Reading EFFs claim is pretty interesting, they state that saving a copy of a video is only one function of youtube-dl. I think the biggest problem is the name is called "youtube download", it is sort of difficult to downplay that saving a copy is only one function when the name implies it is the main purpose of the program.
"youtube-dl stands in place of a Web browser and performs a similar function with respect to user-uploaded videos. Importantly, youtube-dl does not decrypt video streams that are encrypted with commercial DRM technologies, such as Widevine, that are used by subscription video sites, such as Netflix."
"We presume that this “signature” code is what RIAA refers to as a “rolling cipher,” although YouTube’s JavaScript code does not contain this phrase. Regardless of what this mechanism is called, youtube-dl does not “circumvent” it as that term is defined in Section 1201(a) of the Digital Millennium Copyright Act, because YouTube provides the means of accessing these video streams to anyone who requests them. As federal appeals court recently ruled, one does not “circumvent” an access control by using a publicly available password. Circumvention is limited to actions that “descramble, decrypt, avoid, bypass, remove, deactivate or impair a technological measure,” without the authority of the copyright owner."
There's also another question of law, though: does 1201 apply when only the intent of the DRM has been circumvented, as opposed to it's technical scope? In other words, does pointing a camera at a monitor constitute circumvention of DRM under section 1201? Most DRM can't actually validate, say, that a human is watching instead of a camcorder. (Let's ignore pesky things like Cinavia which are more akin to post-piracy frustration techniques, and easily circumvented with any kind of Free media player.) Likewise, YouTube's rolling cipher can't really validate that it's not sitting inside of an instrumented browser that will dump whatever URLs it grabs. Our hypothetical OBS rebrand wouldn't actually be a 1201 violation unless the law specifically covers things that DRM can't technically enforce but would like to.
But it doesn't really work: If you protect your house with no lock, not even a door, but just a little rope with a sign on: "Do not jump over or duck under this ribbon, or cut it!", that's, for the DMCA, enough - so you get into fun games where you claim that, say, a long random unique key that is right there in the HTML youtube.com serves which links to the video is a 'security measure' and that 'I shall read the URLs in this <video> tag and download what I find there instead of showing it on the screen' is 'circumventing this'.
How far can you stretch the meaning of 'circumventing access-control measures' before, in court, you lose your argument? I don't think anybody quite knows yet, but surely github doesn't want to be on the hook for it without microsoft's legal team and management signing off on the risk.
Furthermore, separate from DMCA's hacking provisions, there is simply the concept of who is responsible for any copyright infringement caused by stuff github hosts. As per 17 USC §512 (the so-called 'safe harbor provision'), the idea of claiming 'hey I just host this stuff, I'm not responsible for this, why dont you take it up with whomever uploaded this' is codified: You can do that, but it does mean that you _MUST_ take down the content in response to a takedown notice, and if you don't, then you are now liable any infringement that content makes.
The idea is that the owner of the data files a counterclaim notice, at which point the hoster (github) is free to re-host everything without opening itself up to liability, but only if, as per 17 USC §512, they do so 'no less than 10 days and no more than 14', and github did it in 1 day, so whoopsie there I guess.
At that point it does turn into a fight between claimer and counterclaimer: The idea behind those 10 days is that the supposed real content owner can then go file in court against the counterclaimer; merely filing a lawsuit is enough: Show that to the hoster (github), and they can no longer re-enable the content without then being liable for infringement by doing so.
You can't file a counterclaim until your content is removed.
Yeah, that means an utter bozo can take your content down for at least 10 days and there is nothing you can do about this. The DMCA is not particularly well designed in this manner (it doesn't protect against trolly crud well, and getting a barratry verdict in the US is borderline impossible). But that's how it works.
In github's shoes, the fact that youtube-dl doesn't infringe is relevant only insofar that they are willing to ride that notion allllll the way to the gavel in the ensuing court case, because they will be defendants if they ignore the takedown request. Presumably they weren't going to just do that without at least a close look by microsoft's legal team, and a signoff from the big wigs for the likely millions this will cost, given that US law in these matters is... well, have you ever seen one of those shows where 2 people are on a beam and trying to knock the other one off with a giant q-tip? US law is like that, except the ends of the q-tips are moneybags.
This letter spells out in clear, convincing and explicit detail why the RIAA was wrong.
Profit-making Github and Microsoft could have performed this analysis and championed developers themselves, but it was the non-profit EFF that actually did the work.
EFF deserves more credit than just a link for fighting against this shit.
[0] https://github.com/github/dmca/blob/master/2020/11/2020-11-1...
Feel free to highlight them here.
I'd rather cut this problem off at the head than sit around and establish legal defense funds if possible. I'm glad GitHub and Microsoft could help contribute to this victory though.
