A welcome move for individuals who may have embarrassing content as Unlisted links. Future politicians will thank you. But... this will hit B2B product training and product marketing libraries hard. Many companies I've seen have help pages with embedded or linked videos for features not updated in years, and many of those embeds are Unlisted videos so that they're only seen in the context of their help article, not promoted randomly by the YouTube algorithm. Some may have legacy content on legacy "X Corp Training" YouTube channels where nobody knows how to opt out of this policy shift. And especially post-COVID, they may no longer have the same technology and training teams, if they have any at all. They may not even have the YouTube login.
I could see a policy where YouTube made Unlisted videos Private that only had referrers from social media; this would be a welcome compromise to ensure non-guessability of URLs. But I can also see how this could become complicated and political. And companies using YouTube in this way aren't really contributing to YouTube's revenue materially, so there's not much incentive relative to the reputational risk of people guessing Unlisted links.
I shudder to think that healthcare professionals or heavy-machinery operators might be relying on these links to be trained in systems they use, will start to see broken links, will never report them back to the right people at their system providers, will just not get the full training, will make mistakes, and might cause harm as a result.
Security is not the only component of safety, and impacts need to be evaluated holistically.
So your complaint is that a company might have put a forklift training video on youtube, as an unlisted video, have then forgotten the password to change it, then will hire someone and tell them to watch it, that person won't be able to and will then not tell anyone else that fact, and after all that they might then hurt themselves with a forklift?
At what point is a hypothetical harmful scenario too absurd to care about?
My old university prof used to say: "How many Germans do you need to change a lightbulb? One, because we are efficient and don't have time for humor." (German university + German prof)
Yeah, the Austrians are saying that, but here in Germany we say the same about them.
"Although the film is not officially part of the German training and education system for forklift trucks, it is frequently shown by instructors to lighten the mood."
The scenario you described doesn't sound absurd to me at all.
Even at high-functioning companies, people don't report or fix glaring problems in documentation and training material. There are quite a lot of not-so-high-functioning companies in the world.
I'm confused by your confusion. I am absolutely positive I have made videos at old workplaces that will be impacted by the change. Who knows if they'll figure it out!
And also that when the links stop working you just skip that part of the critical training rather than ensure the safety information is conveyed some other way.
I mean, what's the flip side complaint? That a person posted a video that they didn't want to share, but as Unlisted, then forgotten the password to change it, then the video will be discovered, and it's compromising information but was uploaded to YouTube, and it comes back to harm that person?
They're both pretty unlikely but at YouTube scale both are real.
It doesn't seem that unlikely. Someone makes a video of themselves with no clothes on (or whatever) and not fully understanding the privacy options they make it so it can only be shared to people they choose.
15 years later it's much easier to trawl through millions of videos by incrementing and check them automatically for nudity than anyone thought it would be back in the day.
That sounds extremely feasible to me. One of the companies i used to work for will definitely have a bunch of their training videos lost this way, and it's totally reasonable to believe that a new hire for the warehouse would not bother telling anyone that the video wouldn't play. I don't know that any real injury will result from this, but i wouldn't call the scenario absurd
Its about responsibility, not absurdity. It is Youtube's responsebility to protect customer privacy, wheras a company's management is meant to take responsebility for staff training and use appropriate tools/hosting for that.
There is no better way to provide video content with a text document than to link to youtube. Sure they should have a private backup but until youtube stops working well like it has for a decade, it's still more reliable than any self hosted setup a company would build.
There is no better way to provide video content with a text document than to link to youtube
That may be the best "free" way, but my company puts their training videos up on some training website. The site tracks which videos were watched and sends nag emails when required trainings are late.
So if you're putting up content that your employees are obligated to watch, there are better alternatives than Youtube.
But then the video viewer doesn’t have the necessary features. Especially in 2010 when those videos were put up, everyone would have used the superior Youtube or Vimeo player. But they would have chosen Youtube because you had no guarantee Vimeo would be correctly paid for years.
