YouTube Bans Content 'Showing Users How To Bypass Secure Computer Systems'

Kody Kinzie from the Null Byte YouTube channel on Tuesday said YouTube banned a video he made about launching fireworks over Wi-Fi for the 4th of July. According to YouTube's Community Guidelines, you are not allowed to post content "showing users how to bypass secure computer systems or steal user credentials and personal data." Doing so will apparently result in a strike. The Register notes that this written policy "first appears in the Internet Wayback Machine's archive of web history in an April 5, 2019 snapshot."

"I'm worried for everyone that teaches about infosec and tries to fill in the gaps for people who are learning," Kinzie said on Twitter. "It is hard, often boring, and expensive to learn cybersecurity." Security professionals like Tim Erlin, VP of product management and strategy at cybersecurity biz Tripwire, also finds the policy questionable. "Google's intention here might be laudable, but the result is likely to stifle valuable information sharing in the information security community," he said. "In cybersecurity, we improve our defenses by understanding how attacks actually work. Theoretical explanations are often not the most effective tools, and forcing content creators onto platforms restricted in distribution, like a paid training course, simply creates roadblocks to the industry. Sharing real world examples brings more people to the industry, rather than creating more criminals."

"Insecure" computer systems

[presidenteloco]

Fixed that for you.

Seriously though. Clearly these computer systems are not in any meaningful sense secure if a youtube video can explain how to bypass the security.

Re: "Insecure" computer systems

[Zero__Kelvin]

Social Engineering has always been a tool in the hackers toolbox. Kevin Mitnick was one of the world's most wanted hackers and used it quite extensively.

Re:

[presidenteloco]

The "all are insecure" thing is a simplistic "rule of thumb" to tech the masses. It's the safe assumption.
It's not actually precisely true though.
For example, certain data links using quantum encoding of the information are absolutely not observable or tamperable without detectability.
Certain encryption algorithms are currently believed by the mathematical experts who should know to not be decipherable unless you have more than the lifetime of the universe of computing, or until we have large-scale quantum

Re:

[msauve]

But, think of all the illiterates unable to read or write, who are now prevented from learning or teaching infosec.

Boom

[Anonymous Coward]

That's ridiculous. Banning knowledge is stupid.

Banning showing people how to use it with the explicit purpose of doing evil, sure.

Questions, questions...

[Anonymous Coward]

What does building a system to launch fireworks using a trigger transmitted over a wireless network have to do with bypassing secure computer systems? Or is it because the word "hacking" was used to refer to cobbling a technological system together as a hobby, or did the project use some part of the 802.11 protocol in an unorthodox way? Are the likes of DefCon and Black Hat conference talks now forbidden? Or is this just another policy that will be arbitrarily and non-uniformly applied to smaller channels?

Re:Questions, questions...

[Anonymous Coward]

It's not the fireworks video that got banned. They were going to upload the fireworks video, but found they could not due to a strike from an earlier video talking about a Wi-fi vulnerability.

(Yeah, I was a bit confused on that point too)

Re: Questions, questions...

[Zero__Kelvin]

That is not the reason at all. In fact correcting editor mistakes almost always results in positive mod points. AC was created to support posting when the tying the info in the post might harm the poster in some way, so for whisteblowing. Almost nobody uses AC for its intended purpose on Slashdot anymore unfortunately.

'How to pick locks' next?

[nospam007]

Then 'How to save taxes', 'How to make a gun', ...

We can't have the plebs know the stuff that is destined for their betters.
Information is wasted on them.
Apparently.

Re:

[Anonymous Coward]

They've more or less already banned videos about making guns, bombs though seem to be ok: https://bearingarms.com/tom-k/2018/04/03/youtube-banned-gun-making-videos-yet-still-allows-bomb-making-ones/

Why does it always stop at what Google wants to do

[Anonymous Coward]

Why does it always stop at what Google wants to do? Or Facebook? Or Microsoft?

Are all of us worthless slackers who are utterly unable to create proper alternatives to these things? Why isn't it happening in this world where everyone pretends as if anyone can reach anyone at any time? If it's so easy, why aren't there tons of such alternatives? There's not a single one.

Re: Why does it always stop at what Google wants t

[Anonymous Coward]

There are tons of alternatives. That nobody uses and less even know exist.
Like that terribly insecure bitchute or "will ban you for the same nonreasons youtube will" vimeo or the "stuck in the 90s codecs" daily motion.

Re: Why does it always stop at what Google wants t

[jythie]

Setting up an alternative is easy. Getting enough people using it that people will use it, much harder.

Re:

[sneezinglion]

Setting up an alternative is easy. Getting enough people using it that ....

.......you can use the traffic to drive income is much, much harder.

FTFY!

