Friday, July 5, 2019

YouTube Hacking Video Ban

Kody Kinzie (via Hacker News):

We made a video about launching fireworks over Wi-Fi for the 4th of July only to find out @YouTube gave us a strike because we teach about hacking, so we can’t upload it.

YouTube now bans: “Instructional hacking and phishing: Showing users how to bypass secure computer systems”


Just a clarification, we haven’t even uploaded the firework video. We can’t due to a strike on a video about the WPS-Pixie Wi-Fi vulnerability.

YouTube Help:

Don’t post content on YouTube if it fits any of the descriptions noted below.


Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data.

Kate O’Flaherty:

But the infosec community says this policy is broken, because it’s seeing viable educational content also being removed. This content has been used by security professionals and businesses for many years to hone their skills and learn about new threats.


YouTube has now reinstated the video. It responded to Kinzie on Twitter, saying: “Our policy team reviewed the flagged video and determined that it was taken down by mistake. We have gone ahead and reinstated the video and resolved the strike on your channel. We hope you can upload the 4th of July fireworks video now!”

This doesn’t resolve the core issue, though, because the policy still bans this type of content.

1 Comment RSS · Twitter

This whole reactionary thing that's happening with security issues right now is extremely troubling and counterproductive. What YouTube is doing here is also inline with the UK's Internet Service Providers' Association branding Firefox an "internet villain" for adding encryption to DNS (i.e. fixing a feature that is currently just plain broken and was designed for an Internet where the assumption was that anyone participating was basically benevolent), and with new laws being passed that, in practice, equate security research with criminal hacking.

At the moment, both private companies and governments are attacking computer security in the name of safety, which is either naive, insane, or actively malicious, depending on the actor. This will make everybody less safe in the long run.

Leave a Comment