I don't understand what you mean by this! I know it's an expression or a way of saying something, but I don't understand what you mean
Why is this comment downvoted? It's highlighting one of the most common misunderstandings that laypersons have regarding video download/streaming. Most people think that you can "view" content on the internet without downloading it. In this context, a tool which purports to "download" content, you know... sounds like it's nefariously doing something that the "viewing" tool (like a web browser) doesn't do.
For Microsoft to pay for the lawyers to take it down (via their RIAA membership payments) and also pay for the lawyers to keep it up seems... rather silly.
I think this is a very very good / exemplary reaction.
Surely they already had the legal manpower when the youtube-dl removal started making waves. The fact that they did nothing for over three weeks and are publishing this blog post right after the issue was fixed by someone else (EFF) makes it hard to believe their "changes".
They would most definitely have a case that the name makes it appear to be a youtube product. Would a cease and desist for the name only somehow imply that google has no issue with the functionality?
Because I know not protecting your trademark can lead to dilution. And by issuing takedown notices, they are showing that they are aware of the existence of this usage of the youtube trademark.
I think its for this reason that they don't go after these projects very aggressively.
By expressively taking the side of the accused (such as paying their attorney), Github could have opened themselves to being liable for whatever youtube-dl does.
Having the EFF as an independent party sidesteps that issue.
[1] https://github.com/ytdl-org/youtube-dl/tree/3f1748b9445e9d93...
There are many videos on YouTube that are 100% legal to download.
I'll let the lawyers debate that whole thing, but IMO I think that was a bit of a mistake / bad idea. Granted, fixable, but maybe a lesson of something to avoid.
https://rg3.name/202011071352.html
Under DMCA, neither writing a script like youtube-dl nor using it is prohibited (making an unauthorised copy of a video could be fair use).FN1 Section 1201 however prohibits distributing the script to others. Thus, the author of the script who "releases" (distributes) it is not necessarily the only one who might be violating the DMCA. Any recipient of the script who distributes it further, e.g., Microsoft, could be violating the DMCA as well.
FN 1. Section 1201 prohibits distributing technology that is designed to circumvent either "access controls" and/or "copy controls". Similarly, the act of circumventing "access controls" is prohibited. However, the act of circumventing "copy controls" is not explicitly prohibited. Making unauthorised copies, e.g., downloading YouTube videos, is subject to the defense of fair use. It is arguable that youtube-dl is only designed to circumvent "copy controls". As others in the thread point out, there are generally no "access controls" on YouTube videos, e.g., password protection. There could be exceptions. If youtube-dl is designed to circumvent geographic or age restrictions, would those be considered "access controls".
Aside from DMCA concerns, Google's Terms of Service for YouTube would appear to prohibit use of youtube-dl:
"The following restrictions apply to your use of the Service. You are not allowed to:
1. access, reproduce, download, distribute, transmit, broadcast, display, sell, license, alter, modify or otherwise use any part of the Service or any Content except: (a) as expressly authorized by the Service; or (b) with prior written permission from YouTube and, if applicable, the respective rights holders;
2. circumvent, disable, fraudulently engage with, or otherwise interfere with any part of the Service (or attempt to do any of these things), including security-related features or features that (a) prevent or restrict the copying or other use of Content or (b) limit the use of the Service or Content;
3. access the Service using any automated means (such as robots, botnets or scrapers) except (a) in the case of public search engines, in accordance with YouTube's robots.txt file; or (b) with YouTube's prior written permission;"
https://www.youtube.com/static?template=terms
Would these TOS be enforceable if challenged. #1 makes no allowance for fair use. What do you think.
I'm at least one of those who requested EFF to take a look on "The RIAA’s attack on YouTube-dl is not a DMCA 512 infringement" thread.[0,1]
> To borrow an analogy from literature, travelers come upon a door that has writing in a foreign language. When translated, the writing says "say 'friend' and enter." The travelers say "friend" and the door opens. As with the writing on that door, YouTube presents instructions on accessing video streams to everyone who comes asking for it.
> The Doors of Durin, Lord of Moria
but as the Tolkien Gateway explains:
> The name Moria means "Black Chasm" and was a derogatory description of the place which the Dwarves did not like, and was given after Durin's Bane took over the city in the Third Age. It is therefore a mystery why that name appears on an inscription made in the Second Age, and made in consent with the Dwarves.
The most common "mitigating explanation" I see is that Tolkien, the "translator," perhaps used the name the reader would be most familiar with (Moria) instead of the city's real name (Khazad-dûm) when transcribing the door's inscription.
Speak, friend, and enter.
Speak "friend" and enter.
Without punctuation it would be a pun in addition to being a riddle and the instructions.
Looks like they've removed the tests for RIAA member videos as the only change, which I assume helped get this restored: https://github.com/ytdl-org/youtube-dl/commit/1fb034d029c8b7...
Here is a bit of a discussion about it by seemingly knowledgeable people:
https://law.stackexchange.com/questions/57421/is-youtube-dl-...
