685 comments

[ 2.8 ms ] story [ 390 ms ] thread
Excellent.

Looks like they've removed the tests for RIAA member videos as the only change, which I assume helped get this restored: https://github.com/ytdl-org/youtube-dl/commit/1fb034d029c8b7...

Fantastic compromise.

Arguing that you have a right to break RIAA DRM is much harder that taking it out entirely.

I use this for downloading national archive videos off youtube, I'm very happy about this news

And not even purged from the repo, it's still in the history if needed. Seems like the copyright holders making a big fuss over nothing really.
I wonder if RIAA lawyers believe themselves productive members of society, or if they recognize themselves as the parasites they are.
They see themselves as the last bastion of decency in a world full of violation.
This is neither here nor there but Nobel Prize winner Gerard 't Hooft has written an opinion piece on wrong-way drivers in science who seem convinced that everyone else is going the wrong way [1] (it's in Dutch unfortunately, but then the Dutch the word 'spookrider' (lit. 'ghostrider') is a lot cooler than 'wrong-way driver' IMHO).

It's a concept that's somehow always stuck with me whenever I hear about people who seem convinced everyone else is wrong.

[1]: https://webspace.science.uu.nl/~hooft101/spookrijders.html

Yeah but sometimes it really is everyone else that is wrong. For example, when most people used to think the world was flat.
'Everybody' thinks RMS is wrong. He has the worst case of Cassandra's curse I've ever heard of.

But I think it tends to not work like this. Incidentally, the flat earth thing is mostly a myth; literate people have know the earth is round since the ancient Greeks figured it out. Columbus was ridiculed for thinking the Earth was smaller than it really is (his critics were right) and the only reason his trip didn't end badly for him is shear dumb luck in running into another continent in his quest to reach Asia the looooong way around.

Doubly lucky because if not for that continent he likely wouldn't have made it all the way, a trip about four times further!
That educated people believed that the Earth was flat is largely a myth. Not only people knew the Earth was round since antiquity, but they also had a good idea about its diameter.

Heliocentrism was a bit more debated but for good reasons. Early heliocentric models were actually worse than contemporary geocentric models to calculate the motion of planets.

All that to say that "everyone else is wrong" doesn't happen often in practice, at least not among educated people. And when that happens, either the evidence is solid and it is generally well accepted or it is not, and there is no reason for others to accept it. The burden or proof is for the one who makes the claim.

To go back to heliocentrism, the reason it is the prevailing theory right now is because the model has been refined and now, it matches observation better than older models based en epicycles. It is not because of some philosophical reason about our place in the universe.

> That educated people believed that the Earth was flat is largely a myth.

And this is one of those rarer times that everyone is wrong who believes this myth, although maybe they are uneducated too.

All this is to say go team iconoclasm.

The term ghost rider exists in english as well I think.

At least I could find several articles talking about ppl going the wrong way after searching for it + wrong direction.

I'm not a native speaker however

I think he is right. But I don't like his tone.

The whole writeup is a tantrum on why you should stick to "well known" facts. Which sounds to me too much like asserting the truth of things without questioning them. Yes, there are a lot of fools out there whith a spookrijder complex that are a detriment to science. And I would assume a well-known professor would rightly get tired of their emails.

He only shortly adresses at the end that radical ideas are precisely what is needed for progress in science.

I do not think this dismissive mentality does the situation any good. If someone comes with a radical but stupid idea, you need to first recognize the merit in the idea, and then show why it is wrong. Bashing someone with "you cannot create free energy" will only encourage him to waste his time trying to prove you wrong.

I suspect a lot of these spookrijders are curious and fairly smart people, but who's ideas where offhandedly dismissed by a teacher one too many times.

Spookrijder translates literally into ghostrider, which is a lot nicer than wrong-way driver.

The joke here goes that on the radio there is an all-bands emergency announcement about a ghostrider on A2, the main artery of the country, between Amsterdam and Utrecht.

In one of the vehicles on that road someone mutters 'A ghostrider? Bloody idiots, there's thousands of them!'.

Everyone thinks they're saving the world. I'm sure the RIAA sleeps soundly knowing they're defending the rights of creative individuals to make a living and holding the line against the scourge of amoral nihilistic pirates.
I'm much more cynical. They know they're bastards but they make far far too much money to care.
I doubt it. Every time there's an article on here about the latest outrage from $FaceGoogzon there's no shortage of well-paid rationalisers in the comments. I'd expect the same is true of the RIAA. Especially among their legal team: there are far more unseemly clients than the RIAA out there.
Everyone is the hero in their own story. Few people actually gleefully play the scoundrel. The ability humans have to self-rationalize is amazing. And even when folks are doing something they know is wrong, often it gets justified in the balance: the victim deserved it, the perpetrator is Robin Hood and proceeds will benefit those who need it more, the action makes up for a historic injustice, etc ...
People may not play the scoundrel much, but I see plenty of people playing the ronin, the soldier of fortune. E.g., the contract programmer on a 6-month gig where they know the project is fucked, but as long as the check clears, it's not their problem. The sysadmin who doesn't much care what's on the servers. Plenty of others, for sure.
There's plenty of people out there who simply do X for financial payout Y.

As a matter of fact, the financial services sector thrives with such people

Yup. After the mortgage bubble burst, I saw a lots of posts from people in the industry who knew something was wrong, but as long as they kept making commissions, they weren't going to question anything.
> Everyone thinks they're saving the world. I'm sure the RIAA sleeps soundly knowing they're defending the rights of creative individuals to make a living and holding the line against the scourge of amoral nihilistic pirates.

Amoral Nihilistic Pirates would be a great name for a band.

Just sayin'.

I don't really think so. I think a lot of people are just doing something because it's a job. And a lot of people are sound with being sheep and just following the rules because they exist, and don't like the discomfort that comes with questioning everything on a deep level.
In their self view they ensure that artists earn money for their living, thus allow artists to survive. And there is some truth to it. Finding the right balance is hard ... but in my view they "rights holder industry" is too strong indeed.
I'd be interested in seeing how much money from their suits gets to the artists, or even to distributors - or what effect on revenue their deterrence causes.
Right, these lawyers are parasites sucking blood not just from society in general, but also blood from most of the artists ostensibly represented by the RIAA. If any artists come out ahead from anything the RIAA's lawyers do, it's only the elite already-wealthy ones.
It's not really a secret. The music industry has always been about concerts: radio play (or streaming, which uses the same revenue model) doesn't pay anything and artists get pennies on the dollar for record sales. The RIAA represents record labels more than artists.
For German GEMA (which is working a bit different from RIAA, so can't be fully conapred) there are some numbers on Wikipedia, till 2012: https://de.m.wikipedia.org/wiki/Gesellschaft_f%C3%BCr_musika...

