YouTube has added instructional hacking and phishing to its list of “harmful or dangerous content” that is prohibited on the platform. This represents a huge blow to people in the cybersecurity and infosec (information security) community who often use these videos to develop their skills.
YouTube appears to have added instructional hacking and phishing to this list on July 2. The current version of its “harmful or dangerous content” policy page (archive link) displays a message which says:
Click here to display content from YouTube.
Learn more in YouTube’s privacy policy.
Kinzie said that when he tried to upload a video about launching fireworks over WiFi for July 4, YouTube gave his channel a community guidelines strike and prevented him from uploading because he made a video about hacking.
Click here to display content from X.
Learn more in X’s privacy policy.
After reporting that YouTube gave his channel this original strike, Kinzie said that YouTube started to flag and remove his existing content and also issued a further strike on his channel.
Click here to display content from X.
Learn more in X’s privacy policy.
The implication of this news for the cybersecurity and infosec community is quite dire. It suggests that YouTube is going to be much more proactive in both blocking and removing content related to instructional hacking going forward, regardless of its context or educational utility.
This is quite a strange decision on YouTube’s part because instructional hacking content is primarily used for educational purposes. People are also pointing out that YouTube’s decision to crack down on instructional hacking content is likely to push people towards malicious black hat content.
Click here to display content from X.
Learn more in X’s privacy policy.
Ever since the latest adpocalypse, YouTube has started to police content on the platform more aggressively and many innocuous types of content including history and independent journalism have been removed or demonetized as a result. YouTube’s decision to target the cybersecurity and infosec community seems to be part of this post-adpocalypse pattern of behavior from YouTube.
While YouTube has banned instructional hacking videos, there are still many alternative platforms that will support and host these videos including BitChute – a video hosting platform that uses peer-to-peer technology and supports free speech.
Kinzie has announced that he’s planning to host Null Bytes videos on platforms outside of YouTube and is currently looking into hosting them on his own website or Vimeo.
Click here to display content from X.
Learn more in X’s privacy policy.
Click here to display content from X.
Learn more in X’s privacy policy.
Many people are disappointed with YouTube’s decision to start removing instructional hacking videos and viewing it as an example of YouTube’s growing tendency to dictate what users can and cannot watch on the platform. They’re also pointing out that it seems hypocritical for YouTube to remove this content when it pays people rewards for ethically hacking its products in order to discover security flaws.
Update – July 5, 2019: A YouTube spokesperson told The Verge that the Null Bytes channel was flagged by mistake and the videos have been reinstated. The Verge also pointed out that YouTube’s rules allow the depiction of “dangerous” acts “if the primary purpose is educational, documentary, scientific, or artistic (ESDA)” but the rules are still ambiguous overall because they prohibit instructional hacking.
Kinzie also responded to this update from YouTube on Twitter with the following statement:
Click here to display content from X.
Learn more in X’s privacy policy.