A gem in the EFF's letter (https://github.com/github/dmca/blob/master/2020/11/2020-11-1...)
> To borrow an analogy from literature, travelers come upon a door that has writing in a foreign language. When translated, the writing says "say 'friend' and enter." The travelers say "friend" and the door opens. As with the writing on that door, YouTube presents instructions on accessing video streams to everyone who comes asking for it.
Excellent.
Looks like they've removed the tests for RIAA member videos as the only change, which I assume helped get this restored: https://github.com/ytdl-org/youtube-dl/commit/1fb034d029c8b7...
The amount of publicity this generated for youtube-dl is astounding... I would love for this to be a ”the plan to get rid of youtube-dl backfired badly for RIAA” ending. But I guess RIAA is reviled enough already so nothing they do really matters. So I suppose the hope is that some political will to change the laws around this arises from it.
Rather interesting that GitHub decided to restore access 1 day after receiving the EFF's counter notice, instead of waiting 10 days.
As a brief legal recap, in 1998 the DMCA added §512 [1] to US copyright law, which established a mechanism for shielding 'service providers' from liability for content posted by users (known as 'safe harbor'), but only as long as they follow formal procedures (known as 'DMCA takedown') to respond 'expeditiously' to remove content when they receive a notification claiming infringement, but also to restore access "not less than 10, nor more than 14, business days" after receiving a counter notification claiming the removal was a mistake.
In the post, GitHub implied they removed the youtube-dl repo after receiving the RIAA's formal takedown notice in order to 'comply with laws', and the law also required them to restore access after receiving the EFF's formal counter notice. However, the counter notice was sent yesterday and they restored access 1 day later, not waiting the legal minimum of 10 days. In restoring access so quickly GitHub isn't fully complying with §512, opening themselves up to liability if the RIAA decides to pursue legal action.
Perhaps a symbolic gesture to restore access a couple weeks before they would have been legally required to restore access anyway, but nonetheless interesting to see their willingness to set aside §512 safe harbor protections in the future if their reading of facts suggest a takedown claim doesn't have merit.
Why did the EFF have to step in here? What did the EFF letter provide that GitHub couldn't have figured out itself? If GitHub really was "standing up for developers", why couldn't Microsoft's own army of lawyers figure this out?
If youtube-dl (or any OSS project) continues to use GitHub, I hope they have a backup plan ready at all times. Even if GitHub truly is on the right side, they've proven themselves to be a liability for legitimate projects.
GitHub is still hosting the full youtube-dl version history, including versions which include those supposedly infringing tests. Does copyright law end with HEAD on master? Those tests are still there.
This makes it especially obvious that the RIAA's problem with youtube-dl was never really the tests.
Say what you will about Github and Microsoft, this was a classy move. A million dollars is a million dollars. "Putting your money where your mouth is".
"Nonetheless, developers who want to push back against unwarranted takedowns may face the risk of taking on personal liability and legal defense costs. To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims. We will immediately begin working with other members of the community to set up this fund and take other measures to collectively protect developers and safeguard developer collaboration."
Thanks Microsoft/Github.
Great, now they can import the issues to a GitLab/Gitea instance hosted by the same Germans who refused to ever take down youtube-dl.org, and a few other places for redundancy, and not have to go through all this excess stress again.
I didnt think I could have much more goodwill toward the EFF, yet here we are.
Donations link: https://supporters.eff.org/donate/30for30--D
From the irc screenshot that was linked further down this thread [1], it reads that the "cipher circumvention code" needed to be removed? I can only see some rework being done in the past related to the extractors. [2]
So they gave up on this one, or is there more to come?
[1]: https://twitter.com/t3rr4dice/status/1320660235363749888
[2]: https://github.com/ytdl-org/youtube-dl/commit/2de2ca6659a18b...
I think it is important to note that GitHub's parent company[1] Microsoft is a member of the RIAA[0], the group who initially filed this DMCA.
The cynic in me says this was deliberately pre-planned to garnet free press. That type of behavior would certainly be in-line for the company responsible for the Halloween Documents[2][3].