The chance of your self hosted server going down, being hacked, catching fire, etc is infinitely more likely than google drive being shut down so fast you can't switch to something else.
At this point the advice is moving towards "Don't even have a video if you can't be bothered designing a CPU from scratch to host it on".
Keep a local backup by all means but it's far more likely the local copy will get lost than the google drive copy.
I'm a little skeptical of that, especially in the scenario that it's a "don't want to look at it much" situation. I've had VM's running for many, many years in an autoupgrade scenario, and it tends to just work. And the security risks are often overstated as long as you tried to minimize attack surface; so; for instance I for a while tried to track all related security issues - and at the very least 95% are irrelevant, and that last 5% is more CYA uncertainty than actual belief its relevant; I didn't find anything positively certainly relevant.
Obviously, if your website is running a complex stack this is fairly infeasible (good luck keeping a complex web-framework secure without vigilance!) But if it's just a static site... and static sites are the fair comparison to google drive.
The issue with google drive and similar products is that they're actively - very actively - maintained. Stuff doesn't just break because it's taken offline, but because there are changes in terms of service, there are automatic deactivations for inactivity, there are plain old incompatible upgrades, etc, etc, etc.
I mean - I totally support people starting with the minimal effort (which is surely some freemium service like google drive), and leaning to live with the limitations - but the risks of a server (whether physical or otherwise) if you're similarly conservative and willing to live within constraints not unlike hosting on drive seem overblown - people talk as if servers burn down all the time, and hackers crack everything, but nothing could be further from the truth - those are exceedingly rare circumstances. And for many things, those risk are just OK. Don't keep your only copy of the data on the box, and don't keep private stuff there, and if lighting really strikes - it's not so bad. And both strategies will need a little TLC once and a while, that's just the way it is.
I have seen plenty of these servers left unattended for years and they all build up weird issues like time drifting out of sync, log files filling the disk, hackers somehow getting in and setting up crypto miners.
None of this is stuff the average company needs to deal with when youtube works just fine. I'm sure you can list out all the ways to avoid those listed problems but that just shows how much work and knowledge is needed to pull this off while anyone can use youtube.
Sure, and I certainly would recommend people start with an off-the-shelf solution like google-drive. But that recommendation is based on precisely that - you don't want to need that expertise, nor risk screwing it up. But it's not based on the fact that it's actually pragmatically more reliable (or less ongoing effort) to host on something like google drive.
Self hosting is as easy as having the videos on a single location on the shared drive. Most companies that have employees use computers use internal shared drives like this to share files and VPNs for their employees at home to access them outside of the network, and have their own IT departments to handle all of this.
Nothing is forever, including your own copies. Put it on youtube and keep a local backup. Most likely the local backup will get lost before the youtube one does. It's most likely the youtube copy will last longer than your company does.
If you're a nerd into cloud providers, web development, etc, then mabye that sounds reasonable. If you're some person in charge of training that has none of that techy background, putting a video up on YouTube sounds like the perfect idea.
Yea, that is entirely doable. Some transcoding might need to be done first though. The worst part is that you’ll have to get your IT department involved.
> The worst part is that you’ll have to get your IT department involved.
That's also one reason spreadsheets are still so popular:
As an average corporate drone, you can either hack together something quickly over the weekend in Excel that will mostly work. Or you can wait 3+ months for your IT department to fail to deliver.
They do, they made a training video and put it on youtube. Now after years of benefiting from that for free they have to press a button to make it keep working like it always has. Seems like a pretty good and reliable setup.
This is the problem with these services.. they are free and every one was using them without thinking about what they 'should' do, because they didn't knowing any better, didn't understand that the service could change at any moment.. and we lost a generation of important records because people stopped posting on their websites and blogs, and started posting on instagram, twitter and youtube
Or they were, but they had to do more with less. Given how companies love to "cut costs," the dedicated training people who had the time and expertise to think about how the task "should" have been done may have been canned. However, the need still exists, so the task fell on some overworked person with other responsibilities to juggle, who barely has enough time to get a quick an dirty job done with Youtube.