Re:

[phantomfive]

Are all of us worthless slackers who are utterly unable to create proper alternatives to these things? Why isn't it happening in this world where everyone pretends as if anyone can reach anyone at any time? If it's so easy

It's entirely because people are too lazy or incapable of hosting their own servers with an RSS feed.

why aren't there tons of such alternatives? There's not a single one.

There are tons. Set up your own server with an RSS feed. It's easy to do. The reason you haven't done it is because you are lazy. It costs money, but only $5 a month unless you have tons of friends.

Re: Why does it always stop at what Google wants t

[astrofurter]

Big Brother Google and Faceboot just buy out any serious up and coming competition.

https://en.wikipedia.org/wiki/... [wikipedia.org]
https://en.wikipedia.org/wiki/... [wikipedia.org]

Plus, all the "startups" in Surveillance Valley are owned by the same handful of inbred upper class "venture capitalist" twits. Obviously they all collude - and not just for wage fixing.

The ultimate conundrum for YouTube

[SuperKendall]

I think I'll make a video showing a cat breaking into a computer system...

What will you do YouTube? WHAT WILL YOU DO?

Re:

[BitterOak]

Why the fuck was he modded to +5? How do I lower it? Does it require an account?

Do you work for Google?

Thanks!

[SuperKendall]

I modded it offtopic and its at 4 now.

Big surprise an AC lacks humor glands. *rolls eyes*

The post is back to +5 though so technically now I've been modded +6! Thanks dude! Talk about a boost to the old ego!

P.S. Hint for the newcomer to Slashdot, all the AC's are dudes, especially the humorless bitter ones, if you were wondering how I knew this scowling old Alcoholic Centaur was a dude.

I control the Horizontal. I control the Vertical.

[SuperKendall]

How do I lower it? Does it require an account?

You can't stop the signal, Pal.

Re:

[antdude]

YouTube's computer system!

Well that's redundant

[Anonymous Coward]

It's not a secure fucking system if you can fucking bypass its security, now is it? Kid sister encryption depends on no-one telling your kid sister how it works.

Security

[sanf780]

I watched some locksmith opening locks, telling me how crap they are. Are these ones in jeopardy too?

Re:

[iTrawl]

If it's the Lock Picking Lawyer, who says he's a real civil lawyer [reddit.com], then if YouTube start taking his videos down he might have something to tell them, and he might have friends to help too.

I'm not a lawyer of any kind except armchair, but I would present this ridiculous situation to a court: I "secure" my property with yarn. Guy B makes a video about how insecure yarn is. I ask YouTube to take the video down because it tells people how to break my security. Fully expecting the court or the opposing lawyer t

Re:

[Mashiki]

I watched some locksmith opening locks, telling me how crap they are. Are these ones in jeopardy too?

Probably. In some countries learning how to open locks without a license is criminal, and being in possession of "lock breaking tools" is criminal(equivalent to a 2yr+ felony in the US) even if it's for personal use, even if it's used in a hobby.

Just wait until they start upgrading the laws so that driving around with a laptop is criminal. Because some of the easiest ways to steal cars today is to emulate or hijack the key FOB.

Re:First, they came for Alex Jones

[jythie]

eh, it is really hard to have sympathy for the people being 'deplatformed' since not that long ago they were the same communities perfectly content with using whatever tool they could to silence others. They are not upset about the ratchet, they are upset people they consider unworthy actually having a say in it now.

Re: First, they came for Alex Jones

[astrofurter]

First they came for the Communists, and I did not speak out -
          Because I was not a Communist.

Then they came for the trade unionists, and I did not speak out -
          Because I was not a trade unionist.

Then they came for the Jews, and I did not speak out -
          Because I was not a Jew.

Then they came for me - and there was no one left to speak for me.

Re:

[Zak3056]

I think you're missing the point entirely, here. Yes, no one cares about the unsympathetic targets of the blunt instrument, that's exactly the point of the post you're replying to--the things we like (today!) don't need protecting, but the things we like today may not be the things we like tomorrow, and the rush to use the blunt instrument on the people you don't like will open the door to using it on the people you do (as YOUR post points out (quite unintentionally, I think)).

Because knowledge is bad

[phantomfive]

Watch the drama. It will keep you distracted from everything that matters.

Sincerely,
Big Brother

Re: Because knowledge is bad

[astrofurter]

Wait - I thought the drama had already been banned from YouTube.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Rockoon]

Then why is Google working so hard to destroy their reputation?

Because companies with as many employees as Google have a mob problem.

You can't control a mob very well. You can whip a mob up and point them in a particular direction but you can't make them stop once they get a taste.

Consider the recent revelations that university faculty and staff are afraid of their own students.

