> By now it is clear that the RIAA’s takedown notice backfired badly. With the ‘Streisand Effect’ in full swing, there are now probably more copies of YouTube-DL online than there ever were.
Did it though? Sure, the Streisand effect caused more distribution of youtube-dl, but that's never really been an issue. Open source software as widely used as youtube-dl is mirrored in a hundred different places.
The issue here is what does future development of youtube-dl look like? It sounds like the rolling cipher stuff is going to have to go if development is to remain on Github, and that's a win for RIAA.
It annoyed me enough to put me back into a buying position. I looked at Gitlab pricing after paying Github every month for a long time (hey, Business Guy: we'll switch in a heartbeat) and I started thinking about what it would take to host code in a decentralized fashion.
In a free market it is important that when you are displeased with a supplier that you truthfully tell that supplier why you are displeased (ideally very vocally) and are actively considering alternatives. It is one of the few early-warning signals that might change their behaviour.
But ideally, just stop giving them money immediately and tell them, but mention that you are willing to change your mind if they change their behaviour. And if they vascillate too often between what is right and what is profitable, inform the entire system even if it is a great personal expense. As long as it benefits the system, you will come out okay in the end.
GitLab's DMCA policy is not substantially different from GitHub's. Finding an example of YouTube-dl on GitLab doesn't mean GitLab doesn't comply with the DMCA, it just means RIAA hasn't sent them a DMCA notice yet. Regardless of how vocal you are you won't convince a company with US operations to not comply with the DMCA.
Rather than getting mad at companies for complying with the law of the country they operate in, why not support organizations like EFF that are actively working to change the DMCA?
'rolling cipher stuff' - I think you just do a regular web request to a Youtube video page URL (ie https://www.youtube.com/watch?v=...), and the response contains (in a json object) several URLs that point to the video content in various ordinary formats. You don't need to run any JS even, or pull any tricks, just parse the response string and fish out the URLs. 'rolling cipher' means the URLs change (over time, user?), so they aren't useful for sharing to others. What is the 'technical circumvention' here?
As I already said in another thread several days ago, not quite. For most videos, yes, you do a request to https://www.youtube.com/get_video_info?video_id=... and there are links to files and adaptive streaming playlists. But then there's stuff like VEVO music videos, and those have an additional layer of protection in the form of some signature IIRC that you need to add to those stream URLs to make them valid.
Source: I added a custom YouTube player to my app several years ago, and, actually, besides my own reverse engineering, youdube-dl sources were quite helpful with figuring it all out. It didn't play those "protected" videos though.
When I think of what it's like being an engineer (regardless of field), I think of the distance between "isn't the solution as simple as...?" and what the project actually looks like after a year in production after encountering the full domain of things that can go wrong.
Though youtube-dl also simply does more than what you're assuming. And ctrl-f for "drm".
True, if anything it just seems to do nothing. Though don't let me distract from the rest of the code. Just seems like initially simple code slowly encumbered by if-conditions in response to real world obstacles and feature creep.
IME, most YouTube videos do not use any technological measure to prevent using any TCP client, not simply Google's Javascript player compbined with a web browser, to download the video. Moreover I have observed that for most YT videos Google's player uses "progressive download", i.e., a number of successive HTTP requests with incremented Range headers, not "streaming".
Thus, for most videos, there is no need to circumvent any technological measure, e.g., a so-called "rolling cipher" for the video signature. Section 1201, specifically referenced in RIAA's letter, requires that the circumvention software be "primarily" designed for circumvention. It's arguable youtube-dl is not primarily designed for downloading the minority of YT videos that use the rolling cipher, or whatever "protection" Google may choose to offer the minority of YT accounts that want to use YT as a distribution channel for commercial content, e.g., VEVO.
With the rolling cipher, Google tries to ensure all HTTP requests sent by the user are made via its own Javascript player. However this still does not stop anyone using a popular browser with Developer Tools or the equivalent (such as Microsoft's own Edge browser) from obtaining the download URL and using any TCP client the user chooses to perform the download. Nor does it stop any user from observing the download URL via other means, e.g., users observing the TCP traffic entering their personal networks.
Through the use of the rolling cipher, YT does not restrict access to the the download URL. It simply changes the URL periodically. The rolling cipher is thus not an effective access control. For example, when Google promises YT account holders Google can prevent users in a certain geographic region from accessing a video, does Google use a rolling cipher in the Javascript player as the access control.
I believe a court in Germany has already ruled on the rolling cipher being a technological restriction (and that is referenced in the complaint). The point of the technological measure (together with TOS) is to make the intent clear. youtube-dl could probably have been fine without implementing the cipher decryption function but since it did and had a test suite to check and flag if it doesn't work, it made itself a target.
Any standard user agent would "circumvent" the "protection" in exactly the same manner. If Firefox used that page as a test case for its JS engine, would that make it primarily designed for circumvention?
The point of the rolling cipher is that you can't access the video without running their JS. youtube-dl did exactly that, just as any user agent would.
Well if it actually went to a court case, I'm sure either RIAA's lawyers or the defence lawyers would subpoena Google to disclose the split of downloaded videos between protected and not protected videos and then we'd actually know. It is likely RIAA would have already done some sense check of usage already using metered PC panels before even stirring up this particular hornets nest.
> It is likely RIAA would have already done some sense check of usage already using metered PC panels ...
Not sure about that. The RIAA approach over the last few years doesn't seem very well researched or well thought out. They seem to more go after "targets of opportunity" + add in coercion wherever possible.
This issue is silly to me because the YT videos I am interested almost never use the rolling cipher. I cannot be the only one. If the user is someone who wants to consume commercial content from VEVO and the like via YT, surely she is also content to do so using Google's Javascript player and submitting herself to ads and tracking that web browsers enable.
IMO, there is more to YT than what the RIAA's members contribute.
I’m failing to see how handing a key to someone along with the address to the door it unlocks communicates any intent about that someone to unlock the door with his left hand only, and never with his right one.
Now, if they had designed a system where the key could only be operated once/for a given timeframe from a specific left hand glove, then the intent would be clear (IOW DRM container like widevine or fairplay). But the intent of making it from cumbersome to impossible for right handed, broken armed, or disabled people, or just missed the bus and being late, to use the key would be very clear also.
What’s clear to me from this overall SNAFU is that they’re after the eyeballs. The content only matters as an eyeball attractor.
I’m wondering if in the EU youtube-dl could fall under protection for interoperability.
This specific painting is public domain, you could copy it to your heart’s content.
> I think a better analogy is: Handing someone a key to unlock a door to watch an artwork and then taking the (a copy of, a photo of) artwork with you.
I kinda get your point, but it’s completely non obvious that the key from YouTube has any sort of such value: it’s just a string of chars, it could just as well be some homegrown encoding, tracking system, or error check+. A ticket has clear information about its validity in space and time. I’d argue that the alleged protection is so lousy as such that it could very well be dismissed as being one, whereas a ticket+museum or video+drm you cannot get the content out of the container, at least not easily so, and it’s very obvious that it’s there to prevent that, with enforcement of metadata on the key (e.g cert/key with time, device or account id, pubkey signature, ...)
I seem to recall a legal provision (might be DMCA even) that says if the protection scheme comes to be trivially bypassed then the circumvention clause doesn’t hold water, in essence codifying protection obsolescence and making e.g DeCSS ultimately legal, but I can’t find the reference to that.
+ I’d argue it’s actually more akin to the second one.
> Section 1201, specifically referenced in RIAA's letter, requires that the circumvention software be "primarily" designed for circumvention. It's arguable youtube-dl is not primarily designed for downloading the minority of YT videos that use the rolling cipher, or whatever "protection" Google may choose to offer the minority of YT accounts that want to use YT as a distribution channel for commercial content, e.g., VEVO.
