One user, Kody, a self-described infosec researcher, writer and researcher who has created a YouTube series known as Cyber Weapons Lab, discovered the new restriction when he was contemplating uploading a video about launching fireworks over Wi-Fi to mark American Independence Day which falls on 4 July (5 July in Australia).
In a tweet thread, he said YouTube had given him a strike about an earlier video detailing the WPS-Pixie Wi-Fi vulnerability and he had been unable to even try uploading the fireworks video.
Just a clarification, we haven't even uploaded the firework video. We can't due to a strike on a video about the WPS-Pixie Wi-Fi vulnerability. YouTube has never seen the firework video and it is not why we got a strike.— Kody (@KodyKinzie) July 3, 2019
"YouTube now bans: 'Instructional hacking and phishing: Showing users how to bypass secure computer systems'," he wrote in a tweet.
And it provides the following list:
- Extremely dangerous challenges: Challenges that pose imminent risk of physical injury.
- Dangerous or threatening pranks: Pranks that lead victims to fear imminent serious physical danger, or that create serious emotional distress in minors.
- Instructions to kill or harm: Showing viewers how to perform activities meant to kill or maim others, such as providing instructions on how to build a bomb meant to injure or kill people.
- Hard drug use or creation: Content that depicts people abusing controlled substances such as cocaine or opioids, or content providing instructions on how to create drugs. Hard drugs are defined as drugs that can (mostly) lead to physical addiction.
- Eating disorders: Content in which people suffering from anorexia or other eating disorders are praised for weight loss, are bragging about it, or are encouraging others to imitate the behaviour.
- Violent events: Promoting or glorifying violent tragedies, such as school shootings.
- Instructional theft: Showing users how to steal money or tangible goods.
- Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data.
Google itself has a division known as Project Zero which releases details of software vulnerabilities after 90 days of notifying the vendor, no matter whether the bugs are fixed or not.
This has brought the company into conflict with Microsoft on occasion, with one recent spat pitting Google researcher Tavis Ormandy against security industry veteran Richard Bejtlich.
Prior to that, Microsoft and Google have exposed bugs in each other's software, seemingly resorting to tit-for-tat on occasion.
Kody added: "I'm worried for everyone that teaches about infosec and tries to fill in the gaps for people who are learning. It is hard, often boring, and expensive to learn cyber security."
iTWire has contacted Google for comment.