMCA workflow, it's not bad it's just normal. It's the workflow more or less spelled out in the DMCA itself, arguably what the DMCA requires for the host to get "safe harbor" status. (I don't entirely understand how Github can get away with what they have done and say they are doing going forward, honestly. It's think it's a potentially risky move for them opening them up to lawsuits from the copyright holders; of course they know they have deep pockets to defend themselves too).
The DMCA is actually pretty terrible in it's real-world contemporary effects. That's general, not about github, or github's fault. You are right to think it's awful. But it's not about github. People seem to be really chomping at the bit to assume that github has somehow acted especially poorly (for those who want to protect people against DMCA takedowns) -- to me the reverse seems to be true.
I think both github's actual current actions and most especially their proposed new workflow go way beyond what most of their peers (including gitlab) do to resist/slow down/stop DMCA takedowns.
I'm not sure how github garnered so much bad will, that people are so eager to paint them in a bad light. They clearly have garnered a lot of bad will from developers though, at least on HN; every thread about github has people piling on to suggest extreme levels of unethical behavior from github.
The normal safe harbor protections and takedown procedure specified by law does not apply to claims under section 1201 like this one was. This also means no safe harbor protections against being sued for redistributing section 1201 infringing works either. There is instead an "innocent violation" clause that offers extremely limited defense that could apply to sites like GitHub or gitlab, but which would become void upon being informed of serving up a work that infringes section 1201, which practically means if such a site is so informed, it will take down the work immediately, as otherwise they become liable.
GitHub has voluntarily instituted its own takedown procedures for violations of that section, and therefore do not actually need to strictly follow the procedure outlined in the law. Instead they can chose their own procedures for handling these claims based upon percieved likelyhood of being sued and being found liable.
Mircosoft is likely fairly confident that the RIAA will not sue them over this, since the other RIAA members (the Labels) all know that if Microsoft chose to enforce their huge pool of rarely enforced software patents against the labels and distribution mechanisms (like Spotify) the harm to their bottom lines would be many thousands of times larger than any harm to their bottom line from youtube-dl could ever be. Heck even just a more thorough than typical Mircosoft Software audit would likely be more costly to the labels than youtube-dl.
Interesting, thanks this clears some things up and gives me avenues for more research to understand what's up.
Sounds like claims under 1201 (circumventing technology) are actually really dangerous for the host, there is no safe harbor? At least not after you've received any notification at all?
All the more surprising that a host would be willing to disagree with a claimant and say "nah, we don't think you'd win in court." they are definitely risking their own liability, not just the customers.
As you say, Microsoft can afford to do this cause Microsoft has deep pockets and the ability to counter-strike. All the more reason we should actually be grateful to the for USING that power to defend in this case, right? (And ironically, that suggests that you will get the most protection hosted by a company that has the resources to stand up, which not all do. I am not a fan of that outcome either).
Yeah. The whole Section 1201 is just terrible.
And the "innocent violations" thing is burden of proof on the "infringer", and is subject to court discresion. You can prove that you neither knew, nor had no way of knowing that the thing you distributed was designed to defeat a technological measure and still have the court say "too bad, that is the risk you take distributing things, you owe every cent they lost via piracy attributable to this plus statutory damages (despite the fact they already sued other people and got all the money they lost from piracy from them already)".
And the infringer is anyone who "manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof" with respect to an infringing device/program. note the "part thereof". While intended to allow RIAA/MPAA to go after people who are knowingly benefiting from selling some part that people found can be used to construct a piracy device, it technically means they can sue Linus Torvalds if Linux is used in an infringement tool and win if the Judge is not exercising that discretion.
Everything about 1201 et seq is poorly thought out.
I actually don't mind some other parts of the DCMA, like the basic safe harbor concept, but do believe it needs to updated to make false takedown notices actually carry real consequences for the false claimant (including eventually losing the right to file takedown notices without suing and winning first). Furthermore, that should also cover any similar system implemented by platforms, such as false uploads to a ContentID database, or false use of manual claims.
