GitHub restores DMCA-hit youtube-dl code repo after source patched to counter RIAA's takedown demand Microsoft's GitHub on Monday restored access to youtube-dl, software for streaming and downloading YouTube videos, after removing the repository and forked versions last month in response to a controversial DMCA complaint from the RIAA, the US music industry trade group. "We are taking a stand for developers and have …
YouTube are certainly not worried about users getting copies of their videos. That was entirely on the RIAA side (US sound recording industry lawyer lobby).
That said, YouTube takes copyright infringement in their uploaded videos seriously, relative to Facebook which actively protects users posting content without the rights to do so.
And YouTube does try to break 3rd party interoperability at every opportunity, whether that's youtube-dl or NewPipe. Not because of piracy, of course, but because people not using their app or web-site takes away all that juicy user analytics data Google uses to earn almost all of their profit.
The school I work for placed a video on YouTube before the Summer to show our end-of-year speeches, etc.
Out of nearly two hours of footage, YouTube flagged a few seconds of a song (that we had permission for) and blocked the video and gave us a copyright strike (you only get three).
What amazed me was how quickly they did that. It was virtually instantaneous, the song was incidental in the video (i.e. it's not like we slapped the MP3 onto the soundtrack directly, it was playing in the background of a speech), and it was half-way through a long video with other things in it (including other music that was public domain, or performed by us with permission). It also identified the exact song, performer, and timing of it when it notified us.
And yet they often have complete copies of all kinds of movies and content on there that seems to stay on there forever.
I think it has more to do with how hot the copyright owner is, and YouTube complies, not that YouTube are actively beating up every video that passes their way through their own impetus.
Copyright strikes are issued by bots using an acoustic fingerprinting algorithm similar to your music identifier app of choice. Both background noise and only getting a random tidbit of song are things it was designed to be robust to so neither really bothers the copyright strike bots either, thus your instant strike. The algorithm was published publicly in 2003 and is well known so the bar to set up a copyright troll bot is very low.
Now that the offending (unit test|example)+ are gone will the RIAA back down? Did RIAA push this because this was the smoking gun in their eyes? Is the history of the smoking gun enough for them to think it worthwhile continuing? Part of me wants to see RIAA loose in court so there is a ruling. But in reality before it could get that far it would be a decade of pain and expense for everyone on the youtube-dl side. Hopefully RIAA will sod off for a bit.
Hopefully RIAA will sod off for a bit
unlikely. they seem to act as if every web site is Napster, and every content consumer is ripping them off or something.
I have one suggestion to RIAA: stop force-marketing CRAP at inflated prices, and if it's good, affordable, AND available for purchase, people WILL pay for it. Suing everyone for revenue is a BAD model, kinda like patent trolling...
Looking at this from the UK side of the pond, does not a DMCA request refer to actual alleged "pirated" copyrighted material (music, etc), rather than the means to obtain same? Are the RIAA trying to exceed what little authority they appear to have or exceeding their remit by trying to have certain software taken down from third party sites or attempting to ban it altogether? As far as I can see cars, guns (for instance) and just about any other item you can name, might also just as well be banned, as they can ALL be used to kill people. The fact that perfectly legal software CAN be used for nefarious purposes doesn't necessarily mean it WILL. Methinks the RIAA may have tried to legislate something which they are not entitled so to do.
does not a DMCA request refer to actual alleged "pirated" copyrighted material (music, etc), rather than the means to obtain same?
No, it can be either.
The content take-down notices are part of the "Safe Harbor" provision of the DMCA. That was written to prevent service providers from being liable for illegal content uploaded by their customers, provided they take it down immediate upon receipt of a takedown notice.
In youtube-dl's case, it's the "Anti-circumvention" provision. That was written primarily to make illegal the sale of satellite and cable TV descramblers (e.g. softcams).
The RIAA used strained logic to claim Youtube's minor obfuscation to hide the video location counts as copy protection and that reverse engineering it is therefore illegal.
