Earlier this year, YouTube added hacking and phishing tutorials to its examples of banned video content — and that ban has been publicized thanks to an apparent crackdown on an ethical “white hat” hacking and computer security channel.
Kody Kinzie is a co-founder of Hacker Interchange, which describes itself as an organization dedicated to teaching beginners about computer science and security. Hacker Interchange produces the Cyber Weapons Lab series on YouTube, but yesterday, Kinzie reported that they were unable to upload new videos because of a content strike. “Our existing content is being flagged and pulled, just got a strike too,” noted Kinzie.
We made a video about launching fireworks over Wi-Fi for the 4th of July only to find out @YouTube gave us a strike because we teach about hacking, so we can't upload it.— Kody (@KodyKinzie) July 2, 2019
YouTube now bans: "Instructional hacking and phishing: Showing users how to bypass secure computer systems"
The rule is laid out on YouTube’s “harmful or dangerous content” page, which bans “instructional hacking and phishing,” i.e. “showing users how to bypass secure computer systems or steal user credentials and personal data.”
As Kinzie and others on Twitter pointed out, even if that could stop some illegal behavior, it’s potentially terrible news for anybody studying computer security — as well as people interested in countering hacking and phishing tricks. Hacking techniques are often used illegally, but they’re not necessarily illegal. They’re practiced by many legitimate researchers and computer system testers. YouTube has a similar ban for teaching theft techniques, but that’s a much less popular (and expansive) pastime than learning about computers.
However, it’s not clear exactly how long (or how firmly) YouTube has been enforcing this rule. The Internet Archive shows that it’s been on the books since at least April 5th, and a YouTube spokesperson tells The Verge that it doesn’t represent a new policy — only an example added in a spring update to make the existing rules clearer. YouTube has apparently been taking down hacking videos since well before that date.
YouTube’s rules allow depicting dangerous acts “if the primary purpose is educational, documentary, scientific, or artistic (ESDA).” That seems to put an education-focused group like Hacker Interchange in the clear — and many Cyber Weapons Lab videos appear presented in an academic style with a focus on testing security, not committing crimes. But it’s also a bit ambiguous, since the rule literally bans educating people about the topic. YouTube didn’t offer guidance on how researchers and educators could produce these videos without fear of moderation, beyond pointing to the ESDA standard.
YouTube has made clearly incorrect moderation calls in the past — like taking down videos fighting white supremacy alongside white supremacist content. And content moderation at scale is hard. But here, there’s a bigger philosophical issue: when should YouTube ban people from teaching a topic that could be used in harmful ways, if it’s also a valuable area of study?
In a subsequent comment, a YouTube spokesperson confirmed to The Verge that Cyber Weapons Lab’s channel was flagged by mistake and the videos have since been reinstated. “With the massive volume of videos on our site, sometimes we make the wrong call,” the spokesperson said. “We have an appeals process in place for users, and when it’s brought to our attention that a video has been removed mistakenly, we act quickly to reinstate it.”
Update July 3rd, 7:06PM ET: Added comment from YouTube confirming the takedown was made in error and the videos have been reinstated.