But yeah, there are a lot of changes/reforms that really ought to be made to US copyright law, to better match what people actually expect the law to be.
If any maintainers or contributors see this, thank you all for your incredible work! youtube-dl is one of the best tools I've every used. It's polished and always working and with such an incredible community. This is seriously a killer piece of software that is part of my default setup for every new machine I've had over the past 4-5 years.
I've downloaded countless free lectures that some universities offer for offline viewing and sometimes listening if it's a discussion based class. Seriously, this is great software.
I guess the maintainers will have to send "forbidden" patches among each other outside of Github, in order to run regression tests against the "extra DRM" videos.
I find it kinda sad that this article says "the DMCA was written in the late 90s and hasn't aged well", because the anti-circumvention clauses have been tremendously awful since their inception. Anyone who remembers the DeCSS crap in the early 00's knows that this nonsense is our legacy from not getting the problem solved 20 years ago.
Microsoft is a member of the RIAA. It could and should resign.
Microsoft can lobby for further exceptions to §1201 anti-circumvention.
Microsoft can issue a statement formally protesting RIAA's action.
Microsoft could offer an Amicus brief or other statements in favour of youtube-dl developers.
As an old-school Linux user and advocate, I'm used to considering Microsoft the opposition, and my praise is grudging, but given where due. By my reckoning, Microsoft are at least 3 for 4 in meeting my suggestions.
Of the fourth, I suspect its upcoming RIAA renewal discussion will be interesting.
Google, on the other hand, have been conspicuously silent. Chris DiBona, are you listening?
I appreciate that Microsoft is trying to help developers out and I appreciate their $1MM fund.
But why not just donate it to EFF for the work they already do in this area? When you donate to EFF you can specify which programs you want to fund. I don't entirely understand why they created a new fund.
Random cynical thought -- they noticed because the automated testing was bumping up the # of views on those streams, so their members were being forced to pay royalties on views that were not real ...
Does use of youtube-dl to download videos from youtube really bump the view count? I have assumed that it doesn't, since it probably isn't passing whatever systems youtube has for addressing 'view count fraud'.
I think the point was that their real goal was to kill youtube-dl entirely, and the tests just happened to give them something to complain about to do so.
Can someone with more knowledge on the matter help explain why downloading copyrighted material using youtube-dl as opposed to a browser is treated differently under the DMCA? In either case you're accessing copyrighted material by downloading from youtube's servers.
The RIAA's claim includes that the browser UI conspicuously does not provide a download option, and the download option available in YouTube apps coming with protections for the media indicates an intent not to allow this, thereby not providing a download link is a technical protection measure.
The EFF's claim (on behalf of the youtube_dl developers) is that youtube_dl is performing the same actions as a browser as far as accessing the video file and so should not be treated differently, even if its output is to disk and not to the screen.
Under DMCA then we've had a claim, and counter notice. Despite the phrasing of Github inviting and wanting a counter notice, ultimately they are not the arbiters of legality, so their part in the process is now done.
The RIAA now has to bring the youtube_dl developers to court if they plan to keep pushing their argument, at which point we'll have the RIAA lawyers vs EFF lawyers and an eventual legal decision (with potential appeals in the process).
If that ends up in favor of RIAA, that will be a very chilling precedent: that when a client-server application has a UI to perform a client-side translation of user i/o into a more readily transmissible format, you are authorized only to interact with the UI, and you must not touch the translation thereof, at least if the application is handling copyrighted material.
A technologically illiterate company going up against the EFF, the leaders in tech litigation. That's not going to go well for the RIAA. Also, the EFF have github on their side now.
> Can someone with more knowledge on the matter help explain why downloading copyrighted material using youtube-dl as opposed to a browser is treated differently under the DMCA?
It's not.
