That explanation is the most amount of nonsense I’ve read in a long time. The amount of mental gymnastics you need to non-ironically believe that is just unbelievable
i’d appreciate it if, for outsiders, you could explain why it’s “the most amount of nonsense” and “mental gymnastics” in actual detail instead of just saying that. as is, this is a very unproductive comment.
Because of course Invidious calls YouTube APIs. They call the internal APIs the same way YouTube official client calls the API. They even have the API of one of YouTube client’s in their repo. The guy’s argument is that since they reverse engineered the calls, which is fine, they don’t have to agree to YouTube’s TOS to call it, which means YouTube’s cease and desist invalid. I host my own private instance of Invidious to stream youtube audio to my phone. Of course reverse engineering is fine, scarping is fine, even the code is fine, and I’d agree that YouTube going after repos on github is wrong. But of course hosting Invidious is a violation of YouTube’s TOS.
I’ll admit I hadn’t seen that, and it sure does look like official API access. They also seem to make calls through that wrapper to access comments and plenty of other things, so it’s not just sitting there unused.
well, there was a long thread about this on /r/selfhosted where @TheFrenchGhosty@lemmy.pussthecat.org@TheFrenchGhosty@libretooth.gr was saying pretty much what I said, but with a tad more mental gymnastics mostly about EU laws regarding reverse engineering and lack of a formal agreement between them and YouTube.
Unfortunately (or fortunately?), /r/selfhosted is private atm due to the blackout, so I’m unable to find and share thread link.
The facts are:
Invidious (as an OSS project) calls undocumented internal YouTube APIs (they call it InnerTube).
Anyone can host an Invidious instance.
The main Invidious instance, i.e: https://invidious.io/ received a cease and desist from YouTube.
@TheFrenchGhosty@lemmy.pussthecat.org@TheFrenchGhosty@libretooth.gr posted all about this on GitHub, reddit, their personal blog, and contacted random media outlets like the one linked here, to complain about how “we have nothing to do with YouTube, why is YouTube bullying us”. And since everyone obviously wants to give the little guy the benefit of the doubt, everyone starts wondering how it could be that a project that’s all about providing an alternative UI for YouTube, doesn’t call YouTube.
It’s like if a movie pirating website is trying to argue
“Endgame.mp4” is just a file name. It has nothing to do with Marvel or Disney. What the hell are those greedy companies have to do with us??
I’m all for invidious, piracy, etc. But seriously?
It’s certainly possible to scrape data from interactions with a site directly, without using its API. This is even legal - there were no gymnastics in my response there. However, that decision has since been remanded, then re-affirmed, then challenged, and then LinkedIn obtained an injuction against HiQ which the two of them are still fighting over. So it could get properly overturned.
I definitely thought it seemed like it would be difficult to do this to offer a youtube frontend, but plausible enough that I didn’t look into it. Thank you for this. I’m looking more closely now :)
If they are using undocumented internal APIs, do YouTube’s API TOS apply to those? I checked the text of the TOS and it seems to me like it should apply; they say “The YouTube API services … made available by YouTube including …”. That seems broad enough to me to cover internal APIs as well, if their endpoints are accessible, but IANAL.
Also, the open response to the C&D seems to throw shade at the TOS saying “The “YouTube API Services” means (i) the YouTube API services” but ignores that this is immediately followed by parenthetical examples and qualifiers. The TOS is defining the term so that it doesn’t have to repeatedly add the qualifiers. Nothing weird about that. That’s uh… pretty bad-faith arguing, if I’m interpreting it correctly.
Edit: assuming you refer to the same reverse engineering points that they made above… yeah.
They’ve (convincingly) followed up above. I’m hoping the contributors to Invidious can clear this up. If no one replies here, I’ll open an issue on Invidious’ GitHub page asking that clarification be added to the readme on how their YoutubeAPI wrapper is not using an official YouTube API.
I’ve replied to that, I’m not satisfied. It’s a bit of a wall of text though.
TL;DR: “clean room reverse engineering” has a specific definition and I don’t believe it applies here. I do believe that the cited TOS applies to an internal API endpoint which is publicly accessible. Both things spell trouble.
I also take issue with the phrase “does not use official YouTube APIs” in the readme, but maybe that’s pedantry between “official” and “documented.”