I still think it's debatable whether youtube-dl constitutes circumvention of effective controls or not. This is the relevant definition:
> a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
I'm not intimately familiar, but is youtube-dl cracking the rolling cipher, or using the keys that YouTube provides? I believe there is a very valid argument that using youtube-dl is not evidence of circumvention of effective access control systems. There are a plethora of other reasons one might want to use it. One perfectly legitimate example is if you want to watch a video in 1080p without constant buffering, but you aren't on a network connection that can support that. You're basically using your hard drive as a much, much larger buffer. You can often even play the videos with the same browser that opened YouTube, so it really does become effectively cached content (albeit a cache external to your browser).
I think they would also have to demonstrate that downloading one of those videos is a copyright violation. You could argue that as long as the video is available, it should be valid for you to cache those videos. If I'm going on a plane, or I know my internet is going to be out, is it really a DMCA violation for me to download those videos and time shift my viewing to when my internet is out?
> Through the use of the rolling cipher, YT does not restrict access to the the download URL. It simply changes the URL periodically. The rolling cipher is thus not an effective access control. For example, when Google promises YT account holders Google can prevent users in a certain geographic region from accessing a video, does Google use a rolling cipher in the Javascript player as the access control.
I disagree with this part. As much as I don't like it, I can't find any way that the rolling cipher is not "effective access control". I linked the definition above, but to the layman (and these laws were written by laymen, so you do have to bear in mind their intent) periodically changing the download URL is an effective access control because they can't bookmark it and go back to it later. We can argue that using the Developer Tools is "in the normal course of operation", but I think you're extremely unlikely to get a judge to agree that opening the Developer Tools is "in the normal course of operation". It's normal to us, but it is not normal for the US as a whole.
In short, I think anything that you can't bookmark a download for probably counts as "effectively controls access". I'm sure other industries feel the same way; oil execs say what they're doing is slightly different than what the law stipulates, doctors says what they did doesn't exactly match up with what malpractice law requires, etc. The only person who's opinion matters is the judge, and they probably aren't an expert.
As an overall summary, I think we're more likely to succeed by poking holes in the RIAA's case. Youtube-DL is under no legal obligation to prove anything; the RIAA as the plaintiff is responsible for proving all of the facts they assert. As long as we try to combat that with our own assertions, they can simply try to poke holes in those. It seems much more difficult to prove that youtube-dl's usage is legitimate than it is to poke holes in one of the assumptions underlying the RIAA's lawsuit. If this is legitimate use, youtube-dl wins. If this is not circumvention, but an alternate access mechanism, youtube-dl wins. If you can prove that rolling ciphers are not an effective control measure, youtube-dl wins. I think the most likely of those options is demonstrating that youtube-dl is fair use (I wonder if there are any accessibility reasons to use youtube-dl; that would hamstring the RIAA, as they'd be caught between the ADA and the DMCA. They either have a valid DMCA complaint but YouTube is liable under DMCA, or they don't have a valid complaint because youtube-dl is required to meet ADA specifications). I don't even have to think very hard to come up with a few non-infringing reasons why someone would use youtube-dl. The RIAA then has to prove that youtube-dl is "primarily designed ... for the purpose of circumventing a technological measure", rather than for the variety of non-infringing reasons one might use youtube-dl.
Inside the source of the Javascript player (base.js) was a function to transform (update) the value of the video signature (s) parameter. All you had to do was look at base.js and duplicate the string operations used to produce the updated s, whatever they were. No need to use Javascript. yt-dl chose to use Python. Only a minority of videos used this "technological measure". Most videos on YT do not require a continually updated s; the value of s stays the same.
Regarding the "bookmark" comment, there is no way to "bookmark" any YT download URL because all YT download URLs (not just ones that have a changing signature) include timestamps; as is typical of download URLs on video sites, they have an expiration. Generating URLs that expire is not done as a means of copyright-related "access control"; the purpose has to do with caching.
RIAA depends on it being debateble. Debatable means you get to spend hundreds of thousands of dollars arguing over it in court. Sine the RIAA’s members business model depends on it, they are willing to spend whatever it takes. No one else is.
That depends on the timeframe you consider, and how much push-back there is against this and whether or not the RIAA continues to overreach. If the awareness results in policy changes that preserve something like "archive-preserving tools" then RIAA will have lost the fight against tools that have the potential to infringe.
Github hosting is not the be all and end all of open source software development. There are alternatives, ranging from hosting on one of the Chinese public clouds, using 'bulletproof' hosts that cater to such things as phishing groups, cutting a deal with the Russian mob to host development in Russia, hosting on an .onion site, or making connections with the Pirate Bay folks.
"If you outlaw freedom, only outlaws will have freedom."
This isn't all that different from the fact that sites which prominently support free speech attract all the extremists, because that's the only place they have.
Hah I came to post with that quote in mind. But really, if the legal system is abused to remove tools that are legal but the rich and powerful don't like, they'll migrate to places where the law can't touch them.
Git can be cloned via HTTP and it's so easy to set up that people have accidentally done it. There are loads of web shops that accidentally disclosed source code by way of having their Git deploy repo in their Apache webroot. You could literally "git clone http://poorsuckersblog.com/" and get everything.
To me the most interesting (and new to me) part is §Cease and Desist Notices:
> Following our initial coverage, we learned that the pressure against YouTube-DL had already started weeks earlier in Germany. Law firm Rasch, which works with several major music industry players, sent out cease and desist orders in the hope of taking YouTube-DL offline.
> Hosting service Uberspace was one of the recipients. The company hosts the official YouTube-DL site and still does so today. Instead of taking the website down, Uberspace replied to the notice through its own lawyer, who said that the hosting company hasn’t don’t anything wrong. [emphasis added]
> When the cease and desist notice was filed, yt-dl.org wasn’t even hosting the tool, as all download links pointed to GitHub, the company informs us.
[But the site does host the tool now, and Uberspace still doesn’t appear to have taken it down]
> “The software itself wasn’t hosted on our systems anyway so [but IIUC it is now], to be honest, I felt it to be quite ridiculous to involve us in this issue anyway – a lawyer specializing in IT laws should know better,” Jonas from Uberspace says.
It's probably worth mentioning that Uberspace is based in Germany, not the United States, so may not feel the same risk from not obeying the DMCA as a US company.
I run a service based in Germany, and yes we don't care about DMCAs per se.
However German laws are essentially: "Once you are notified of copyright infringing/illegal content, you have to remove it, lest you lose your protection as a service provider and become responsible for the content."
A DMCA takedown notice would be such a notification.
On the upside you don't need to do anything if you don't have reason to believe the content is illegal in any way (unlike with DMCAs where you pretty much always have to remove first).
On the downside it's a bit easier to get into trouble as a provider if you chose to let something stay online.
>On the upside you don't need to do anything if you don't have reason to believe the content is illegal in any way (unlike with DMCAs where you pretty much always have to remove first).
The DMCA works the same way. If you refuse to remove content and it turns out to be legal, then you as a service provider can't be held liable. You only get in trouble if you ignore a valid notice and there is infringement.
Neither is relevant here, though, as it wasn't a DMCA notice but a claim of anti-circumvention.
> However German laws are essentially: "Once you are notified of copyright infringing/illegal content, you have to remove it, lest you lose your protection as a service provider and become responsible for the content."
Youtube-dl itself isn't copyright infringement though. It's a tool that could theoretically be used for copyright infringement.
Maybe also worth mentioning that Uberspace is not your average hoster. It's a highly developer focused and developer friendly hoster with the fitting technical expertise, combined with a lot of character (plus interesting business model). If only one german company would not accept a baseless claim as this it would be Uberspace.
There is actually _less_ legal protection for speech in Germany than the US.
For instance, it's against the law to insult a government official like a cop (Beamtenbeleidigung). This could mean saying something like "damn cops" in earshot of the police - it doesn't take much.
You could argue that courts aren't as accessible in the US as they should be without deep pockets (rightfully so), but fundamentally free speech _is_ much better protected in the US.