> > the source code expressly suggests its use to copy and/or distribute the following copyrighted works owned by our member companies: > > Icona Pop – I Love It (feat. Charli XCX) [Official Video], owned by Warner Music Group Justin Timberlake – Tunnel Vision (Explicit), owned by Sony Music Group Taylor Swift – Shake it Off, owned/exclusively licensed by Universal Music Group
> Complainants are "confused" about actual infringement (which is prohibited by copyright law), and creating a method for infringing copyright. Under DMCA and US copyright law, copying is infringing, programming is not infringing. The complaint does not clearly allege unauthorized copying of another person's intellectual property, and their complaint is based on the theory that certain programming actions constitute copyright infringement. I don't actually think they are confused, I think they are testing the boundaries.
This should be the conclusion. Since they have won nothing with such whole noise. Only increase more the OSS wave.
Arguing that you have a right to break RIAA DRM is much harder that taking it out entirely.
I use this for downloading national archive videos off youtube, I'm very happy about this news
This was the suspected cause for py-kms's reinstatement but as it related to Windows licensing.
And even that was more likely to allow certain somewhat too loud organizations to save face, not out of legal necessity.
In this case, it looks like they've discovered that the community isn't asleep at the wheel and that this isn't the hill they want to die on.
"The chief penalty [of good people who refuse to lead] is to be governed by someone worse." -- Plato
And now they are pretending "What is this youtube-dl thing everybody is talking about recently?"
RIAA, you are heroes. That's very nice to promote underfunded free software projects like this.
We had mass demonstrations across Europe with the Article 13 fiasco and nothing happened.
Revolutions aside, copyright will never be reformed anywhere in a consumer friendly manner - politicians are way too deep in the pockets of the industry.
As a brief legal recap, in 1998 the DMCA added §512 [1] to US copyright law, which established a mechanism for shielding 'service providers' from liability for content posted by users (known as 'safe harbor'), but only as long as they follow formal procedures (known as 'DMCA takedown') to respond 'expeditiously' to remove content when they receive a notification claiming infringement, but also to restore access "not less than 10, nor more than 14, business days" after receiving a counter notification claiming the removal was a mistake.
In the post, GitHub implied they removed the youtube-dl repo after receiving the RIAA's formal takedown notice in order to 'comply with laws', and the law also required them to restore access after receiving the EFF's formal counter notice. However, the counter notice was sent yesterday and they restored access 1 day later, not waiting the legal minimum of 10 days. In restoring access so quickly GitHub isn't fully complying with §512, opening themselves up to liability if the RIAA decides to pursue legal action.
Perhaps a symbolic gesture to restore access a couple weeks before they would have been legally required to restore access anyway, but nonetheless interesting to see their willingness to set aside §512 safe harbor protections in the future if their reading of facts suggest a takedown claim doesn't have merit.
> The rules in section 512 do not apply.
Assuming you're referring only to the §1201 'anticircumvention' portion of the claim (the main focus of the GitHub post), whether this portion is also subject to §512 rules is a little more ambiguous. §1201 defines a trafficking violation separate from copyright infringement itself, but some court rulings have established a requirement that §1201 violations establish a 'nexus' to copyright infringement in order to be valid. If this requirement holds, §512 safe harbor protections could indirectly cover §1201 claims as well. However, because there's a circuit split on the issue, unless GitHub is sued on this exact point it's impossible to say for sure what rules would apply in this specific case.
In any case, GitHub handled the 1201 takedown claim in reference to its established, documented process in handling takedown notices and counter notices [1], except for the fact that it didn't wait 10-14 days after receiving a counter notice before re-enabling this content. The deviation from their published policy is still itself noteworthy.
[1] https://docs.github.com/en/free-pro-team@latest/github/site-...
Do the DMCA legal requirements differentiate between good faith and tortuous takedowns? Meaning, is that 10-14 day range set in stone even if Github believes that the request was flagrantly over reaching or do they lose safe harbor protections right off the bat? Has this issue been litigated enough that there would be clear precedent?
That makes it more significant (not merely symbolic) that GitHub chose to short-circuit its DMCA process to restore access and open themselves up to liability in this case.
If youtube-dl (or any OSS project) continues to use GitHub, I hope they have a backup plan ready at all times. Even if GitHub truly is on the right side, they've proven themselves to be a liability for legitimate projects.
I think the 'What we're changing' section is the real interesting part of this post regarding this. I read this section as a half-apology for not doing enough to stand up for developers in this case (allowing the repository to be taken down to begin with), and a promise to do more in the future to prevent this kind of thing from happening again. We'll have to wait and see if their future actions match this promise.
I mean, I guess I understand the sentiment here, but really, most projects don't run this risk. Youtube-dl, on the other hand, is used by people to download copyrighted material. It's a natural target, and as a project maintainer/contributor you have to be aware of the legal setting in which your project exists.
