Easy money. Cease & Desist letter in Germany come with a fine attached if you follow them. You need to pay the the lawyers fees (~800+ EUR). This is pretty unique. So there’s “cease & desist” mills who trawl people, e.g. off bittorrent and all other networks. This means that some of these cases will end up at a court. As all things digital have no place of service or occurrence, the filing side can pick any court to go to. Which is usually Hamburg or Cologne, which tend to be the most eager to stretch the law to the rights holder side. But that’s actually not the process intended, what they want is people to be frightened and paying the lawyers fee on the first letter. They will even lower it if you even look at them like you might defend yourself.
They, like the US, have a highly information based economy. If you can put a value amount on copyright, you can put a penalty amount. You can decide if a lawyer is worth it. You can make laws about it.
This is unsurprising. Most international media companies here are basically “importing” and rarely “exporting”, which means (distribution) licensing, so all their local orgs have a high focus on rights management and lobbying for better terms. And if you have staff lawyers around all the time… you might as well use them?
The original repo is on the WayBack machine 1400 times with the most recent being 5 days ago. If you’re forking just to a copy lives around and not to continue development, I would just snag it there to be sure of the source.
Edited to make it clear I was linking to the original repo.
I hope the youtube-dl-developers will learn from this and host their code in a DMCA-free country like Iceland and only use GitHub as a mirror. Defederalization will be the next big push on the Internet, I think, given the big platforms (“silos”) impose stricter and stricter rules on freedom of speech and expression.
This scares me though. Part of me feels like the only reason radicalization isn’t getting common even faster is because of that centralization. Topic for another time, I suppose.
I wouldn’t be so sure. Central platform like YouTube, Facebook, and even Google’s search engine, facilitate polarisation and radicalisation by presenting content they thing will cause the user to stay on their platform, or come back later. And what do you know, those contents tend on average to agree with the previously consulted content. Hence starts the downward spiral of confirmation bias.
I’m not sure fully uncontrolled decentralisation would make it much worse. You may see more extreme content, but when people go too far, even Tor hidden services aren’t always enough.
The fact that the alt-right is angry at these platforms for… well… de-platforming them makes me not so nihilistic about the prospects of centralized media. I do like options, but I also acknowledge that the radicalization that’s arisen in the past couple of years has made it to the top of the list of U.S. terrorist threats. So it makes me a bit more concerned than the lack of federated services does, if I had to choose.
Correct me if I’m wrong, but isn’t the notice-and-takedown provision of the DMCA exclusively relevant to copyrighted material per se, and not applicable to the anticircumvention provision? And it even seems a bit of a stretch to claim this is even a circumvention; youtube-dl merely requests the same data as a browser, I don’t think it has any functionality related to DRM.
As I understand it, the root issue was that the source code had test cases that specifically linked to copyrighted material. I suspect it would have been otherwise ignored apart from that.
But youtube-dl is not a tool built to circumvent copyright. Especially, as YouTube does host CC-licensed material and tons of their material is owned by their creators, which can give you a license to download and use all the time. The DMCA notice makes a very careful point to only refer to the YouTube standard license. The problem there is that YT does not provide another method to exercise your right to copy.
Also, while the court in Hamburg is known for its… creativity and industry-friendlyness, it also is not unusual that its decisions don’t survive revisions.
Good point! Then the software would only go against the end-user license agreement of YouTube? But I guess that can’t be enforced with a DMCA. I hope the court regards this!
What’s next? “You use the computer, therefore you’re stealing our content? Even though it’s not our content at all we want you to stop and shut down your computer immediately”.
I don’t understand your reply. The only thing I noted is that in the scenario the OP arrived at (ToS enforcement), the legal parties would be different and the RIAA cannot be in the picture. And YouTube has no interest in suing its users.
Oh, no, I’ve meant to reply to your previous comment, and with it agreeing with it. Basically, RIAA is trying to take down youtube-dl because it was used to download copytighted content. But so was the entire computer. That’s what I’ve meant when I’‘ve asked “what’s next”.
I don’t know why I replied to this comment, not your previous one though.
Ah, yes! Thanks for clarifying. Yep, the problem is that we need a fundamental reform, not escapism. IMHO, centrialisation vs. decentralisation is a red herring. I will just lead to the situation we had years ago: going after the nodes and the creators, with a less clear battlefield.
IMHO, this situation is less bad. It’s visible and I’m sure we’ll read about some lawyer filing a counter-claim next week or so.
Also youtube-dl does not distribute the content. There are laws and enough court decisions in germany that private copies and their tools are allowed. youtube-dl would probably be seen as this kind of tool.
But youtube-dl is not a tool built to circumvent copyright.
That may not matter. It is a tool build to circumvent the inconvenience of not having an easy way to download videos from the website. That inconvenience almost certainly counts as a “technical measure” (there’s some obfuscation going on). It doesn’t matter whether the works behind it is protected. Circumventing the technical measure does.
Now while the technical measure does have to restrict access to protected work, it may not have to be its primary purpose. If YouTube obfuscated download capability primarily to get users to come back & see ads, the fact is that it restrict access to protected works, and that may be enough.
The may is very load-bearing here, though. The problem is that every right and rule is subject to weighting in court. And for example Germany has the right to create private copies for personal use/archival. Circumvention of copy protection is illegal, but copy protection is not only a technical measure, but also needs a clear marker on the source material. So, in Germany: both the algorithm must exist and the source must be marked as copyrighted and protected.
This is actually a reasonable rule: it avoids the situation where “open” things are wrapped to be closed.