In Austria and Germany insulting a government official is handled by the same law as insulting a normal citizen is (except for that also the superior can file charges for subordinates).
According to the one law in this link (German law §90 StGB), offending the president of Germany carries a penalty of anywhere from 3 months to 5 years prison. This can even apply in private matters.
Speaking of Austria, blasphemy laws still apply there and were upheld by an EU court when challenged two years ago [1].
People talk a lot about the UK's strict defamation laws, but the German concept of "Beleidigung" goes much much further. It's against the law to give someone the middle finger, for example.
Certainly, that’s true. There are many ways to hurt others with words, even avoiding definitions that would be against the law in Germany.
This is a bit personal, but my brothers and I grew up in Germany with a father who was verbally and emotionally abusive. However, he didn’t break any laws regarding offensive speech at least.
Ironically legislating against offensive speech protects people from superficial harm of “offense”, causes a chilling effect by curtailing “offensive” speech (what can you say about a corrupt cop in Germany or France without breaking the law?), and does little to prevent actually emotionally abusive speech.
Obviously my views are biased by my own experience, but I think the US is two _centuries_ ahead of the curve here while Europe still struggles with the ghosts of former monarchs.
No that case was dropped [0]. The logic of that law is that you shouldn't be allowed to insult someone who does not have free speech himself, and so cannot defend himself. But it's pretty much a dead letter.
The case was dropped, but only after he was arrested and put in a cell; I don't know the intricacies of this, a cell probably is not a jail. But "behind bars" is what I meant.
I dunno if it's a "second class event"; I'd say it's just tricky to adjudicate. there are a lot of ways to seriously hurt someone's feelings that should not be illegal.
That has to do with order. Insulting people is not considered orderly, hence the possible penalties. You can however insult people using the language twisted the right way and not pose yourself at risk. I wouldnt call this concept reduction of free speech, when in fact all it takes away is the liberty to insult someone in certain ways.
I read the last part of the sentence (rightfully so) in the best case to refer to the argument that courts aren't as accessible as they could be, rather than the current state being right. Ambiguous but probably well meant.
Good catch, I should clarify - one could rightfully argue that free speech is not available to all if the legal system is not affordable to everyone. It’s a serious shortcoming of the justice system.
It's still listed in the law that you're not allowed to insult royalty, but that does not appear to be enforced. For example, see Böhmermann insulting Erdogan on national TV:
https://en.wikipedia.org/wiki/B%C3%B6hmermann_affair
Imagine doing such a poem about Trump in the US. I believe the author would be punished much more harshly than this guy, who even managed to keep his job...
the text doesn't load for me in the translated version for some reason so I can't comment directly on the poem.
it's hard to imagine any legal action taken against someone who wrote an insulting poem about trump though. people say stuff like "I hope he dies" on social media every day.
I have a hard time believing that a CNN announcer would keep his/her job after saying this about Trump on national TV:
"His dick stinks badly like kebab, even a pig's fart smells nicer. He is the man who beats girls while wearing rubber masks. Most of all he likes to fuck goats and oppress minorities."
But like Wikipedia says, Böhmerman retained his job. In my opinion, that's the difference. A higher level of tolerance for speech that most people disagree with.
One of 4chan's favorite past times is discussing which country has more freedom of speech. It always ends in a massive flamewar and I can only recommend not to repeat that here.
I don't think it'd be ironic, but it's also not true. It's obviously not a free speech issue, and Germany has laws regarding copyright and circumvention of constraints. I doubt a large company would have taken the same route, uberspace is just generally pretty cool and user friendly.
The takedown didn't backfire at all just because some people decided to publish on Twitter a tarball that still happens to be hosted in many other places so there is absolutely no risk of it getting lost.
The problem is that the project may not survive this.
Major distributions for example will no longer carry the project and likely refuse to touch it even with a ten-foot pole (think media codecs situation). It will be relegated to 3rd party repos. They will lose users, they will lose contributors. And how long until YT's (and/or the other supported websites) HTML changes more rapidly until the remaining manpower can't keep up?
In the worst case, they need to adjust their tests. This is what the issuer of the complaint brought up. Their tests of the code downloaded a couple of seconds of what the RIAA thought is copyrighted material. If I'm not mistaken, this is what they are basing their case on.
If youtube-dl removes those explicit urls from their test cases, I don't think they have a case. You could argue fair use, but remember it's only a test case in that program. The authors could just as easily reprogram the test cases to accept any url a user wants to test.
Anyways, consult lawyers, perhaps change the test code and issue a counter notice and move on.
It's not a traditional DMCA copyright take down, but a take down that's enforced under a different section of the DMCA. I believe that in this case, there is no avenue for issuing a counter notice, but I'm not a lawyer and I'd be happy to be proven wrong.
Github files this notice under their dmca notices[0]. Maybe it's not a legal dmca notice, but I would assume if github files it as such, then the internal rules of github would apply. This includes a counter-notice.
If it's not a dmca takedown and those rules don't apply then I would assume github would need to explain why they filed it as such. (It's probably the RIAAs "fault", but "we" have only direct contact with github so we need to go through them)
The allegedly relevant sections of the DMCA do not contain any forced takedown measures except under court order. So I agree it doesn't seem to be a traditional takedown order, there doesn't seem to be any other reason they took it down.
They should remove the tests and the circumvent features from youtube-dl, then someone else should created a fork that is kept in sync with youtube-dl and with, for only difference, those tests and circumvent features.
That way only the fork get periodically DMCA'd, which will be way easier to recover from : just create another fork with the tests
I wonder if it could just be done as a plugin system. Developers should start taking note of this kind of stuff and anything that might ruffle the feathers of big media should go into plugins.
Do the digital equivalent of the way rich people use holding companies and shell companies. Put all the high risk stuff into the smallest independent repo possible and abandon it at the first sign of trouble. Use an MIT license so anyone can fork it and continue development if you have to abandon it.
It probably wouldn't even take a ton of money to set up a matching corporate structure so you could control everything. Put all the risk into a subsidiary that doesn't make any money (or makes very little). Drag out DMCA complaints until they sue you and then bankrupt the asset-less company. Rinse and repeat.
If you want to get super ballsy, sell the plugins that infringe, but siphon all the money out of the subsidiary with trademark licensing. That way you can license the same trademark to the next company to maintain the brand. Bonus points if you put the holding company in a tax haven.
IANAL. That's probably a really bad idea. Don't do it.
Part of the problem is that even if the code gets reinstated, the RIAA may just pressure Google into changing its method of protection. Then perhaps a new tool could be created, but not very easily if the RIAA succeeds in establishing a precedent for taking down tools that have the potential to infringe.
YouTube is increasingly only a few pain points from mass exodus from both creators and audience. Advertisers and copyright maximalists less so.
Bandwidth and distribution are no longer the limitations on independent hosting they once were. Independent discovery methods (e.g., DDG video search), are improving. Noncommercial orientation makes youtube-dl and similar mechanisms a net positive --- simplify the web-based delivery, increase viewer flexibility, provide greater tolerance for network or system variability.
My own interest in YouTube has very little to do with commercial mass media, and far less to do with ad-seeking chum-spewing bottom-feeders.
I love that youtube for me works everywhere: on my iPad, Samsung phone and my smart TV, laptop, the offline viewing mode is better than in any other application. None of these are hard to replicate, but it's still a lot of work (and some of the devices that I mentioned are walled gardens).
Youtube works poorly on my Android tablet, my aging Linux desktop, and even on a recent iMac, the flexibility of mpv, mps-youtube, or VLC is often preferable.
More options are more options, surprisingly enough.
I don't think distributions dropping it will have that big of an impact considering you only ever used those versions to bootstrap as you needed to `-U` update it regularly to keep it working (except maybe on Arch and similar bleeding edge, rolling distros).
I kind of hope they adopt flatpak or appimage based disto for it, giving it a more standard distribution mechanism and promoting one of those platforms.