You folks speak of Google and other large corporations like they are each an individual person. They aren't. They are a nest. In the case of the tech industry and its penchant for hiring

Re:

[Zak3056]

The reason people go to YouTube is the availability of knowledge at 30 or so frames per second. (As a picture is worth a thousand words, watching a 2 - 3 minute YouTube video is like reading a document with a length of several thousand words.)

I come up with between 3.6 and 5.4 million words, using that formula. :)

There is no "security by obscurity".

[ffkom]

It's really that simple: If explaining how a security measure works scares you, then your system already is insecure.

But I guess this is all not actually about security, but about teaching the citizens a lesson in obedience.

Re:

[jythie]

In other words, all security systems.

I think it's very nice of them to block stuff

[fustakrakich]

They are helping other services gain market share. It's good for diversification so that nobody can get too big and powerful.

Re:

[Agripa]

They are helping other services gain market share.

Based on what happened with SubscribeStar, they have that loophole covered.

Re:

[grumpy_old_grandpa]

Go back to self-hosted web sites. The video HTML tag makes embedding it as easy as the img tag.
And if you cannot be bothered to pay some $50 a year to host and publish your stuff yourself, it's probably not worth that much to begin with.

self-marginalization for the win

[epine]

Go back to self-hosted web sites.

Existence: true
Engagement among the unwashed: epsilon

Some people strive to more than merely exist. Descartes once said:

I exist, therefore I am.

This was after rejecting:

I exist, and existence is the whole pudding, therefore my every existential action causes shit to happen everywhere and always, and I shall be loved and admired by the masses, and maybe even earn a passing glance someday from the cute redhead at the other end of the lane.

Re:

[grumpy_old_grandpa]

I cry crocodile tears for the loss of videos from the unwashed masses. However, somebody into infosec, as was the topic of TFA, will have more than enough know-how to set up a site and host videos there. And again, if you cannot be bothered to do so, then your hack is probably not that interesting.

Re:

[Rockoon]

Bitchute seems to be growing, or at least with the sudden uptick in Silicon Valley censorship are getting a lot more mentions. Worked great the last I tried it.

My issue with bitchute is that its a torrent client in a web browser. Accidentally click on that copyrighted movie on the front page... and you arent using a vpn... yeah.

Why not just get a VPN you ask? I do have one, but the people I might share a video or two with don't, and they might accidentally or even purposefully click on pirated content, thinking its a safe place to do such a thing like youtube.

security via obfuscation?

[kiviQr]

limiting knowledge makes us weaker not stronger.

Difference?

[duke_cheetah2003]

I watch a lot of bosnianbill and lockpickinglawyer. They teach us how to defeat all kinds of physical locks, via bypass, picking, or other means.

There's other locking picking channels, too. I'm no picker, I just enjoy watching the content.

So where's the line? Why is defeating computer security a strike, but physical security defeats is perfectly ok?

Please make sense?

Re:

[jythie]

While I strongly disagree with youtube, I can see at least one major difference.. picking locks is a physical activity that requires taking the risk of actually being at the location and doing things. A lot of these computer hacks are anonymous and opportunistic, much less risk for the often anonymous attacker. Lockpicking also has a pretty common harmless use case, most people pick it up for fun or for accessing their own property. Electronic intrusion though is more commonly about getting into other p

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[blind biker]

I love Lockpickinglawyer (not so much of Bosnian, even though I have family in Bosnia). The man is a genius. Strangely though, the videos I enjoy the most are the ones where he uses the Ramset.

Re:

[EvilSS]

I'm sure they will be along for them too, they just haven't got around to it yet.

Re: Difference?

[astrofurter]

"Please make sense?"

It makes perfect sense. If you think of it as a boot stomping on a human face. A boot worn by a methed-out psychopath who can't decide if he is the vengeful Old Testament God himself, or just a nice friendly dude who likes cat videos.

Puffery! How about "vulnerable computer systems"?

[davecb]

I used to run Trusted Solaris 7, and it was a B2 subset. The stuff they're calling secure (meaning B2 and above) isn't secure, it barely makes C1.

In case you were wondering, "A" means the same as A on an exam: pretty darned good confidentiality, but a bit on the theoretical side. "B" is what good students get, "C" is a bare pass, and "D" is "don't even apply for that job" (;-))

No-one, including the NSA, uses this standard any more, because it's too hard to meet. That's why a contract sysadmin can walk out with the crown jewels on a thumb drive (;-))

So, banning nothing?

[bill_mcgonigle]

If a system can be bypassed then it's not secure. This is tautological.

Fraudsters hawking systems as secure when they're not could be banned for actually attempting a crime with real victims.

Remember when Microsoft announced XP's release marked the end of insecure Windows? That was out-and-out fraud. Proving the fraud is entirely just.

