I’ll admit I hadn’t seen that, and it sure does look like official API access. They also seem to make calls through that wrapper to access comments and plenty of other things, so it’s not just sitting there unused.
well, there was a long thread about this on /r/selfhosted where @TheFrenchGhosty@lemmy.pussthecat.org@TheFrenchGhosty@libretooth.gr was saying pretty much what I said, but with a tad more mental gymnastics mostly about EU laws regarding reverse engineering and lack of a formal agreement between them and YouTube.
Unfortunately (or fortunately?), /r/selfhosted is private atm due to the blackout, so I’m unable to find and share thread link.
The facts are:
Invidious (as an OSS project) calls undocumented internal YouTube APIs (they call it InnerTube).
Anyone can host an Invidious instance.
The main Invidious instance, i.e: https://invidious.io/ received a cease and desist from YouTube.
@TheFrenchGhosty@lemmy.pussthecat.org@TheFrenchGhosty@libretooth.gr posted all about this on GitHub, reddit, their personal blog, and contacted random media outlets like the one linked here, to complain about how “we have nothing to do with YouTube, why is YouTube bullying us”. And since everyone obviously wants to give the little guy the benefit of the doubt, everyone starts wondering how it could be that a project that’s all about providing an alternative UI for YouTube, doesn’t call YouTube.
It’s like if a movie pirating website is trying to argue
“Endgame.mp4” is just a file name. It has nothing to do with Marvel or Disney. What the hell are those greedy companies have to do with us??
I’m all for invidious, piracy, etc. But seriously?
It’s certainly possible to scrape data from interactions with a site directly, without using its API. This is even legal - there were no gymnastics in my response there. However, that decision has since been remanded, then re-affirmed, then challenged, and then LinkedIn obtained an injuction against HiQ which the two of them are still fighting over. So it could get properly overturned.
I definitely thought it seemed like it would be difficult to do this to offer a youtube frontend, but plausible enough that I didn’t look into it. Thank you for this. I’m looking more closely now :)
If they are using undocumented internal APIs, do YouTube’s API TOS apply to those? I checked the text of the TOS and it seems to me like it should apply; they say “The YouTube API services … made available by YouTube including …”. That seems broad enough to me to cover internal APIs as well, if their endpoints are accessible, but IANAL.
Also, the open response to the C&D seems to throw shade at the TOS saying “The “YouTube API Services” means (i) the YouTube API services” but ignores that this is immediately followed by parenthetical examples and qualifiers. The TOS is defining the term so that it doesn’t have to repeatedly add the qualifiers. Nothing weird about that. That’s uh… pretty bad-faith arguing, if I’m interpreting it correctly.
Edit: assuming you refer to the same reverse engineering points that they made above… yeah.
I’ll admit I hadn’t seen that, and it sure does look like official API access. They also seem to make calls through that wrapper to access comments and plenty of other things, so it’s not just sitting there unused.
Thankfully, TheFrenchGhosty is on the Fediverse, so let’s ask him: @TheFrenchGhosty@lemmy.pussthecat.org @TheFrenchGhosty@libretooth.gr (not sure which one of these to use) How is this not using an official YouTube API?
well, there was a long thread about this on /r/selfhosted where @TheFrenchGhosty@lemmy.pussthecat.org @TheFrenchGhosty@libretooth.gr was saying pretty much what I said, but with a tad more mental gymnastics mostly about EU laws regarding reverse engineering and lack of a formal agreement between them and YouTube.
Unfortunately (or fortunately?), /r/selfhosted is private atm due to the blackout, so I’m unable to find and share thread link.
The facts are:
@TheFrenchGhosty@lemmy.pussthecat.org @TheFrenchGhosty@libretooth.gr posted all about this on GitHub, reddit, their personal blog, and contacted random media outlets like the one linked here, to complain about how “we have nothing to do with YouTube, why is YouTube bullying us”. And since everyone obviously wants to give the little guy the benefit of the doubt, everyone starts wondering how it could be that a project that’s all about providing an alternative UI for YouTube, doesn’t call YouTube.
It’s like if a movie pirating website is trying to argue
I’m all for invidious, piracy, etc. But seriously?
It’s certainly possible to scrape data from interactions with a site directly, without using its API. This is even legal - there were no gymnastics in my response there. However, that decision has since been remanded, then re-affirmed, then challenged, and then LinkedIn obtained an injuction against HiQ which the two of them are still fighting over. So it could get properly overturned.
I definitely thought it seemed like it would be difficult to do this to offer a youtube frontend, but plausible enough that I didn’t look into it. Thank you for this. I’m looking more closely now :)
If they are using undocumented internal APIs, do YouTube’s API TOS apply to those? I checked the text of the TOS and it seems to me like it should apply; they say “The YouTube API services … made available by YouTube including …”. That seems broad enough to me to cover internal APIs as well, if their endpoints are accessible, but IANAL.
Also, the open response to the C&D seems to throw shade at the TOS saying “The “YouTube API Services” means (i) the YouTube API services” but ignores that this is immediately followed by parenthetical examples and qualifiers. The TOS is defining the term so that it doesn’t have to repeatedly add the qualifiers. Nothing weird about that. That’s uh… pretty bad-faith arguing, if I’m interpreting it correctly.
Edit: assuming you refer to the same reverse engineering points that they made above… yeah.