Either way, this sort of advertisement is hard to beat. I'd expect the project to come out of this with more manpower, not less.
Not at all, I've been installing the latest releases of youtube-dl from PyPI via pip for years. In fact, it's still there. The RIAA takedown has had no effect (so far) on my usage of youtube-dl. The RIAA clearly doesn't have any understanding about how open source Python programs are commonly distributed.
That's not wrong, but it is missing the point: Ongoing development is impeded by the takedown. That means the tool will not work anymore in the near future, rendering it useless.
(Not here, my distro has a backports repo, and I'd suspect a significant if not majority of users get it from a repo of some sort, distro or not).
And even then, where are users going to search the most recent version? You will definitely not preserve the same number of users if you switch from yt-dl being "one apt-get away/one FDroid install away/one pip install away" to "one bittorrent search/wget from shady .ru website". And let's not talk about how will people contribute. The project could be as good as dead.
I'm on a rolling distro and I still maintained my own copy of youtube-dl (with a cronjob to run `youtube-dl -U`) instead of using my distro's package. If I used my distro's package, every time it broke I would have to wait a few days for my distro to update its package with the fix, even though upstream would've cut a release with the fix within a few hours.
As someone who uses youtube-dl for all the videos online, it's presence in any repos isn't as important as it may seem, because it breaks from time to time for some websites and you need to update it in order to keep using it, which is only easy if you keep it in your home directory so you can just run youtube-dl -U once it breaks.
I completely disagree. I have been using for example NewPipe from FDroid which is autobuild regularly as native Android program.
I would no longer expect FDroid now to keep doing this if they risk a DCMA letter that takes out their entire repo.
And I would assume a shitton of users use yt-dl code through another GUI application, rather than directly through an EasyInstall/virtualenv/whatever. And will most py repos still dare to host/link this code if the risk is a DMCA letter to their ISP?
NewPipe doesn't use youtube-dl, they have their own implementation of the stream extraction code[1]. Unless that codebase also has test cases which specifically try to download RIAA content, they would need to find a different justification for a DMCA takedown.
I realize that since NewPipe's Java; but it's just an example.
I really doubt the "it's just the test cases" justification btw, since test cases would likely be fair use. The deencryption stuff is the problem, and NewPipe does it too.
Cam down. This will just end up like DeCSS, when it was packaged separately and left to the user to trigger the necessary download.
Distribution/integration is the easy part. The hard part is to anonymise and secure core developers, and to allow contributions to continue flowing in a safe manner.
But user loss implies contributor loss, and that is the problem. It's not about me being able to find it (I definitely will be able to :) ), or guaranteeing a "safe harbor" to developers (there are plenty of organizations that are dying to host something like this). It's about a project hat requires a shit ton of constant manpower not having it because of it being "tainted".
It’s not C++ and complex encryption, this is a python web scraper - hardly rocket science. I don’t think manpower will be significantly harder to come by than it was in the past — the opposite, in fact.
It did not say it requires experienced manpower, I said it requires a lot of it, and importantly, constantly. It's easy to find a bunch of "fanatics" that will rise to the ocasion to "defend their freedoms" right now. But that is not what these projects require. On the other hand, it's hard to have volunteers who will keep doing the _menial_ changes for years as the different websites change their HTML/layout. Anything less and the tool loses a huge chunk of its usefulness.
Yes, but this was the same before. If anything, the current visibility is a shot in the arm. I don't think that, once the dust settles, youtube-dl will end up with less regular contributors than it had before - likely the opposite, in fact.
It's not worth playing cat and mouse with scrapers, it'll always be relatively trivial to solve compared to the engineering effort to come up with a new strategy, and that's with brute force scraping which is a fair way behind methods commercial scraping companies have been using for a long time.
There are smaller projects who get along fine with larger scopes but I think the opposite will hapen. This has given them enough popularity to overtake other similiar projects. This can turn be widely popular.
I started downloading from youtube because of this. I haven't come across RIAA protected content but who knows what the future holds
A tarball of _ancient_ DeCSS code has some value because you can use it to "decss" _all_ content made _before_ a certain date (e.g. most physical DVDs). So it makes sense to preserve the tarball in any method possible.
A tarball of an _ancient_ youtube-dl version is absolutely useless because the youtube HTML will have changed a million times in the meanwhile. You will not be able to use it for anything, neither for old nor for new content. Publishing/preserving youtube-dl tarballs is an absolute waste of effort.
The RIAA here is targeting existing project developers, and possibly also users. Trying to scare them away. Not trying to censorship old tarballs of the code which will quickly become useless.
> A tarball of an _ancient_ youtube-dl version is absolutely useless because the youtube HTML will have changed a million times in the meanwhile.
But it's not a tarball of an ancient version of youtube-dl. It's a tarball of a version of youtube-dl from like two days ago. So then it gets posted to some other host or some distributed thing and development continues over there, only with twice as much support because of all the media coverage.
Your argument that "You will not be able to use it for anything" because "youtube HTML will have changed a million times" is most definitely based upon that erroneous premise.
You come off as responding in bad faith. The argument is not specific to YouTube; YouTube is just the example. You're reaching to find something that technically incorrect, even though the point is fairly clear. There's an obvious difference between a static target (like a DVD) and a moving target (like a web service). With a static target, an archive is useful for all items produced prior to the archive. With a moving target, an archive is useful until the target moves.
It's not a reach when YouTube was specifically named as the reason that youtube-dl will be "absolutely useless". That was what was clearly stated.
Whereas it is a reach, ironically, for you to assume that all WWW sites are like YouTube, especially given the discussion of "extractors" that I pointed to, and even are moving targets.
As I said before, this premise, that you have assumed like AshamedCaptain, is highly erroneous. I suspect that neither of you have actually looked to see what WWW sites out of the hundreds that youtube-dl works with actually do have changing HTML, and how many of the "extractors" are still happily working years after they were written. (Sadly, the open issues list on GitHub, which would have helped to determine this, is gone, GitHub being a single point of failure.)
This is just entirely erroneous assumption and hyperbole, that everything is like YouTube, that things will change "a million times", and that magically all of those hundreds of WWW sites will stop working and "you will not be able to use it for anything".
At best, it's hyperbole. It's certainly not "highly erroneous." The most useful websites, with the largest user bases, will also have the largest developer bases, and change the most frequently. That's just kinda how the internet is. Consider - if a tool like this had been written 20 years ago, are there any websites it would still work on today? What about 15 years ago? You're not wrong that some of the smaller websites might take longer to change than the larger ones, but the calling the notion that most websites change over time "entirely erroneous" is just silly.
I literally mentioned on the _original_ post that youtube-dl supports other sites. Excuse me for not repeating on every post "YouTube and/or the other websites" as I did on the original one.
Not GP, but I understand what they are getting at. They were shortening to be concise. What was actually meant was...
"You will not be able to use it for anything because YouTube and every other video sharing website supported by youtube-dl will have changed a million times.
... which revision is equally based upon the erroneous premise that all of those WWW sites are the same as YouTube. Clearly, with all of the hundreds of "extractors", they are not.
I don't think so for youtube-dl. I think it's dead now. There was already hundreds of PRs to be merged - so many videos already weren't able to be downloaded on various sites.
The codebase was not the useful thing about this project: it was the constant upkeep and whack-a-mole-ing of the various site changes over the 1000+ supported sites.
This event may spark renewed interest and help, but my money is on "slow death" as support for sites and videos decays.
I think you might be right, but I also don't know how viable this was before the DMCA.
I have never been able to get youtube-dl to work with (both ubuntu / mint) distro packages. The packages always fall out of date due to youtube changing things, and you need to download it directly from the youtube-dl website regardless.
Not in the same light as preconfigured repos in Ubuntu et al.
I don’t think pip is even installed by default under most distributions, and Iirc some actively discourage its use. It’s also Supply chain insecure when compared to trusted repos.