The URLs in the unit tests are only *proof* that it's intended to be used for illegal purposes. Note that an individual downloading any of those videos in question is not illegal. Redistribution after the fact would be.
as a musician, I object to RIAA's monopolistic dominance in music distribution, their marketing and royalty policies that harm musicians by promoting CRAP at the expense of royalties to GOOD musicians, and their general attitude towards their CUSTOMERS (content consumers). What they did to used CD purchases, for example, should be CRIMINAL.
And worthy of mention, RIAA hall of shame:
* Smashing Pumpkins
* Prince (who had to change his name for a while)
* The Beatles (why they formed Apple and couldn't perform old hits)
* Salt-N-Pepa
(and MANY, many others who've had horrible contracts, even leading to bankruptcy)
I mean, I uploaded a short video from my CCTV so the local plod/neighbours know what the local Scum are interested in this week (strimmer as it turns out after trying all the front doors in our street save for mine) and within 5 mins of the uploaded video with no audio on I had 8 separate DMCA hits matching various artists as a background.... It has 12odd minutes of nothing.
What the actual? So yes, redressing the insanity is sorely needed.
Isn't there a penalty clause in the law for clear abuse, for not filing a takedown with at least some evidence on hand (the obvious ploy being that it still means that the unwilling victim has to sponsor the global cabal of lawyers one way or the other)?
It strikes me (sorry) that you have justifiable cause to help the EFF taking this one a tad further.
You can always count on Microsoft to do the right thing, eventually
I think it actually speaks rather well of MS/Github that no less than the CEO went on IRC to proactively reach out to the repo's owner. It doesn't seem like they really wanted to pull the repo, but the inclusion of unit tests and tutorial examples pointing at copyrighted material was a smoking gun that made it difficult for them to ignore the RIAA.
When you have no less than the CEO effectively saying "point the tests at something that isn't a music video and we'll give the RIAA the finger for you", it does feel like they're batting for the developers. Which is good.
"Remember it's the same Microsoft that sent DMCA notices to sites hosting Open/Libre office"
That was done under the bad old days of the Ballmer regime, he's long gone now and Microsoft is a different beast under Satya Nadella. Linus Torvalds once said, "If Microsoft ever does applications for Linux it means I've won" and The Register has now detailed numerous accounts of that happening.
RIAA claims youtube-dl is bad because it circumvents technological protection mechanism called "rolling cipher". While the legal eagles are not convinced that this rolling cipher even exists, or that it does anything to prevent downloading of the videos, there is even more serious problem with youtube-dl project.
Basically youtube's own terms of service are forbidding the download operation. How it works is that authors who post videos to youtube are only required to give licenses to "youtube and their associates", "for use in the youtube system"... This means that youtube itself does not have permission to bring the videos outside of the system that is youtube. When youtube doesnt have full permissions to handle the videos as they wish, how can youtube-dl project claim to have those permissions? As far as we know, youtube-dl's permissions for the videos are coming from the youtube's general permissions. But youtube itself does not have the permissions needed. So how can youtube-dl get permissions to the videos?
This is the big problem. RIAA's "technological protection measure" -theory is just trying to enforce the youtube's own limitation that videos must not be handled outside of youtube's own services. While we might not beleve that "rolling cipher" actually exists as a technological protection measure, we should be careful with the youtube-dl project when they have not seen the significant issue with the video permissions after downloading them to outside of youtube's system.
The EFF's letter to github that made github republish the repository had the following argument: "youtube-dl works like a browser when it downloads youtube video, and thus it doesn't circumvent technological protection measure"...
Unfortunately, this argument is completely wrong. Web browsers have significant "technological protection measures" that prevents downloading, including "back-key", "browser cache", "slow user interface for manual downloading", "regular deletion of downloaded data (when back key is pressed)", "limiting downloaded data to transient memory areas instead of persistent storage", "encoding of browser cache so that it cannot be used for piracy" etc...
The question is, is youtube-dl skipping these protections available in web browsers?
Thus even if youtube-dl is not "circumventing technological protection measure" of youtube, their browser argument forces us to consider technological protection measures available in browsers. And downloading data from web sites is one significant areas where browsers are actively trying to build protections.
