YouTube says its policy on 'instructional' hacking videos isn't new

But a specific ban against instructional hacking could have negative consequences.

This week Kody Kinzie, co-founder of the ethical hacker group Hacker Interchange, reported that its YouTube channel had received a strike for breaking one of its rules. Which rule? A ban against "Instructional hacking and phishing: Showing users how to bypass secure computer systems." Fellow information security professionals and others -- including some Google employees -- came out in support of the Null Byte channel and its Cyber Weapons Lab series, while YouTube retracted the strike and reinstated the removed videos.

The company claimed removing the video and adding the strike was a mistake, and has taken the stance that its policy has always contained a ban against videos that encourage "dangerous and illegal behavior," including hacking. Still, as mentioned in a tweet, there are exceptions "for videos if the primary purpose is educational, documentary, scientific or artistic."

YouTube TOS

One argument against the updated policy language with a specific line asking users not to upload "instructional hacking and phishing videos" comes from someone with relevant experience. Marcus "MalwareTech" Hutchins has worked to secure networks and was able to stop the spread of the "WannaCry" ransomware, and also plead guilty to charges for writing malware years earlier.

As he explains in a blog post, making sure ethical hacking videos are accessible could keep others from experiencing a similar path:

One has to ask, where would we rather kids learn about computer security?
A site like YouTube, where security professionals will steer them in the direction of a legitimate job, six figure salaries, and strong ethics?
Or a shady forum where they will not only be exposed to crime, but criminals who believe what they are doing is both legal and ethical?