At some point all these exceptions to the dmca section 1201 do at some point indicate to me that we need to have the law updated to be more narrowly tailored rather than continuously apply exceptions to it which can later be taken away.
Speaking as someone who worked to get a 1201 exemption, and who personally shit in the MPAA, RIAA, and ESA's Cornflakes, I can confirm the 1201 process is stupid. Mainly because the RIAA,MPAA, and ESA always show up tp fight the exemption even when they know literally NOTHING about the exemption being asked for.
We petitioned for an exemption to allow museums and libraries to reboot old MMOs in closed rooms with no network connections. That's because we couldn't get anything more from the Copyright office. Still, the RIAA's lawyer was there to lie and not understand a god damn thing we said, and accuse us of making tools that could be used to pirate any MMO.
I begged for them to tell me where to find such tools, as it would make life so much easier. Their lawyers were complete imbeciles who seemed never to have touched a computer, yet here they were telling a group of game programmers what they could and could not do with their programs.
The RIAA generally doesn't have any involvement in video games, other than where its members license music to games (i.e., GTA), and they generally wouldn't have any grounds for being part of the proceedings you've described if their involvement was just the music licensing.
I can see the ESA being a huge dick in these proceedings, because it's their job to do that, but the RIAA literally wouldn't care as long as somebody paid the music licensing fee (for that low volume of users the licensing fee would generally be less than $100 annually, all inclusive).
I've been on the other side of an RIAA negotiation, and they were very easy to work with. We theoretically owed them millions of dollars for several years of unlicensed music streaming, and they waived the statutory penalties they were legally entitled to in exchange for us agreeing to pay a few hundred dollars of royalties a year to stream their members' music. All told, we paid less than $2500/year for streaming licenses for all of the Big 3 labels and a dozen or more smaller labels.
This is fascinating and sad to hear. Do you have any theory why people won't get together and do something against these organisations? It is hard to see how they are working in the interests of the authors, but rather they seem to care about institutions that exploit them.
If you want the DMCA changed, you're going to need to find enough money to, as part of a competitive auction against the MPAA, RIAA, and BSA, successfully bribe:
218 Congresspeople
60 Senators
1 President
5 Supreme Court (in)justices.
A conservative estimate is that getting the DMCA reformed would cost at least a billion dollars in bribes ('campaign contributions'). No one who has that much money spare has enough of an interest in public-interest copyright reform to be willing to spend that much money.
As a practical matter, it's much more feasible to cultivate hosting infrastructure outside of the United States than to consider DMCA reform.
That's not how buying government officials works. You don't have to buy a majority of them. You just need a couple who then go in and horse trade for the thing you want. Then they vote for some boondoggles and healthcare bills, and in exchange 51% of the other ones vote for the thing they (i.e. you) wanted.
You can look up how much the RIAA and MPAA spent on campaign contributions. It wasn't a billion dollars.
And "campaign contributions" are only one path to victory. You could also go the route of getting Wikipedia et al to do what they did for SOPA.
And any of the new billionaires is not eccentric enough to commission such bribe. They all want to be famous and be remembered by inventing another scooter or some form of a phone or another gizmo, but none of them think about freeing our culture from mafia like organisations gatekeeping it.
I really wish they'd start prosecuting copyright trolls to the fullest extent of the law.
Sure you can download this and download music videos, but there's legal cases such as downloading a political campaign ad, and using small parts of it to fact check them them under fair use. Our local news station in fact did something like that. Also there is a rep not far from here, where she was doing vlog style videos for her campaign and the guy running against her downloaded her videos and put them in his own ad.
Using it to backup your own content or public domain content is another use case too. However if it's your own account I believe YouTube let's you download a mp4 of it from the creators studio but been a while since I've played with it since the redesign.
In this entire story what I find more concerning than Youtube-DL itself is the almost crippling dependence developers over the Internet (that is, OSS devs) have upon GitHub right now.
It's true. Look at all the tooling and workflows that depend on GitHub. Issues, pull requests, code review, etc.. Combine it with integrated services that require GitHub to run like Actions (CI) and Codespaces (dev env) and you start to see how it works.
In a few years it'll be normal for new developers to view a software project and a GitHub project as the same thing because the entire process from creating the project to publishing it (on Azure most likely) will happen via GitHub.
Saying that no one is dependent on GitHub is like saying a mechanic isn't dependent on their tools. Moving away from GitHub is like a mechanic walking out of the garage with a single crescent wrench (the git repo). Then you find out no one else sells any of the tools you know how to use and that the only option is to rent them from someone else (Atlassian or GitLab).
This is a good point; my projects don't depend on actions and codespaces (only PRs), so I haven't seen it.
Random "good thing" addition: If CI and other features create more of a github lock-in, maybe they could implement cross-git features (like pull requests from gitlab) without that being a disruptive feature that reduces their monopoly situation.
> GitHub’s CEO suggested that YouTube-DL won’t be reinstated in its original form. But, the software may be able to return without the rolling cipher circumvention code and the examples of how to download copyrighted material.
Which is frustrating. Isn't the information needed to do this provided by youtube themselves? This isn't some private key that wasn't supposed to be public; it's literally given out every time you view a video using it.
Also, the "examples" were tests that used a given algorithm, as there may be different methods used on different videos.
I also find it laughable to claim that a session token is a "rolling cipher". If the claim is to be taken at face value, it would ban any form of scraping, as most sites invariably use some sort of session token.
Which would be advantageous to a lot of big players with walled gardens, which is why I kind of hope this goes to court. Assuming a win it would further enshrine the legality of scraping.
Scraping an unwilling system is already essentially illegal, there's a long case history on this. It's only recently starting to change (via pure judicial activism) in HiQ v. LinkedIn. As written, the CFAA allows anyone to make a felon out of a persistent scraper.
> A federal appeals court last week issued a “hugely important” decision with potentially major implications for data journalists when it held that using computer programs to collect publicly available information from the internet — or “scraping” — likely does not violate the Computer Fraud and Abuse Act, the main federal computer crime statute.
The CFAA has nothing to do with copyright and that finding would only be relevant if the youtube-dl authors (or users) were being criminally prosecuted under the CFAA.
...which many entities would love to do. If it were illegal to extract data any way but through an official API, with a TOS and fees and everything, that would make a bunch of dying business models so much more viable.
It already exists and it's used to kill startups every day (including mine). Google gets a pass because they're real special. See Perfect 10 v. Amazon.
afaik it is against Google TOS to scrape data from their services e.g. play store but I can't find the evidence now. Some mobile store analytics agencies do it very carefully seizing the risk of their google account being banned forever. Haven't heard the precedents, still.
You can download mp4 files directly from Youtube. I've found a way to download videos right from the domain googlevideo.com . No 3rd party tools, any requested clarity.
I thought I'll make a post to explain this easy method, then realized Google would take down that method within a week, so I'm keeping quiet.
Well that's sort of what youtube-dl does, no? Except for you don't have to inspect network tab or merge anything manually, and you can choose quality and download playlists etc.
I'm not gaining anything from your assurance. I've found the best way - A first party method. No shady downloaders, extensions. I'm going to keep using it.
When Handbrake first came around, it installed DeCSS since it was meant to convert DVD media. Because of that, I was not allowed to use it at corp job. At some point Handbrake changed to not include DeCSS, but if you had VLC installed it would use the library provided by the VLC install. This met our lawyer's approval and allowed us to use Handbrake vX.X and higher only.
Just an anecdotal story about how software that offends lawyers can become acceptable by making certain changes. I hope the suggested changes to YT-dl will allow it to pass lawyer's smell test.
Couldn't the software simply fetch the token and display it to the user for manual input? It seems like the software's automatic use of the token is somehow breaking part of the DMCA. Is it actually illegal to display returned data from a web request? Is the manual input of "keys" legitimately a possible loophole? Did any of the early DVD rippers require manually adding keys?