They made 820 million € in revenue, 128M€ are their "costs", 692M€ of that 15% are their fees, remainingnis split between labels and artists and artists got 316.5M€, thus a quite low fraction ... and in German law the creator is theoretically stronger positioned than in US copyright.

(Now this isn't 100% fair as analysis, as some of the payments to labels go to artits, as well and labels also do some marketing etc benefiting the artist ... and then there is this weird distribution mechanism where a successful artist gets over proportionally more ... but in the end: "small" artists only get a very tiny part of the cake)

To clarify: GP asked about "how much money [recovered from the lawsuits] gets to the artists". The revenue you're quoting is mostly not from lawsuits, it's regular license fees paid by broadcasters and event organizers.
I think its probably similar to medicine in that there is a gigantic industry of middlemen that suck money out of the system and make far more than the actual service providers
I'd agree. If copyright wasn't valid after death + 70 years

Of course they don't do only that, they also have to spend their time crafting abusive contracts and extensions in detriment of artists and in favour of big recording companies.

"The Value of Everything" by Mariana Mazzucato. Great book. Central thesis: there are value creators and value extractors. Value creation is very connected with most people's idea of "progress". But value extraction is parasitic, and dominates more and more of contemporary economies.
This line of questioning on Startup News is quite amusing to me, I must say. How many of us can really pretend to make society a better place?
At least some of us don't try to actively make it harder/worse. So that's a plus.
I'm convinced the companies considered as 'evil' now didn't think they would at first either. Something something unintended consequences.

I mean Reddit; bastion of free speech or platform for hate speech? (they cracked down on that over the years) Dropbox; File synchronization and sharing platform or child porn exchange? Airbnb; Great way to find an affordable place to stay and / or rent out unused room, or platform for dodgy landlords that scam people with pretty pictures? Coinbase: Platform for libertarian wet dream crypto exchange, or platform for laundering your ill-gotten gains?

Just to name a few YC examples. Everything can be used for bad things and make the world a worse place, and they don't always do the right thing.

But who goes into being an RIAA lawyer position thinking it’s going to be good at first? You have to have believed in the RIAA’s stance from the get-go because it hasn’t really changed.
Or you have to be a morally and professionally substandard lawyer who cannot find a better job.
They’re rent-seeking, and probably view themselves as necessary redistributors of wealth, like landlords, but for copyright enforcement and expansion instead of housing.
I was at the Grammy’s one year and at the industry lunch the day before, I wound up at a table with a bunch of lawyers for the labels and the RIAA. It was an interesting position for me to be in, as someone who has been quite critical vocally of their positions and tactics since I was a teenager.

Anyway, everyone was cordial and professional and we didn’t really get into debate too much — and I was clearly the odd woman out, not a lawyer or in agreement with their position — but I walked away from the lunch with the belief that at least most of them absolutely believe they are fighting against what they see as abuse against copyright and ownership and that they see themselves as protectors of the industry, and to a lesser extent, artists. Now, I disagree that their tactics really succeed and would argue that ignoring the push of technology has hurt the music industry and especially artists, but I also accept that it is valid for people to have a completely different view from me. And it’s important to be exposed to that on occasion.

I’ll also say, as I was waiting for my Uber to take me to my next meeting, I saw valet bringing out $200,000 cars for many of the people I had politely been debating with earlier. I’m sure the money doesn’t hurt.

Not unlike my friends who work for tech giants that many of us find abhorrent but get $400,000 in stock grants a year.

Yep. You’ll often find there is nuance to these debates and people will justify their side by blowing the upsides out of proportion and minimizing the downsides.
Some probably think they are "protecting content creators" or some bs
> Everything can be used for bad things and make the world a worse place

Right, but the RIAA aren’t just making new abusable things, they’re actively abusing existent ones.

These are good questions /examples, except Coinbase? I'm sure there's something else that could be applied, but doesn't seem it's a place to launder money. They were the first to supply IRS/Treasury Department with detailed records of every customer transaction.
Having reddit crack down on hate speech makes it a corporate shill-chamber/chicomm focal point, along with an anti-1A and against American-rights. The evil is always there with these companies brother.
All who live in silicon Valley of course. You seem to have forgotten that "making world a better place" is a mantra repeated across the entire IT. I presume if Facebook employees actively think that, so can RIAA lawyers
(comment deleted)
I mean, while it is the nominal purpose of the site, it's not like all of us here actually work in startups.

Personally, I do programming for psych research students & faculty at an undergrad institution.

It's not like working at a startup—or having money as your first, last, and only moral compass—is a prerequisite to post here.

Well anyone who voluntarily enters into a work for hire arrangement is making society a better place. The employer wouldn't have done it unless they were benefitting and likewise for the employee. What is important is doing something people want.
(comment deleted)
This is the Just World Fallacy. It's not necessarily true that spending money benefits society. You can spend money to harm society, with or without intention.
That is definitely not the case. There are plenty of employers making things worse. One of my first jobs was for a telephone fundraising outfit. We'd cold-call people, manipulate and like to them, so they'd donate money for our charity of the week, and keep 85% of it.

Making society better requires actually making society better. You have to weigh the total societal positives against the total societal negatives.

OK let me qualify my answer. Voluntary financial arrangements are beneficial to society that do not harm others. The government in capitalistic systems enforces the rule that you can't harm one another arbitrarily. So an assassination contract would be illegal. Also, defrauding people with cold calls of their money is illegal. In short, LEGAL voluntary arrangements in a free market are beneficial.
That's progress, but you haven't accounted for negative externalities or the varying shades of "voluntary" that exist. Both of which occur in pretty much any job people take these days.
An assassin is a work for a hire arrangement.
And this is just one (extreme) instance of “person A pays person B to destroy person C's value, for net harm”. Imo, the only failing of capitalism is that one can profit by destroying other people's wealth (though this is probably splitting hairs, given how varied the ills that come from that).