Even if we give GitHub, and by extension Microsoft the benefit of the doubt here, this is a lesson we should not soon forget: Microsoft will not go to bat for you, not unless you can wield the power of the HN/Reddit/Twitter/etc outrage machine to create a PR problem for them.
Don't rely on Microsoft to be the centralized underpinnings of the open source world. At worst, it paves the way for EEE[4] 2.0. At best, it creates a single centralized target for malicious actors, such as the RIAA.
0 - https://www.riaa.com/about-riaa/riaa-members/
1 - https://blogs.microsoft.com/blog/2018/10/26/microsoft-comple...
2 - http://www.catb.org/~esr/halloween/
3 - https://en.wikipedia.org/wiki/Halloween_documents
4 - https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
Are 1201 takedown notices even supposed to be a thing, or were they just invented by the RIAA and/or other overly enthusiastic copyright holders?
I was under the impression that DMCA notices were for the removal of infringing content, not alleged anti-circumvention tools. That's what the law seems to specify. The notification and takedown process is specified for infringement of copyrighted works, not distribution of anti-circumvention tools. EFF's explainer video seemed to concur with the assessment that DMCA notices are not appropriate for 1201 violations, only for removal of infringing content.
1201 enforcement appears to be through other mechanisms, such as criminal liability and statutory damages. Presumably those would require something more than a letter or notice claiming violation.
ACLU and EFF are two of the last few remaining "Great" American institutions - living up to America's own image of itself.
Well this was a wild ride from start to finish. Anyone got a count on how many times someone suggested distributing YouTube-dl via a blockchain in all these discussions?
Also, how come Google hasn’t asked for it to be taken down given that it has YouTube in the name?
I think the RIAA is going to be shocked and flabbergasted that 1) the community, and I mean the respectable corporate parts of the software development community really rallied together to fight this and 2) that their argument for how this is infringement fizzles to nothing when you look at the wording of the DMCA as pointed out by the EFF's legal note.
The real question is will we see a push from RIAA lobbyists to amend the wording, or see this go to court.
Well done Microsoft!
I can't imagine the political turmoil in the org that led up to this. It wasn't simply a quick sting that would fade, the mass protest on the site was probably the biggest wake up call. MS could easily have pissed away the 7.5+ billion they paid for all the developers that use github.
Without developers, github is nothing.
Was a counter-notice filed, or did github restore it without one, once the tests were removed?
Because my understanding was that certain decryption/anti-drm functions were also in the scope of the takedown request, not just the tests.
This is called "making a virtue out of necessity". I don't believe that Github actually needed the EFF's writing for this, or that they don't have the necessary technical expertise themselves. But at least they seem to have learned something from it now and want to review such requests technically before they (unjustifiably) act.
We need some billionaire to step in and lobby against organisations like RIAA to make them illegal. First one who does it, will be forever remembered as the one who saved artists and their fans. RIAA only protects labels who obtain rights to art in questionable manner (just read so many stories about artists being cheated by the label). We need something that will be paying artists directly and there is technology to solve that. RIAA is a cancer and must go.
So it seems that the dealbreaker was that one of tests that downloaded copyrighted material (see the last commit [1]). Seems like a reasonable thing to not do, and just replace those tests with just random cat videos.
[1] https://github.com/ytdl-org/youtube-dl/commit/1fb034d029c8b7...
Here is the commit: https://github.com/ytdl-org/youtube-dl/commit/1fb034d029c8b7...
It seems that only removing the test was enough.
Github did not stand up for developers here at all. It is wonderful that in the future they might, but it seems to me like they missed/have been missing a chance to really stand up for devs. The DMCA is being used far too often for abusive aims for my tastes and I hope that some reform is around the corner (Maybe more real incentives to not file false claims).
This really is great to see, but it’s clear from their careful wording that the google takedown of the recent widevine l3 repository won’t be reversed:
> And our reinstatement, based on new information that showed the project was not circumventing a technical protection measure (TPM)
Since it is clearly circumventing a “TPM.”