Luckily they don't need to consider what some rich capitalist CEO thinks and don't need to return to MicrosoftHub and hopefully they won't. Especially given there are plenty of easy options available: self host gitlab outside of US, use something non-US, like gitea, etc.
But in case they do something that stupid, there will be forks. I will probably even make one fork myself with removed code reinstated.
EDIT: what the downvotes are for? Do you really want youtube-dl to appease Microsoft, RIAA or something?
Too bad, because there was no false information. Plenty of countries don't have not just anti-circumvention laws for copyright, but also DMCA-like laws and may even require you to obtain a court order before you can get something taken down. Except for a couple of countries, most countries could make it significantly harder to take down youtube-dl under such obviously false pretenses. Some countries are even particularly hostile and ignorant towards copyright-related demands from other countries.
Do those German firms hold a monopoly on copyright claims or something?
Years ago I noticed all the Recent records on Chilling Effects (now Lumen) were originated from German. I dug a little deeper and found out one of the firms were generating thousands of records per day and some of the claims were simply mistakes because they used simple string matching algorithms to automatically report massive amount of google search results.
After some email exchanges, their CEO admitted to me that they only generate 5% wrongful claims and somehow he's proud of it...
It's Germany. Institutionally zero tech knowledge, but a very pro copyright legislature and political caste (that, at a high level, is also very corrupt. Think Wirecard and add Kohls schwarze Kassen). Even with its own evidently corrupt court that always sides with copyright holders, regardless how absurd the claim and even if the law does not agree with the judges at all. Of course that's a country where law firms like that can prosper.
The (real) reasons for it shutting down were never given.
However, at the time it was theorized that in the event the maintainers had found a fundamental flaw, disclosing that flaw by issuing a patch would immediately jeopardize all preexisting truecrypt containers by revealing a method for breaking them. That would be untenable, and so the only alternative would be to shut down the entire project and recommend no further use of the software - as was done.
A subsequent audit did not identify any such security flaw, so the prevailing theory is now that the maintainers were forced to stop work by a governmental agency. It's considered safe and now known as veracrypt.
However, the question I have is whether a single crowdsourced security audit would be capable of finding a flaw that it took the developers themselves years (decades?) to identify.
As others have mentioned, there is speculation about coercion from a certain 3 letter agency. Some have even suggested that the maintainers of TC left an encoded message to users:
> Using TrueCrypt is not secure as it may contain unfixed security issues.
Not Secure As. Whether this holds any weight, only the maintainers would know.
Since Truecrypt is mentioned, I am going to use this place to highly recommend the book Mastermind. The that Truecrypt was based on named E4M was written by a man with quite an insane life story. He created a massive criminal enterprise.
> In 2019, Evan Ratliff—who wrote a series of articles about Le Roux for The Atavist Magazine—published The Mastermind, a 446-page account of Le Roux's ventures.
Truecrypt was mysteriously shutdown out of nowhere. Rumours abound that it was because of a national security letter or some other governmental interference. TC was never proven to be fundamentally insecure, but the original developers abandoned the project with the incident and the project was forked by others as VeraCrypt, which is now the recommended solution for local encryption (on Windows at least).
Uh no. I'm literally just saying the things I know about Truecrypt. Its a very old and as far as I was aware its no longer maintained and not recommended for securing things. Am I wrong?
You are incorrect. TrueCrypt was audited and passed, and lives on in multiple forms under multiple maintainers, the most well known being VeraCrypt.
If you are unsure of a fact, you can always do some quick research using your web browser before posting incorrect information in a way that may be misunderstood.
It's not like any of us are going to be able to change the DMCA overnight and people rely on this tool for all kinds of purposes. Do we wait for somebody to magically fix the DMCA or do we make minor fixes to youtube-dl to make it less susceptible to bullshit DMCA notices like this? I assume most people just want the original repo to go back up and for normal development to continue before functionality breaks because of changing websites.
There are other options, e.g. hosting somewhere where automatic anti-circumvention takedowns aren't a thing and the RIAA would have to go through a proper court process.
I think it's not feasible to continue the project as long as this issue isn't resolved appropriately. I've seen at least one contributor already dealing with letters from the RIAA because of a minor contribution years ago. That's going to significantly hinder community development of youtube-dl if it becomes more commonplace to harass anybody who's contributed anything to the project. Most people simply don't have the time or money to deal with this kind of thing. Most people don't want to deal with this kind of thing at all.
Let's assume that happens. Then instead of going after the hosting location RIAA will go after the developers which, until now, had no reason to hide their identities. That's what Blizzard did with bnetd, they sued the devs and invoked DMCA anti-circumvention clause, among many other things (in the end they ended up winning on the EULA I think).
Automatic anti-circumvention takedowns aren't a thing for this section of the DMCA either. But it becomes an automatic liability issue when you're informed so a host is betting their business and in some cases the jail time of senior executives to ignore it.
Is there? Just because someone claims (without court determining it) that some content is illegal doesn't make it so. So there would have to be some language in the law that the intermediary incurs liability due to mere allegations.
> Asking developers to remove code is ridiculous. It reads more like "Bad cop/good cop" routine rather than genuine help.
Not only that, the argument here is supposed to be that youtube-dl is "primarily designed or produced for the purpose of circumventing a technological measure" etc.
If you can remove <1% of the code and somehow cause it to not be that anymore and yet still be something which is useful for the majority of what people do with it, doesn't that just mean it was never that to begin with?
I mean, it's nice that the Github CEO doesn't agree, but if the solution is to get it back on Github, then it isn't really a solution. Smaller projects won't get this kind of attention.
What this whole episode should do is make it more common place to use tools like git-bug and mirror repos. Maybe someone will even write a tool to do so easily. But what I see happening is people just wanting the status quo to stay.
Until we learn to decentralize our code and write the tools to do so, this will keep happening. Maybe in 10 years we'll have learned our lesson, but it seems we're just doomed to repeat our mistakes.
I've been fiddling with Fossil (https://fossil-scm.org) lately and the fact that it includes Wiki, forum and bug lists in the core source control project is looking better and better with all of this.
I checked it out and am kind of on the fence about one file = one repo - especially SQLite.
It's mostly because I remember filesystems from my university time and trying to implement one in a file myself. Continuously adding data is fine, but when you remove data either you leave a "hole" in the file and have to keep track of the "empty" blocks, or you shift everything to fill the hole. Off-by-one errors corrupt files.
Those are all resolved problems for filesystems, but additionally, I learned the hard way (performance) that SQLite wasn't good as a production db. The situation here is different of course (db access isn't very frequent), but I can't quite shake it.
Maybe I'll dig into the internals to understand what kind of optimisations they made. The wiki and bug-tracking are definitely a plus though.
Whatever the public perception is, they did indeed get Napster et al offline, which I think is the thing they cared about.
Not sure that they interpret the Streisand Effect in the conventional way. If anything, temporary increase in usage of targeted tools helps them make the case that they're being harmed by said tools' existence.
I'm still annoyed at the ruling against mp3.com. They created a hash of the physical CD-ROM, and if it matched one that was already in their cloud they wouldn't actually rip the contents for your own personal copy of the exact same bits. It was tantamount to ZFS deduplication being outlawed.
Yes, that's the thing a lot of techies have glossed over. The increased usage of youtube-dl since the takedown letter was sent makes the RIAA's case stronger if the RIAA takes this to court. (It's not as apparent on HN where people have been bringing up their (mostly) fair uses, but on Reddit and other forums, people have been proudly proclaiming how they just downloaded youtube-dl and began downloading music videos from YouTube.)
Ironically, by using youtube-dl en masse to "stick it to the RIAA" they may have inadvertently dug its grave instead.
The RIAA has been wildly successful, they exist as a body to take all the bad press for consumer hostile moves like this instead of companies like Sony, Universal, Disney and Warner, who are the companies who actually operate the RIAA.