Sure, but the "legal status" of browsers is always coming from the market leaders. But when you want to decide for features to implement for your "browser", it's always some fringe pirate tool? If you choose fringe features, you can't rely on market leaders legality.
Same works in cars, if your wooden wheels are not approved by the traffic laws, you can't rely on the fact that pneumatic tire-cars are legal to drive.
We are looking at the market leading browsers. For each of these, the "protections" as you call them either don't exist or exist for an entirely different purpose with no protection purpose whatsoever. Let's look at the ones you listed:
"back-key": The back key doesn't protect anything. It moves you around. If you request to download a file, which it will do for you, the back key will not prevent the download. You get to deletion later, so there will be more to say.
"browser cache": Which is a protection exactly how? It caches stuff for later viewing. It doesn't give the site owner any more control, and it allows users to copy stuff off of it. Not a protection by any means.
"slow user interface for manual downloading": It doesn't take me all that long to look at my "open" and "save" options and select "save". It doesn't even ask me where to store the file. So it's not a slow interface. If some part of it is slow, that's a UI problem which could be fixed, not a protection measure.
"regular deletion of downloaded data (when back key is pressed)": That's because, when I leave a page, I usually don't want any of that data anymore. It's clearing it for me because it doesn't want to use up my disk. I can set it not to do that if I want faster page loads and most browsers will keep some things they think I'll be using again soon.
"limiting downloaded data to transient memory areas instead of persistent storage": Er ... that's not a thing. One of the problems with browsers is that, in an attempt to use less RAM, they store a bunch of cached data on the hard drive and sometimes forget to delete it. You can go through browser profiles and look at a bunch of temporary files they created and forgot to delete unless you have set it to delete all of that when the browser closes.
"encoding of browser cache so that it cannot be used for piracy": Also not a thing. If you go into those temporary directories, you'll find a bunch of stuff. None of it will be encrypted. It may be stored in a way that doesn't make it obvious where it came from, but that's because the browser stores that information in a more compact way, mostly in SQLite databases. They do that in order to have a more organized set of files, easily clean up, and access them with a single database query and disk access rather than several disk accesses. If you want that data, nothing stops you loading up those databases and using them to reassociate files with metadata and do with them as you please.
Remember when "save image..." became "download image"?
That's one of the more egregious changes for no obvious reason other than possibly at the behest of lawyers. If you are saving an image from a webpage, it's already been downloaded to your PC, possibly even on the hard disk, albeit in the cache. Save is a technically accurate function in this case while download is obfuscating what is happening.
"limiting downloaded data to transient memory areas instead of persistent storage"
Most of your "protections" are utter tosh, the one quoted above, the most. Have you any idea how often people in trouble with the law end up being convicted at least partially because of their browser cache data? There's all sorts in there because few people limit, restrict or clear it. Most, if not all browsers, set aside an amount of hard disk space which the user can increase or decrease at will, thus keeping more or less data effectively in permanent storage.
> Except there are plenty of videos posted on youtube under CC licenses
youtube cannot see the actual license of the material. Their submit form is requiring certain permissions, but if your license allows more flexible usage of the material, then youtube cannot take advantage of that fact.
"...then youtube cannot take advantage of that fact.
100% Wrong!! YouTube calls that advantage PAY ME!... "YouTube TV" $64.99/mo. If you don't like that example, let me introduce you to "YouTube Premium".
I'm not sure which Google YouTube you've been using, but Google YouTube is not the Google YouTube you think it is because sure, you can download that CC licensed video but, you have to be on the PAY ME! plan. Now enter... youtube-dl and its kindred, which I have no doubt Google YouTube hates youtube-dl more than the RIAA.
YOUTUBE-DL
The clue is kind of in the name, isn't it?
Don't get me wrong, I use it too - I download programming tutorials for offline viewing on my phone without burning my mobile data. I'm not really interested in using it to download music videos/albums though... I mean, for that, well I could just watch/listen on YouTube.
For me, the argument that a software application can be used for copyright violation is a flawed argument. I can use my browser to download copyrighted images all day long. So should we ban browsers until the ability to download images is removed? What about downloading applications? Some of the applications may be pirated. Let's remove the ability to download apps from browsers, too.