Competition in the source-control space is a great thing. I am not entirely convinced that they would have done the right thing without the threat of losing developers en-masse to competitors.
And now more people know about youtube-dl than ever before. What exactly was the RIAA's goal?
> Every single credible 1201 takedown claim will be reviewed by technical experts, including when appropriate independent specialists retained by GitHub, to ensure that the project actually circumvents a technical protection measure as described in the claim.
huh. Can you still take advantage of DMCA "safe harbor" if you are independently applying legal judgement to whether they would have a good chance of winning in court before deciding to comply with them?
Good news.
What if someone were to write a separate script that generated the necessary tests for youtube-dl?
Then prior to releases they could privately generate the code and run the tests, but still ship it not referencing any copyrighted material.
"Standing up for developers"
No, the EFF stood up for the developers. GitHub only looked for a legal scapegoat to reverse the decision in a legally-protected way. That's not what "standing up for" means.
There is a little bit more background information from the torrent freak article as it seems they have a comment from the youtube-dl devs: https://torrentfreak.com/github-reinstates-youtube-dl-and-pu...
>Youtube-dl Devs Are Happy
>Sergey, one of the youtube-dl developers, tells us that he is happy with all the support they have received from the EFF, GitHub, as well as the public at large.
>“EFF’s help was invaluable. We’d like to thank EFF and Mitch Stoltz personally for their incredible support and dedication. We’d also like to thank GitHub for standing up for youtube-dl and taking potential legal risks by allowing youtube-dl to keep the rolling cipher code,” he says.
>“We’re also grateful to all the tremendous amount of support and offers received lately (we physically were not able to respond to everyone) and all youtube-dl users,” Sergey adds.
Truly surprising and welcome response from GitHub. I did not expect them to go this far for developers at all. As a FOSS developer myself, I wish more companies would treat DMCA requests like this.
"As a result, Section 1201 makes it illegal to use or distribute technology (including source code) that bypasses technical measures that control access or copying of copyrighted works, even if that technology can be used in a way that would not be copyright infringement."
Section 1201 does not "make it illegal" to use of copy control circumvention technology. It does not prohibit use of copy control circumvention technology. It prohibits use of access control circumvention technology.
Don't take my word for it. Read what is published by the Copyright Office about Section 1201.
"As envisioned by Congress, section 1201 seeks to balance the interests of copyright owners and users, including the personal interests of consumers, in the digital environment. It does so by protecting the use of technological measures (also called technological protection measures or TPMs) used by copyright owners to prevent unauthorized access to or use of their works. Section 1201 contains three separate protections for TPMs. First, it prohibits circumvention of technological measures employed by or on behalf of copyright owners to protect access to their works (also known as access controls). Second, the statute prohibits trafficking in devices or services primarily designed to circumvent access controls. Finally, it prohibits trafficking in devices or services primarily designed to circumvent TPMs used to protect the copyright rights of the owner of a work (also known as copy controls). Copy controls protect against unauthorized uses of a copyrighted work once access has been lawfully obtained. Because title 17 already forbids copyright infringement, there is no corresponding ban on the act of circumventing a copy control."
Source: https://www.copyright.gov/policy/1201/section-1201-full-repo...
The forks still seem to be borked, hopefully they will get resolved.
My fork[0] is still showing DMCA notice and shows that it's a fork of some repo I'm sure I never forked, I forked the original ytdl-org.
> To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims.
At the end. While I hope it won't be needed, I hope it will be useful when the need arises.
I take GH/Microsoft won't implement any punitive counter-measures for frivolous 1201 claims?
Their new claim processing appears to be fairly resource-heavy. It'd be only fair to recover some of the costs they will end up sinking into it.
Wondering what will happen to forks ? Mine is still blocked, and I can't push to it to rebase/merge, removing the tests.
Would be stupid and naive to ignore or belittle every other contribution but open source and hacker culture has pushed the human race forward by leaps and bounds within just last two decades alone.
This spirit and culture must live on forever.