Nobody at the RIAA cares you are angry about their moves, in fact they are likely glad that you are, and not the actual responsible parties.
Precisely. The RIAA (along with the other copyright Associations of America) is a front to suck up bad publicity.
In this case, I would not be surprised if Google was ultimately driving the push to get rid of youtube-dl using the RIAA as a proxy, both for PR purposes and because the RIAA has a semi-plausible claim to legal standing.
Youtube has ramped up its consumer abuse policies lately, such as the begging screen that demands unauthenticated users log in and requires four clicks to dismiss, and it would not be even remotely surprising if Google is also working to get rid of tools that allow people to watch YouTube videos without being subjected to advertising abuse.
About 400 million people pay monthly for access to music instead of listening to radio, occasionally buying albums or piracy so idk if anything really backfired...
I would argue this happened in spite of their efforts. The music industry was dragged kicking and screaming into the streaming world for a variety of reasons, among them the fact that with centralized platforms, artists have no reason to use labels for "discovery" purposes any longer.
Its long been known that the way to defeat piracy is to offer a better service. Its what Steam did, its what Netflix did.
Ironically, the fragmentation of those ecosystems is bringing it back. Piracy is the ultimate invisible hand on the entertainment distribution industry.
The commercial streaming solutions are only going to be good until they're the only game in town. Commercial entities don't simply build good things and leave them intact for people to benefit from with no profit motive. Once the leverage is there, there will be abusive monetization, consumers will be treated like crap, until perhaps some breaking point where it can be disrupted.
How would streaming become the only game in town? Piracy and any other online mischief are being stamped out the hard way, by taking control of our technology from us. Approved operating system, approved drivers, approved software, approved browser, approved websites, no piracy, no privacy, no deviance.
Labels were never about discovery. They were about promotion, production, and all of the expensive stuff you need at scale.
For example, Justin Beiber, Lorde, Billie Eilish, Lil Nas X, were all discovered independently due to their own efforts and had decent success on their own. (Farther back in time, the Beatles and most classic rock bands similarly got signed to labels after demonstrating success.)
But they're all signed to major labels now, because touring is expensive, and the scale of exposure you get with a label is very different from what you get on your own, and the income correspondingly increases as well.
In many (but not all) cases, the artists usually also get lump-sum advances against new albums or singles which removes the financial risks for creating new music.
Piracy was never about discovery. It was simply about people being too cheap to pay for other people's work. Sometimes, as with Adobe and Microsoft, they were okay with it because that just locked in their market dominance and created more future customers. But for fad-driven and taste-driven industries, privacy has a notable impact on creator's earnings.
Depending on the artist and label it's a giant question mark whether the label has any hand in the live performances or tours. Touring has always been expensive (and lucrative), but the agencies that deal with it traditionally haven't been labels.
The traditional business model of a record label is almost entirely obsolete, and they need new revenue streams. That said, the people who run these businesses are antithetical to innovation and creativity in business and that's why industry groups like the RIAA exist in the first place.
If you look at a graph of music industry revenue, it peaks in 2000, collapses until 2015 (at ½-⅓ its peak value), and has been on a strong uptick since then. Peak apoplexy about the impact of piracy was around 2005, and there was a strong desire to tie the collapse in revenue directly to piracy.
From what I can tell, most of the studies establishing a clear economic cost to piracy tend to rely on numbers originating from the music industry without clear attribution to data, or by naïve analyses estimating that 1 download = X lost sales, without considering effects like budgetary limits (I'll spend at most $X on entertainment this year) or conversions to profitable sales.
Additionally, there's a lot fewer studies on piracy post-revenue nadir. It seems as if the rise of streaming has caused the industry to stop panicking so much about piracy, and there's some evidence that streaming has converted consumers to paying customers.
All-in-all, I would say that it's not so much that piracy hurt the industry as piracy filled the existence of a market segment that the industry refused to fill. Piracy only hurt the industry in the same way digital cameras hurt Kodak: the existing business model was unsustainable, but they refused to pivot to take advantage of the clear coming shift in the business model.
Piracy may the opposite effect for software but it definitely has a negative effect on entertainment related IP.
High school events where I grew up were basically an iMac with the student body officers' MP3 collections and a PA system. All the pirated MP3s people were playing at those various official and unofficial gatherings of my youth led to me buying CDs once I had money of my own.
Has a non-industry-affiliated research group produced causal data (not just declining sales figures) showing that noncommercial entertainment piracy is a net harm?
If you read the fine print in that study, it is concluding the cost of the piracy purely in terms of 1 download = 0.2 lost sale. There's not even a discussion of the potential word-of-mouth effects or later sale generation potentials for pirated music.
What if they lied about how much music was worth though? You can stream 10,000+ songs in one month for the price of one album today, in the early 2000s we were asked to believe that was $10,000+ worth of music and their suffering was relative to that...
The Institute for Policy Innovation (IPI) is a think tank based in Irving, Texas and founded in 1987 by Congressman Dick Armey to "research, develop and promote innovative and non-partisan solutions to today's public policy problems."[1]
IPI is an associate member of the State Policy Network (SPN), a network of right-wing "think tanks" and other non profits spanning 49 states, D.C., and Puerto Rico.[2]
The conservative Capital Research Center ranked IPI as amongst the most conservative groups in the US, scoring it as an "eight" on a scale of one to eight.[3] IPI has received funding from corporations like Exxon Mobil and organizations like the Kochs' Claude R. Lambe Foundation, Scaife Foundations, the Bradley Foundation and others....
I have been thinking about leaving github for a while. It is a very good platform, but as time passes, I realized I wanted to be more in control of my projects.
Yesterday, I moved about 250 repos away to a gitea instance. Transition required a bit of tinkering (a few scripts) but went smoothly.
The good sides are:
- very fast, a lot faster than github for pushing/pulling but also the web UI is a lot faster
- I'm in total control, I can change the look of the UI, create as many orgs as I want to organize my repos…
Now the cons:
- No social network effect, I don't know how contributions to my projects will evolve
- Subject to DDoS and the like, I need to keep my instance accessible because I moved my FOSS projects on it
Maybe more, it's been one day only.
I am not suggesting all project should move out of github, it is a very good tool, but I think it wouldn't be bad to rely less on it.
If your hosting provider is in a country with DMCA-like laws, they can be targeted the same way GitHub was and would probably comply the same way as well. So was there really a point?
The difference being that if this happens, I can spawn an instance elsewhere and just change the DNS. I have hourly ZFS based backups to my own server, it would take a few hour max to restore everything.
I disagree. This looks more like pandering than anything else. Friedman has nothing to lose by making public statements of support, but a lot of reputation to gain if people buy into it.
Instead of taking it down in the first place, Friedman should have told the RIAA to shove it, deliberately opening Github up to liability with the intent to defend this in courts and create precedent should the RIAA file suit. Even losing - and losing a few million in legal fees and damages in the process - and losing is far from certain - would create precedent that would create a lot more certainty of what goes and does not go with the current law, and give activists and lobbyists concrete jurisprudence to point to when approaching law makers and Library of Congress for changes.
Now that would have been real support. A somewhat risky move indeed, but also a necessary move if Friedman really thinks youtube-dl is an important piece of technology (with important policy implications).
Instead, he essentially left the developers, which lack the deep pockets of Github/Microsoft, to fight on their own, going even so far to suggest to budge to the RIAA's claims that youtube-dl contains a "circumvention" technology without challenge and remove the offending bits.
But at least he publicly stated he is "annoyed" by the RIAA. Talk is cheap. This is like showing up and telling David that "well, tough shit, Goliath is annoying but a lot bigger than you and will win, so you better capitulate, and I can help with that!".
(Yes, Microsoft being a RIAA member complicates things; Microsoft should in my humble opinion leave the RIAA; being a member of RIAA isn't compatible with their "we're the good guys now" image they are trying to foster regardless of the youtube-dl fiasco)
I'm not a lawyer but afaik the DMCA takedown process is prescribed by statute, and platforms must comply to qualify for the legal protections that make hosting user-generated content possible.