A very tl;dr: This describes a case of a server-based service which allows you to grab the audio track of a YT video (I assume to download albums from YT). This is commercial circumvention of copy protection. The case document even goes into a lot of detail to express how the service is not just a proxy for the individual user in all cases: because it is an ad-based service, the defendant was not able to claim to enable easy private copies, it indeed monetises each copy. The question whether the user was allowed to take this copy was expressively ruled out, the sticking point was that illegal copies are monetised. Sounds like a classic stream-ripping service for me, which are indeed very damaging to video platforms (the classic was to rip a stream from a player, put it in you own, with your own ads: the platform pays the streaming cost, you get the ad value).
What the RIAA seems to rely on is that this case does mention that it assumes that the protective measure is effective (interestingly by describing how it is not usable through non-developer functions in Mozilla Firefox, maybe that’s a good feature suggestion?) but that may still lose out in weighting against the interest of the user to get their own copy. But whether they are right, at this moment does not matter here. I would not even assume that the RIAA has checked this case to fully apply to their thing: they don’t need to, they just have to present a 50% non-bullshit case to GitHub. GH is not obliged to check further then that.
For all the complaints about the US DMCA, generally Europe has some of the harshest and most extreme copyright-regime rules, up to and including the disastrous new mandate for basically everyone to implement a YouTube-style pre-filter on all uploads.
US DMCA is a huge act. It is all the rules around all things digital. What people usually refer to are DMCA Takedowns, which I actually find reasonable, especially as they have a clear procedure. Thats section 512. It actually goes into details of what platform providers are not liable for. (Caching, etc.) I’d actually love if a German law were that direct.
Broken down, if you are a service provider hosting user content, you are not liable if the following procedure is in place:
Someone can send you a “takedown notice”, in which they tell you that they are the copyright holder and that they believe this is their content, which you promptly respond to.
As time is of the essence here, you don’t have to check this claim for validity, but instead have to forward this notice to the user, at the same time making their content inaccessible.
The user can file a counter-claim, in which case the 2 parties can go to court and will notify you of the results. During this time, the claim is contested and you can continue serving the data.
In theory, fraudulent takedown notices can lead to the other side suing back, but that rarely happens, especially around groups like the RIAA and that’s where it issue lies.
Now, you may agree with copyright or not, if you run a public service, you will have to implement a procedure here. And the DMCA procedure is actually straight-forward and easy to implement. It’s worth it, as it takes you out of the danger zone.
Background: I was part of the legal review and setup for crates.io around GDPR and DMCA. I can tell you, both are equally often misinterpreted.
The problem here is that the RIAA here does not invoke 512, but instead claim the illegality of the tool outright.
Finally, to be clear: I don’t support a lot of this stuff, but I don’t have the liberty to ignore them. Also, the RIAA is very much in the wrong here, in my opinion. Also, to be clear, there are reasonable takedown requests. On code hosts, that’s usually someone ripping off the license and renaming the library and publishing a copy. On other sites, it may be nude pictures someone took of his GF.
Look up the recent EU Copyright Directive (originally known as “Article 13”) for a starter. With the US political system mostly deadlocked these days, the copyright lobby has turned its attention – with much success – to Europe, and the regime which will soon be in place there makes the US DMCA system look almost reasonable by comparison.
Well, not that simply. The takedown letter says it circumvents something called
YouTube’s “rolling cipher”
which was determined as an “effective technical measure” by the (copyright-mafia-adjacent apparently; and not under US jurisdiction) Hamburg Regional Court.
And apparently what that means is running some JS function (in a tiny interpreter of a tiny subset of JS) to deobfuscate the links.
That “some JS function” is running the JavaScript sent by YouTube to the user in response to a request for a video, and looks to be fetched each time a video is requested by the YouTube extractor. I could see a stronger argument for “circumvention” if they had re-implemented the logic in Python or saved the JavaScript into the repository. As it stands currently, this seems a really big stretch.
I have been on both sides of GitHub DMCA, so I can speak from experience.
GitHub strongly favors keeping the content up.
So yeah, its down now. But the repo owners can send a Counter Notice. Then RIAA
has 14 days to file a copyright infringement suit in Federal Court, and then
present a copy of the filing to GitHub.
If GitHub does not receive the filing in time, or anything is wrong with the
paperwork, the repo will go back up.
One reason Twitter easily spirals down to utter garbage, is the lack of downvotes. We can only retweet, and if we disagree, we can only shout back. There seems to be very little moderation. And of course, the length limit on the damn tweets effectively bans nuanced thought, which require too many characters. (Incidentally, this limitation makes me wonder how Twitter managed to get so popular.)
A free front end is unlikely to solve those problems.
I see a lot of comments (not just here but everywhere I;ve seen discussions) about mirrors which will address the immediate problem of the source code not being available.
The bigger issue though is how to host/maintain is distributed/federated project, not just hosting source code but discussions, bug reports, issue tracking etc. that currently github adds on top of git.
The current version of youtube-dl will continue to work until youtube changes something and it stops working. It also worked with a massive amount of other streaming sites.
For example the api key for one quite popular streaming service had to be changed from time to time, presumably as the service began to notice and invalidated the key.
The bigger issue though is how to host/maintain is distributed/federated project, not just hosting source code but discussions, bug reports, issue tracking etc. that currently github adds on top of git.
Email. And there are plenty of privacy-friendly email providers.