I believe management consultants call that "efficiency."
Its local governments that I worry about more than businesses.. One my favorite nature reserves had almost 20 years of monthly photographic records on a blog that was killed by a switch to instagram.
coperate video training platforms are mega dumpster fires caked in the legacy user experience crust you would expect.youtube ends up being the best, most user friendly platform for companies to upload videos to. not to mention its free so "why spend money on this platform or spin up resources for self-hosted infra when this is free?"
This makes me sad, I remember quite a few unlisted videos going around for one reason or the other over the years. Videos meant to be watched, mind.
There's lots of old stuff on YouTube from long dead small channels. This stuff rots and disappears over time with nobody around to maintain it. I guess it's a good reminder that everything needs maintenance.
Something similar, but much more dramatic, happened once they got rid of annotations - lots of old stuff that no longer works the way it was intended.
It seems like nobody particularly cares about preserving this kind of stuff. It's a big downside to having content that only lives on the web - video files on my local storage don't just change retroactively. Things might still need maintenance, like getting old flash files to work again, but information doesn't get lost as easily.
It's been clear to me we're at the tail end of the golden age of online videos and I and many others have been furiously downloading in preparation for the inevitable.
Not just videos, any online content is subject to loss. If you see something and like it, save it locally and back it up, whether its a video, image, text post, or an entire website.
Yeah bitrot is way worse than people imagine. About ten years ago (wow time flies) I ran an experiment to validate hyperlinks and measure bitrot and even then, links older than a few years did not work. This is why we will be leaning ever harder on stuff like the Internet Archive (thank you Jason!) as big ass media companies keep turning the screws to confine our attentions to their content while spending considerable effort to attack outside content.
More than anything I think the web of hyperlinks is dead. We have collectively decided that anything that isn't "news" isn't valuable, so the old web of interlocking hyperlinks has made way for a new web of content feeds.
I run a discord server for others downloading youtube content.
We maintain a list [1] of content that various members have archived, such that when content is removed from youtube, people can direct inquiries to contributors who have archived that content. It's a small way to keep track of what things have been successfully archived.
We are currently organizing some efforts to find and download unlisted videos.
Hello! Data hoarders [0] like myself use tons of automation for this task. For online videos specifically, I watch them locally so as to avoid as much telemetry as possible, and when I see a video I want to watch, I save it to a playlist. Then I have youtube-dl set up so that it will sync with the playlist and download any new videos that it doesn't already have. Your question about finding the time is on the money: The "choice" we are given is a complete farce, and time is the main way the monopolies turn the screws on getting you to behave the way they want. They make it exceptionally time-consuming to NOT give them everything they want. I spend an infurating amount of time not trusting my phone or my computer, and refusing to allow telemetry of any kind. I'm not married and have no children, and those things certainly make the problem that much more difficult. People seem to not give a shit about this nightmare dystopia we've built, they just want to connect their iPhone to your wifi network to they can shovel more data into tiktok or whatever. The more people you have in your life, the harder it becomes to "choose" not to give up (an inevitably insane amount of) your telemetry. It fucking sucks!! I am slowly feeling more and more helpless and now I even feel like I might have some understanding about that guy who flew a Cessna into that IRS building "lol".
Thanks for the explanation. Saving it when it comes up makes sense, I somehow imagined someone specifically going out there to download it all like a madman.
Probably should do the same when I get around it. You're absolutely right about the way the internet has developed. In addition to the privacy concerns now it looks like data availability will be an increasing issue with sites removing or limiting access left and right.
This seems to be a planned change related to a new link generator they released in 2017 [1]. You can opt out here [2] if an old video is effected. It seems like the unlisted feature is otherwise unchanged. I suppose you can also flip an effected video back to unlisted and get a new link after this goes into effect.