Everybody has their price. For some people, it's low enough that they'll actually do the evil things and not lose sleep over it.

I am not, but I am not fucking it up for others.
Not everyone here is directly involved in the startup culture and yes, technology and disruption can get shady. But "at least I'm not a lawyer" is a low, low bar to clear.
> But "at least I'm not a lawyer" is a low, low bar to clear.

A lot of people wouldn't be able to get any justice at all if it weren't for lawyers. Lawyers work for the ACLU and EFF too you know.

I work on managed databases. I actually do think that is a positive effect on the world, like many other obscure but important pieces of infrastructure.
Eh, I don't think that's fair. Lots of people here make society a better place, as do the companies and organisations they work for/contribute to.

Sure maybe you could argue that Facebook and Google don't make the world a better place. Maybe a bunch of other FAANG companies.

But not everyone here works for one of those. I don't, and I'd say my work probably improves society in a certain sense (depending on whether web development/UX design/usability work does that).

yeah unlike us hackers who are saving the world with targeted ads and food delivery
Technology has had an impact on nearly any industry you can think of. As such, there is no shortage of tech work outside of ad tech. Ten years ago I worked on ad tech shit for Amazon, but I quit when I realized that made me a parasite.

I don't work in food delivery, but I'd say getting a pizza from point A to B is a hell of a lot more productive than being a lawyer for the RIAA.

Yeah, same. Years ago I did work for a medical advertising company. They were lovely, smart, creative people. But the more I thought about it, the more I didn't want to aid for-profit manipulation of people. I've stayed away from ads since, and never regretted it.
Appified pizza delivery is rent seeking.

There is zero need for a multinational between hungry people and food delivery. Inserting them raises costs, lowers service quality, and lowers revenue to restaurants.

Off topic, but I would like to note this thread's congruence to Snow Crash:

  There's only four things we do better than anyone else:
  music
  movies
  microcode (software)
  high-speed pizza delivery
I was thinking more along the line of the people who actually deliver the pizza. It's an honest job, unlike being an RIAA lawyer or ad tech programmer. But next to either of those, even delivery app developers are saints.
Snowcrash was kinda crazy in how it predicted where things would go.
> There is zero need for a multinational between hungry people and food delivery. Inserting them raises costs, lowers service quality, and lowers revenue to restaurants.

Nonsense.

Everyone I live with went from not ordering any food to using UberEats weekly because it's so much more pleasant than interfacing with every restaurant directly, having to carry cash to pay and tip, having on easy way to answer "what's open right now?", etc.

All these restaurants are getting money they would have never received from me had the app never existed. And everyone I know uses UberEats and will sheepishly admit they use it way too often.

You should talk to people who use UberEats before you assume it provides zero value to anyone, not sure what else to say. Maybe you can do the same for Uber as well.

Exactly, I'm not fan of these type of lawyers, but they aren't even close to the same level of damage being done by people who work at places like Facebook.

I'm sure it's the usual case of a large enough salary helps you to forgot what a piece of shit you are.

It reminds me of the famous quote by Upton Sinclair: “It is difficult to get a man to understand something, when his salary depends on his not understanding it.”
Let’s acknowledge the widespread digestive benefits of yogurt247.com
For sale! Finally, I can realize my yogurt-on-demand startup dreams.
While I agree with you, I'm pretty sure that a lot of people are grateful about food delivery given current events. At the very least, it kept some people employed and businesses in operation.
I wonder this about a large majority of corporate lawyers who somehow seem like members of a parasitic species which has found a host which they can exploit for resources by inducing changes in their behaviour, comparable to the way the Toxoplasma parasite makes mice less scared of cats [1].

[1] https://www.pnas.org/content/104/15/6442

I think if people are paid well enough, they can convince themselves that the harm they do is a net positive because it demonstrates that the system needs to change.
> I wonder if RIAA lawyers believe themselves productive members of society, or if they recognize themselves as the parasites they are.

At least one way they could rationalize their actions is by taking an outlandish but not uncommon view of property rights: that no one would bother to create anything without being able to profit from ownership of it, and the more they can profit the more they'll create.

There's also the even more outlandish view that whatever the market does is good for society by definition, so if the market pays you to do something you can assume it's beneficial to society.

I mean, if we believe it benefits us to have copyright laws, then obviously it benefits us to have copyright lawyers, and the rest is just implementation details. I'd wager 99% of people believe copyright laws are a net good.
> I'd wager 99% of people believe copyright laws are a net good.

If asked, a majority might say that (though IMHO nowhere near 99%). Their actions indicate otherwise, however, and a person's beliefs are better judged by their actions than by their words.

Things could be much worse; it's remarkable they don't sue about being called a parasites.
I have become convinced that the RIAA lawyers emerge from their crypts every few years, generating a slew of copystrikes to justify their retainer fee.
That's exactly what they do. Troll everyone they can reach.
This software makes it easy for people to download copyrighted movies and the RIAA attorneys (at least some) are acting in good faith to prevent people from breaking copyright law and causing their client damages. Can someone argue against me please?

(genuinely contribute to discussion by arguing against my own biases, call me a moron instead of downvoting)

By this right, Zoom/ Google Meet / Teams have screen recording that would allow for this as well. How deep should we go down this hypothetical rabbithole?
Even if we take that as a given, my response would be: "Yes, so what?"

The software also a long list of legitimate uses, as was demonstrated by the various prominent users that spoke up.

I can use the camera on my phone to record a copyrighted movie, and thus circumventing the DRM, or just use a device like this: https://www.amazon.com/StarTech-com-USB3HDCAP-Video-Capture-... (analog VGA is probably preferred here, for lack of HDCP support).

And that is only necessary if we're talking about some modern DRM that makes your OS work against you, so you can't directly capture with OBS or something.

We're gonna ban all of those now?

Creating or providing a tool and using a tool are not the same action. Likewise, since there are legal fair use scenarios of copyrighted materials (short clips, criticism, satire, academic, etc) so even using the tool isn't inherently against the law and the person creating or providing the tools can't know and legally doesn't need to know the end user's intentions.

Copyright lawyers working for the highest profile abuser of copyrights absolutely know the very basics of copyright law and are therefore acting in bad faith.