While the tools doesn’t currently have a UX as good as GitHub, it is definitely possible to develop a project in a distributed way.
git repository is already distributed, and tools like git-ipfs-rehost can be used to make the repository easily available. Issues/bug reports can be stored in the git repo itself using git-bug. Patches can be sent over email. Pull requests can be made in an informal way over any kind of communication channels, for example Matrix.org
Self-hosted git accessible via Tor Onion Service. HardenedBSD uses Gitea, which manages issues, wiki, and code storage. All of HardenedBSD’s public infrastructure is made available through Tor as well as through normal means.
Youtube-dl allows me to time-shift, space-shift, and format-shift videos to devices that don’t have Youtube clients, browsers, or even network connections. I do this in the privacy of my own home to avoid filling landfills and spending money that doesn’t need to be spent. I seem to remember some DMCA exemptions in/around this area.
Is there any federated alternative to GitHub? And I obviously don’t talk about git, but the social part, comments, pull request approval, issues and so on?
Sure, but not really. I mean I get that you can use email, and that there are projects using email, but for most people, this is really shitty experience and they’ll prefer something more user friendly.
I don’t consider email to be such great protocol as many do. Sure, as a service (that is, decentralized message passing) it is great, but have you actually tried building anything on top of email? Its pretty hard. Different clients insert different headers, people generally mix all kind of stuff into the body. And if you want to host your own server, it is a work that never ends (I worked for company that provided email hosting and it was never ending stream of complains). Then I had most of my illusions about email taken by actually trying to parse email conferences about programming languages. Even the most basic reply-to header is too much for some people.
nntpchan seems interesting, thanks for the pointer. I’ve thought about building something on top of nntp several times (mostly something conceptually similar to BBS for IRC channel I am on), but I’ve stopped when I’ve read the RFC.
Normally that’s a fair point. But patchsets/pull requests are generated directly by git so always in the same format since you don’t just type gunk in an email client.
As I mentioned in the original post, I am not concerned with patches / git. That works and it works fine. I am concerned with other social aspects; discussions, issues, wiki and so on.
Let me clarify; one of the things I don’t much understand is why that isn’t part of the protocol. Why not have discussions, wiki and other things directly in git? You could then have any GUI / web you wished, and the problem with github (one centralized platform providing more or less other values, then technical aspects of git) would go away.
It’s not great, has many problems but I’m afraid it’s the best we have. Also, troubles you mention are caused by clients. An open text standard and a reference client probably could solve this.
I think all they need to do is fix the README.md ? That should be relatively quick. If not I guess they can remove the extractor/youtube.py from the repo and people can host youtube-dl “plugins” on other sites.
For all those who don’t understand what Hamburg has to do with it, the justification of this DMCA takedown request is based on a decision of a German court (Hamburg Regional court) that took down a service similar to youtube-dl, and the law in question is materially the same as a US law, if I understood the wording right.
That, and that particular Hamburg court is known to be heavy-handedly in favour of major copyright owners, so that’s where they invariably go to sue when they make a claim under German law.
Ehm. No. No love for the GEMA (as an event organiser that likes musical interludes and someone who had to implement their “API” for clients, I hate them with a passion). YouTube/Google has run an effective campaign against them, though by… telling only what was interesting to them. And I also have no love for them.
GEMA, in contrast to the RIAA, is state-regulated. They are a special private entity. This means they are strictly disallowed to favor a party, by law. The sticking point in the negotiations with GEMA was that YouTube wanted essentially “mass rebates” - and they get them everywhere, except in Germany. And the GEMA is not allowed to give them. There was even a 2 year trial run with YouTube to test such a model out, which was later not accepted by the regulators. YouTube then chose to not have the videos available. It’s not like the GEMA didn’t license them (in fact, they must license them to anyone who agrees with the common terms), YouTube just didn’t want the conditions and tried to strong-arm.
And that’s good, because every smaller player around them cannot get this advantage.
Also note that GEMA, in contrast to the RIAA, represents artists, not labels, due to the way copyright in Germany works.
The GEMA is fucked on how it has no modern management and its distribution is unfair and how they are so big that they don’t have to move. Also, how they assume that everything needs to be paid for except if proven otherwise. Deeply so. But please light a fire under their arse for the right reasons.
But all people see is “I don’t get my music on the internet and YouTube says it’s GEMAs fault”. It’s also YouTubes fault. Rule of thumb: if 2 big players in the media industry battle, look closely, they will probably try to sway you on your emotions.
I had my own run-ins with GEMA, and I’m pretty sure that they could have decided on a schedule that includes better rates for high volume customers (just: for all high volume consumers). Not saying that YT didn’t try to strongarm them (they probably did), but where GEMA is involved, I default for the other side:
The state regulation part is legally correct, but misleading: These days it’s wielded more as a weapon to prevent competition (to GEMA) from appearing, because the regulator is (for whatever reason) strongly interested in keeping the situation GEMA-only (even though the law doesn’t say that there must be only one such organization).
Why is there interest in creating competition to GEMA? Because while it’s supposed to serve all musicians (they also collet for other right holder organizations, but that’s just an invoicing service) it does not: Its internal pay schedule is twisted towards having a relatively small set of folks benefit financially - who are, incidentally, the same that have voting rights within the organization (most artists do not). It’s interesting to note that this kind of corruption (which exists for a really long time) doesn’t matter to the regulatory body (so what exactly do they regulate again?).