The thing that makes this fishy is that I also received an email for my Google Workspace organization about link sharing changing for Google Drive for a security update, and the date it initially takes effect is the same day at this YouTube thing, July 23.
I completely thought the email I got for this (for my personal Google app domain) was a phishing attempt. Why couldn't they have included the text in the email rather than some generic sketchy "You have a notification" nonsense?
If there was a link that said "Click here to view your messages", then yeah, I'd agree it would sound like a phishing attempt.
If it was an email saying, "You have a notification" and you have to manually log in to see it, then there's less chance of you clicking on a phishing attempt. Also, if there's any personal/private/sensitive information, this method makes it unavailable over email.
Just shooting from the hip. It could also just be laziness.
Seems highly unlikely to me (a Google engineer who works on systems that use Zanzibar / Cloud IAM) that this is a result of anything other than a change in policy.
Out of curiosity, could you blindly speculate about something that could happen to this service that would require these changes to be made in drive/youtube?
That's unfortunate. I have a few videos which seems to have been forgotten even by their uploaders. Those videos would probably not be updated. I guess I need to back them up manually.
I have one video in my favorites that is marked as unavailable. This drives me crazy I'll never know what that video was. I only have a couple videos in my favorites and every single one of them is important to me.
That’s a feature. If somebody deletes their video then all of the metadata goes with it. I agree that it can be annoying but among other things, it’s the law.
In my opinion, once the video is added to my list, at least the name should become my data.
Also I seriously doubt that all those missing videos were requested to be deleted by the user. I'd be willing to bet that 90% of them were taken down by youtube's ridiculous and mostly broken takedown bots. There should be consequences for frivolous takedowns.
The idea that all or most of these missing videos are due to GDPR deletion requests is completely incorrect. They are almost all from spurious copyright takedown requests. YouTube has no legal obligation to automatically honor these, and it certainly doesn't have to delete all associated metadata. Framing this issue as an instance of YouTube being respectful of their users data is ridiculous.
I had the same problem with a few old videos in my favourites. Google search for the alphanumeric text after "watch?v=" in the URL of the video. In most cases, you will find some information about the video from pages where it might have been embedded.
They could delete the video content and leave a sanitized version of the metadata. For instance leave the post date and title while removing the description and owner information.
Searching for a video's URL might let you find some metadata about it. Unfortunately YouTube encourages social media insulation so a video might have only ever been referenced inside of YouTube with no inbound links from the web.
You can easily imagine situations for which the title itself contains information that someone would rather have deleted. Per GDPR and similar regs, if you want that deleted, it has to be.
It's the uploader's video, and they retain ownership of it. If they want it gone, it'll be gone. Since they own the IP, their interests matter more than some random viewer who happened to add it to a playlist some time in the past.
Oh yes it does! It is amazing. With the `--download-archive` option you can specify a text file where it stores which videos it already downloaded. So you can periodically make backups of your playlists without unnecessarily downloading videos that you already have.
I run a discord server for others downloading youtube content.
We maintain a list [1] of content that various members have archived, such that when content is removed from youtube, people can direct inquiries to contributors who have archived that content. It's a small way to keep track of what things have been successfully archived.
We are currently organizing some efforts to find and download unlisted videos.
Or uploaders who have died and may have unlisted videos and linked to them in descriptions or comments.
I don't recall the creator, but I do recall a video series that used links in the videos that pointed to other videos for a basic quiz or choose your own adventure.
Honestly I have been doing this with all kinds of content, if I ever reference it to make a point, use it to understand a topic, etc I have a local backup of the video, webpage etc.
Too many times I have gone back to reference something only for the site to be dead, or the user been banned from the platform.
Yes. I always tell people that if they really love a YouTube video they need to archive it themselves. Tons and tons of content gets erased all the time for many different reasons. Just recently I found two of my favorite channels, popular around a decade ago, had deleted almost all their content because their jokes were too offensive for today's audience and they wanted to project a more mature aesthetic. That would've been a huge chunk of my early adulthood gone forever if I hadn't already had copies of all their videos.