This makes it especially obvious that the RIAA's problem with youtube-dl was never really the tests.
For example, you can find a LOT of copyrighted font files that were committed somewhere in GitHub, and then removed in a later commit once they realized they'd accidentally uploaded a copyrighted file.
But they're still always there in the history, effortless to download.
I'm not really sure what to make of that. I don't think it would really count as removal in court... but it seems rare and complex enough that it's not worth bringing up?
If the copyright owners tried to sue the project for copyright infringement, IANAL but I would assume that the removal from head would show an attempt to correct the mistake and limit liability.
If the copyright holder sued an individual I imagine it would matter if they were mirroring the repo or just intentionally downloaded the copyrighted files for personal use.
With regards to copyright law and "distribution", there's no distinction. The tests are still being "distributed", just from a different URL. If youtube-dl was in violation before, they still are now.
This is a confusing result. I would not expect any copyright litigant to sacrifice legal advantage for the sake of an adversary's convenience in maintaining complete version control history.
Could there possibly have been a miscommunication over what "remove the tests" meant? Or an offer of compromise outside of legal necessity? Or a bad-faith fulfillment of a promise to "remove the tests"?
"Pages including infringing content: [...] infringing as of commit [...] and every subsequent commit, including all forks that contain this commit [...] and all forks that share a common first commit [...] and every subsequent commit, including all forks that contain this commit"
This made any effort for restoration futile, since most of the repo was being claimed.
[1] https://github.com/github/dmca/blob/master/2014/2014-09-05-C...
I think the RIAAs technical know-how ends with the github web interface, so in a way, yes, copyright effectively ends with HEAD.
Or that the RIAA lawyers are technically oblivious
> This makes it especially obvious that the RIAA's problem with youtube-dl was never really the tests.
It doesn't, because the RAII were not involved in youtube-dl's restoration at all.
If the tests are the issue, they can just send another DMCA specific to those pages.
Either way, I think in the US anyone who has the most time and money wins, so… good luck with SLAPP.
"Nonetheless, developers who want to push back against unwarranted takedowns may face the risk of taking on personal liability and legal defense costs. To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims. We will immediately begin working with other members of the community to set up this fund and take other measures to collectively protect developers and safeguard developer collaboration."
Thanks Microsoft/Github.
What is really needed is a "counter-DCMA troll." So far as I understand DCMA, legal fees can be collected for a successful counter-claim.
With the rife DCMA fraud these days, someone could make a pretty penny. DCMA has provisions for claim fraud, it simply requires attorneys to creatively weaponize it (which unfortunately doesn't apply to YouTube, because their process is not DCMA/legal).
There are no provisions for negligence (which is what most of these claims probably amount to - you could even make a good argument for depraved indifference, but there are no provisions for that either) or mistakes, it has to be intentionally fraudulent. Even if it was a completely BS takedown, you're left with proving malice rather than error.
Since one presumes that Microsoft does not sell much music (didn't they shut down their music store a few years ago?), I can't imagine they've negotiated dues that scale linearly on Microsoft's total revenue - so, in fact, I'd expect that $1M is well beyond their RIAA dues.
Now, it's possible that MS is contributing money other than dues to the RIAA, but you can bound that a bit from their Form 990: https://projects.propublica.org/nonprofits/organizations/131... For 2017, they got under $100K in "contributions and grants" and $29MM in "program service revenue," which is later determined to be dues. They received no other significant revenue. So no donor could have possibly given them more than $100K.
(... also, why did the RIAA give $4K to the Kenai River Sportfishing Association?)
Not if you are a company worth $1.6 trillion dollars.
But that $1 million dollars probably bought them a lot more in free press.
To put it into perspective, it would be like someone worth $1.6 million giving a homeless person $1, filming it, putting it on youtube and profiting off of it.
> Thanks Microsoft/Github.
Is this real?
Edit: Of course the downvotes. Not sure if employees of microsoft or people working in microsoft shops or the quality of people HN has attracted as declined.
For people saying nonsense like "A million dollars is a million dollars even if the company is worth 100 trillion dollars."...
Do you think forcing someone who makes $100 million to pay $1 million in taxes is the same as forcing someone who makes $2 million to pay $1 million in taxes? $1 million is still $1 million right? I guess the concept of proportionality is foreign to many here?
The "love" for microsoft recently is interesting. Facebook should look into buying that kind of love.
A million dollars is a million dollars even if the company is worth 100 trillion dollars.
Expected contribution to legal defense costs of developers - $0
Current contribution for legal defense costs of developers- $1 million
A million bucks is real money, EFF can do a lot of good with it. They're not going to buy a pack of chewing gum with it.