How long before we start the discussion about exporting issues/comments and preparing for another event like this? :)
gitlab.com has their DMCA processing workflow online (as they do most of their policies and workflow documents, which is awesome and few if any other companies are as transparent).
https://about.gitlab.com/handbook/engineering/security/opera...
My reading of it is that under that gitlab workflow youtube-dl would still be down. Unless/until "there was a valid counter-notice and no response has been received from the plaintiff within 10 days of the counter-notice being forwarded". (Unclear what happens if there is a valid counter-notice and a response from plaintiff HAS been received, the workflow stop there!). This did not happen here, github reinstated without either a formal counter-notice (that EFF letter is not formatted like one), and definitely without waiting 10 days for a response from plaintiff.
Gitlab's workflow there is a totally typical DMCA workflow, it's not bad it's just normal. It's the workflow more or less spelled out in the DMCA itself, arguably what the DMCA requires for the host to get "safe harbor" status. (I don't entirely understand how Github can get away with what they have done and say they are doing going forward, honestly. It's think it's a potentially risky move for them opening them up to lawsuits from the copyright holders; of course they know they have deep pockets to defend themselves too).
The DMCA is actually pretty terrible in it's real-world contemporary effects. That's general, not about github, or github's fault. You are right to think it's awful. But it's not about github. People seem to be really chomping at the bit to assume that github has somehow acted especially poorly (for those who want to protect people against DMCA takedowns) -- to me the reverse seems to be true.
I think both github's actual current actions and most especially their proposed new workflow go way beyond what most of their peers (including gitlab) do to resist/slow down/stop DMCA takedowns.
I'm not sure how github garnered so much bad will, that people are so eager to paint them in a bad light. They clearly have garnered a lot of bad will from developers though, at least on HN; every thread about github has people piling on to suggest extreme levels of unethical behavior from github.
I do not believe it is justified here.
If any maintainers or contributors see this, thank you all for your incredible work! youtube-dl is one of the best tools I've every used. It's polished and always working and with such an incredible community. This is seriously a killer piece of software that is part of my default setup for every new machine I've had over the past 4-5 years.
I've downloaded countless free lectures that some universities offer for offline viewing and sometimes listening if it's a discussion based class. Seriously, this is great software.
I guess the maintainers will have to send "forbidden" patches among each other outside of Github, in order to run regression tests against the "extra DRM" videos.
I find it kinda sad that this article says "the DMCA was written in the late 90s and hasn't aged well", because the anti-circumvention clauses have been tremendously awful since their inception. Anyone who remembers the DeCSS crap in the early 00's knows that this nonsense is our legacy from not getting the problem solved 20 years ago.
Colour me pleasantly surprised.
I've followed this story since it broke. My own (lay) analysis of the RIAA's claims hit HN a few weeks ago:
https://joindiaspora.com/posts/808cf690f8e801381778002590d8e... (https://news.ycombinator.com/item?id=24888234)
The EFF's letter makes strongly similar arguments, admittedly with better legal citations buttressing.
I'd hinted in that post, and commented at HN, as to steps Microsoft could take to establish its credibility before the Free Software community:
https://news.ycombinator.com/item?id=25007097
https://news.ycombinator.com/item?id=24876199
Specifically:
Microsoft is a member of the RIAA. It could and should resign.
Microsoft can lobby for further exceptions to §1201 anti-circumvention.
Microsoft can issue a statement formally protesting RIAA's action.
Microsoft could offer an Amicus brief or other statements in favour of youtube-dl developers.
As an old-school Linux user and advocate, I'm used to considering Microsoft the opposition, and my praise is grudging, but given where due. By my reckoning, Microsoft are at least 3 for 4 in meeting my suggestions.
Of the fourth, I suspect its upcoming RIAA renewal discussion will be interesting.
Google, on the other hand, have been conspicuously silent. Chris DiBona, are you listening?
I appreciate that Microsoft is trying to help developers out and I appreciate their $1MM fund.
But why not just donate it to EFF for the work they already do in this area? When you donate to EFF you can specify which programs you want to fund. I don't entirely understand why they created a new fund.