Of course, this wouldn't stand up in court, and I suspect that Microsoft/Github understand that too, which is why they feel confident enough to reinstate youtube-dl now that the letter of the take-down request has been obeyed.
It will be very interesting to see what the RIAA's next move will be. Still, I would advise renaming the application to something a little less controversial.
> I can use my browser to download copyrighted images all day long. So should we ban browsers
> until the ability to download images is removed? What about downloading applications?
> Some of the applications may be pirated.
Why browsers get away with a shipped download feature is as follows:
1) they implement download, but only allow DISPLAY of the content, not DISTRIBUTE.
2) they limit the amount of content downloaded, i.e. browser's download feature has slower than
turtle user interface that allows manually downloading only one file at the time
3) they don't allow downloading all the content, but only selected/small section of the actual data
4) they have very efficient ways of controlling under which circumstances the downloaded data needs to be deleted.
These points make usage of browsers and the following tools slightly dangerous:
a) all tools that do DISTRIBUTE, including youtube-dl, because it skips (1)
b) zip files, tar packages, rar files etc, which bypasses the one-file limit in (2)
c) all the javascipt download or scaping tools because it bypasses the (3)
d) all tools that store downloaded data to persistent storage, databases or file systems because it bypasses (4).
I disagree with your point #1 - unless I've misunderstood you. Youtube-dl does not permit distribution in any way. It simply facilitates the downloading of a file (video file) to my hard disk. What I choose to do with that file once it is on my hard drive is outside of the influence or control of Youtube-dl. Exactly the same with a browser: If I download a copyrighted image from, say The Daily Mail or BBC news using my browser, it's subsequent distribution by me is outside the influence or control of the browser.
Any legal criticism of Youtube-dl wouldn't be fought on the grounds of facilitating distribution. It does not facilitate distribution. If that were the case, Torrent clients would already be outlawed. Yet they are not. Why? Because they are also routinely used by universities and all manner of organisations to distribute their files perfectly legally.
Any legal action against Youtube-dl would surely have to be fought on the specific issue of downloading from YouTube, which would be a violation of YouTube's terms of usage. In such a case however, it would be for YouTube to bring suit, and so far, they haven't; preferring to engage in a technological arms-race with the Youtube-dl devs.
Interesting times...
> I disagree with your point #1 - unless I've misunderstood you.
> Youtube-dl does not permit distribution in any way.
> It simply facilitates the downloading of a file (video file) to my hard disk.
The download-to-hard-disk was the point number (4).
"The download-to-hard-disk was the point number (4)."
I just went back and read your point #4. You said no such thing. The browser has no idea if data in the cache might be someone elses IP. It deletes it based on available space and it's own algorithm looking at which data you are least likely to need again.
You don't get it.
If you are willing to give content to me, I'm not required to then impose your arbitrary restrictions on myself.
If I don't want to run your crappy JavaScript you also throw at me, I don't have to.
As for your points, they read as the guess work of someone new to both computers and the law. They are all fundamentally flawed - how non-techie "the man in the street" thinks it all works.
I'm not trying to be rude, that's how you come across.
But YouTube doesn't 'give' content to you. By watching it, you accept their terms and conditions. You have effectively entered into a contract and that contract doesn't permit you to download their content. And further more, their model allows you to view it. Not download and keep it. If you want to watch it again, you need to visit their site and watch it again.
My points certainly are guesswork - IANAL. However, I've been involved in software development day-in-day-out since 1987.
"By watching it, you accept their terms and conditions."
No, I haven't. I'm not signed in and I don't have to agree to anything. They are offering their site and contents entirely for free, no terms and condition can possibly apply, implied or otherwise since I've not seen them nor been forced to read or agree to them or told to bugger off for not agreeing to them.
> 2) they limit the amount of content downloaded, i.e. browser's download feature has slower than turtle user interface that allows manually downloading only one file at the time
> 3) they don't allow downloading all the content, but only selected/small section of the actual data
> 4) they have very efficient ways of controlling under which circumstances the downloaded data needs to be deleted.
This is incorrect.