Drug paraphernalia is still a crime in most places. Not sure what the equal to "spice grinder" here is.
if there is no residue then classifying it as "drug paraphernalia" would be in bad faith
I don't know what the laws are on possession, but before marijuana was legalized it was far, far easier to buy a bong than the weed to smoke in it. I'm wracking my brain to try to think of a piece of drug paraphernalia that is illegal to sell or illegal to possess in the absence of the drugs themselves.
In the state I live in it's illegal to to be in possession of any paraphernalia. Thats why you cant buy a bong anywhere, but can buy a water pipe at every corner store headshop.

That being said it's a petty misdemeanor that does not result in any jail time until your third infraction.

https://www.revisor.mn.gov/statutes/cite/152.092

Anna Purna in Berkeley, CA used to have this sign: "these are water pipes not Bongs! You will be asked to leave" (c1995)
Drug paraphernalia has a specific use (or at least, let's assume that for the sake of argument), but youtube-dl is more like a crowbar that has legal and illegal uses.

If I have a crowbar I can legally use it all day long for construction purposes. As soon as I'm caught breaking into a house with a crowbar, it's classified as burglar's tools. At no point is the hardware store or crowbar manufacturer liable for a burglary for selling me a crowbar.

So, similar to Popcorn Time then WRT providing vs using? The RIAA lawyers are bringing cases that are disingenuous, because they already know they're covered by fair use?

So to pick a worst case scenario, a pirate uploaded _Spiderman_ to Youtube with the intent of letting people get _Spiderman_ for free using this software. In that case, it's the uploader that's legally liable? Does the RIAA have a case?

Git+your OS make it easy to acquire this software, Your browser and OS collude together to make it easy to run it, The elecric supply to your house makes it easy to run the computer that runs the OS, ...

Do you really want a world where this scumbags should go after everything that "makes it easy" to do illegal activities?

That piracy causes client damages is a debatable point. Studies have shown those who pirate software, movies, television, etc., will rarely use or consume that content if they didn't pirate it. I know way back when, when I pirated stuff voraciously, if I couldn't find something I just never read/saw/used it. Not once in my life have I spent days or weeks trying to pirate something only to turn around and pay for it. Some (not all) studies even show that in the case of software, piracy in some cases leads to legitimate use, i.e. purchasing.

Now there's no doubt that piracy violates copyright law. We can debate whether or not that's a good thing, whether the laws in question are just, etc., until the end of time. But it's not a foregone conclusion that piracy has any negative economic impact on copyright holders.

An awful lot of tools provide the opportunity for their users to break the law, and yet we still sell those tools and place the onus of following the law on the users. While guns are the obvious example, lockpicks are widely and freely available, as are a whole host of other items with which one could commit nefarious deeds.

Copyright law seems to be one of the only areas in which the fact that someone Could use a tool to commit a crime seems to be grounds for criminalizing the tool and not the act.

Maybe their purpose was Widevine. The youtube-dl takedown was a way to distract the attention. I don't think we should rejoice until Widevine is back.
The widevine-l3-decryptor takedown wasn't filed by the RIAA
They are looking for that one time where people are either not paying attention or are too exhausted to care. What is the saying? We have to win every little battle, but all they have to do is win once.

> generating a slew of copystrikes to justify their retainer fee.

Considering how they were able to change social media to favor the copyright owners, I'm betting whoever is paying them feels the fees are justified.

> We have to win every little battle, but all they have to do is win once.

"Today we were unlucky, but remember we only have to be lucky once. You will have to be lucky always."

-Provisional IRA after almost assassinating Thatcher in a bombing

> Seems like the copyright holders making a big fuss over nothing really.

This should be the conclusion. Since they have won nothing with such whole noise. Only increase more the OSS wave.

They don't understand technology, and in this case I don't think they should be told...
It's a shot across the bow, to achieve a chilling effect. They've achieved a few weeks of downtime, for now, and sent a message to the project that they're being watched. It might well not be the end of hostilities.
I think you may be right about the fight not being over, I don't think they actually achieved any downtime. Youtube-dl didn't stop working for me while the takedown was in effect, and was even updated during that period.
Seems to me they got much more of a Streisand effect than a chilling effect! ;-)
In terms of usage, yes. In terms of development, we'll have to see. I am an optimist, but I have to recognise that good devs tend to skew away from opensource projects that are in lawyers' crosshairs, because they bring more trouble than fame.
My experience has been that Github doesn't ever purge commits from the history. Even when you rewrite the history, all the dangling commits are still there and can be access. I've yet to find a way to force Github to do a gc so such commits are removed. Without Github running a GC on the repo, the commits will not be removed.
You can contact their support to do it for you, for example in the case of pushed secrets.
That shouldn't be necessary. Something as fundamental should be made available as some sort of API.
(comment deleted)
I guess that if they want to run those tests they can cherry-pick that commit, run the tests and then drop it
The way I read it, the test cases weren't really the problem. The RIAA was alleging that the purpose of youtube-dl is to circumvent DRM and they try to back this statement up by pointing out that copyrighted works are being downloaded in the test cases.

Here is a bit of a discussion about it by seemingly knowledgeable people:

https://law.stackexchange.com/questions/57421/is-youtube-dl-...

> > the source code expressly suggests its use to copy and/or distribute the following copyrighted works owned by our member companies: > > Icona Pop – I Love It (feat. Charli XCX) [Official Video], owned by Warner Music Group Justin Timberlake – Tunnel Vision (Explicit), owned by Sony Music Group Taylor Swift – Shake it Off, owned/exclusively licensed by Universal Music Group

> Complainants are "confused" about actual infringement (which is prohibited by copyright law), and creating a method for infringing copyright. Under DMCA and US copyright law, copying is infringing, programming is not infringing. The complaint does not clearly allege unauthorized copying of another person's intellectual property, and their complaint is based on the theory that certain programming actions constitute copyright infringement. I don't actually think they are confused, I think they are testing the boundaries.

Hmm they seem to be taking it from the approach that RIAA was sending a takedown on the grounds that youtube-dl was infringing on the copyright of their members, but that doesn't seem to be what the actual takedown claims. Instead it's requesting takedown on the grounds that youtube-dl is breaking protection measures in violation of 1201, and the answer given doesn't really address that except to say that breaking protection measures isn't infringement (which wasn't what they claimed in the first place).