Finally, the regulatory body in question is the German patent and trademark office (DPMA). Since I also default to the other side whenever they come up (except when it’s the European Patent Office in which case I can only hope for divine intervention that eradicates them both), that side of the story really has no chance for my sympathy, like, at all.
edit to add a point that brings us back on topic: The original question was if the Hamburg court is responsible for the wide-spread blocks of music videos in Germany. They’re not, but I guess I can clarify my original statement in that it’s due to YouTube and GEMA fighting over fees. Even without declaring who’s in the right or wrong here (likely: both wrong), it’s the origin of limited music video availability on German YouTube.
(Full disclosure: I work at Google, but never had anything to do with artists, their collection agencies, labels, YouTube or the DPMA or EPO through my employer. This is personal.)
I agree with most of your points, but they are not of interest in the YouTube/GEMA relationship. Its broken payout structure towards its artists is not of interest for YouTube, not was it addressed in that dispute, because that’s not in play here. It’s dominance and assumption that they can claim all music until proven wrong is bad, but was also not challenged by YouTube.
I have worked for competitors to YT, and its behavior was hugely damaging in the space from our point of view.
This is no question of who’s more fucked up. YouTube ran a very expensive sway campaign and lost (and in the process, may even have strengthened the hold of GEMA more.
They’re not, but I guess I can clarify my original statement in that it’s due to YouTube and GEMA fighting over fees.
Does youtube-dl have a Slack or mailing list? I’m curious what they are planning to do now. Mirrors are great, but the development of the finicky parsers must go on, no?
Are they going to re-host elsewhere? Appeal to Github?
Due to how git works, the remote’s full history is under the PR specific branch since both commits need to be in the same repo for comparison. So by knowing the commit hash, the yt-dl source can be pulled from DMCA repo, even if forked repo is deleted.
Screen recording softwares such as SimpleScreenRecorder make it possible to (i) circumvent the technological protection measures used by authorized streaming services such as YouTube, and (ii) reproduce and distribute music videos and sound recordings owned by RIAA’s member companies without authorization for such use.
Please, do let them know. This is an excellent opportunity to make projects migrate to dark corners of the Internet, completely out of reach of big corporations and US/EU lobbyists.
No. Git repositories are distributed. GutHub has one copy, you have one copy on your machine, each contributor has a copy on their machine, and if the project is any serious, there are mirrors on other git hosting sites.
All code in GitHub is already stored in a decentralized way. I don’t know how it would help anyone if GitHub used a distributed file system to store their mirrors of repos.
That’s my point though. Git repos are stored in a place where nobody could demand they are removed; on your personal machine, on the personal machine of every contributor, on probably many dozen mirrors. Literally the only thing which goes away when GitHub complies with a DMCA takedown request is stuff like issues and PRs, which aren’t even what you’re saying should be stored in a distributed filesystem.
this type of stuff doesn’t happen without private coordination to make sure it will not spark a conflict. they have different interests but conflict between them is in neither party’s interest.
It would be terrible if this repo was replicated across the Internet.
Remember kids, don’t copy that floppy!
Another mirror: https://gitee.com/mirrors/youtube-downloader
Codeberg is hosted in Germany, I wouldn’t count on this repo staying up.
I wouldn’t be so sure. In germany youtube-dl would probably be seen as a tool for making a personal copy, which is allowed in germany.
Historically, why is Germany so anal about copyright compared to other countries?
Easy money. Cease & Desist letter in Germany come with a fine attached if you follow them. You need to pay the the lawyers fees (~800+ EUR). This is pretty unique. So there’s “cease & desist” mills who trawl people, e.g. off bittorrent and all other networks. This means that some of these cases will end up at a court. As all things digital have no place of service or occurrence, the filing side can pick any court to go to. Which is usually Hamburg or Cologne, which tend to be the most eager to stretch the law to the rights holder side. But that’s actually not the process intended, what they want is people to be frightened and paying the lawyers fee on the first letter. They will even lower it if you even look at them like you might defend yourself.
They, like the US, have a highly information based economy. If you can put a value amount on copyright, you can put a penalty amount. You can decide if a lawyer is worth it. You can make laws about it.
Germany somehow seems even worse than the US though, despite producing less media so I don’t understand that discrepancy
This is unsurprising. Most international media companies here are basically “importing” and rarely “exporting”, which means (distribution) licensing, so all their local orgs have a high focus on rights management and lobbying for better terms. And if you have staff lawyers around all the time… you might as well use them?
I think that whole sentence can be substituted as “Historically, why is Germany so anal about everything compared to other countries?”…
(Just kidding, sorry Germans!)
Der Freud wegen.
The original repo is on the WayBack machine 1400 times with the most recent being 5 days ago. If you’re forking just to a copy lives around and not to continue development, I would just snag it there to be sure of the source.
Edited to make it clear I was linking to the original repo.
https://github.com/plredmond/yt-download
please do not click the fork button
Do not save copies outside Github as well. Wait until Github takes down all the forks in one go (it’s not hard to do technically).
Streisand effect
I already had youtube-dl mirrors, but now I have even more youtube-dl mirrors :-)
But on serious note: centralized services and proprietary software are evil. As I always say.
The detailed takedown notice posted by GitHub on their central DMCA repository: https://github.com/github/dmca/blob/master/2020/10/2020-10-23-RIAA.md
I hope the youtube-dl-developers will learn from this and host their code in a DMCA-free country like Iceland and only use GitHub as a mirror. Defederalization will be the next big push on the Internet, I think, given the big platforms (“silos”) impose stricter and stricter rules on freedom of speech and expression.
This scares me though. Part of me feels like the only reason radicalization isn’t getting common even faster is because of that centralization. Topic for another time, I suppose.
