GitHub warns devs face ban if they fork DMCA'd YouTube download tool... while hinting how to beat the RIAA

No, no, no, you hit it like this *whack*

GitHub has warned it may ban users who fork a DMCA'd YouTube download tool on its platform – while at the same time hinting at how netizens can continue distributing the software without drawing fire.

Last month, the Recording Industry Association of America, aka the RIAA, asked GitHub to take down the repository of YouTube-DL, a popular public-domain program that can save to disk copies of videos streamed from the Google-owned mega-site. The request also asked for the removal of any forks of the software.

The RIAA, which represents music labels in the States, is upset the code can be used to pirate copyrighted music tracks hosted on YouTube, and claims YouTube-DL breaks US law – specifically, the Digital Millennium Copyright Act – that prohibits the circumvention of anti-piracy mechanisms. Defenders of the software say there are many legit reasons for using YouTube-DL, such as archiving material.

Microsoft-owned GitHub complied with the takedown request, and hid the code and copies of it from public view. However, some users continued to duplicate the software on the code-hosting platform, mostly by manually forking it.

In response to this form of protest, GitHub updated its documentation to warn folks it may freeze their accounts if they continue uploading copies of DMCA'd software, such as YouTube-DL:

Please note that re-posting the exact same content that was the subject of a takedown notice without following the proper process is a violation of GitHub’s DMCA Policy and Terms of Service. If you commit or post content to this repository that violates our Terms of Service, we will delete that content and may suspend access to your account as well.

The key thing to note here is "the exact same content." A spokesperson for the code-hosting website told The Register someone at least was able to modify the YouTube-DL source to remove specific elements that upset the RIAA, upload a copy of it to GitHub, and this instance has not yet been DMCA'd.

One example we can find is this fork that removed test cases from the code that downloaded specific copyrighted music tracks, such as Taylor Swift's Shake It Off, which irked the RIAA.

Loud music

RIAA DMCAs GitHub into nuking popular YouTube video download tool, says it can be used to slurp music


In other words, if you just fork the original YouTube-DL without any changes to it, you'll annoy GitHub and the RIAA. But if you modify YouTube-DL to, say, remove the offending parts cited in the RIAA's takedown request, such as references to particular tracks, GitHub will let it stand... until the association DMCA's that version, natch.

“GitHub is always ready and willing to help developers navigate the DMCA process; however, we must also ensure that the process is followed consistent with the law,” a GitHub spokesperson told The Register. "We are aware of at least one case where a developer has pushed changes to their fork of youtube-dl to address the DMCA notice, and GitHub has not yet received any new complaints about that modified project."

CEO Nat Friedman was spotted on IRC trying to get hold of the Youtube-DL maintainers to help them overcome the RIAA's takedown demand. He suggested the "rolling cipher circumvention code" and the aforementioned test cases to fetch specific copyrighted works were key to this whole affair. That is to say, removing these precise parts of the software may nullify the recording association's legal gripes against Youtube-DL, allowing the source to be distributed again on GitHub.

The rolling cipher is used in certain circumstances to generate the URL of the actual underlying video file of a YouTube page, and may not have to be excised from Youtube-DL to stay within the bounds of the DMCA. Figuring out the address of the source video isn't exactly circumventing an anti-piracy protection, you might argue.

The chief exec previously told El Reg his company was happy to help programmers facing DMCA takedowns. "GitHub's whole purpose is to help developers, and we will do so in any way we can," Friedman said. "In particular, we want developers to be aware of and take full advantage of our DMCA processes to ensure their projects are as broadly available as possible, under the law." ®

Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022