That explanation is the most amount of nonsense I’ve read in a long time. The amount of mental gymnastics you need to non-ironically believe that is just unbelievable
i’d appreciate it if, for outsiders, you could explain why it’s “the most amount of nonsense” and “mental gymnastics” in actual detail instead of just saying that. as is, this is a very unproductive comment.
Because of course Invidious calls YouTube APIs. They call the internal APIs the same way YouTube official client calls the API. They even have the API of one of YouTube client’s in their repo. The guy’s argument is that since they reverse engineered the calls, which is fine, they don’t have to agree to YouTube’s TOS to call it, which means YouTube’s cease and desist invalid. I host my own private instance of Invidious to stream youtube audio to my phone. Of course reverse engineering is fine, scarping is fine, even the code is fine, and I’d agree that YouTube going after repos on github is wrong. But of course hosting Invidious is a violation of YouTube’s TOS.
I’ll admit I hadn’t seen that, and it sure does look like official API access. They also seem to make calls through that wrapper to access comments and plenty of other things, so it’s not just sitting there unused.
Thankfully, TheFrenchGhosty is on the Fediverse, so let’s ask him: @TheFrenchGhosty@lemmy.pussthecat.org @TheFrenchGhosty@libretooth.gr (not sure which one of these to use) How is this not using an official YouTube API?
well, there was a long thread about this on /r/selfhosted where @TheFrenchGhosty@lemmy.pussthecat.org @TheFrenchGhosty@libretooth.gr was saying pretty much what I said, but with a tad more mental gymnastics mostly about EU laws regarding reverse engineering and lack of a formal agreement between them and YouTube.
Unfortunately (or fortunately?), /r/selfhosted is private atm due to the blackout, so I’m unable to find and share thread link.
The facts are:
@TheFrenchGhosty@lemmy.pussthecat.org @TheFrenchGhosty@libretooth.gr posted all about this on GitHub, reddit, their personal blog, and contacted random media outlets like the one linked here, to complain about how “we have nothing to do with YouTube, why is YouTube bullying us”. And since everyone obviously wants to give the little guy the benefit of the doubt, everyone starts wondering how it could be that a project that’s all about providing an alternative UI for YouTube, doesn’t call YouTube.
It’s like if a movie pirating website is trying to argue
I’m all for invidious, piracy, etc. But seriously?
It’s certainly possible to scrape data from interactions with a site directly, without using its API. This is even legal - there were no gymnastics in my response there. However, that decision has since been remanded, then re-affirmed, then challenged, and then LinkedIn obtained an injuction against HiQ which the two of them are still fighting over. So it could get properly overturned.
I definitely thought it seemed like it would be difficult to do this to offer a youtube frontend, but plausible enough that I didn’t look into it. Thank you for this. I’m looking more closely now :)
If they are using undocumented internal APIs, do YouTube’s API TOS apply to those? I checked the text of the TOS and it seems to me like it should apply; they say “The YouTube API services … made available by YouTube including …”. That seems broad enough to me to cover internal APIs as well, if their endpoints are accessible, but IANAL.
Also, the open response to the C&D seems to throw shade at the TOS saying “The “YouTube API Services” means (i) the YouTube API services” but ignores that this is immediately followed by parenthetical examples and qualifiers. The TOS is defining the term so that it doesn’t have to repeatedly add the qualifiers. Nothing weird about that. That’s uh… pretty bad-faith arguing, if I’m interpreting it correctly.
Edit: assuming you refer to the same reverse engineering points that they made above… yeah.
You can’t say something that profound and leave us on a cliffhanger… Ellaborate a bit please?
They’ve (convincingly) followed up above. I’m hoping the contributors to Invidious can clear this up. If no one replies here, I’ll open an issue on Invidious’ GitHub page asking that clarification be added to the readme on how their YoutubeAPI wrapper is not using an official YouTube API.
One of the devs answered above
I’ve replied to that, I’m not satisfied. It’s a bit of a wall of text though.
TL;DR: “clean room reverse engineering” has a specific definition and I don’t believe it applies here. I do believe that the cited TOS applies to an internal API endpoint which is publicly accessible. Both things spell trouble.
I also take issue with the phrase “does not use official YouTube APIs” in the readme, but maybe that’s pedantry between “official” and “documented.”