I'm old enough that I doubt anything will ever turn me around on Microsoft, it annoys me to no end that they bought Github. But by the same token, I'm big on the EFF, and I'm stoked that they scored some loot: I'll give Microsoft credit for that, but the only way I'm forgiving the company its past sins is if it liquidates the company and sets up a charitable fund for free software.
Put a price on that.
I'm as amazed as you are.
> The "love" for microsoft recently is interesting.
The Corporatocracy has never been so polarizing.
Actually, I guess I'm not sure of the consequences to a company of ignoring DMCA takedown requests (whether or not they are US companies; but Gitlab is now btw), but I assume they are not good, or why do companies bother complying? Rather than assume, I should look into it.
But yes, redundancy for sure.
https://about.gitlab.com/handbook/dmca/
Others in this sub-thread have identified that the downloadable releases are actually currently hosted on gitlab.com.
Gitlab has their internal workflow for handling DMCA takedown's public (as with most/all of their internal policies, which is cool!). https://about.gitlab.com/handbook/engineering/security/opera... It may be that they go a little bit slower with more chance for the alleged infringer to respond (with a counter-notice or voluntary takedown) than others.
But in the end, any major US company (or company doing business with the US) is probably going to comply with the DMCA, which says that if you get a takedown notice that is formatted correctly, you take down. Then there's a process with user filing a counter-notice, then the original filer having a chance to respond to THAT, etc., that you can see in the gitlab workflow, but most of that is just how DMCA works. "If there was a valid counter-notice and no response has been received from the plaintiff within 10 days of the counter-notice being forwarded" then the content might go back up.
The request is essentially a precursor to a lawsuit, so the consequences are a potential lawsuit and all of the legal fees that go along with it.
Donations link: https://supporters.eff.org/donate/30for30--D
So they gave up on this one, or is there more to come?
[1]: https://twitter.com/t3rr4dice/status/1320660235363749888
[2]: https://github.com/ytdl-org/youtube-dl/commit/2de2ca6659a18b...
https://github.blog/2020-11-16-standing-up-for-developers-yo...
The cynic in me says this was deliberately pre-planned to garnet free press. That type of behavior would certainly be in-line for the company responsible for the Halloween Documents[2][3].
Even if we give GitHub, and by extension Microsoft the benefit of the doubt here, this is a lesson we should not soon forget: Microsoft will not go to bat for you, not unless you can wield the power of the HN/Reddit/Twitter/etc outrage machine to create a PR problem for them.
Don't rely on Microsoft to be the centralized underpinnings of the open source world. At worst, it paves the way for EEE[4] 2.0. At best, it creates a single centralized target for malicious actors, such as the RIAA.
0 - https://www.riaa.com/about-riaa/riaa-members/
1 - https://blogs.microsoft.com/blog/2018/10/26/microsoft-comple...
2 - http://www.catb.org/~esr/halloween/
3 - https://en.wikipedia.org/wiki/Halloween_documents
4 - https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
I was under the impression that DMCA notices were for the removal of infringing content, not alleged anti-circumvention tools. That's what the law seems to specify. The notification and takedown process is specified for infringement of copyrighted works, not distribution of anti-circumvention tools. EFF's explainer video seemed to concur with the assessment that DMCA notices are not appropriate for 1201 violations, only for removal of infringing content.
1201 enforcement appears to be through other mechanisms, such as criminal liability and statutory damages. Presumably those would require something more than a letter or notice claiming violation.
I find the GitHub announcement deeply unsatisfying for that reason: GitHub is unilaterally inventing a body of "law" that's going to meaningfully govern the lives of tons of developers in the future. This body of rules is "law" and not law because the entity doing the enforcement is GitHub and not some government, but GitHub still has enough power to cause injury if it decides it doesn't like you.
This crystallizes my discomfort with github's approach.
They should have said something like "Thank you for your letter. If we receive any 1201-related injunctions or directives from US courts or law enforcement directing us to remove this repository, we will quickly do so."
My reading is that the DMCA expanded the definition of 'copyright infringement' to include 'circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner' (§1201), and so a DMCA notice specifying 'material that is claimed to be infringing or to be the subject of infringing activity' (§512) would work for the removal of anti-circumvention tools as well.
There is no legally-specified takedown procedure for a 1201 violation, and correspondingly no "safe harbor." The "takedown" here was more in the vein of a demand letter.
Here is a fresh Glenn Greenwald writeup on it (which is just one opinion, of course):
https://greenwald.substack.com/p/the-ongoing-death-of-free-s...
It is one thing for an individual in the organization to have a nuanced view of the issue and another thing entirely for the organization to have backed off a maximalist view of the right. I encourage you to read the ACLU's position (which interestingly includes "We’ve called on big social media companies to resist calls for censorship.").
This ruling is the crux of the matter. And ACLU's interpretation (against it) seems very logical. Sadly there's no putting the genie back in the bottle though.
