1. 18

    Correct me if I’m wrong, but isn’t the notice-and-takedown provision of the DMCA exclusively relevant to copyrighted material per se, and not applicable to the anticircumvention provision? And it even seems a bit of a stretch to claim this is even a circumvention; youtube-dl merely requests the same data as a browser, I don’t think it has any functionality related to DRM.

    1. 2

      As I understand it, the root issue was that the source code had test cases that specifically linked to copyrighted material. I suspect it would have been otherwise ignored apart from that.

      1. 1

        At least by German law the distribution of copyrighted software and software to circumvent copyright is illegal.

        I‘m sure other countries have similar laws.

        1. 28

          But youtube-dl is not a tool built to circumvent copyright. Especially, as YouTube does host CC-licensed material and tons of their material is owned by their creators, which can give you a license to download and use all the time. The DMCA notice makes a very careful point to only refer to the YouTube standard license. The problem there is that YT does not provide another method to exercise your right to copy.

          Also, while the court in Hamburg is known for its… creativity and industry-friendlyness, it also is not unusual that its decisions don’t survive revisions.

          1. 3

            Good point! Then the software would only go against the end-user license agreement of YouTube? But I guess that can’t be enforced with a DMCA. I hope the court regards this!

            1. 4

              Especially as YouTube would have to be the party to go to court over this. Also, the Terms of Service are aimed at the user of youtube-dl.

              1. 1

                What’s next? “You use the computer, therefore you’re stealing our content? Even though it’s not our content at all we want you to stop and shut down your computer immediately”.

                1. 1

                  I don’t understand your reply. The only thing I noted is that in the scenario the OP arrived at (ToS enforcement), the legal parties would be different and the RIAA cannot be in the picture. And YouTube has no interest in suing its users.

                  Nothing is next.

                  1. 1

                    Oh, no, I’ve meant to reply to your previous comment, and with it agreeing with it. Basically, RIAA is trying to take down youtube-dl because it was used to download copytighted content. But so was the entire computer. That’s what I’ve meant when I’‘ve asked “what’s next”.

                    I don’t know why I replied to this comment, not your previous one though.

                    1. 3

                      Ah, yes! Thanks for clarifying. Yep, the problem is that we need a fundamental reform, not escapism. IMHO, centrialisation vs. decentralisation is a red herring. I will just lead to the situation we had years ago: going after the nodes and the creators, with a less clear battlefield.

                      IMHO, this situation is less bad. It’s visible and I’m sure we’ll read about some lawyer filing a counter-claim next week or so.

              2. 3

                Also youtube-dl does not distribute the content. There are laws and enough court decisions in germany that private copies and their tools are allowed. youtube-dl would probably be seen as this kind of tool.

              3. 1

                But youtube-dl is not a tool built to circumvent copyright.

                That may not matter. It is a tool build to circumvent the inconvenience of not having an easy way to download videos from the website. That inconvenience almost certainly counts as a “technical measure” (there’s some obfuscation going on). It doesn’t matter whether the works behind it is protected. Circumventing the technical measure does.

                Now while the technical measure does have to restrict access to protected work, it may not have to be its primary purpose. If YouTube obfuscated download capability primarily to get users to come back & see ads, the fact is that it restrict access to protected works, and that may be enough.

                1. 3

                  The may is very load-bearing here, though. The problem is that every right and rule is subject to weighting in court. And for example Germany has the right to create private copies for personal use/archival. Circumvention of copy protection is illegal, but copy protection is not only a technical measure, but also needs a clear marker on the source material. So, in Germany: both the algorithm must exist and the source must be marked as copyrighted and protected.

                  This is actually a reasonable rule: it avoids the situation where “open” things are wrapped to be closed.

                  If you look closely at what the RIAA quotes (I’m yet trying to find the decision they quote): they talk about a “service”, so probably about an intermediary helping users. I have not yet found which decision they actually refer to, someone on Twitter assumed this one: http://www.rechtsprechung-hamburg.de/jportal/portal/page/bsharprod.psml?doc.id=JURE180006255&st=ent&doctyp=juris-r&showdoccase=1&paramfromHL=true#focuspoint

                  A very tl;dr: This describes a case of a server-based service which allows you to grab the audio track of a YT video (I assume to download albums from YT). This is commercial circumvention of copy protection. The case document even goes into a lot of detail to express how the service is not just a proxy for the individual user in all cases: because it is an ad-based service, the defendant was not able to claim to enable easy private copies, it indeed monetises each copy. The question whether the user was allowed to take this copy was expressively ruled out, the sticking point was that illegal copies are monetised. Sounds like a classic stream-ripping service for me, which are indeed very damaging to video platforms (the classic was to rip a stream from a player, put it in you own, with your own ads: the platform pays the streaming cost, you get the ad value).

                  What the RIAA seems to rely on is that this case does mention that it assumes that the protective measure is effective (interestingly by describing how it is not usable through non-developer functions in Mozilla Firefox, maybe that’s a good feature suggestion?) but that may still lose out in weighting against the interest of the user to get their own copy. But whether they are right, at this moment does not matter here. I would not even assume that the RIAA has checked this case to fully apply to their thing: they don’t need to, they just have to present a 50% non-bullshit case to GitHub. GH is not obliged to check further then that.

              4. 5

                For all the complaints about the US DMCA, generally Europe has some of the harshest and most extreme copyright-regime rules, up to and including the disastrous new mandate for basically everyone to implement a YouTube-style pre-filter on all uploads.