I wouldn’t be so sure. Central platform like YouTube, Facebook, and even Google’s search engine, facilitate polarisation and radicalisation by presenting content they thing will cause the user to stay on their platform, or come back later. And what do you know, those contents tend on average to agree with the previously consulted content. Hence starts the downward spiral of confirmation bias.
I’m not sure fully uncontrolled decentralisation would make it much worse. You may see more extreme content, but when people go too far, even Tor hidden services aren’t always enough.
The fact that the alt-right is angry at these platforms for… well… de-platforming them makes me not so nihilistic about the prospects of centralized media. I do like options, but I also acknowledge that the radicalization that’s arisen in the past couple of years has made it to the top of the list of U.S. terrorist threats. So it makes me a bit more concerned than the lack of federated services does, if I had to choose.
git clone http://dacxzjk3kq5mmepbdd3ai2ifynlzxsnpl2cnkfhridqfywihrfftapid.onion/shawn.webb/youtube-dl.gitCorrect me if I’m wrong, but isn’t the notice-and-takedown provision of the DMCA exclusively relevant to copyrighted material per se, and not applicable to the anticircumvention provision? And it even seems a bit of a stretch to claim this is even a circumvention; youtube-dl merely requests the same data as a browser, I don’t think it has any functionality related to DRM.
As I understand it, the root issue was that the source code had test cases that specifically linked to copyrighted material. I suspect it would have been otherwise ignored apart from that.
At least by German law the distribution of copyrighted software and software to circumvent copyright is illegal.
I‘m sure other countries have similar laws.
But youtube-dl is not a tool built to circumvent copyright. Especially, as YouTube does host CC-licensed material and tons of their material is owned by their creators, which can give you a license to download and use all the time. The DMCA notice makes a very careful point to only refer to the YouTube standard license. The problem there is that YT does not provide another method to exercise your right to copy.
Also, while the court in Hamburg is known for its… creativity and industry-friendlyness, it also is not unusual that its decisions don’t survive revisions.
Good point! Then the software would only go against the end-user license agreement of YouTube? But I guess that can’t be enforced with a DMCA. I hope the court regards this!
Especially as YouTube would have to be the party to go to court over this. Also, the Terms of Service are aimed at the user of youtube-dl.
What’s next? “You use the computer, therefore you’re stealing our content? Even though it’s not our content at all we want you to stop and shut down your computer immediately”.
I don’t understand your reply. The only thing I noted is that in the scenario the OP arrived at (ToS enforcement), the legal parties would be different and the RIAA cannot be in the picture. And YouTube has no interest in suing its users.
Nothing is next.
Oh, no, I’ve meant to reply to your previous comment, and with it agreeing with it. Basically, RIAA is trying to take down youtube-dl because it was used to download copytighted content. But so was the entire computer. That’s what I’ve meant when I’‘ve asked “what’s next”.
I don’t know why I replied to this comment, not your previous one though.
Ah, yes! Thanks for clarifying. Yep, the problem is that we need a fundamental reform, not escapism. IMHO, centrialisation vs. decentralisation is a red herring. I will just lead to the situation we had years ago: going after the nodes and the creators, with a less clear battlefield.
IMHO, this situation is less bad. It’s visible and I’m sure we’ll read about some lawyer filing a counter-claim next week or so.
Also youtube-dl does not distribute the content. There are laws and enough court decisions in germany that private copies and their tools are allowed. youtube-dl would probably be seen as this kind of tool.
That may not matter. It is a tool build to circumvent the inconvenience of not having an easy way to download videos from the website. That inconvenience almost certainly counts as a “technical measure” (there’s some obfuscation going on). It doesn’t matter whether the works behind it is protected. Circumventing the technical measure does.
Now while the technical measure does have to restrict access to protected work, it may not have to be its primary purpose. If YouTube obfuscated download capability primarily to get users to come back & see ads, the fact is that it restrict access to protected works, and that may be enough.
The may is very load-bearing here, though. The problem is that every right and rule is subject to weighting in court. And for example Germany has the right to create private copies for personal use/archival. Circumvention of copy protection is illegal, but copy protection is not only a technical measure, but also needs a clear marker on the source material. So, in Germany: both the algorithm must exist and the source must be marked as copyrighted and protected.
This is actually a reasonable rule: it avoids the situation where “open” things are wrapped to be closed.
If you look closely at what the RIAA quotes (I’m yet trying to find the decision they quote): they talk about a “service”, so probably about an intermediary helping users. I have not yet found which decision they actually refer to, someone on Twitter assumed this one: http://www.rechtsprechung-hamburg.de/jportal/portal/page/bsharprod.psml?doc.id=JURE180006255&st=ent&doctyp=juris-r&showdoccase=1¶mfromHL=true#focuspoint
A very tl;dr: This describes a case of a server-based service which allows you to grab the audio track of a YT video (I assume to download albums from YT). This is commercial circumvention of copy protection. The case document even goes into a lot of detail to express how the service is not just a proxy for the individual user in all cases: because it is an ad-based service, the defendant was not able to claim to enable easy private copies, it indeed monetises each copy. The question whether the user was allowed to take this copy was expressively ruled out, the sticking point was that illegal copies are monetised. Sounds like a classic stream-ripping service for me, which are indeed very damaging to video platforms (the classic was to rip a stream from a player, put it in you own, with your own ads: the platform pays the streaming cost, you get the ad value).