Also, how come Google hasn’t asked for it to be taken down given that it has YouTube in the name?
The real question is will we see a push from RIAA lobbyists to amend the wording, or see this go to court.
I can't imagine the political turmoil in the org that led up to this. It wasn't simply a quick sting that would fade, the mass protest on the site was probably the biggest wake up call. MS could easily have pissed away the 7.5+ billion they paid for all the developers that use github.
Without developers, github is nothing.
They explained why the DMCA has no grounds.
Because my understanding was that certain decryption/anti-drm functions were also in the scope of the takedown request, not just the tests.
I am sure they had MS's legal team advise them on what they can get away with.
[0] https://twitter.com/t3rr4dice/status/1320660235363749888
I use the dl'er to download talks. I am featured in a couple of talks and want to secure these offline.
EFF did file a counter-notice
[1] https://github.com/ytdl-org/youtube-dl/commit/1fb034d029c8b7...
It seems that only removing the test was enough.
If the CEO personally taking a stand and working against this DMCA request, if the fact that all DMCA requests are publicly archived, if the fact that youtube-dl is already back up, do not convince you that GitHub had the right motives here, I don't know what to tell you.
> And our reinstatement, based on new information that showed the project was not circumventing a technical protection measure (TPM)
Since it is clearly circumventing a “TPM.”
Everyone who seriously considers to leave the platform has already left when they were acquired by MS and/or continued to work with ICE, and both of those only caused a miniscule amount of people to leave.
I was >< this close to choosing Gitlab over Github due to this - I stopped all efforts to make the decision until I saw how this plays out.
Happy to push to Github now.
It's a data point of one, but there you go..
huh. Can you still take advantage of DMCA "safe harbor" if you are independently applying legal judgement to whether they would have a good chance of winning in court before deciding to comply with them?
What if someone were to write a separate script that generated the necessary tests for youtube-dl?
Then prior to releases they could privately generate the code and run the tests, but still ship it not referencing any copyrighted material.
No, the EFF stood up for the developers. GitHub only looked for a legal scapegoat to reverse the decision in a legally-protected way. That's not what "standing up for" means.
>Youtube-dl Devs Are Happy
>Sergey, one of the youtube-dl developers, tells us that he is happy with all the support they have received from the EFF, GitHub, as well as the public at large.
>“EFF’s help was invaluable. We’d like to thank EFF and Mitch Stoltz personally for their incredible support and dedication. We’d also like to thank GitHub for standing up for youtube-dl and taking potential legal risks by allowing youtube-dl to keep the rolling cipher code,” he says.
>“We’re also grateful to all the tremendous amount of support and offers received lately (we physically were not able to respond to everyone) and all youtube-dl users,” Sergey adds.
Section 1201 does not "make it illegal" to use of copy control circumvention technology. It does not prohibit use of copy control circumvention technology. It prohibits use of access control circumvention technology.
Don't take my word for it. Read what is published by the Copyright Office about Section 1201.
"As envisioned by Congress, section 1201 seeks to balance the interests of copyright owners and users, including the personal interests of consumers, in the digital environment. It does so by protecting the use of technological measures (also called technological protection measures or TPMs) used by copyright owners to prevent unauthorized access to or use of their works. Section 1201 contains three separate protections for TPMs. First, it prohibits circumvention of technological measures employed by or on behalf of copyright owners to protect access to their works (also known as access controls). Second, the statute prohibits trafficking in devices or services primarily designed to circumvent access controls. Finally, it prohibits trafficking in devices or services primarily designed to circumvent TPMs used to protect the copyright rights of the owner of a work (also known as copy controls). Copy controls protect against unauthorized uses of a copyrighted work once access has been lawfully obtained. Because title 17 already forbids copyright infringement, there is no corresponding ban on the act of circumventing a copy control."
Source: https://www.copyright.gov/policy/1201/section-1201-full-repo...
My fork[0] is still showing DMCA notice and shows that it's a fork of some repo I'm sure I never forked, I forked the original ytdl-org.
I guess this is best outcome one could expect from dealing with such a situation xD
At the end. While I hope it won't be needed, I hope it will be useful when the need arises.
Their new claim processing appears to be fairly resource-heavy. It'd be only fair to recover some of the costs they will end up sinking into it.
They'd basically have no way to enforce the punitive counter-measures. They could certainly hit a company with an invoice, but that company could just ignore it. As Github ignoring future 1201 violation claims from that company would open Github up to liability, regardless of the reason for ignoring the claims.
YouTube-DL could potentially argue Slander of Title, which is well established in terms of claiming ownership of another person's copyright. Claiming someone else's intellectual property is inherently illegal seems pretty similar.
It would be hard for YouTube-DL to prove damages, but with a showing of intent there could be room for punitive damages based on what the RIAA thought they stood to gain.
This spirit and culture must live on forever.
https://about.gitlab.com/handbook/engineering/security/opera...
