Angry YouTube-dl Users Flood GitHub With New Repos After Takedown

Users of the extremely popular YouTube-dl YouTube media downloader have flooded GitHub with new repositories containing the tool’s source code after GitHub took down the project’s repositories on Friday.

YouTube-dl is a command-line program that can be used to download multimedia content from YouTube and several other sites; before being removed, it used GitHub to host source code and compiled executables.

The utility is also used by journalists for various reporting tasks including downloading press releases, videos, and audio transcriptions.

On October 23, 2020, GitHub took down YouTube-dl’s repositories due to a DMCA (Digital Millennium Copyright Act) infringement notice filed by Recording Industry Association of America (RIAA), an organization that represents the recording industry in the U.S.

Before being removed, YouTube-dl’s repo was in the top 40 most starred GitHub repositories with more than 72,000 stars, between Node.js and Kubernetes.

Also Read: PDPA Breach Penalty Singapore: How Can Businesses Prevent

RIAA meet the Streisand effect

When trying to visit the original YouTube-dl GitHub repo or any of the other more than a dozen forks that were removed, you will see a message stating that the “Repository unavailable due to DMCA takedown.”

“We have disabled public access to the repository. The notice has been publicly posted,” the DMCA takedown notice also reads.

While almost everyone was expecting blowback from YouTube-dl’s angered users due to the Streisand effect, the number of new repos that showed up on the version control platform has surpassed most people’s expectations.

By targeting the project, the RIAA inadvertently exposed the project to a huge amount of new people given that YouTube-dl users and fans took to social media platforms and shared the story with tens of millions of other people.

As shown when doing a quick search for YouTube-dl, GitHub now hosts hundreds of new repositories containing the source code of the YouTube downloader or related to it (when using no search filters, thousands of such repos show up).

GitHub repo now also hosting YouTube-dl’s source code

Besides the huge number of new YouTube-dl repos that popped up since October 23, a copy of YouTube-dl’s source code was also added to an official GitHub repository used for hosting received DMCA takedown notices.

The user who committed the source code used a bug allowing anyone to attach commits to repos they don’t control.

According to security engineer Lance R. Vick, this is a known issue previously reported to GitHub that the company’s security team chose to ignore.

Hey @GitHub. Remember that security bug where anyone can attach commits to repos they don't control? That bug you said you wont fix?

It was used to attach the "youtube-dl" source code to your own DMCA repo. Have fun @DMCA.

You two deserve each other.https://t.co/NzlFTAKytp

— Lance R. Vick ( @[email protected] ) (@lrvick) October 25, 2020

The problem with YouTube-dl’s takedown is that it sets a dangerous precedent when it comes to removing other repositories of software that isn’t violating copyright.

Also Read: Data Protection Authority GDPR: Everything You Need To Know

Ricardo Garcia, the original creator of YouTube-dl and a former project maintainer (between 2006 and 2011), now part of the ytdl-org group that managed the GitHub repo, told BleepingComputer that he didn’t receive any legal threats prior to the takedown.

“I don’t have a general statement on the current situation other than a personal opinion that it is indeed unfortunate that the repository is currently blocked,” Garcia said.

“Other people have also expressed this idea much more eloquently than I ever could. See for example the following article by the Freedom of the Press Foundation: https://freedom.press/news/riaa-github-youtube-dl-journalist-tool/.”