YouTube has added instructional hacking and phishing to its list of “harmful or dangerous content” that is prohibited on the platform. This represents a huge blow to people in the cybersecurity and infosec (information security) community who often use these videos to develop their skills.
YouTube appears to have added instructional hacking and phishing to this list on July 2. The current version of its “harmful or dangerous content” policy page (archive link) displays a message which says:
“Updated July 2 2019: This article now includes more examples of content that violates this policy. There are no policy changes.“
This update message was added to the page alongside the following example of supposedly “harmful and dangerous” content:
“Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data.”
While YouTube claims that there have been no policy changes, it does appear to be policing instructional hacking content more aggressively since adding this example to the list on July 2.
This was highlighted by the infosec writer, researcher, and teacher Kody Kinzie who owns the popular ethical hacking and infosec YouTube channel Null Byte which has over 226,000 subscribers.
Kinzie said that when he tried to upload a video about launching fireworks over WiFi for July 4, YouTube gave his channel a community guidelines strike and prevented him from uploading because he made a video about hacking.
After reporting that YouTube gave his channel this original strike, Kinzie said that YouTube started to flag and remove his existing content and also issued a further strike on his channel.
The implication of this news for the cybersecurity and infosec community is quite dire. It suggests that YouTube is going to be much more proactive in both blocking and removing content related to instructional hacking going forward, regardless of its context or educational utility.
This is quite a strange decision on YouTube’s part because instructional hacking content is primarily used for educational purposes. People are also pointing out that YouTube’s decision to crack down on instructional hacking content is likely to push people towards malicious black hat content.
Ever since the latest adpocalypse, YouTube has started to police content on the platform more aggressively and many innocuous types of content including history and independent journalism have been removed or demonetized as a result. YouTube’s decision to target the cybersecurity and infosec community seems to be part of this post-adpocalypse pattern of behavior from YouTube.
While YouTube has banned instructional hacking videos, there are still many alternative platforms that will support and host these videos including BitChute – a video hosting platform that uses peer-to-peer technology and supports free speech.
Many people are disappointed with YouTube’s decision to start removing instructional hacking videos and viewing it as an example of YouTube’s growing tendency to dictate what users can and cannot watch on the platform. They’re also pointing out that it seems hypocritical for YouTube to remove this content when it pays people rewards for ethically hacking its products in order to discover security flaws.
Update – July 5, 2019: A YouTube spokesperson told The Verge that the Null Bytes channel was flagged by mistake and the videos have been reinstated. The Verge also pointed out that YouTube’s rules allow the depiction of “dangerous” acts “if the primary purpose is educational, documentary, scientific, or artistic (ESDA)” but the rules are still ambiguous overall because they prohibit instructional hacking.
Kinzie also responded to this update from YouTube on Twitter with the following statement:
If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.