Nice...I bet the evil RIAA didn't think only about the two tests when they reported the project....
Can someone with more knowledge on the matter help explain why downloading copyrighted material using youtube-dl as opposed to a browser is treated differently under the DMCA? In either case you're accessing copyrighted material by downloading from youtube's servers.
Good job GitHub and Microsoft!
The action to take down Youtube-dl seemed to be a directed time based action meant to coincide with the election. Most on-line youtube downloading sites were also deplatformed a day or two before the election.
I think that Youtube didn't want users to have the ability to locally save videos that they have seen during the week of the election.
It seems to be a greater attempt to suppress information sharing than anything specific to the copyright.
Youtube just wanted immediate action to prevent people from using the code to get around the online download sites that were also taken down.
From the EFF letter [1]:
> We presume that this "signature" code is what RIAA refers to as a "rolling cipher," although YouTube's JavaScript code does not contain this phrase.
Does this mean the RIAA just invented the term out of thin air to mislead people?
[1]: https://github.com/github/dmca/blob/e00bfb544e93bfd3066fe169...
This makes me wonder, what would happen if Google started blocking yt-dl?
I´ll confess that I did not expect that and am happily surpsied.
They plan to audit all of the take-down requests which is awesome, and it's more than required by law.
I wonder if they'll regret this move. They're shielding developers, but taking the burden on themselves of managing the legal hassle of take-down requests.
As other commenters have pointed out, it sounds like the real problem is that copyright holders can issue these requests without any limit (or maybe even due diligence).
I found it strange that they constantly used "developers". I guess this is the marketing department word to use instead of "users"?
Why on earth is this project still hosted on Github? There are plenty of non-US based git providers that would be happy to have them on board.
Does anyone know if youtube-dl accepts financial support? The prospect of losing the program made me realize how much I rely on this project.
Yet another case of big corp attacking someone, that someone having an online voice and complaining, big corp doing damage control spinning some tale about how they'll endeavor to do better in the future and how much they agree with the little guy.
For once I'd like companies to be honest, just say you reversed it when it was found out it would be more cost efficient to do so.
This is quite excellent! I'm really impressed by the blog post itself as well as the actions/changes Github mentions in it.
I'm late on this discussion but as Google has made Youtube their platform for music streaming, their only platform for music streaming, this can be used to download all music from there no? (not even talking about movies) Kind of sucks for them, seems like this is a major threat to that service in eyes of their content providers (record labels)
> Even after a repository has been taken down due to what appears to be a valid claim, we will ensure that repository owners can export their issues and PRs and other repository data that do not contain the alleged circumvention code, where legally possible.
So they have the ability to export issues and PRs already, but it isn't exposed to users?
Is no one surprised that the EFF mentions the door at Moria? (page 2, second half)
https://github.com/github/dmca/blob/master/2020/11/2020-11-1...
It is important to recognize when a person or organization takes corrective action.
Between this and Apple’s response regarding the app signature, these are examples of companies seeing problems and taking steps to fix them.
It is okay to want more or see how it could be an even better response. But the fact that a credible response was executed on should be praised.
Good job GitHub.
Cue ewok celebration. However by episode 7 everything we'll be back in the same situation sans ewoks.
Well thanks github/Microsoft. But can we really trust you? My post from before they restored youtube-dl
I have hard time to believe that this isn't a PR stunt to not look like a corporate cucks.
Excellent news, now the community has a central place to contribute. All in all I think it even had a positive impact for youtube-dl, the community will learn from it, and the number of people knowing about youtube-dl has grown by quite a lot.
Probably less to do with standing up for the developer and more to do with the fact that if github starts DMCAing legit projects then open source developers are going to look at creating a decentralized hosting solution for their repos.
Previously in DMCA 1201 takedowns, Admiral anti-adblocking v. EasyList (2017)
Waiting now for the "Why we're moving to Gitlab" blog post.
This is the kind of thing you can do if you have Microsoft to back you up. Deep pockets to fight for what you think is right because unfortunately legal battles are really expensive.