It's time for centralized content platforms to die.

More censorship

[AHuxley]

Crypto, DRM, what's next? OS? Classic computer games? Firewalls that block ads
Expected censorship to stop at politics, different nations laws and German history?

Once the censorship starts the freedom to talk about tech is just another topic to move to better video-sharing website.

Re:

[Misagon]

Videos on how to bypass DRM to make classic computer games work have already been taken down.

Re:

[Rockoon]

Videos on how to bypass DRM to make classic computer games work have already been taken down.

And the people pretending not to know this already, were probably previously defending the takedowns because "copyright owners"

Re:

[AmiMoJo]

Looking at their channel, a lot of hacking videos are still up: https://www.youtube.com/channe... [youtube.com]

It seems like it's the usual YouTube bumbling, unable to consistently apply the rules or in anything like a reasonable and sane manner.

Worst part is they probably don't even want to, it's just that advertisers noticed some "hacking" videos and started complaining.

Re:

[jythie]

Yep. Time to bring back the kiddy porn!

Censorship is always a balancing act, there is no 'start' or 'end', and it isn't a slippery slope starting at whatever arbitrary point an individual feels impacts them.

When they came for...

[sinij]

For those that thought Google would stop at censoring people they didn't like (I am looking at you AmiMojo) time to eat your crow.

Re:

[Powercntrl]

Google is just slowly turning into AOL. If history repeats itself, we have nothing to worry about.

I love it when a good plan comes together.

[WolfgangVL]

In just a few short years, Google (Yes, Alphabet will always be GoOgLe to me) has become pretty much exactly what the evil dystopian sci-fi future corporation is supposed to aspire to, and this is just the sort of thing you should expect them to do. Pretty much from here on out.

Now that we have an entire generation trained on "Just watch a tutorial on youtube, it's all there." to do anything more involved than changing the batteries in the smart-TV remote, they (Alphabet) can now reliably decide not only wh

craaaaaazy for censorship

[astrofurter]

Lately it seems like the Google Nazis running YouTube have gone power mad. They've just fallen in love with censorship. Maybe Alphabet finally succeeded at firing every last person who still believed in freedom of speech.

What exactly IS still allowed on YouTube? Cat videos? Or have the Google Nazis running decided kittens are "offensive" or "dangerous" too now?

At this pace, by the end of the year shitty megacorp advertisements will be the only content left on YouTube.

The time has come. We must no longer al

Re:

[account_deleted]

Comment removed based on user account deletion

Please not Next Gen Hacker!

[Tora]

His video on "tracertee" (as he speaks it, helping educate those lesser noobs of us out there) is incredibly informative, please I beg you google, keep it around!

https://www.youtube.com/watch?... [youtube.com]

RIP freedom of information

[Anonymous Coward]

After my generation effectively obtained the freedom of information (through tools such as wikipedia or youtube), current generations seem to be keen on closing it again based on some ill-defined notion of political correctness that goes far beyond the respect of law (it's one thing to ban kiddie porn, and another to fight "fake news"). And it's not just corporations and nation-states doing it, countless politically-active individuals are putting a shoulder to curtailing my ability to see what other people

The Internet currently requires private power.

[jbn-o]

Wikipedia and YouTube are radically different examples, only one of which gets to your point. Wikipedia is licensed to share and fully downloadable; one can make their own encyclopedia based on Wikipedia's articles if one so chooses (this is even proven to work without the pictures and movies, see the old Wikireader for an example—it's a portable device used to read cached Wikipedia articles offline).

YouTube is not entirely downloadable, and not entirely licensed to share. Even if both Wikipedia and Y

Re:

[strikethree]

This.

I am so sad that everything we have learned over the past 200 years is for naught. :(

Might as well start practicing paying obeisance to King George again. It is for our own good.

so?

[sad_]

write a blogpost about it, you can go much more in depth on the topic there and it is easier to learn from as well (no pause rewind, forward, play, pause rewind needed).

fun at the office

[AndyKron]

I'm glad the video has been return to YouTube so I can find out how to make a networked explosives setter-offer device. I can see great fun in the office space

Will only affect legitimate users

[drinkypoo]

The people who want to use this data for nefarious purposes are smart enough to find it somewhere else. The people who just want to get into their own computer, however, are fucked.

Thanks, Google! Now I see why you love DRM so much.

To protect their users, or their income?

[Opportunist]

You honestly think YouTube is doing this to protect someone from being exploited after he sees a video telling someone else how to hack? Please. What they try to protect is their advertisers who get pissed that their ads for their Internet of Trash crap get shown right at videos where someone uses the IT equivalent of a paperclip to unlock their "highly sophisticated door lock".

(Guess whose video got deleted, too, by the way...)