- Open a new Chrome/Chromium/Firefox window
- Open Dev Tools, switch to Network tab
- Browse to the page which references all your images (say)
- Wait till everything has loaded
- Right click in Dev Tools
- Save all as HAR with content
You now have a file containing everything your browser fetched. Seperating that out to individual files is just a matter of a script/dedicated program (i.e. not really much more challenging than say a rar file).
As someone else pointed out, you're also wrong on 1) in that youtube-dl doesn't facilitate distribution any more than a browser does (so youtube-dl doesn't fit into your "a" either )
So, do we need to ban browsers now? They don't meet your criteria either?
This is really why it's ridiculous to begin with, and why the DMCA is a stupid, stupid piece of legislation, passed by fatuous fools in the legislature, who were cowed by the RIAA and MPAA at the time, and too ignorant of technology to even understand what they were doing.
Now that I've gotten that off my chest, what shall those of us who realize this, do about it? The whole tar baby is getting stickier and stickier day by day, but it's established precedent at this point.
Leaving aside the first point for the moment, I want to know how old your browser is. Every browser I've used in the past decade doesn't have any of your subsequent points:
"2) they limit the amount of content downloaded, i.e. browser's download feature has slower than
turtle user interface that allows manually downloading only one file at the time": I don't know whether I've ever had a browser do that. Even the really early one I used on a weak mobile device allowed me to queue files to download which it did in sequence. Everything else downloads files in parallel.
"3) they don't allow downloading all the content, but only selected/small section of the actual data": Mine don't do that either. There's this button which lets me save the whole page and everything displayed on it. It's called "save". Getting the files out of the format the browser likes takes a few seconds. I can also go to the developer tools and access any subset of the data with those utilities.
"4) they have very efficient ways of controlling under which circumstances the downloaded data needs to be deleted.": They do? Mine doesn't seem to do much. It had an "automatically delete downloads after they've sat in the downloads folder for X days" option, but I turned it off. It would help if it were that smart, as I see there's a dataset in there which is now about a month out of date and needs updating. The browser should somehow detect this and delete the out-of-date dataset for me. Why didn't it?
"b) zip files, tar packages, rar files etc, which bypasses the one-file limit in (2)"
Amazingly, when I access Outlook through my web browsers, one of the options is to download multiple attachments with one click! It even handily bundles them in a ZIP file for me. Clearly the web interface to MS Outlook is a piracy tool which should be banned!!!!!
> I'm using a browser with no javascript support and use youtube-dl to watch video on youtube
Under chrome or firefox, one download from youtube means one "view"... If you use youtube-dl, one download might mean that half the planet got access to it without youtube knowing about it.
Under chrome or firefox, your video file disappears when you press the BACK key on your browser and you need to download it again to access the same file next week.
Under chrome or firefox, if youtube's legal team decides that some video is infringing, they can disable access to it (and all the derived copies of it)... with youtube-dl, youtube's legal team has no possibility to limit the damage if they find copyright infringement in one of the videos.
> Next DMCA takedown on curl ?
curl is interesting case. But RIAA/MPAA never went after ftp servers or other commandline tools.
Basically the legal activity seems to be focused on website scraping software instead of curl itself, especially when website TOS prevents scraping.
> Under chrome or firefox, if youtube's legal team decides that some video is infringing, they can disable access to it (and all the derived copies of it).
Some would consider that an active argument *for* youtube-dl, especially given Youtube's habit of disabling access to videos based on some very, very shake false positives.
> youtube's legal team has no possibility to limit the damage if they find copyright infringement in one of the videos.
Indeed, but that's a problem for them to solve, not the users. And so, the arms race rolls on.
> Basically the legal activity seems to be focused on website scraping software instead of curl itself, especially when website TOS prevents scraping.
You keep talking about Youtube and their TOS, I'm not sure you've actually followed or understood the case here.
The takedown request relating to youtube-dl was not filed by Youtube/Google and has absolutely nothing to do with their TOS.
It was filed by the RIAA who claimed it was designed to circumvent technological protections, and therefore was in violation of the DMCA. They were initially successful only because the unit tests referred to downloading some videos that the authors clearly didn't hold the rights to.