Friedman would certainly be removed by Microsoft if he jeopardized GitHub's legal protections by defying the mandated process, to say nothing of the potential of creating personal legal liability, both criminal and civil.
youtube-dl remains freely available off-GitHub (not to mention on the local disk of anyone who ran `git clone`). I just used it 10 minutes ago. There is no public good served by defying the law here, and there is no reason to put the whole kit and kaboodle on the line over it.
tl;dr, ignoring the DMCA process isn't just a "somewhat risky move". If we're going to break out the pitchforks, let's at least point them in the right direction: write your Congresscritters and tell them you want to see copyright law reform.
>I'm not a lawyer but afaik the DMCA takedown process is prescribed by statute, and platforms must comply to qualify for the legal protections that make hosting user-generated content possible.
Correct, that's why I said they should deliberately open themselves to liability, and the fight this in court.
Moreover, technically they already have, anyway. The anti-circumvention law (17 § 1201) does not even offer safe harbor protections; these are meant for copyright infringement only (17 § 512).
>Friedman would certainly be removed by Microsoft if he jeopardized GitHub's legal protections by defying the mandated process, to say nothing of the potential of creating personal legal liability, both criminal and civil.
Certainly? There is a risk of that happening, sure. But that is counter to the risk that MS faces from backlash within tech over a decision to fire him for taking on the RIAA.
But yeah, I know, Github and Microsoft standing up here is wishful thinking. One may dream :D
>youtube-dl remains freely available off-GitHub (not to mention on the local disk of anyone who ran `git clone`). I just used it 10 minutes ago. There is no public good served by defying the law here, and there is no reason to put the whole kit and kaboodle on the line over it.
It is less accessible. And the RIAA will not stop coming for them. Getting them thrown out of search results by sending the same legal bullshitery to google, bing, duckduckgo etc. Going after the hosters of the website (like they apparently already tried)
Moreover, they "lost" a large chunk of the community they had on github, incl issues and discussions etc (maybe Friedman at least has the stones to let them have their data?). People will also now think twice before getting involved in the project.
>tl;dr, ignoring the DMCA process isn't just a "somewhat risky move".
That's exactly what it is. The RIAA would have to respond by suing them (or stopping their campaign). Github isn't automatically liable, they just lost protection from liability, but can still win in courts.
Furthermore, if you view the IRC logs in question, he is only willing to reinstate the project if they remove the code the RIAA alleges violates Section 1201.
I guess you didn't open and read the screenshot from the IRC chat.
At the bottom of the image; after being asked what needs to be done, he says: "Just the rolling cipher circumvention code and the examples of how to get the copyrighted material" (emphasis mine).
He's essentially echoing the main talking point that YTDL isn't a scraping tool that acts as a User-Agent (which is legal), but an illegal tool that "circumvents technological measures" because it "decrypts" and runs some JS code just like any browser would.
It's what we call being "yeah, yeah yeah'd" -- I don't expect much from GitHubHQ at this point other than trying to save face and maintain their position as the "developers friend".
Asking the project authors to remove features that are covered by fair use isn't exactly what the authors want. It's better than no action, but not by much.
I'm wondering whether any legal team or similar have donated some time to figure out whether this is actually fair use or to set a precedent, because looking from the outside in, it clearly looks like an implementation meant to circumvent some form of intentionally-obfuscated protected handshake or access control.
From a strictly code based POV, it is intended to download protected objects with tests to ensure that protections are circumvented and the correct material can be retrieved. At the same time, removal of this code probably disables downloading of the majority of YouTube, and on top of that if there is no official collaboration on it, it'll be outdated within days.
That code is protection for YT TOS, not copyright law. If YT want's to use dcma in this way it should claim copyright of all posted material and see how that works out for them. Even if it the video's were copyrighted, it could be still be downloaded for fair use purpose rather than infringement. RIAA is using takedown's to protect google ad money, which is not the intended purpose of that legal action.
Youtube is not the copyright holder, the RIAA's members are. They have licensed their content to Youtube.
Youtube stores cache files to a user's computer, obfuscated so they can't be easily copied or accessed, most likely as part of the terms of their license. That is legally sufficient to constitute a copyright protection scheme.
Material is covered by fair use and can be used legally in that way. Takedowns are for copyrighted material being distributed to provide immediate relief, the yt-dl projects code is not owned by riaa therefore riaa is abusing the legal mechanism.
> One of the most creative responses we’ve seen was posted to Twitter by @GalacticFurball who encoded YouTube-DL into images that can be easily shared, encouraging others to share these as well.
All this highlights what an unconstitutional monstrosity DMCA 1201 is. You reap what you sow RIAA. Hopefully this will trigger the push to repeal this trash altogether.
A huge portion of the software industry with most of open source projects hosted on GitHub isn’t a good thing. GitHub is closed source and the metadata (pulls/issues/projects) is also not in the git decentralized database.
Sure in this instance GitHub CEO is helping. However GitHub could kick you or the repo out any second.
The source code amounts to instructions that could be used to violate copyright. So there's a distinction here: Is it illegal to tell people how to violate copyright, when that method has other uses? If so, what about a blog post telling you how you can use your cell phone camera to record a youtube video?
Why is this any different from recording a TV broadcast? It seems to me that the same reasoning which made that legal (and there was a fight to do so!) should also allow anyone to record anything that is sent to them on their personal device.
I hope that the ytdl gets reinstated and thanks to RIAA action it gets much more popular. I know a number of artists personally and they hate RIAA and the labels that are essentially a cancer on the artists back.
Would it be possible to capture video by using headless browser and rendering the video element & audio to file? Of course, this will induce some quality loss if encoded to lossy format again. But would effectively be "legal" as the tool would run the youtube's "DRM" and be not distinct from normal browser in any way. I guess the headless browser could maybe perhaps just download the stream to disk as well.
Yes, but in that case you need to reencode every video in realtime at playing. Maybe you speed up the process with capturing the different parts of the video in parallel and concatenating the parts in the end, but if you want good compression then you need to reencode the whole video again. This is far from just getting a video file from a CDN server. If you want to try it, just few line of code with MediaRecoder API in any browser.
It OBVIOUSLY reasonable to have three private corporations owning the majority of modern musical output... and they even have a little club where they discuss pricing! How quaint...
The outrageous thing is why the fuck we as a society defend these corporations, when they have a literal monopoly on what they’re selling, and the monopoly is guaranteed by the government of every western country
Durable cartels are effective and useful --- generally to at least their members and some class of politicians. Copyright / media cartels have long been closely affiliated with politics and politicians, of all stripes, and in the US of both parties.
Media offers money, exposure, glamour and/or star power, spectacle, distraction, attention, and manipulation, all of interest to politicians.
Much of recent copyright law, and the DMCA specifically, was largely driven by Democrats.
Someone else needs to reimplement it, in Rust cause that's what all of you want .
Then never include a test case with music videos. I was using it to download public domain videos, if certain video producers want specific drm then that's fine.
Despite its name, half the value of `youtube-dl` is that it Just Works on every (free-as-in-beer, and non-DRMed) video site known to man. Every obscure Youtube alternative, every local news station's dogshit CMS, every porn site, Twitter, Twitch, HGTV, you name it.
The far bigger part of the job would be rewriting all 800 custom extractors, then perpetually maintaining them against constant, silent, often adversarial breaking changes in each one.
Using Rust instead of Python would cut the very fat long tail of contributions that makes most of this viable, and would doom this project more than most.
Did it though? Sure, the Streisand effect caused more distribution of youtube-dl, but that's never really been an issue. Open source software as widely used as youtube-dl is mirrored in a hundred different places.
The issue here is what does future development of youtube-dl look like? It sounds like the rolling cipher stuff is going to have to go if development is to remain on Github, and that's a win for RIAA.