>In the case where the claim is ambiguous, we will err on the side of the developer, and leave up the repository unless there is clear evidence of illegal circumvention.
Thank you GitHub, Microsoft, and Nat. These measures are great.
Github and others should team up to repeal DMCA 1201 for good. This censorship and rogue lawmaking tool shouldn't have existed in the first place.
Great news! It's also worth pointing out that the team has been releasing new versions while the repository was down which is quite remarkable.
Congrats on the Streisand RIAA!
Flawless execution.
Cheers, GitHub. You did the right thing. That's really rare in today's world.
So, now that the repo is back up, how many of you have pulled a fresh clone of it?
Steve Ballmer would be proud!* Developers, developers, developers!!!
*) and throw chairs at the RIAA
What consequences with the RIAA face for the (IMO fraudulent) take down notice?
It will be nice when the RIAA lawyers start submitting PRs to fix an issue.
As a developer I liked GitHub from the beginning, but after Microsoft bought it I was skeptical that it would go in the right direction..
I think it's time to start searching for another place to store my repos
Did they say why?
3.3k issues, 756 open PRs. do they need help?
I can't wait to see the RIAAs reaction.
Good on the EFF. This is wonderful to see.
Free advertising for Github/Microsoft. Sweet. If they would fight for developers they should verify any takedown request imho.
Happy news. Well done Github
Smart PR move from GitHub. Glad it got the recognition it needed. MPAA should not be left unchecked.
Superb.
But now I guess Github should be used as a read-only redundancy rather than for development.
Well done eff and github
If I can watch a video on my computer for free, it's not too difficult to capture it. There is software I can download. There are browser plugins. This is just one of many options available.
I do fear though that this is going to lead some more and more paywall content and less and less publicly available content.
thanks, donated $10 to EFF and company matched :)
Take that, RIAA!
Great news!
Pleasantly surprised here.
youtube-dl -U
I hope nobody actually believes this had anything to do with what it is made out to be in public (i.e. DMCA violation).
Google owns a LOT of videos on YouTube. The fact that people are able to easily get them out and put it somewhere else threatens them. So, they used their friends to cook up this lawsuit.
Unfortunately for them, this upset a lot of GitHub users and Microsoft didn't want to help Google while taking a hit themselves... so they found a way around it.
Corporations use their legal prowess to advance their bottom line all the time... and many a times, how it's framed in public is very different from what is actually going on.
If you have a higher-IQ and don't mind some legwork, then use an open-source code revision solution.
If you entrust a corporation that is, by nature, more sympathetic to Hollywood/Media then brace yourselves to get caught in the churn.
Excuse me, but let's calm down a little with the whole "we're developers for developers" rhetoric.
You didn't restore the repo, the restored repo is a heavily modified version based on the poorly interpreted opinion that having some Taylor Swift (who sucks btw) test cases in your code are grounds enough for a legitimate DMCA claim, and that the only way the repo can be "legally" restored is by removing them.
You didn't "fight" for us because now the precedent has been set (along with the chilling effect) that whenever we push code to GitHub, certain agencies who demonstrably don't have the interests of developers in mind or even understand what code is or what we do, will be able to hold us and our codez ransom.
That's not freedom, that's capitulation.
Also, let's not forget that implementing a methodology in code or in text ("here are the steps you need to take") are one and the same. So based on that principal all the posts on StackOverflow[0] that describe the actual steps needed to take, and accompanying code examples, should be pulled under DMCA also.
It seems like EFF fought for youtube-dl and GitHub used their letter as legal firepower to bring the repo back online. If GitHub were fighting for the developer they would have funded the attorney, right? Though from their blog post it does look like they are taking steps to fund defense in the future as well as other steps to improve the situation.
Reading EFFs claim is pretty interesting, they state that saving a copy of a video is only one function of youtube-dl. I think the biggest problem is the name is called "youtube download", it is sort of difficult to downplay that saving a copy is only one function when the name implies it is the main purpose of the program.