It may be treated differently under other parts of copyright law based on implied license or other theory, but the DMCA impact is on distributing, offering, etc. youtube-dl, not using it, insofar as it constitutes a circumvention tool under the DMCA.
My understanding is that it's takedown was due to fact that youtube-dl "bypasses technical measures that control access or copying of copyrighted works". I don't see how youtube-dl could be considered a "circumvention tool" if the end user of said tool would have access to the content if they used a web browser instead.
out of curiosity (and total legal ignorance)" wouldn't that logic make chrome also illegal? since it's a tool that can be used for circumvention as well. If the defense is that it's not chrome's intended purpose, then one could argue that the defense also applies to youtube-dl since its intended use isn't necessarily to download _licensed_ videos.
AFAIK the integration tests had a link do download copyrighted video and that was the initial basis of the claim. "They are demonstrating how to 'pirate'"
It's not treated differently at all - that's exactly what the EFF just argued in its response to the RIAA [1]:
> Because youtube-dl simply uses the "signature" code provided by YouTube in the same manner as any browser, rather than bypassing or avoiding it, it does not circumvent, and any alleged lack of authorization from YouTube or the RIAA is irrelevant.
"The RIAA reports that total retail value of recordings sold by their members was $10.4 billion at the end of 2007, a decline from $14.6 billion in 1999"
Not sure where that value's gone in the last 13 years, but it didn't look like exponential growth.
The action to take down Youtube-dl seemed to be a directed time based action meant to coincide with the election. Most on-line youtube downloading sites were also deplatformed a day or two before the election.
I think that Youtube didn't want users to have the ability to locally save videos that they have seen during the week of the election.
It seems to be a greater attempt to suppress information sharing than anything specific to the copyright.
Youtube just wanted immediate action to prevent people from using the code to get around the online download sites that were also taken down.
> They've not for Netflix, nor (to my knowledge) does youtube-dl support even the videos on youtube that you have to pay to watch.
And that is the difference.
For paid content the user has entered into a contract and that probably stipulates what clients can be used to access the content. Same as with Netflix. Google could argue the same for non pay-walled youtube content but that would be very difficult to legally pull off I expect - they would essentially be effectively changing the licensing conditions of all that content. If they can't (easily) or won't (for PR reasons if nothing else) enforce it legally, then there is little point trying to enforce it technically.
They plan to audit all of the take-down requests which is awesome, and it's more than required by law.
I wonder if they'll regret this move. They're shielding developers, but taking the burden on themselves of managing the legal hassle of take-down requests.
As other commenters have pointed out, it sounds like the real problem is that copyright holders can issue these requests without any limit (or maybe even due diligence).
Year ago, long before I developed software, I would search for some software (to use, not to extend) and often find that the way to obtain it was by visiting SourceForge. In many ways, SourceForge and GitHub can be directly compared. Was I a developer for using SourceForge in this manner?
Regular users will pay no mind to source code on GitHub, but they can certainly download releases/binaries without being a developer. youtube-dl happens to have a separate website catering to this use case, but many projects use GitHub for this use case.
That said, I suppose only the hosting of source code is within the scope of this post, so nevermind!
Microsoft recognise that it's developers that have been pushing for open source/free software so they are desperate to keep them on side and locked in.
Yet another case of big corp attacking someone, that someone having an online voice and complaining, big corp doing damage control spinning some tale about how they'll endeavor to do better in the future and how much they agree with the little guy.
For once I'd like companies to be honest, just say you reversed it when it was found out it would be more cost efficient to do so.
I'm late on this discussion but as Google has made Youtube their platform for music streaming, their only platform for music streaming, this can be used to download all music from there no? (not even talking about movies)
Kind of sucks for them, seems like this is a major threat to that service in eyes of their content providers (record labels)
> Even after a repository has been taken down due to what appears to be a valid claim, we will ensure that repository owners can export their issues and PRs and other repository data that do not contain the alleged circumvention code, where legally possible.
So they have the ability to export issues and PRs already, but it isn't exposed to users?