> Some would consider that an active argument *for* youtube-dl, especially
> given Youtube's habit of disabling access to videos based on some very,
> very shake false positives.
Sure, but this would be a good basis for a lawsuit. If you explicitly made a feature to software that prevents you from doing this "disable access" operation, you can be easily sued for it. Basically this is what kazaa and napster were doing when they were sued -- their song catalog was replicated widely enough that "fixing" the infringement was impossible.
Note that github is doing it correctly -- they were technically able to disable youtube-dl repository from the public when legal paperwork indicated that there's legal issues with it, and then bring it back online when lawyers have managed to look into it. Basically the uncertainty period is dangerous when you don't know if you're on the hook for millions of dollars of damages or if the claims are bullshit. Publishers of copyrighted works need to be able to "stop the presses" when other copyright owners call the bullshit on your published material.
> Note that github is doing it correctly -- they were technically able to disable youtube-dl repository from the public when legal paperwork indicated that there's legal issues with it, and then bring it back online when lawyers have managed to look into it.
This is unrelated to this
> Publishers of copyrighted works need to be able to "stop the presses" when other copyright owners call the bullshit on your published material.
Taking down the youtube-dl repo stopped download of the script, the copyright of which is not owned by the RIAA (or any of their clients).
It didn't stop anyone who already had a copy of the script from continuing to use it (though Youtube *did* try to roll out a breaking change shortly after).
Your correct in that Github followed the only available course of action under the DMCA. What you seem to be missing is that it's very far from certain that the original claim was actually a valid use of the DMCA. In fact, it seems to have been applied based simply on a technicality (the referencing of those videos in unit tests) and has been restored now that those are removed.
> Sure, but this would be a good basis for a lawsuit.
No, it's an awful basis for a lawsuit, and a lawsuit is an awful remedy for it too. The average user does not have the resources to bring action against Youtube because they've taken down a video that they shouldn't. The average user doesn't have the resources to bring action against the RIAA for filing dodgy DMCA claims.
Whatever resources a group of users could bring together would likely get depleted whilst the RIAA or Youtube play games challenging standing, much less the rest of the trial.
The DMCA is, and always has been, a well lobbied for sledgehammer used to crack a nut, abused by large companies with impunity.
And you know what? When it was introduced, it did absolutely fuck all to affect piracy rates. The thing that started to bring piracy down was the proliferation of good central streaming options - think Spotify, Netflix etc.
Except, video piracy's reportedly on the rise again.
Why? Because companies have decided they want a bigger slice of the cake, launched their own services and pulled content from those central locations.
The result being that users need to be signed up to a plethora of services (paying much more for the privilege), so a proportion of those say "fuck this" and go for the *easier* route. Is it right? no. Is it avoidable? yes. But all the lessons of the past seem to have been unlearned....
Why's this relevant? Because if you give enough people reason to go out-of-band, then you've entirely lost your ability to "stop the presses" as you put it. In this particular case, what the RIAA have done is give a massive amount of publicity to a tool which can be used to help users get their content out-of-band.
> What you seem to be missing is that it's very far from certain that the original claim was actually a valid use of the DMCA.
It seems pretty valid, for the following reasons:
1) Authors who post youtube videos never gave youtube permission to publish the material outside of youtube
2) RIAA is clearly a youtube author who satisfy point (1).
3) youtube-dl is at the edge of youtube - it clearly pulls data from inside youtube to outside of youtube
4) RIAA cannot go directly against youtube-dl on the grounds of copyright infringement, because youtube-dl never published the material, their users did.
5) But youtube-dl enables end users to violate RIAA's copyright, so RIAA might still have valid claim
6) RIAA just needed to find alternative legal mechanism to shut down youtube-dl, and that seems to be the
"circumvention of technological protection mechanism"
7) This circumvention is obvious after you see (3).
8) Possibly there's the fact that youtube has promised RIAA and their member companies that their youtube system
does not allow downloading published video material, and their TOS enforces it
9) Thus from (1),(2),(3),(4),(5),(6),(7) and (8), you can see that the DMCA notice is valid use of DMCA.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