EFF represented youtube-dl to get the repository reinstated, and their lawyers instead tried to prove that YouTube doesn't have DRM, and that the test cases provided were neither suggesting other people to infringe, nor infringing themselves (falling under fair use). The full response is here: https://github.com/github/dmca/blob/master/2020/11/2020-11-1...

It would have been fantastic if every test using RIAA copyrighted music had been replaced with public domain sources. Or, better yet, videos the maintainers created and uploaded themselves.
That won't work, because Youtube applies the particular sort of protection that those tests exercise only to copyrighted music.
Interesting. Do you know how hard it would be for someone to upload a bunch of original videos with same copyright as the videos in question?
As far as I know, that's impossible. The particular DRM applied to those test videos is ONLY available to large partners like Vevo.

Which is why they were in the test suite.

Just about all music you can find online is copyrighted. I think you mean that it applies the protection only to music where the copyright is held by a large organization.
Yes, yes, it was short for "registered with Youtube's copyright filter".
Shouldn't these tests be considered fair use since they are arguably necessary to validate interoperability?
Yes, and I unfortunately still see no argument related to the DMCA's provision that breaking copy protection is legal if you have a license to use the work. In this case, a license to use it via a specific browser is not mentioned, so you can rightly download it with anything.

This was the suspected cause for py-kms's reinstatement but as it related to Windows licensing.

Is there a way to get equivalent tests on non RIAA videos?
> Looks like they've removed the tests for RIAA member videos as the only change

And even that was more likely to allow certain somewhat too loud organizations to save face, not out of legal necessity.

Good news.

What if someone were to write a separate script that generated the necessary tests for youtube-dl?

Then prior to releases they could privately generate the code and run the tests, but still ship it not referencing any copyrighted material.

So it seems that the dealbreaker was that one of tests that downloaded copyrighted material (see the last commit [1]). Seems like a reasonable thing to not do, and just replace those tests with just random cat videos.

[1] https://github.com/ytdl-org/youtube-dl/commit/1fb034d029c8b7...

It doesn't work like that since certain videos use obfuscation methods that random cat videos don't.
I was under the impression that those obfuscation methods were exclusive to certain YouTube partners, including the RIAA members. If youtube-dl stopped supporting that method, it would still be a useful tool for the bulk of its use cases and the RIAA would no longer have any leg to stand on since it'd no longer be able to download their members' videos.
There's no need to keep that code in the main yt-dl codebase if it is for special cases.

You could imagine a siloed yt-dl plugin called crack-riaa with separate tests, hosting, etc.

If yt-dl detects the obfuscation, it could fail with an error message point to the plugin's documentation.

That would only move the problem. That plugin would still need a Git repository, an issue tracker, tests, and an update mechanism. Or are you trying to say you don't care if this specific part of yt-dl gets deleted from the internet by RIAA?
It decouples the thorny part of yt-dl from the mainline and reduces risk of complaints in the future.

I do care if this part gets deleted, that's why I think it should be hosted somewhere more reliable than GitHub. There are other options which aren't as polished, but may be better for hosting risky code like this, including self hosting.

This code needs to be underground.

In my experience many videos have it, not necessarily ones associated with the RIAA (or perhaps the overzealous[1] content detector just thinks there's some of their content in there), so it's definitely necessary to decode the algorithm for youtube-dl to work on not just RIAA content videos.

IMHO giving the client both the key and the algorithm to decode the content should not count as any form of protection, but the lawyers don't care...

[1] https://news.ycombinator.com/item?id=16075325

Breaking copy protection is only illegal if you do not have a license to the work. Removing the protection breaking code isn't necessary, and everyone needs to stop pretending that it is.

This same clause of the DMCA is the suspected reason for py-kms's reinstatement after a takedown: it's perfectly legal to break the Windows license scheme if you already own a license to Windows.

(comment deleted)
I suppose a developer that wants to make sure that it works with certain DRM schemes can add cases of their own, locally, without pushing the change.
Since this affects only tests, they could easily change the relevant scripts to download a list of test videos at runtime. I bet the RIAA github-scrapers would not "see" it. Just serve statically a rot13-encoded list of URLs from pastebin or something, and Bob's your uncle.
Based on what I saw in past discussions, I'm pretty sure that the takedown was not a run-of-the-mill scraper-based takedown (it makes no sense to be taken down just for linking to videos which, at best, is what any scrapers would have seen in the original test code). It was very much an intentional, manual one with actual lawyers behind it.
There are multiple sides to "defending" a project like this. One of them is avoiding to trip the run-of-the-mill scrapers. The takedown was serious but we don't know what triggered the lawyers' attention in the first place. IMHO a simple runtime obfuscation would remove that particular attack vector, once coupled with some plausible deniability (i.e. deleting all downloaded data once tested). At that point, YTDL is still on RIAA's generic shitlist (which will require other mitigations to survive) but at least doesn't get flagged every week by a scraper.
feel free to file an issue and tell them that, but clearly it does work in this case.
Nice...I bet the evil RIAA didn't think only about the two tests when they reported the project....
Actually that's all they complained about.
Hold up...

Copyright lawyers are idiots, next question.

IIRC the complaint was about the "circumvention" algorithm in the code.
I think the point was that their real goal was to kill youtube-dl entirely, and the tests just happened to give them something to complain about to do so.
Random cynical thought -- they noticed because the automated testing was bumping up the # of views on those streams, so their members were being forced to pay royalties on views that were not real ...
Does use of youtube-dl to download videos from youtube really bump the view count? I have assumed that it doesn't, since it probably isn't passing whatever systems youtube has for addressing 'view count fraud'.
I haven't tested, so I couldn't tell you.

I imagine as YT's anti-download measures get more intense, the more yt-dl has to behave like a real browser, including ticking up the view count.

Great, now they can import the issues to a GitLab/Gitea instance hosted by the same Germans who refused to ever take down youtube-dl.org, and a few other places for redundancy, and not have to go through all this excess stress again.
I have trouble believing gitlab would just ignore a DMCA takedown request? This is what people believe? This is something gitlab has said?

Actually, I guess I'm not sure of the consequences to a company of ignoring DMCA takedown requests (whether or not they are US companies; but Gitlab is now btw), but I assume they are not good, or why do companies bother complying? Rather than assume, I should look into it.