My reading of it is that under that gitlab workflow youtube-dl would still be down. Unless/until "there was a valid counter-notice and no response has been received from the plaintiff within 10 days of the counter-notice being forwarded". (Unclear what happens if there is a valid counter-notice and a response from plaintiff HAS been received, the workflow stop there!). This did not happen here, github reinstated without either a formal counter-notice (that EFF letter is not formatted like one), and definitely without waiting 10 days for a response from plaintiff.
Gitlab's workflow there is a totally typical DMCA workflow, it's not bad it's just normal. It's the workflow more or less spelled out in the DMCA itself, arguably what the DMCA requires for the host to get "safe harbor" status. (I don't entirely understand how Github can get away with what they have done and say they are doing going forward, honestly. It's think it's a potentially risky move for them opening them up to lawsuits from the copyright holders; of course they know they have deep pockets to defend themselves too).
The DMCA is actually pretty terrible in it's real-world contemporary effects. That's general, not about github, or github's fault. You are right to think it's awful. But it's not about github. People seem to be really chomping at the bit to assume that github has somehow acted especially poorly (for those who want to protect people against DMCA takedowns) -- to me the reverse seems to be true.
I think both github's actual current actions and most especially their proposed new workflow go way beyond what most of their peers (including gitlab) do to resist/slow down/stop DMCA takedowns.
I'm not sure how github garnered so much bad will, that people are so eager to paint them in a bad light. They clearly have garnered a lot of bad will from developers though, at least on HN; every thread about github has people piling on to suggest extreme levels of unethical behavior from github.
I do not believe it is justified here.
GitHub has voluntarily instituted its own takedown procedures for violations of that section, and therefore do not actually need to strictly follow the procedure outlined in the law. Instead they can chose their own procedures for handling these claims based upon percieved likelyhood of being sued and being found liable.
Mircosoft is likely fairly confident that the RIAA will not sue them over this, since the other RIAA members (the Labels) all know that if Microsoft chose to enforce their huge pool of rarely enforced software patents against the labels and distribution mechanisms (like Spotify) the harm to their bottom lines would be many thousands of times larger than any harm to their bottom line from youtube-dl could ever be. Heck even just a more thorough than typical Mircosoft Software audit would likely be more costly to the labels than youtube-dl.
Sounds like claims under 1201 (circumventing technology) are actually really dangerous for the host, there is no safe harbor? At least not after you've received any notification at all?
All the more surprising that a host would be willing to disagree with a claimant and say "nah, we don't think you'd win in court." they are definitely risking their own liability, not just the customers.
As you say, Microsoft can afford to do this cause Microsoft has deep pockets and the ability to counter-strike. All the more reason we should actually be grateful to the for USING that power to defend in this case, right? (And ironically, that suggests that you will get the most protection hosted by a company that has the resources to stand up, which not all do. I am not a fan of that outcome either).
DMCA is still awful regardless of host of course.
I've downloaded countless free lectures that some universities offer for offline viewing and sometimes listening if it's a discussion based class. Seriously, this is great software.
I've followed this story since it broke. My own (lay) analysis of the RIAA's claims hit HN a few weeks ago:
https://joindiaspora.com/posts/808cf690f8e801381778002590d8e... (https://news.ycombinator.com/item?id=24888234)
The EFF's letter makes strongly similar arguments, admittedly with better legal citations buttressing.
I'd hinted in that post, and commented at HN, as to steps Microsoft could take to establish its credibility before the Free Software community:
https://news.ycombinator.com/item?id=25007097
https://news.ycombinator.com/item?id=24876199
Specifically:
Microsoft is a member of the RIAA. It could and should resign.
Microsoft can lobby for further exceptions to §1201 anti-circumvention.
Microsoft can issue a statement formally protesting RIAA's action.
Microsoft could offer an Amicus brief or other statements in favour of youtube-dl developers.
As an old-school Linux user and advocate, I'm used to considering Microsoft the opposition, and my praise is grudging, but given where due. By my reckoning, Microsoft are at least 3 for 4 in meeting my suggestions.
Of the fourth, I suspect its upcoming RIAA renewal discussion will be interesting.
Google, on the other hand, have been conspicuously silent. Chris DiBona, are you listening?
But why not just donate it to EFF for the work they already do in this area? When you donate to EFF you can specify which programs you want to fund. I don't entirely understand why they created a new fund.
The EFF's claim (on behalf of the youtube_dl developers) is that youtube_dl is performing the same actions as a browser as far as accessing the video file and so should not be treated differently, even if its output is to disk and not to the screen.
Under DMCA then we've had a claim, and counter notice. Despite the phrasing of Github inviting and wanting a counter notice, ultimately they are not the arbiters of legality, so their part in the process is now done.