If you feel like chatting with others who also archive youtube content, consider stopping by my discord server: https://discord.gg/EJvS4kf
We maintain a list [1] of content that various members have archived, such that when content is removed from youtube, people can direct inquiries to contributors who have archived that content.
It's a small way to keep track of what things have been successfully archived, and occasionally direct efforts to preserve specific content- like unlisted videos right now.
So the reasoning makes it sound like there was potentially an exploit that made it easy to find unlisted videos? Were the video IDs deterministic perhaps?
Yes, exactly. Video ID is just a base64'ed DES-encrypted primary int64 video key from MySQL. It used to be sequentially incremented until at some point they switched to randomly generated primary keys. Any (ex-) engineer who snapped a copy of the encryption key (it used to sit right in the code for anyone to see) can enumerate all videos from YT until that moment, including unlisted - which are only protected by secrecy of that one key. If the key leaks, then also anyone in the world can. That's what they are afraid of here. Source: worked for YT.
Block ciphers (such as DES) don't collide. If they did there would be no way to decrypt them because a block could be decrypted into multiple valid plaintexts.
Maybe their old scheme, when divided by the number of videos, was getting to the point where it was feasible you could brute force finding unlisted videos.
The old scheme had 7.3 x 10^19 ids (11 chars, base 64, thanks Tom Scott!). Suspiciously close to the max value of a 64-bit int, hmmm …
Assume a billion videos and you’re down to 10^10 - a one in a 10 billion chance isn’t much chance, but it’s far from secure.
(I’m ignoring the fact that only a small %age of videos are unlisted I guess, but I think the point still stands.)
I need to move some of my early technical videos to Vimeo now. I never connected my pre-Google YouTube account to Google, and so I can't do anything with them. It's been over a year since I logged into Google, anyway.
As an Aussie I appreciate the kangaroo. We still work often with 20MHz: good enough for most control applications. Not sure I'd want distributed control applications with multiple control algorithms and timing quandries, though.
Doesn't to me. Patreon tier-restricted videos, not to mention family shared videos, fall into this category, and not all creators are savy enough to know they need to do this.
Did they send an email to affected accounts? There seems to be a logical reason for this (newer unlisted videos have a more secure url generator), so I’d say this is neutral at worst.
I received an email from YT about unlisted "playlists", and they even gave me a link which showed me which playlists would be affected. Everything was very clearly laid out in the email.
Some of my videos would be affected and I got an email from them. Seems reasonable to me.
Of course, there is probably a large number of currently unlisted videos from accounts that are no longer active, which would effectively be lost after this change. Unfortunate.
It'd be interesting if Google had made this only apply to accounts that have had activity in, say, the last six months. If an account logs in and was skipped due to inactivity, it would then be appropriate to prompt them for their decision.
That, of course, requires significantly more engineering so I can see why it didn't happen.
What's stopping you from downloading videos you care about in the first place? It's not that hard to have youtube-dl batch download playlists, which is what I do.
I wonder where the web went wrong that we ended up in this regressive place where we have to create local backups because the Internet has gotten really good at "forgetting" all the fun and interesting stuff, while never forgetting all our personal info :/
The internet has always been fragile like that though, it's not a new thing. Even more than a decade back there were those encouraging saving local copies of web pages for any content one found worthwhile, rather than bookmarking it, since there's a likelihood of the link/content disappearing, which time has shown to be a smart idea given online archives aren't always reliable[1].
The same is true (perhaps moreso) for audio/visual media online.
[1] It takes someone else to first know about archive sites, consider archiving a link pre-emptively either manually or in an automated way, which doesn't always occur. Then one problem is if a link changes a version may have been archived at the old link but the new link doesn't show as being archived (sometimes redirects are in place, other times not). Another issue is archive.org respects robots.txt and webmaster requests so crawls can be retroactively made non-public (archive.is is a bit different but there's so little known about who operates it that it's unclear how reliable it is for long-term reference).
