I am missing a party in this discussion: The role of the github monoculture. Because all these repos are hosted by the same party, one lawyer writing one letter can cause global disruption.<p>Github did nothing wrong here. They got an important, maybe controlling share of the market by creating a great product. While they might have a monopoly, I see no abuse of it.<p>But that's irrelevant for the rest of the world. The simple existance of the monoculture makes all of us vulnerable to attacks.
It was one thing when it was the RIAA that was coming for our repositories. Now that it is Google, I'm extremely sad and disappointed.<p>I think the time has come for there to be a repository hosting service that is based somewhere in Switzerland :)
Only Level 3, sadly, which means it can decrypt Standard Definition (480p) videos. This has been out for a while.<p>Some reputable people in the pirating industry have actually cracked Level 1, which means they can decrypt 4K! :-)
<i>In addition to this request, we have filed a separate Sensitive Data takedown request of this file: /widevine-l3-decryptor as it contains the secret Widevine RSA private key, which was extracted from the Widevine CDM and can be used in other circumvention technologies</i><p>They are practically asking for Streisand Effect... if you distribute your key with the software, then whatever form it is in, I would not consider it "private" at all!
Trying to get Widevine going on iOS / macOS has been a royal pain in the ass so far (crashes when you touch the lib while having a debugger attached, so you can't even debug your own code unless you swap in a severely castrated development version that only works on the simulator) and Google guards access to the official libs and docs like it's the precioussss.<p>To me this is just one of the many developer hostile steps I've seen. I understand they don't want you to access illegal content too easily but honestly the only thing that could drive me back to Torrenting is the declining quality of content on Netflix & co.
I honestly believe this is just a small component, which is a part of the long term strategy of the RIAA and others: a periodical check to test the waters to see where public opinion is at, to be able to guage if they can implement more dramatic and restrictive DRM mechanisms yet [1].<p>They are either 1) waiting for us to be too exhausted to notice/care/fight back, or 2) seeing whether they have to go further to 'protect content creators' by lobbying for more draconian laws that allow for the use of new DRM strategies. It reminds me of reading about how Corporate personhood was invented to protect freed slaves [2], yet is now used as a way for business owners to avoid personal liability/responsibility. One could even argue that Corporate personhoood is one of the most destructive forces that exists today; causing some of the worst crimes in modern history [3].<p>It's important we continue to fight back and set a precedent for protecting users over corporations or governments.<p>[1] <a href="https://en.wikipedia.org/wiki/The_Right_to_Read" rel="nofollow">https://en.wikipedia.org/wiki/The_Right_to_Read</a><p>[2] <a href="https://www.history.com/news/14th-amendment-corporate-personhood-made-corporations-into-people" rel="nofollow">https://www.history.com/news/14th-amendment-corporate-person...</a><p>[3] <a href="https://www.counterpunch.org/2013/02/05/corporate-personhood-and-the-culture-of-pathology/" rel="nofollow">https://www.counterpunch.org/2013/02/05/corporate-personhood...</a>
Wherein, Google asserts a copyright on the API for their license system, the protobuf file. Maybe this file is more creative than the Java APIs?<p>Additionally, the Git repo contains several files that violate Google’s copyrights:
Google license_protcol.proto (see Google copyright at the top of the file): /widevine-l3-decryptor/blob/main/license_protocol.proto
Isn't DRM... Completely fucking pointless? I can go on The Pirate Bay and find 4K rips of all movies and shows I want. If DRM can't prevent that, what's the point?<p>All it does is infringe on our rights to be able to do what we want on our own devices. It's crazy.
This might be a good explanation why my Philips 55POS9002 oled tv can no longer stream 4K with Netflix/Prime/YouTube. A Widevine certificate was revoked for some Philips TVs. Maybe the RSA key was leaked in the Philips firmware.
They should host the software in France, like VideoLan.<p><a href="https://www.videolan.org/legal.html" rel="nofollow">https://www.videolan.org/legal.html</a><p>>>> Are libdvdcss and libaacs legal? libdvdcss is a library that can find and guess keys from a DVD in order to decrypt it. This method is authorized by a French law decision CE 10e et 9e soussect., 16 juillet 2008, n° 301843 on interoperability.<p>>>> Patents and codec licenses. Neither French law nor European conventions recognize software as patentable (see French section below). Therefore, software patents licenses do not apply on VideoLAN software.
Looks like someone missed the most recent forks. There are still a number of repos not listed in the DMCA complaint that have the extension content: <a href="https://github.com/tomer8007/widevine-l3-decryptor/network/members" rel="nofollow">https://github.com/tomer8007/widevine-l3-decryptor/network/m...</a>
Is this a leak? Was it previously publicly known? Will this allow me to watch netflix on my arm linux box like DeCSS allowed me to watch DVD's in early 2000's?
Google says API’s can be copyrighted now. I thought the oracle case was ongoing:<p>> <i>Additionally, the Git repo contains several files that violate Google’s copyrights:
Google license_protcol.proto (see Google copyright at the top of the file): /widevine-l3-</i>
Funny how people think anyone cares to hide this key after it is out now.<p>Leaked = known<p>Do they need to take action? Obvious but not because the key is out but because it would look bad if Google wouldn't do anything.<p>Content providers might hesitate to do deals like this again.
I'm generally of the opinion that if a creator doesn't want you to watch or listen to something, you shouldn't watch or listen to it.<p>The solution to DRM is not to work around it, it is that everyone refuses to use or pay for it.
