YouTube has issued a content policy update featuring a list of "harmful or dangerous content" including "instructional hacking and phishing" which critics say effectively bars users from posting an array of valuable cybersecurity-related content.
Kody Kinzie, a security researcher and educator who posts content for an infosec channel known as Cyber Weapons Lab, picked up on the rules, which have formally been on the books since earlier this year, after an instructional video about how to launch fireworks over Wi-Fi for the 4th of July celebrations was given a strike "because we teach about hacking". Several of the channel's other WiFi hacking videos were also reportedly flagged or subject to review.
We made a video about launching fireworks over Wi-Fi for the 4th of July only to find out @YouTube gave us a strike because we teach about hacking, so we can't upload it.
— Kody (@KodyKinzie) 2 июля 2019 г.
YouTube now bans: "Instructional hacking and phishing: Showing users how to bypass secure computer systems"
The strike was lifted amid an expression of support from the channel's community of viewers. However, it prompted the YouTuber to express concerns about the apparent attempt at censorship. "I'm worried for everyone that teaches about infosec and tries to fill in the gaps for people who are learning. It is hard, often boring, and expensive to learn cybersecurity," he wrote.
Tim Erlin, vice president of product management at the cybersecurity firm Tripwire told IT news resource The Register that YouTube's apparent broad-brush ban attempt was a mistake.
"In cybersecurity, we improve our defences by understanding how attacks actually work," he said.
"Theoretical explanations are often not the most effective tools, and forcing content creators onto platforms restricted in distribution, like a paid training course, simply creates roadblocks to the industry. Sharing real-world examples brings more people to the industry, rather than creating more criminals," Erlin stressed.
Dale Ruane, a cybersecurity specialist who runs a penetration testing tutorial channel known as DemmSec, said that while the policy has existed in some form or another for a long time, he also "personally noticed a lot more people having issues where videos are being taken down" lately.
Calling the policy language "far too broad", the expert suggested the policy seemed "extremely hypocritical from a company (Google) that has a history of embracing 'hacker' culture and claims to have the goal of organising the world's information".
The video sharing giant's change in policy was met with heavy criticism from others online, with some echoing Kinzie's concerns and calling the policy "incredibly disappointing," while others wrote that it may be time for users to move to other video platforms.
Well this is incredibly disappointing for people trying to learn about ethical hacking or those trying defend their organizations. Censorship doesn’t look good on you @YouTube. Stop cramping your style. https://t.co/3DCRsQcgYF
— Jek Hyde (@HydeNS33k) 4 июля 2019 г.
YouTube won't host conference talks from me due to "hacking" content. Conferences have been unable to share videos due to this nonsense. https://t.co/5jQmpdd9Yk
— Hacker Fantastic (@hackerfantastic) 3 июля 2019 г.
OMG!! @YouTube will remove contents related to hacking... Time to move to @Pornhub my dear #Hackers #PenetrationTesting pic.twitter.com/q82FSCvOyP
— Amine Cherrai🌀 (@AmineCherrai) 3 июля 2019 г.
This is very troubling. It will cut off a large amount of the accessible knowledge, particularly from those with less money or restricted literacy. It risks increasing Infosec inequality.
— Kate Pearce (@secvalve) 3 июля 2019 г.
The google wording on the banning of hacking videos is bans: "Instructional hacking and phishing: Showing users how to bypass secure computer systems”
— Glenn Pegden (@GlennPegden) 3 июля 2019 г.
Surely, if you can show how to bypass a system in a YouTube video, by definition, it isn’t secure!
When you try to restrict access to knowledge because "bad people", curiosity will always go looking elsewhere. Kids are never more than a google search away from groups that will tell them things like "credit card fraud doesn't hurt anyone because the bank refunds the money".
— MalwareTech (@MalwareTechBlog) 3 июля 2019 г.
Everyone: Ban comments on videos containing kids & change your algorithms to stop pedo rings from benefitting.
— Katie Moussouris (@k8em0) 3 июля 2019 г.
YouTube:
Everyone: Ban white supremacists.
YouTube:
Nobody: Ban hacking tutorials so defenders can't learn
YouTube: Banning instructional hacking videos right meow! https://t.co/TkTfQvHGIj
If you make infosec hacking videos, use @Pornhub @Vimeo @Twitch and support the other platforms! They want your business, @Youtube doesn’t. https://t.co/hixZT0Mflj
— uɐpʇou@ ✸ (@notdan) 3 июля 2019 г.