What the RIAA seems to rely on is that this case does mention that it assumes that the protective measure is effective (interestingly by describing how it is not usable through non-developer functions in Mozilla Firefox, maybe that’s a good feature suggestion?) but that may still lose out in weighting against the interest of the user to get their own copy. But whether they are right, at this moment does not matter here. I would not even assume that the RIAA has checked this case to fully apply to their thing: they don’t need to, they just have to present a 50% non-bullshit case to GitHub. GH is not obliged to check further then that.
For all the complaints about the US DMCA, generally Europe has some of the harshest and most extreme copyright-regime rules, up to and including the disastrous new mandate for basically everyone to implement a YouTube-style pre-filter on all uploads.
Is there a similar law or not? I think your comment is a little bit off-topic.
US DMCA is a huge act. It is all the rules around all things digital. What people usually refer to are DMCA Takedowns, which I actually find reasonable, especially as they have a clear procedure. Thats section 512. It actually goes into details of what platform providers are not liable for. (Caching, etc.) I’d actually love if a German law were that direct.
Broken down, if you are a service provider hosting user content, you are not liable if the following procedure is in place:
In theory, fraudulent takedown notices can lead to the other side suing back, but that rarely happens, especially around groups like the RIAA and that’s where it issue lies.
Now, you may agree with copyright or not, if you run a public service, you will have to implement a procedure here. And the DMCA procedure is actually straight-forward and easy to implement. It’s worth it, as it takes you out of the danger zone.
https://www.law.cornell.edu/uscode/text/17/512
Background: I was part of the legal review and setup for crates.io around GDPR and DMCA. I can tell you, both are equally often misinterpreted.
The problem here is that the RIAA here does not invoke 512, but instead claim the illegality of the tool outright.
Finally, to be clear: I don’t support a lot of this stuff, but I don’t have the liberty to ignore them. Also, the RIAA is very much in the wrong here, in my opinion. Also, to be clear, there are reasonable takedown requests. On code hosts, that’s usually someone ripping off the license and renaming the library and publishing a copy. On other sites, it may be nude pictures someone took of his GF.
Look up the recent EU Copyright Directive (originally known as “Article 13”) for a starter. With the US political system mostly deadlocked these days, the copyright lobby has turned its attention – with much success – to Europe, and the regime which will soon be in place there makes the US DMCA system look almost reasonable by comparison.
not DRM?
Ytdl simply extract links.
Well, not that simply. The takedown letter says it circumvents something called
which was determined as an “effective technical measure” by the (copyright-mafia-adjacent apparently; and not under US jurisdiction) Hamburg Regional Court.
Indeed one of the test cases mentioned by the RIAA is described as ’Test generic use_cipher_signature video (#897).
And apparently what that means is running some JS function (in a tiny interpreter of a tiny subset of JS) to deobfuscate the links.
This is absolutely not what we would perceive as “real” DRM, but it does technically attempt to ‘manage’ some ‘digital rights’, lol.
That “some JS function” is running the JavaScript sent by YouTube to the user in response to a request for a video, and looks to be fetched each time a video is requested by the YouTube extractor. I could see a stronger argument for “circumvention” if they had re-implemented the logic in Python or saved the JavaScript into the repository. As it stands currently, this seems a really big stretch.
I have been on both sides of GitHub DMCA, so I can speak from experience.
GitHub strongly favors keeping the content up.
So yeah, its down now. But the repo owners can send a Counter Notice. Then RIAA has 14 days to file a copyright infringement suit in Federal Court, and then present a copy of the filing to GitHub.
If GitHub does not receive the filing in time, or anything is wrong with the paperwork, the repo will go back up.
https://docs.github.com/en/free-pro-team@latest/github/site-policy/dmca-takedown-policy
Do you know if this is true also in this case? The letter is not really the usual takedown notice: more here https://twitter.com/xor/status/1319861757301710848
Sorry but I cant follow that. Twitter is absolute garbage. Maybe that guy can repost it to a blog or something.
https://nitter.net/xor/status/1319861757301710848
One reason Twitter easily spirals down to utter garbage, is the lack of downvotes. We can only retweet, and if we disagree, we can only shout back. There seems to be very little moderation. And of course, the length limit on the damn tweets effectively bans nuanced thought, which require too many characters. (Incidentally, this limitation makes me wonder how Twitter managed to get so popular.)
A free front end is unlikely to solve those problems.
I see a lot of comments (not just here but everywhere I;ve seen discussions) about mirrors which will address the immediate problem of the source code not being available.
The bigger issue though is how to host/maintain is distributed/federated project, not just hosting source code but discussions, bug reports, issue tracking etc. that currently github adds on top of git.
The current version of youtube-dl will continue to work until youtube changes something and it stops working. It also worked with a massive amount of other streaming sites.
For example the api key for one quite popular streaming service had to be changed from time to time, presumably as the service began to notice and invalidated the key.
That’s what I’m more concerned about.
Email. And there are plenty of privacy-friendly email providers.
While the tools doesn’t currently have a UX as good as GitHub, it is definitely possible to develop a project in a distributed way.
git repository is already distributed, and tools like git-ipfs-rehost can be used to make the repository easily available. Issues/bug reports can be stored in the git repo itself using git-bug. Patches can be sent over email. Pull requests can be made in an informal way over any kind of communication channels, for example Matrix.org
Self-hosted git accessible via Tor Onion Service. HardenedBSD uses Gitea, which manages issues, wiki, and code storage. All of HardenedBSD’s public infrastructure is made available through Tor as well as through normal means.