But yes, redundancy for sure.

gitlab.com? No. https://youtube-dl.org/ ’s host? That’s almost exactly what they did. (Edit: here’s my comment on a story that details their response somewhat: https://news.ycombinator.com/item?id=24909982).
The webhost had a different situation: neither code nor binaries were hosted with them. Although DMCA specifically doesn't apply to a German hoster of course, and uberspace is run by the kinds of people that'd probably try and take this to court instead of just rolling over.
I don't follow, a few days ago I downloaded the tarball of the code and 'binary' (it's a Python script) from their website. Both seemed to be hosted there.

https://youtube-dl.org/downloads/latest/youtube-dl-2020.11.1...

Same, but interestingly enough today when I click the link my browser Palemoon’s popup dialog (asking whether to open in an extractor app or just download) says the file is from https://gitlab.com.
That link redirects to a file on gitlab.com, and that they don't host it was given by uberspace as part of the reason for ignoring the request.
Huh, so that's basically the excuse TPB uses right? "We don't host content, just links to content."
It's hosted on gitlab.com:

    $ curl -sS -D- -o/dev/null \
       https://youtube-dl.org/downloads\
       /latest/youtube-dl-2020.11.12.tar.gz
    HTTP/1.1 302 Found
    Date: Mon, 16 Nov 2020 15:04:10 GMT
    Server: Apache/2.2.15 (CentOS)
    Location: https://youtube-dl.org/downloads\
      /2020.11.12/youtube-dl-2020.11.12.tar.gz
    Content-Length: 3
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    $ curl -sS -D- -o/dev/null \
       https://youtube-dl.org/downloads/\
       2020.11.12/youtube-dl-2020.11.12.tar.gz
    HTTP/1.1 302 Found
    Date: Mon, 16 Nov 2020 15:05:03 GMT
    Server: Apache/2.2.15 (CentOS)
    Location: https://gitlab.com/dstftw/\
      youtube-dl/uploads/99d745f22ca3c2a8e9a2\
      3def5446289a/youtube-dl-2020.11.12.tar.gz
    Content-Length: 3
    Connection: close
    Content-Type: text/html; charset=iso-8859-1
Weird. It's hosted by github.com when I run identical commands:

    (base) /tmp  curl -sS -D- -o/dev/null https://youtube-dl.org/downloads/latest/youtube-dl-2020.11.12.tar.gz
    HTTP/1.1 302 Found
    Date: Mon, 16 Nov 2020 15:52:13 GMT
    Server: Apache/2.2.15 (CentOS)
    Location: https://youtube-dl.org/downloads/2020.11.12/youtube-dl-2020.11.12.tar.gz
    Content-Length: 3
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    (base) /tmp  curl -sS -D- -o/dev/null https://youtube-dl.org/downloads/2020.11.12/youtube-dl-2020.11.12.tar.gz
    HTTP/1.1 302 Found
    Date: Mon, 16 Nov 2020 15:52:27 GMT
    Server: Apache/2.2.15 (CentOS)
    Location: https://github.com/ytdl-org/youtube-dl/releases/download/2020.11.12/youtube-dl-2020.11.12.tar.gz
    Content-Length: 3
    Connection: close
    Content-Type: text/html; charset=iso-8859-1
This is a little meta, but you can use the the -I / --head argument to tell curl to download headers only. This will ignore the rest of the response and means you can eliminate all of those other flags. E.g.:

    $ curl -I https://youtube-dl.org/downloads/latest/youtube-dl-2020.11.12.tar.gz
    HTTP/1.1 302 Found
    Date: Mon, 16 Nov 2020 19:10:37 GMT
    Server: Apache/2.2.15 (CentOS)
    Location: https://youtube-dl.org/downloads/2020.11.12/youtube-dl-2020.11.12.tar.gz
    Connection: close
    Content-Type: text/html; charset=iso-8859-1
Not quite: when you pass "-I" curl makes a HEAD request instead of a GET request:

    $ curl -sS -v -I \
        https://www.jefftk.com 2>&1 | grep '^>'
    > HEAD / HTTP/1.1
    > Host: www.jefftk.com
    > User-Agent: curl/7.58.0
    > Accept: */*
    
    $ curl -sS -v -D- -o/dev/null \
        https://www.jefftk.com 2>&1 | grep '^>'
    > GET / HTTP/1.1
    > Host: www.jefftk.com
    > User-Agent: curl/7.58.0
    > Accept: */*
    >
It turns out that, often enough to be worth worrying about, servers do not return the same headers in response to a HEAD request as a GET request, so I always send a GET request when debugging strange behavior.
I think he's referring to a self hosted gitlab instance, not gitlab.com
gitlab.com, btw, does clearly advertise that they comply with DMCA takedown notices.

https://about.gitlab.com/handbook/dmca/

Others in this sub-thread have identified that the downloadable releases are actually currently hosted on gitlab.com.

Gitlab has their internal workflow for handling DMCA takedown's public (as with most/all of their internal policies, which is cool!). https://about.gitlab.com/handbook/engineering/security/opera... It may be that they go a little bit slower with more chance for the alleged infringer to respond (with a counter-notice or voluntary takedown) than others.

But in the end, any major US company (or company doing business with the US) is probably going to comply with the DMCA, which says that if you get a takedown notice that is formatted correctly, you take down. Then there's a process with user filing a counter-notice, then the original filer having a chance to respond to THAT, etc., that you can see in the gitlab workflow, but most of that is just how DMCA works. "If there was a valid counter-notice and no response has been received from the plaintiff within 10 days of the counter-notice being forwarded" then the content might go back up.

The youtube-dl removal was not a DMCA takedown request, under no situation could you consider the repo to be hosting copyright material.
> Actually, I guess I'm not sure of the consequences to a company of ignoring DMCA takedown requests (whether or not they are US companies; but Gitlab is now btw), but I assume they are not good, or why do companies bother complying? Rather than assume, I should look into it.

The request is essentially a precursor to a lawsuit, so the consequences are a potential lawsuit and all of the legal fees that go along with it.

Well this was a wild ride from start to finish. Anyone got a count on how many times someone suggested distributing YouTube-dl via a blockchain in all these discussions?

Also, how come Google hasn’t asked for it to be taken down given that it has YouTube in the name?

Please don't try to give Google any ideas.
well, git is a block chain, so I guess this is already the case :D
Was a counter-notice filed, or did github restore it without one, once the tests were removed?

Because my understanding was that certain decryption/anti-drm functions were also in the scope of the takedown request, not just the tests.