Say what you want about fossil[0], but having the issues be part of the repo would come in real handy in times like this.<p>0: <a href="https://fossil-scm.org" rel="nofollow">https://fossil-scm.org</a>
<a href="https://github.com/github/dmca/pull/8283" rel="nofollow">https://github.com/github/dmca/pull/8283</a>
added widevine decryptor to dmca
idk if theyll take it down
Github is an abusive Lawyer's dream. One DMCA notice and they can DDOS thousands of volunteers work.<p>While Git itself is fairly decentralized, we need a user-friendly GUI and project management system.
After RIAA stunt corporations see that Github is weak. They are coming for your repos! I wish Microsoft would have stood up for the community, but for them it is all about profit.
The keys they are trying to suppres can be found at many locations now, one of them is <a href="https://pastebin.com/QxhukwBR" rel="nofollow">https://pastebin.com/QxhukwBR</a>
At least in the past it seems like China doesn't care about copyright or the DMCA. Why not host a repository there? There are a lot of ethical issues but if your goal is to avoid the DMCA, why not?
Really Google? Shame on you. We can't trust our industry peers anymore than the RIAA and MPAA? Seriously?<p>Whatever happened to the Google that started "chilling effects" as an act of civil disobedience?
at least thanks to git a lot of people have a full local repo copies and can restore them online fast, maybe not in github, but anywhere else<p>btw, if would be nice if git would allow a salt be configured per repo for their hashes, and if needed to resalt whole repo; this would make commit bashed censor like github does impossible and expensive and unreliable if they need to hash all files
just gonna put this right here
<a href="https://docs.ipfs.io/how-to/host-git-style-repo/" rel="nofollow">https://docs.ipfs.io/how-to/host-git-style-repo/</a>
so......... can any one here in clear terms explain how to use this.... that chrome only extension thing is hot right now but i read somewhere its windows only..
Just to quickly help the Streisand effect, this is the private key, extracted from [1]:<p>-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC10dxEGINZbF0nIoMtM8705Nqm6ZWdb72DqTdFJ+UzQIRIUS59lQkYLvdQp71767vz0dVlPTikHmiv
dYHRc7Fo6JsmSUsGR3th+fU6d1Wt6cwpMTUXj/qODmubDK/ioVDW7wz9OFlSsCBvylOYp9v2+u/VXwACnBXNxCDezjx4RKcqMFT31WTxqU9OM9J86ChMOW4bFA41aLAJ
ozB+02xis7OV175XdQ5vkVXM9ys6ZoRF/K6NXeHiwcZFtMKyphXAxqU7uGY2a16bC3TEG5/km6Jru3Wxy4nKlDyUjWISwH4llWjdSi99r2c1fSCXlMCrW0CHoznn+22l
YCKtYe8JAgMBAAECggEAGOPDJvFCHd43PFG9qlTyylR/2CSWzigLRfhGsClfd24oDaxLVHav+YcIZRqpVkr1flGlyEeittjQ1OAdptoTGbzp7EpRQmlLqyRoHRpT+MxO
Hf91+KVFk+fGdEG+3CPgKKQt34Y0uByTPCpy2i10b7F3Xnq0Sicq1vG33DhYT9A/DRIjYr8Y0AVovq0VDjWqA1FW5OO9p7vky6e+PDMjSHucQ+uaLzVZSc7vWOh0tH5M
0GVk17YpBiB/iTpw4zBUIcaneQX3eaIfSCDHK0SCD6IRF7kl+uORzvWqiWlGzpdG2B96uyP4hd3WoPcZntM79PKm4dAotdgmalbueFJfpwKBgQDUy0EyA9Fq0aPF4LID
HqDPduIm4hEAZf6sQLd8Fe6ywM4p9KOEVx7YPaFxQHFSgIiWXswildPJl8Cg5cM2EyMU1tdn5xaR4VIDk8e2JEDfhPtaWskpJp2rU2wHvAXOeAES7UFMrkhKVqqVOdbo
IhlLdcYp5KxiJ3mwINSSO94ShwKBgQDavJvF+c8AINfCaMocUX0knXz+xCwdP430GoPQCHa1rUj5bZ3qn3XMwSWa57J4x3pVhYmgJv4jpEK+LBULFezNLV5N4C7vH63a
Zo4OF7IUedFBS5B508yAq7RiPhN2VOC8LRdDh5oqnFufjafF82y9d+/czCrVIG43D+KO2j4F7wKBgDg/HZWF0tYEYeDNGuCeOO19xBt5B/tt+lo3pQhkl7qiIhyO8KXr
jVilOcZAvXOMTA5LMnQ13ExeE2m0MdxaRJyeiUOKnrmisFYHuvNXM9qhQPtKIgABmA2QOG728SX5LHd/RRJqwur7a42UQ00Krlr235F1Q2eSfaTjmKyqrHGDAoGAOTrd
2ueoZFUzfnciYlRj1L+r45B6JlDpmDOTx0tfm9sx26j1h1yfWqoyZ5w1kupGNLgSsSdimPqyR8WK3/KlmW1EXkXIoeH8/8aTZlaGzlqtCFN4ApgKyqOiN44cU3qTrkhx
7MY+7OUqB83tVpqBGfWWeYOltUud6qQqV8v8LFsCgYEAnOq+Ls83CaHIWCjpVfiWC+R7mqW+ql1OGtoaajtA4AzhXzX8HIXpYjupPBlXlQ1FFfPem6jwa1UTZf8CpIb8
pPULAN9ZRrxG8V+bvkZWVREPTZj7xPCwPaZHNKoAmi3Dbv7S5SEYDbBX/NyPCLE4sj/AgTPbUsUtaiw5TvrPsFE=
-----END PRIVATE KEY-----<p>[1] <a href="https://archive.softwareheritage.org/browse/origin/content/?origin_url=https://github.com/tomer8007/widevine-l3-decryptor&path=content_key_decryption.js" rel="nofollow">https://archive.softwareheritage.org/browse/origin/content/?...</a>