There are number of websites (Wikipedia, Lobste.RS, some subreddits, ...) which do archive all new outlinks in an automated way.
Why content preservation is not very popular among webmasters (why NH and 1000000s other sites do not do it?) is an interesting question for Internet philosophers.
Maybe, because people mostly want the shit to sink and not come up again?
A related frustration for me is when I have random videos in my "watch later" list replaced with a gray square and a note saying the video is no longer unavailable or has been made private. Since I don't even get any details of what the video was (title/channel/description), I can't go find it elsewhere. It's like having a song deleted from a playlist silently. It makes me wonder if I should even rely on Google's features for this sort of thing, or maintain a list elsewhere.
In light on this common experience of natural and intentional link rot for YouTube videos, I think the only sensible strategy is to use youtube-dl to download videos to watch (and possibly delete) later.
Its all pretty seamless with rss too. You can set mpv to be your default browser for video links and it will scrape and start playing and you can save the video too. I use newsboat and a master script that uses some regex to figure out what to open the RSS link with (like a browser, feh for images, or mpv, or rtv for reddit links, etc)
Google the URL. You'll often find it in the Google cache or linked from somewhere else with the full description. This can sometimes be enough information to find an alternate source.
These days I use ytdl instead of watch later... A friend sent me a link to an amazing tech tutorial someone made and they wasn't sure whether that is their thing. Of course they received a lot of abuse from internet trolls and later deleted the video and disappeared. I was never able to find that video again and since then I always download.
Almost like submitting to centralized gatekeeping is a crime against public culture, intellectual history and social integrity... wait... what are we all building again?
We have already built a corporate dystopia where plebs spend their precious time making content which enables a giant multinational company to generate billions in advertising dollars.
Google has process for handling accounts of the deceased (mostly for closing them and exporting some data, which can then be moved to a new account). Or individuals could assure that next of kin get credentials to their account for control.
But, yeah, a zombie account (without any active owner) won't be able to opt out.
Put your sensitive data on other people’s servers and this happens. If people cared they’d host it inside, on the other hand, that would mean being responsible for your own data which is not a popular idea these days
> Why? In 2017, we rolled out a security update to the system that generates new Unlisted video links. This update included security enhancements that make the links for your Unlisted videos even harder for someone to discover if you haven’t shared the link with them. We’re now making changes to older Unlisted videos that were uploaded before this update took place.
When Google bought Youtube Videos, I followed their directions on the new password, etc.
Something went wrong, and I couldn't delete, or edit my own videos.
They weren't that embarassening, but I used youtube originally as kind of a diary, or todo list.
I tried for awhile to get them off, but failed, and just gave up.
I did reach a human in advertising one day, and she told me, "Those issues are not what they hired he fooor. Try the help boards?". (She brought back memories of certian new college grads, and I realized how difficult it is to talk to a human at Google.)
Anyway--the vids are still up their years later, with people telling me how lousy they are. I just commented on my own videos. Telling people at one time, some uploaders just posted without thinking about clicks.
With respect to storage, there's a provision to delete old videos in the EULA at any time Google chooses. Eventually Google will pull the trigger.
Caching, I'm not so sure, but I'd be surprised if hiding old unlisted videos freed up enough of it to matter. New videos probably dominate cache storage.
I could see a policy where YouTube made Unlisted videos Private that only had referrers from social media; this would be a welcome compromise to ensure non-guessability of URLs. But I can also see how this could become complicated and political. And companies using YouTube in this way aren't really contributing to YouTube's revenue materially, so there's not much incentive relative to the reputational risk of people guessing Unlisted links.
I shudder to think that healthcare professionals or heavy-machinery operators might be relying on these links to be trained in systems they use, will start to see broken links, will never report them back to the right people at their system providers, will just not get the full training, will make mistakes, and might cause harm as a result.
Security is not the only component of safety, and impacts need to be evaluated holistically.