I think github's CEO was keen to restore it [0], probably on a matter of principle but also probably on how much negative advertisement it brings them, in terms of 'trusting' github as host.

I am sure they had MS's legal team advise them on what they can get away with.

[0] https://twitter.com/t3rr4dice/status/1320660235363749888

I agree with you. They double-checked the issue with their legal team.

I use the dl'er to download talks. I am featured in a couple of talks and want to secure these offline.

Anti-DRM can't be part of a DMCA takedown request. The remedy available to RIAA is to go to court and get an order.
How long before we start the discussion about exporting issues/comments and preparing for another event like this? :)
Negative time I'd say; as in, it has already been mentioned what feels like a million times. Maybe just open an issue on the github repo?
The amount of publicity this generated for youtube-dl is astounding... I would love for this to be a ”the plan to get rid of youtube-dl backfired badly for RIAA” ending. But I guess RIAA is reviled enough already so nothing they do really matters. So I suppose the hope is that some political will to change the laws around this arises from it.
True. It seems we need to wait for a generation of media-consuming legislators to age into the Senate to get past The Eagles complaining that their music is being "pirated" on Tik Tok.
Wait? No, no need to wait. Run for office, push out the dinosaurs.

"The chief penalty [of good people who refuse to lead] is to be governed by someone worse." -- Plato

As someone who is old enough to have heard The Eagles when they first came out, this is hilarious. No offense to Eagles fans, but they were mostly forgettable Top 40 from the get go.
> So I suppose the hope is that some political will to change the laws around this arises from it.

We had mass demonstrations across Europe with the Article 13 fiasco and nothing happened.

Revolutions aside, copyright will never be reformed anywhere in a consumer friendly manner - politicians are way too deep in the pockets of the industry.

All the parties that were pro reform in the "article 13 fiasco" will still get votes. Unless people grow a brain and start remembering things, they will just get away with anything unless it happens right before an election. Alas, we evolved from monkeys, not from elephants.
Honestly, this is what caused me to install it. Have downloaded one video so far - a U.S. government work, so no copyright.
If the RIAA notice is to be believed, you've still admitted to a crime as you've bypassed YouTube's DRM, which is their hosting of the video in other public links.
IIRC, YouTube actually does apply extra DRM to some videos (ones "owned" by the RIAA, maybe others?)
Nope, they argued that their URL obfuscation is DRM.

edit I think YouTube-Red's successor has DRM on it's videos, I don't think youtube-dl ever worked on them though.

The video torstenvl downloaded wouldn't have had the rolling cipher on it.
From my understanding, every video has the rolling cipher as it is just what YouTube calls the links the media files are at.
My understanding is in general a fixed signature is used, only certain content has the rolling cipher.

If all videos used the same system then youtube-dl would not have had any reason to make major label music videos part of their unit tests.

Youtube-dl's counter claim states that though those lines of code did not violate the DMCA, they have replaced them with videos without copyright music.

That sounds like they didn't really have any reason to make major label music videos part of the tests, it was just a developers personal preference. Though, it doesn't prove this is the case.

It is not the case, and all that has happened is a removal: https://github.com/ytdl-org/youtube-dl/commit/1fb034d029c8b7...
That commit details the replacement of the music videos with a generic test video, exactly what I said. I'm unsure how it is supposed to show it is not the case.
Incorrect. There's a single green line that has an alteration to replace a music video ID "UxxajLWwzqY" in a test case that actually only makes use of ID "BaW_jenozKc" ("Use the first video ID in the URL").

The removed "Test generic use_cipher_signature video (#897)" case did make use of ID UxxajLWwzqY.

I see what you mean, but the extractor file still features how to deal with videos containing the cipher, all that was removed was the tests. Testing the generic cipher video may have been ruled unnecessary as it's universal.
That's the partial win here - repo restored with tests referencing the RIAA related videos removed but the code dealing with the rolling cipher itself still intact.

And next time youtube makes one of their frequent changes to their website the extractor will break in some way. Somebody will work to fix it and make use of the same tests, only now some of them won't be in the public codebase.

Except we haven't established whether there was anything special about those videos at all
But on the other hand there is always an omelette to whisk.
I better throw out my web browser then. It is circumventing YouTube DRM by opening those URLs.
By that logic, playing Netflix on your browser is breaking DRM. That’s not how that works.
Netflix sends the videos to your computer with a form of DRM and then uses a key from either your browser or hardware to unlock the content. That is nothing like YouTube, which sends both the links and the media to you unencrypted.
Youtube-dl works on way more sites than just YouTube.
I don't think it's about whether they're reviled enough yet, but rather whether the actions they're taking are likely to engender effective activism and organised political opposition to their agenda.

In this case, it looks like they've discovered that the community isn't asleep at the wheel and that this isn't the hill they want to die on.

Some clever people working for the RIAA might have suggested to their lawyers that they take down the youtube-dl repository to generate some publicity around the project.

And now they are pretending "What is this youtube-dl thing everybody is talking about recently?"

RIAA, you are heroes. That's very nice to promote underfunded free software projects like this.

I don't believe that RIAA's real intention was simply to get rid of youtube-dl. This was probably just a show to push for more DRM on the Web.
I guess the maintainers will have to send "forbidden" patches among each other outside of Github, in order to run regression tests against the "extra DRM" videos.
But now I guess Github should be used as a read-only redundancy rather than for development.
Why? GitHub didn't do anything wrong. They took this down because they were required to by law. It would have been the same story with anyone else.
What I meant is that they would rather do a self-hosting (Gitea, etc.) instead of using another platform to have ore control.

Moreover, my statement was more of a speculation rather than an advice :-D

If you self-hosted, they could have just gone for your ISP or colocation provider.
Breaking copy protection is only illegal if you do not have a license to the work. Removing the protection breaking code isn't necessary, and everyone needs to stop pretending that it is.

This same clause of the DMCA is the suspected reason for py-kms's reinstatement after a takedown: it's perfectly legal to break the Windows license scheme if you already own a license to Windows.

This is not my understanding of the DMCA. Can you back this up?
Github is part of the RIAA via Microsoft. That is something wrong.
Simply having a good migration strategy might be more than enough.
GitHub is still hosting the full youtube-dl version history, including versions which include those supposedly infringing tests. Does copyright law end with HEAD on master? Those tests are still there.