                1. 1

                  Is there a similar law or not? I think your comment is a little bit off-topic.

                  1. 10

                    US DMCA is a huge act. It is all the rules around all things digital. What people usually refer to are DMCA Takedowns, which I actually find reasonable, especially as they have a clear procedure. Thats section 512. It actually goes into details of what platform providers are not liable for. (Caching, etc.) I’d actually love if a German law were that direct.

                    Broken down, if you are a service provider hosting user content, you are not liable if the following procedure is in place:

                    • Someone can send you a “takedown notice”, in which they tell you that they are the copyright holder and that they believe this is their content, which you promptly respond to.
                    • As time is of the essence here, you don’t have to check this claim for validity, but instead have to forward this notice to the user, at the same time making their content inaccessible.
                    • The user can file a counter-claim, in which case the 2 parties can go to court and will notify you of the results. During this time, the claim is contested and you can continue serving the data.

                    In theory, fraudulent takedown notices can lead to the other side suing back, but that rarely happens, especially around groups like the RIAA and that’s where it issue lies.

                    Now, you may agree with copyright or not, if you run a public service, you will have to implement a procedure here. And the DMCA procedure is actually straight-forward and easy to implement. It’s worth it, as it takes you out of the danger zone.


                    Background: I was part of the legal review and setup for crates.io around GDPR and DMCA. I can tell you, both are equally often misinterpreted.

                    The problem here is that the RIAA here does not invoke 512, but instead claim the illegality of the tool outright.

                    Finally, to be clear: I don’t support a lot of this stuff, but I don’t have the liberty to ignore them. Also, the RIAA is very much in the wrong here, in my opinion. Also, to be clear, there are reasonable takedown requests. On code hosts, that’s usually someone ripping off the license and renaming the library and publishing a copy. On other sites, it may be nude pictures someone took of his GF.

                    1. 6

                      Look up the recent EU Copyright Directive (originally known as “Article 13”) for a starter. With the US political system mostly deadlocked these days, the copyright lobby has turned its attention – with much success – to Europe, and the regime which will soon be in place there makes the US DMCA system look almost reasonable by comparison.

                  2. 1

                    circumvent copyright

                    not DRM?

                    Ytdl simply extract links.

                    1. 4

                      Well, not that simply. The takedown letter says it circumvents something called

                      YouTube’s “rolling cipher”

                      which was determined as an “effective technical measure” by the (copyright-mafia-adjacent apparently; and not under US jurisdiction) Hamburg Regional Court.

                      Indeed one of the test cases mentioned by the RIAA is described as ’Test generic use_cipher_signature video (#897).

                      And apparently what that means is running some JS function (in a tiny interpreter of a tiny subset of JS) to deobfuscate the links.

                      This is absolutely not what we would perceive as “real” DRM, but it does technically attempt to ‘manage’ some ‘digital rights’, lol.

                      1. 1

                        And apparently what that means is running some JS function (in a tiny interpreter of a tiny subset of JS) to deobfuscate the links.

                        That “some JS function” is running the JavaScript sent by YouTube to the user in response to a request for a video, and looks to be fetched each time a video is requested by the YouTube extractor. I could see a stronger argument for “circumvention” if they had re-implemented the logic in Python or saved the JavaScript into the repository. As it stands currently, this seems a really big stretch.

                1. 66

                  It would be terrible if this repo was replicated across the Internet.

                  Remember kids, don’t copy that floppy!

                  1. 12
                    1. 10

                      Codeberg is hosted in Germany, I wouldn’t count on this repo staying up.

                      1. 2

                        I wouldn’t be so sure. In germany youtube-dl would probably be seen as a tool for making a personal copy, which is allowed in germany.

                        1. 2

                          Historically, why is Germany so anal about copyright compared to other countries?

                          1. 10

                            Easy money. Cease & Desist letter in Germany come with a fine attached if you follow them. You need to pay the the lawyers fees (~800+ EUR). This is pretty unique. So there’s “cease & desist” mills who trawl people, e.g. off bittorrent and all other networks. This means that some of these cases will end up at a court. As all things digital have no place of service or occurrence, the filing side can pick any court to go to. Which is usually Hamburg or Cologne, which tend to be the most eager to stretch the law to the rights holder side. But that’s actually not the process intended, what they want is people to be frightened and paying the lawyers fee on the first letter. They will even lower it if you even look at them like you might defend yourself.

                            1. 2

                              They, like the US, have a highly information based economy. If you can put a value amount on copyright, you can put a penalty amount. You can decide if a lawyer is worth it. You can make laws about it.

                              1. 2

                                Germany somehow seems even worse than the US though, despite producing less media so I don’t understand that discrepancy

                                1. 2

                                  This is unsurprising. Most international media companies here are basically “importing” and rarely “exporting”, which means (distribution) licensing, so all their local orgs have a high focus on rights management and lobbying for better terms. And if you have staff lawyers around all the time… you might as well use them?

                              2. 1

                                I think that whole sentence can be substituted as “Historically, why is Germany so anal about everything compared to other countries?”…

                                (Just kidding, sorry Germans!)

                                1. 1

                                  Der Freud wegen.

                            2. 7

                              The original repo is on the WayBack machine 1400 times with the most recent being 5 days ago. If you’re forking just to a copy lives around and not to continue development, I would just snag it there to be sure of the source.

                              Edited to make it clear I was linking to the original repo.

                              1. 3


                                please do not click the fork button

                                1. 1

                                  Do not save copies outside Github as well. Wait until Github takes down all the forks in one go (it’s not hard to do technically).