![\"youtube](\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2020\/10\/youtube-error-cipher.jpg\")
Downloading audio and video from YouTube is generally not allowed, as the video service clearly states in its terms of service. <\/p>\nDownloading audio and video from YouTube is generally not allowed, as the video service clearly states in its terms of service. <\/p>\n
Despite this restriction, there are numerous \u2018stream-ripping\u2019 tools available on the web that do just that. <\/p>\n
These tools have legal uses but they are also a thorn in the side of music industry outfits, who see them as a major piracy threat. That was illustrated once again last week when an RIAA takedown notice wiped youtube-dl off GitHub<\/a>.<\/p>\n According to the RIAA, youtube-dl violates the DMCA\u2019s anti-circumvention provisions because it bypasses YouTube\u2019s \u2018rolling cipher\u2019 technical protection measure. That sounds rather complicated, but publicly little is known about how it works.<\/p>\n To find out more we reached out to YouTube, which didn\u2019t respond to our inquiry. However, we did find out more about the \u2018rolling cipher\u2019 in a judgment from a German court in Hamburg. This 2017 verdict<\/a> was explicitly mentioned in the RIAA\u2019s takedown request to GitHub. <\/p>\n At the Hamburg court, copyright holders argued that YouTube\u2019s \u2018rolling cipher\u2019 is an effective technological protection measure under EU law. It\u2019s so complex that average users can\u2019t decipher it. <\/p>\n \u201cIn the case of the video at issue, the user would have to filter out the 22 encoded URLs from a total of 72,338 characters, then find the \u2018S variable\u2019 of each URL, decipher it \u2013 using the respectively valid, because changing key \u2013 and then the newly generated URL use to get the video,\u201d their argument was.<\/p>\n In the 2017 verdict, the court went along with this assessment ruling that encryption by the so-called \u201cS variable\u201d or \u201crolling cipher\u201d is a technical measure within the meaning of Germany\u2019s Copyright Act.<\/p>\n At TorrentFreak, we have relatively little knowledge about encryption, so it would be impossible for us to bypass this \u2018rolling cipher,\u2019 one would think. However, after a few Google searches, we learned that pretty much every browser can do this by default. <\/p>\n Once you know the trick it takes only 20 seconds or so to download the audio or video from any YouTube clip, using only a browser and no dedicated ripping tools.<\/p>\n Our \u2018deciphering\u2019 quest started in Chrome but works in Firefox and other browsers as well. Because we don\u2019t want any trouble, we used Dubioza Kolektiv\u2019s Pirate Bay song<\/a> as the test video. When that was loaded up, we opened Chrome\u2019s devtools inspector, and navigated to the \u2018network\u2019 tab. <\/p>\n The devtools inspector shows you what requests are made by a page. When we filter for the keyword \u2018audio\u2019, several URLs appear, all pointing to chopped up audio streams from the YouTube video. <\/p>\n<\/p>\n Without any encryption knowledge, we opened one of these streams in a separate browser tab. As expected, this didn\u2019t immediately bring up the full audio with the Pirate Bay song. That requires the extra step of removing the last part of the URL, which starts with \u201crange=\u201d.<\/p>\n When that\u2019s done the audio clip shows up in full and it can be played just fine. In fact, Chrome even offers the option to download it. <\/p>\n<\/p>\n While we didn\u2019t dare to go that far, we heard that it indeed saves just fine. And when the \u2018weba\u2019 extension is renamed to MP3, it will play offline too. <\/p>\n So there we have it. In just a few clicks and keystrokes we managed to bypass YouTube\u2019s copyright protection using a browser. We didn\u2019t see any rolling cipher in the process and anyone can do it.<\/p>\n That brings us back to the RIAA\u2019s takedown request and the cited court verdict, which said that \u201can average user is not able to access the video info file, let alone decipher it.\u201d Either we are geniuses or the court\u2019s statement is wrong, at least for the present situation. <\/p>\n The above is the simple conclusion, but there\u2019s more to it, which gets a bit technical.<\/p>\n After talking to several experts we learned that YouTube uses different \u2018signatures\u2019 for video URLs. Most have a fixed \u201csig\u201d parameter, but there are also others that use an \u201cs\u201d parameter. In the latter cases, the player\u2019s JavaScript is called with this \u201cs\u201d parameter which varies (or \u2018rolls\u2019).<\/p>\n That parameter shuffling is likely what rightsholders refer to with a \u2018rolling cipher.\u2019 However, this doesn\u2019t involve any real encryption and youtube-dl doesn\u2019t use it, as it simply executes the JavaScript code with a JavaScript interpreter, much like a browser does.<\/p>\n Over the past weeks, dozens of experts have chimed in about the legality or illegality of tools such as youtube-dl. We are not going to add to this, as these questions are ultimately up to a court to decide. <\/p>\n What our little quest shows, however, is that there doesn\u2019t appear to be any encryption to stop average users from downloading files in a browser. Anyone can download audio and video from YouTube without a dedicated stream-ripping tool.<\/p>\n That leads us to the final question, which we will leave unanswered. Or perhaps it answers itself. If youtube-dl is violating the DMCA because it allows people to download audio from YouTube, should browsers such as Chrome be outlawed as well?<\/p>\n From: TF<\/a>, for the latest news on copyright battles, piracy and more.<\/p>\nThe Rolling cipher<\/h2>\n
DIY Downloading From YouTube<\/h2>\n
![\"devtools\"](\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2020\/10\/devtools.jpg\")
<\/center><\/p>\n![\"download](\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2020\/10\/saveaudio.jpg\")
<\/center><\/p>\nDownloading From YouTube is Easy<\/h2>\n
But Where\u2019s the Encryption?<\/h2>\n
Stream-Rippers are Not Needed<\/h2>\n