This makes it especially obvious that the RIAA's problem with youtube-dl was never really the tests.

> Does copyright law end with HEAD on master?

I think the RIAAs technical know-how ends with the github web interface, so in a way, yes, copyright effectively ends with HEAD.

Then when someone realizes to use the web interface to check out that old commit, the whole thing opens up again. Hopefully github's lawyers who OK'd this know a bit about git.
> Does copyright law end with HEAD on master?

With regards to copyright law and "distribution", there's no distinction. The tests are still being "distributed", just from a different URL. If youtube-dl was in violation before, they still are now.

This is a confusing result. I would not expect any copyright litigant to sacrifice legal advantage for the sake of an adversary's convenience in maintaining complete version control history.

Could there possibly have been a miscommunication over what "remove the tests" meant? Or an offer of compromise outside of legal necessity? Or a bad-faith fulfillment of a promise to "remove the tests"?

Does the fact that the RIAA is packed with stodgy, old corporate lawyers who most likely lack even superficial understanding of the term "version control" lack appropriate explanatory power?
Such "stodgy, old corporate lawyers" are going to become extremely antagonized should they discover that somebody pulled a fast one on them. All you'd have to do is open a web browser and click around to show them that the tests were still accessible.

So what's confusing is the youtube-dl side's strategy. Are they really trying to pull a fast one? That would be incredibly unwise, so I doubt it.

Everything just points to the dmca takedown request being treated as if it was invalid; the repository was restored more quickly than needed and without any real changes.
I've always wondered about copyright and HEAD.

For example, you can find a LOT of copyrighted font files that were committed somewhere in GitHub, and then removed in a later commit once they realized they'd accidentally uploaded a copyrighted file.

But they're still always there in the history, effortless to download.

I'm not really sure what to make of that. I don't think it would really count as removal in court... but it seems rare and complex enough that it's not worth bringing up?

If GitHub received a DMCA takedown notice, they would be obligated to takedown the copies of the fonts listed in the notice, including if old copies were listed. I'm unsure if they could say "all releases before X" or would need to link each one.

If the copyright owners tried to sue the project for copyright infringement, IANAL but I would assume that the removal from head would show an attempt to correct the mistake and limit liability.

If the copyright holder sued an individual I imagine it would matter if they were mirroring the repo or just intentionally downloaded the copyrighted files for personal use.

On that note, does git as a protocol even have a clean mechanism for redacting history like this? If someone were to press this to the logical extreme, how could a developer most cleanly excise violating history from a repo using current tooling?
I assume you would have to revert to the parent of the offending commit, cherry-pick the non-offending code, commit, then rebase the entire master branch on that new commit.

Then you'd have to repeat the process for all forks and branches. It'd be a huge pain, but I think it's doable.

I've never tried something like this, though, so there might be some complications.

There is a way, its not very clean, git filter-branch and you will have to force push all branches, which is fun with large teams.

Unfortunately in larger repos with long histories its extremely slow, and uses a lot of IO. I used it previously to clean up large binaries that were included early on in a repo's history, making it take up way more space than needed.

A lot of stuff like this is technically infringement but will never be worth anyone's time suing over, except maliciously.
> This makes it especially obvious that the RIAA's problem with youtube-dl was never really the tests.

Or that the RIAA lawyers are technically oblivious

Or that they simply don't care about the specific infringement, rather they are just trying to chill the free-speech rights of software developers and fight a culture war on all fronts to expand the rights, privileges, power, and wealth of their clients.
I suppose it depends on how the claim is formulated? Take the CraftBukkit[1] claim for example. In that case, all commits since a specific point, plus all forks, were taken down:

"Pages including infringing content: [...] infringing as of commit [...] and every subsequent commit, including all forks that contain this commit [...] and all forks that share a common first commit [...] and every subsequent commit, including all forks that contain this commit"

This made any effort for restoration futile, since most of the repo was being claimed.

[1] https://github.com/github/dmca/blob/master/2014/2014-09-05-C...

Yes I really doubt the law cares about which commit some code is available on, as long as it is available.

> This makes it especially obvious that the RIAA's problem with youtube-dl was never really the tests.

It doesn't, because the RAII were not involved in youtube-dl's restoration at all.

I don't think the story ends here.

If the tests are the issue, they can just send another DMCA specific to those pages.

Either way, I think in the US anyone who has the most time and money wins, so… good luck with SLAPP.

Does anyone know if youtube-dl accepts financial support? The prospect of losing the program made me realize how much I rely on this project.
It will be nice when the RIAA lawyers start submitting PRs to fix an issue.
That would have been a great way to go about it. "This part infringes our copyright, here's a patch to fix that". But we all know they don't want to fix anything, they want only to destroy and prop up the corpse as a big bad wolf so the actual content creators get scared and keep paying them.
Excellent news, now the community has a central place to contribute. All in all I think it even had a positive impact for youtube-dl, the community will learn from it, and the number of people knowing about youtube-dl has grown by quite a lot.
From the irc screenshot that was linked further down this thread [1], it reads that the "cipher circumvention code" needed to be removed? I can only see some rework being done in the past related to the extractors. [2]

So they gave up on this one, or is there more to come?

[1]: https://twitter.com/t3rr4dice/status/1320660235363749888

[2]: https://github.com/ytdl-org/youtube-dl/commit/2de2ca6659a18b...

3.3k issues, 756 open PRs. do they need help?
this is why it was forked a bit before the takedown, youtube-dlc contains fixes not in main youtube-dl. the guy who forked it tried to help but got banned from posting and helping out.

https://github.com/blackjack4494/yt-dlc

as of last youtube-dl version, the main youtube-dl behaves differently if you simply point it to a youtube channel, while youtube-dlc behaves as you'd expect... i keep both around for now.

Waiting now for the "Why we're moving to Gitlab" blog post.
If any maintainers or contributors see this, thank you all for your incredible work! youtube-dl is one of the best tools I've every used. It's polished and always working and with such an incredible community. This is seriously a killer piece of software that is part of my default setup for every new machine I've had over the past 4-5 years.

I've downloaded countless free lectures that some universities offer for offline viewing and sometimes listening if it's a discussion based class. Seriously, this is great software.

Did they say why?
Great news! It's also worth pointing out that the team has been releasing new versions while the repository was down which is quite remarkable.