Youtube-dl allows me to time-shift, space-shift, and format-shift videos to devices that don’t have Youtube clients, browsers, or even network connections. I do this in the privacy of my own home to avoid filling landfills and spending money that doesn’t need to be spent. I seem to remember some DMCA exemptions in/around this area.
hope this can help an independent project with no legal team
An alternative to youtube-dl is Jamie Zawinski’s youtubedown: https://www.jwz.org/hacks/youtubedown
Is there going to be every operating system distribution’s package repository taken down as well?
Don’t expect any due diligence of ouf the copyright enforcement goons.
ref: https://en.wikipedia.org/wiki/HTTP_451
and origin story: https://yro.slashdot.org/comments.pl?sid=2906113&cid=40270621
Is there any federated alternative to GitHub? And I obviously don’t talk about git, but the social part, comments, pull request approval, issues and so on?
https://forgefed.peers.community/
Interesting, thanks!
Email.
Sure, but not really. I mean I get that you can use email, and that there are projects using email, but for most people, this is really shitty experience and they’ll prefer something more user friendly.
I think email is an excellent bedrock for federation. You can them build services on top of it that improve the experience, like sourcehut are doing.
Then some-one could create an extension for Thunderbird making the whole experience better. Or something like nntpchan.
I don’t consider email to be such great protocol as many do. Sure, as a service (that is, decentralized message passing) it is great, but have you actually tried building anything on top of email? Its pretty hard. Different clients insert different headers, people generally mix all kind of stuff into the body. And if you want to host your own server, it is a work that never ends (I worked for company that provided email hosting and it was never ending stream of complains). Then I had most of my illusions about email taken by actually trying to parse email conferences about programming languages. Even the most basic reply-to header is too much for some people.
nntpchan seems interesting, thanks for the pointer. I’ve thought about building something on top of nntp several times (mostly something conceptually similar to BBS for IRC channel I am on), but I’ve stopped when I’ve read the RFC.
Normally that’s a fair point. But patchsets/pull requests are generated directly by git so always in the same format since you don’t just type gunk in an email client.
As I mentioned in the original post, I am not concerned with patches / git. That works and it works fine. I am concerned with other social aspects; discussions, issues, wiki and so on.
Let me clarify; one of the things I don’t much understand is why that isn’t part of the protocol. Why not have discussions, wiki and other things directly in git? You could then have any GUI / web you wished, and the problem with github (one centralized platform providing more or less other values, then technical aspects of git) would go away.
A friend just told me that https://www.fossil-scm.org may be what I am looking for.
But Fossil isn’t federated, which is why this discussion was started in the first place ;)
It’s not great, has many problems but I’m afraid it’s the best we have. Also, troubles you mention are caused by clients. An open text standard and a reference client probably could solve this.
you don’t want most people contributing to your project
Take a look at Radicle, which is still in its infancy.
If your Debian-derivative has source repos enabled you can still get a (moderately) up-to-date version via
apt source youtube-dl.Fedora tends to always have a recent version of it.
I think all they need to do is fix the README.md ? That should be relatively quick. If not I guess they can remove the extractor/youtube.py from the repo and people can host youtube-dl “plugins” on other sites.
This will be a disaster of a legal battle, but I really hope it’ll be fought (and thus make the streisand effect even bigger).
So what, open source projects are going to be pushed to torrent sites now?
Or IPFS. Or *.onion
Thanks, Hamburg!
For all those who don’t understand what Hamburg has to do with it, the justification of this DMCA takedown request is based on a decision of a German court (Hamburg Regional court) that took down a service similar to youtube-dl, and the law in question is materially the same as a US law, if I understood the wording right.
That, and that particular Hamburg court is known to be heavy-handedly in favour of major copyright owners, so that’s where they invariably go to sue when they make a claim under German law.
hmm is that court responsible for many more YouTube videos being unavailable in Germany than anywhere else?
No, that’s about GEMA being more zealous than other right holder associations about the terms they license music videos to YouTube.
Ehm. No. No love for the GEMA (as an event organiser that likes musical interludes and someone who had to implement their “API” for clients, I hate them with a passion). YouTube/Google has run an effective campaign against them, though by… telling only what was interesting to them. And I also have no love for them.
GEMA, in contrast to the RIAA, is state-regulated. They are a special private entity. This means they are strictly disallowed to favor a party, by law. The sticking point in the negotiations with GEMA was that YouTube wanted essentially “mass rebates” - and they get them everywhere, except in Germany. And the GEMA is not allowed to give them. There was even a 2 year trial run with YouTube to test such a model out, which was later not accepted by the regulators. YouTube then chose to not have the videos available. It’s not like the GEMA didn’t license them (in fact, they must license them to anyone who agrees with the common terms), YouTube just didn’t want the conditions and tried to strong-arm.
And that’s good, because every smaller player around them cannot get this advantage.
Also note that GEMA, in contrast to the RIAA, represents artists, not labels, due to the way copyright in Germany works.
The GEMA is fucked on how it has no modern management and its distribution is unfair and how they are so big that they don’t have to move. Also, how they assume that everything needs to be paid for except if proven otherwise. Deeply so. But please light a fire under their arse for the right reasons.
But all people see is “I don’t get my music on the internet and YouTube says it’s GEMAs fault”. It’s also YouTubes fault. Rule of thumb: if 2 big players in the media industry battle, look closely, they will probably try to sway you on your emotions.