Right; but the motivation looks rather like the attempt to restore the good reputation after an obvious mistake; one might have expected Github to check the DMCA request a priori and reject it if unfounded.
Excellent news, now the community has a central place to contribute.
All in all I think it even had a positive impact for youtube-dl, the community will learn from it, and the number of people knowing about youtube-dl has grown by quite a lot.
Probably less to do with standing up for the developer and more to do with the fact that if github starts DMCAing legit projects then open source developers are going to look at creating a decentralized hosting solution for their repos.
This is the kind of thing you can do if you have Microsoft to back you up. Deep pockets to fight for what you think is right because unfortunately legal battles are really expensive.
>In the case where the claim is ambiguous, we will err on the side of the developer, and leave up the repository unless there is clear evidence of illegal circumvention.
That would have been a great way to go about it. "This part infringes our copyright, here's a patch to fix that". But we all know they don't want to fix anything, they want only to destroy and prop up the corpse as a big bad wolf so the actual content creators get scared and keep paying them.
this is why it was forked a bit before the takedown, youtube-dlc contains fixes not in main youtube-dl. the guy who forked it tried to help but got banned from posting and helping out.
as of last youtube-dl version, the main youtube-dl behaves differently if you simply point it to a youtube channel, while youtube-dlc behaves as you'd expect... i keep both around for now.
Breaking copy protection is only illegal if you do not have a license to the work. Removing the protection breaking code isn't necessary, and everyone needs to stop pretending that it is.
This same clause of the DMCA is the suspected reason for py-kms's reinstatement after a takedown: it's perfectly legal to break the Windows license scheme if you already own a license to Windows.
If I can watch a video on my computer for free, it's not too difficult to capture it. There is software I can download. There are browser plugins. This is just one of many options available.
I do fear though that this is going to lead some more and more paywall content and less and less publicly available content.
I hope nobody actually believes this had anything to do with what it is made out to be in public (i.e. DMCA violation).
Google owns a LOT of videos on YouTube. The fact that people are able to easily get them out and put it somewhere else threatens them. So, they used their friends to cook up this lawsuit.
Unfortunately for them, this upset a lot of GitHub users and Microsoft didn't want to help Google while taking a hit themselves... so they found a way around it.
Corporations use their legal prowess to advance their bottom line all the time... and many a times, how it's framed in public is very different from what is actually going on.
There's no evidence that youtube-dl actually hurts youtube, you could just as easily say it makes people want to watch more youtube. There's also no evidence of any of the other things you said.
What I think this comes down to is the music industry is coordinating attacks all over the internet (they do this on twitch too recently), in the hopes they'll get some money out of it. Not much more to it than that.
Excuse me, but let's calm down a little with the whole "we're developers for developers" rhetoric.
You didn't restore the repo, the restored repo is a heavily modified version based on the poorly interpreted opinion that having some Taylor Swift (who sucks btw) test cases in your code are grounds enough for a legitimate DMCA claim, and that the only way the repo can be "legally" restored is by removing them.
You didn't "fight" for us because now the precedent has been set (along with the chilling effect) that whenever we push code to GitHub, certain agencies who demonstrably don't have the interests of developers in mind or even understand what code is or what we do, will be able to hold us and our codez ransom.
That's not freedom, that's capitulation.
Also, let's not forget that implementing a methodology in code or in text ("here are the steps you need to take") are one and the same. So based on that principal all the posts on StackOverflow[0] that describe the actual steps needed to take, and accompanying code examples, should be pulled under DMCA also.
"Great Job GitHub! You really stepped up this time, things are so much better now that you're owned by Microsoft! Remember Developers, Developers, Developers!"
Reading EFFs claim is pretty interesting, they state that saving a copy of a video is only one function of youtube-dl. I think the biggest problem is the name is called "youtube download", it is sort of difficult to downplay that saving a copy is only one function when the name implies it is the main purpose of the program.