Tell HN: Chrome says "suspicious download" when trying to download yt-dlp

311 points by joering2 ↗ HN
On a newest version, I attempted to download newest yt-dlp only to be warned of "Suspicious Download". No explanation what that means was provided.

44 comments

[ 2.7 ms ] story [ 84.5 ms ] thread
So, Google's browser says downloading a tool to download files from Google's servers is "Suspicious"? Not surprising.
It's over. The internet culture of the 20th and early 21st century has been appropriated for profit.
The binaries they offer are complied using PyInstaller, which can give false positives in anti virus software.
Which link exactly did you try to use? Or what specific version on the Github releases page? I checked both the latest windows and macos versions against Google Safe Browsing and all were fine.
Which is why I download it from my Linux distribution's package manager. It's available on Termux too.
Which in the case of yt-dlp might not be fast enough.

I use a telegram/mqtt/homeassistant wrapper (1) to let my mother download audiobooks which are saved in jellyfin so she can listen or download them from my (home)server.

Keeping yt-dlp up2date (and therefore) working is not that easy, especially since I dont systemupdate every other week. There were a few phases yt-dlp version in nixpkgs-unstable were just not working. I created a little wrapper that updates a venv so I always have the HEAD running for my bot.

[1] https://github.com/entropie/ytdltt

Chrome for work, Safari or Arc for everything else. I envy you if your use of yt-dlp is work related.
Why use Chrome when there's Brave? I can't remember the last time I opened Chrome.
Brave is a series scam company. Always has been, always will be.
for what it is worth, when downloading the latest .exe from github, firefox says "this file is not commonly downloaded" and i have to select "allow download".

scans of it are fine.

probably just a heuristic-based false-positive, and not a news-worthy story of chrome abusing their monopoly or whatever.

Do these little speed bumps even work? I have to admit I'm so numb to all these popups and to apps warning me this and begging me that, that I just don't read anything anymore. Each app that hits me up with yet another dialog is just another brick in the wall.

The only speed bump that I find super annoying is when your browser tries to prevent you from going to a site with an incorrectly configured certificate (or a self signed certificate). The UX browsers make you navigate in this case is extra-horrible. Apparently, my use of a self-signed certificate for some local machines means I'm about to die.

These are speed bumps for you but they make it nearly impossible for something to go mainstream, so rest assured they work extremely well on others.
This is also happening with `.tar.gz` file on chrome for yt-dlp. Doesn't happen for other `.tar.gz`
Interesting to inspect any telemetry on this. Could end up on a list.
Reminds me of how Bing search for Google takes people to a page meant to resemble Google.com. Can't trust huge companies.

But as others have pointed out, it's probably a coincidence in this case. But who knows.

Google did flag the Ad Nauseam Chrome extension as malware, so that was a definite abuse of power. This one is unclear.
`brew install yt-dlp` or `scoop install yt-dlp` :)
I suspect for M$ users you could even use winget (though I am unable to subject myself to Windows right now)
It's funny such a big corporations can't let such a small tool live.

Google is such an evil company, it is not even provided anything great anymore.

Anti-gravity paid plans suck, GCP is billing heavy. Today google sucks at most things

Their Android playstore hardly updates statistics once a day, so much for such a big data company with unlimited sources lol

It's a tool used to build other tools, some of which have non-trivial amounts of users.

It's also a tool used by e.g. journalists and government agencies that dabble in stuff like research and evidence, and it would probably be more cumbersome for everyone involved if Google instead had to process requests and provide copies of material for these purposes.

Otherwise they'd probably have made life much harder for the yt-dlp-developers already. Not that I think they're nice in any way, but I don't think they're seriously trying to fully eradicate yt-dlp or related software.

The heuristics powering this, as well as the Windows Defender whitelisting, are terrible.

My understanding is that a specific binary needs to become popular for it to stop being flagged. This creates a chicken and egg problem. Users are not incentivized to use the program with the warning. But removing the warning requires many people to ignore the warning.

This is a big problem for anyone writing Windows software. An indie developer or small open source project is not going to do well with this.

I found out a similar thing with my website being blocked by corporate firewalls. You need to create profiles at these cyber companies and then wait for whitelisting so that they can drop the ban.
This is also what I call bullshit security. These mechanisms are designed to chain developers to infrastructure of the OS provider. Apple does the same shit for that matter.
Does Microsoft get kickbacks from code signing certificate vendors?

Because AFAIK SmartScreen only applies to software downloaded outside the Microsoft Store.

Come to think of it, I suppose it does incentivize distribution through the Store, so you make a good point.

Linux user here unaffected as I get it straight from my command line.
break this shit up, break all of this shit up.

Google needs to be at least what four companies.. gcp, youtube, search, workspaces...

Apple needs to be at least two hardware/os, music/tv+

Microsoft, meta, etc, Monopolies are bad and our SEC/FTC/Government is doing a poor job of controlling them. At least as equally trecherous are these businesses that overly vertically integrate... anyways, we're fucked.

You wouldn't download a downloader.
Clear conflict of interest enabled by anti trust not being enforced.
I can reproduce when downloading https://github.com/yt-dlp/yt-dlp/releases/download/2026.03.1.... But it did provide a line of explanation:

Dangerous download blocked yt-dlp_win_x86.zip is not commonly downloaded and may be dangerous. [Discard] [Keep]

How useful is that explanation, though? All new software releases (even Chrome itself) are not commonly downloaded, until they are.
Chrome and YouTube are both owned by Google. There's an obvious reason why they want to discourage use of that extension.
This entire thread it almost entirely proof that HN is now reddit. No facts, no consideration, just accusation and crowd think

> Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.

none of that here

> Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative.

not followed here

> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.

none of that there

> Eschew flamebait. Avoid generic tangents. Omit internet tropes.

Lots of that here

The system is clearly automated. As others have pointed out, they've been able to download without incident. As other have also pointed out, Firefox also warns. The warning is reasonable, claiming that something isn't downloaded often is true, until it isn't. A few more downloads and the warning will likely go away.

Nothing to see here except a Google hater mis-interpreting something and the posting ragebait.

I tried to reproduce this on their download page for the latest release[1]. Only the windows exe gets the warning, the other releases (macos, linux, etc) all download just fine. That makes me think it's an automated system that messed up, not an attempt at anticompetitive behavior.

[1] https://github.com/yt-dlp/yt-dlp/releases/tag/2026.03.17

Chrome is just ridiculous. It pretends you are mentally handicapped

Ooooh, this is an executable, THAT'S VERY DANGEROUS! Are you sure you want to download it? Hmmmph?

Flagged for this particular description. Could have said stupid.
As an aside, yt-dlp presents a perfect use-case for uvx (part of uv):

  uvx yt-dlp <yt_url>
No manual download/install required.
Nothing new here. Chrome has always been a suspicious download.