I had my own run-ins with GEMA, and I’m pretty sure that they could have decided on a schedule that includes better rates for high volume customers (just: for all high volume consumers). Not saying that YT didn’t try to strongarm them (they probably did), but where GEMA is involved, I default for the other side:
The state regulation part is legally correct, but misleading: These days it’s wielded more as a weapon to prevent competition (to GEMA) from appearing, because the regulator is (for whatever reason) strongly interested in keeping the situation GEMA-only (even though the law doesn’t say that there must be only one such organization).
Why is there interest in creating competition to GEMA? Because while it’s supposed to serve all musicians (they also collet for other right holder organizations, but that’s just an invoicing service) it does not: Its internal pay schedule is twisted towards having a relatively small set of folks benefit financially - who are, incidentally, the same that have voting rights within the organization (most artists do not). It’s interesting to note that this kind of corruption (which exists for a really long time) doesn’t matter to the regulatory body (so what exactly do they regulate again?).
Finally, the regulatory body in question is the German patent and trademark office (DPMA). Since I also default to the other side whenever they come up (except when it’s the European Patent Office in which case I can only hope for divine intervention that eradicates them both), that side of the story really has no chance for my sympathy, like, at all.
edit to add a point that brings us back on topic: The original question was if the Hamburg court is responsible for the wide-spread blocks of music videos in Germany. They’re not, but I guess I can clarify my original statement in that it’s due to YouTube and GEMA fighting over fees. Even without declaring who’s in the right or wrong here (likely: both wrong), it’s the origin of limited music video availability on German YouTube.
(Full disclosure: I work at Google, but never had anything to do with artists, their collection agencies, labels, YouTube or the DPMA or EPO through my employer. This is personal.)
I agree with most of your points, but they are not of interest in the YouTube/GEMA relationship. Its broken payout structure towards its artists is not of interest for YouTube, not was it addressed in that dispute, because that’s not in play here. It’s dominance and assumption that they can claim all music until proven wrong is bad, but was also not challenged by YouTube.
I have worked for competitors to YT, and its behavior was hugely damaging in the space from our point of view.
This is no question of who’s more fucked up. YouTube ran a very expensive sway campaign and lost (and in the process, may even have strengthened the hold of GEMA more.
Yes, you should.
Does youtube-dl have a Slack or mailing list? I’m curious what they are planning to do now. Mirrors are great, but the development of the finicky parsers must go on, no?
Are they going to re-host elsewhere? Appeal to Github?
There seems to be #youtube-dl@freenode https://matrix.to/#/#freenode_#youtube-dl:matrix.org
Ironically, the youtube-dl source can be fetched from the DMCA repo:
https://github.com/github/dmca/tree/416da574ec0df3388f652e44f7fe71b1e3a4701f
Due to how git works, the remote’s full history is under the PR specific branch since both commits need to be in the same repo for comparison. So by knowing the commit hash, the yt-dl source can be pulled from DMCA repo, even if forked repo is deleted.
https://github.com/github/dmca/pull/8142
Github can still delete this PR and the specific branches from their backend and disallow PRs for the DMCA repo, but it’s a pretty funny clever trick.
Here is a post I wrote about how youtube-dl downloads special copyrighted youtube videos https://lists.nongnu.org/archive/html/gnu-linux-libre/2017-07/msg00003.html
(downloading is blocked on all youtube videos but downloading some videos is blocked more than others - especially official uploads of music videos)
Screen recording softwares such as SimpleScreenRecorder make it possible to (i) circumvent the technological protection measures used by authorized streaming services such as YouTube, and (ii) reproduce and distribute music videos and sound recordings owned by RIAA’s member companies without authorization for such use.
Please, do let them know. This is an excellent opportunity to make projects migrate to dark corners of the Internet, completely out of reach of big corporations and US/EU lobbyists.
git clone --mirror <URL>is a neat feature of Git that I just happen to like quite a lot! Oopsie daisy, that was probably off-topic. Sorry folks!This is certainly lazier than encoding the interleaved advertisements and content as a single MPEG DASH stream.
I wish GitHub had a checkbox for hosting the actual source code on a distributed anonymous filesystem, for projects that want that.
They’d still have to stop providing an interface to access the allegedly infringing content.
But… it’s git? It’s already in a distributed system.
The git repositires at GitHub are stored centrally, on servers provided by GitHub.
Furthermore, git is not a distributed anonymous filesystem.
No. Git repositories are distributed. GutHub has one copy, you have one copy on your machine, each contributor has a copy on their machine, and if the project is any serious, there are mirrors on other git hosting sites.
All code in GitHub is already stored in a decentralized way. I don’t know how it would help anyone if GitHub used a distributed file system to store their mirrors of repos.
If repos were stored in a place where nobody could demand that they were removed, it would help.
GitHub current has to comply, and remove their copy, even if users have downloaded copies of the git repos.
I’m not arguing that git is not a distributed version control system, but that git is not a distributed anonymous filesystem.
That’s my point though. Git repos are stored in a place where nobody could demand they are removed; on your personal machine, on the personal machine of every contributor, on probably many dozen mirrors. Literally the only thing which goes away when GitHub complies with a DMCA takedown request is stuff like issues and PRs, which aren’t even what you’re saying should be stored in a distributed filesystem.
When creating an Arch Linux package I can’t point the source field to my personal machine, though.
[Comment removed by author]
It says “by RIAA” in the title. Here’s the takedown request.
no doubt done with google’s assent
There’s an ample amount of doubt here. RIAAs and Googles interests are not aligned, indeed, they are often even in opposition.
this type of stuff doesn’t happen without private coordination to make sure it will not spark a conflict. they have different interests but conflict between them is in neither party’s interest.
Fair point: no public evidence of relationship, so all we can do is guessing.