The RIAA now has to bring the youtube_dl developers to court if they plan to keep pushing their argument, at which point we'll have the RIAA lawyers vs EFF lawyers and an eventual legal decision (with potential appeals in the process).
It's not.
It may be treated differently under other parts of copyright law based on implied license or other theory, but the DMCA impact is on distributing, offering, etc. youtube-dl, not using it, insofar as it constitutes a circumvention tool under the DMCA.
> Because youtube-dl simply uses the "signature" code provided by YouTube in the same manner as any browser, rather than bypassing or avoiding it, it does not circumvent, and any alleged lack of authorization from YouTube or the RIAA is irrelevant.
[1] https://github.com/github/dmca/blob/master/2020/11/2020-11-1...
https://github.com/github/dmca/blob/master/2020/11/2020-11-1...
Not sure where that value's gone in the last 13 years, but it didn't look like exponential growth.
Microsoft's annual profits are about $14b.
I think that Youtube didn't want users to have the ability to locally save videos that they have seen during the week of the election.
It seems to be a greater attempt to suppress information sharing than anything specific to the copyright.
Youtube just wanted immediate action to prevent people from using the code to get around the online download sites that were also taken down.
> We presume that this "signature" code is what RIAA refers to as a "rolling cipher," although YouTube's JavaScript code does not contain this phrase.
Does this mean the RIAA just invented the term out of thin air to mislead people?
[1]: https://github.com/github/dmca/blob/e00bfb544e93bfd3066fe169...
I wonder if they'll regret this move. They're shielding developers, but taking the burden on themselves of managing the legal hassle of take-down requests.
As other commenters have pointed out, it sounds like the real problem is that copyright holders can issue these requests without any limit (or maybe even due diligence).
I get that developers are the main drivers but it struck me as some unnecessary pandering.
For once I'd like companies to be honest, just say you reversed it when it was found out it would be more cost efficient to do so.
So they have the ability to export issues and PRs already, but it isn't exposed to users?
Jokes aside, you might also be able to make a claim under GDPR, as with Spotify.
https://github.com/github/dmca/blob/master/2020/11/2020-11-1...
Between this and Apple’s response regarding the app signature, these are examples of companies seeing problems and taking steps to fix them.
It is okay to want more or see how it could be an even better response. But the fact that a credible response was executed on should be praised.
Flawless execution.
*) and throw chairs at the RIAA
I think it's time to start searching for another place to store my repos
https://github.com/blackjack4494/yt-dlc
as of last youtube-dl version, the main youtube-dl behaves differently if you simply point it to a youtube channel, while youtube-dlc behaves as you'd expect... i keep both around for now.
This same clause of the DMCA is the suspected reason for py-kms's reinstatement after a takedown: it's perfectly legal to break the Windows license scheme if you already own a license to Windows.
Moreover, my statement was more of a speculation rather than an advice :-D
I do fear though that this is going to lead some more and more paywall content and less and less publicly available content.
Google owns a LOT of videos on YouTube. The fact that people are able to easily get them out and put it somewhere else threatens them. So, they used their friends to cook up this lawsuit.
Unfortunately for them, this upset a lot of GitHub users and Microsoft didn't want to help Google while taking a hit themselves... so they found a way around it.
Corporations use their legal prowess to advance their bottom line all the time... and many a times, how it's framed in public is very different from what is actually going on.
What I think this comes down to is the music industry is coordinating attacks all over the internet (they do this on twitch too recently), in the hopes they'll get some money out of it. Not much more to it than that.
What do you mean there's no evidence? There's no evidence it doesn't hurt them either.
you could just as easily say it makes people want to watch more youtube
Not if videos are ripped and uploaded on Facebook, which has been a problem for them for past few years.
There's also no evidence of any of the other things you said.
There's no evidence against it either.
in the hopes they'll get some money out of it
From a guy who maintains an open source tool? Those guys sure have a lot of money.
If you entrust a corporation that is, by nature, more sympathetic to Hollywood/Media then brace yourselves to get caught in the churn.
You didn't restore the repo, the restored repo is a heavily modified version based on the poorly interpreted opinion that having some Taylor Swift (who sucks btw) test cases in your code are grounds enough for a legitimate DMCA claim, and that the only way the repo can be "legally" restored is by removing them.
You didn't "fight" for us because now the precedent has been set (along with the chilling effect) that whenever we push code to GitHub, certain agencies who demonstrably don't have the interests of developers in mind or even understand what code is or what we do, will be able to hold us and our codez ransom.
That's not freedom, that's capitulation.
Also, let's not forget that implementing a methodology in code or in text ("here are the steps you need to take") are one and the same. So based on that principal all the posts on StackOverflow[0] that describe the actual steps needed to take, and accompanying code examples, should be pulled under DMCA also.
"Great Job GitHub! You really stepped up this time, things are so much better now that you're owned by Microsoft! Remember Developers, Developers, Developers!"
xD
