The heuristics powering this, as well as the Windows Defender whitelisting, are terrible.
My understanding is that a specific binary needs to become popular for it to stop being flagged. This creates a chicken and egg problem. Users are not incentivized to use the program with the warning. But removing the warning requires many people to ignore the warning.
This is a big problem for anyone writing Windows software. An indie developer or small open source project is not going to do well with this.
for what it is worth, when downloading the latest .exe from github, firefox says "this file is not commonly downloaded" and i have to select "allow download".
scans of it are fine.
probably just a heuristic-based false-positive, and not a news-worthy story of chrome abusing their monopoly or whatever.
Google has been anti yt-dlp before it was forked. They also have rules that carve out tools like this from their extension store and at Android, except enforcement is lacking sometimes.
Google is terrified of users having access users control to their video content.
Because people download viruses from the internet all the time? "Common sense antivirus" might work fine if you're technically inclined, but that's not the case for everyone.
By the same standard, Chrome itself is "a tool to download files from Google's servers." Chrome doesn't only download from Google's servers, but the same thing applies to yt-dlp.
I'm equally not "surprised" by their bad behavior, but that shouldn't stop us from condemning Google for unethically misleading people and engaging in browser monopoly abuse.
---
EDIT: holding up (hilariously) RIAA lawyers as ethical role models only proves my point, thanks.
Actually that is what they want you to believe. Behind the scenes, secretly Chrome is mostly "a tool to upload files to Google's servers" but because it does not require any actions from the user to do that, many people miss that part.
> Chrome itself is "a tool to download files from Google's servers."
...legitimately. While Google (I will reinforce: Google, not everyone) sees downloading of the videos and other content from the YouTube by third-party services as illegitimate because of YouTube's ToS. After all, they're making money from the YouTube Premium and "Download" option provided by it, so things like that are kinda expected to happen.
And no, I don't agree that it's right. While I can understand the position of Google, the method they (allegedly) used here... Well... I don't even know what to say. That's plainly wrong, in my opinion. After all, "download" is defined as "To transfer (data or a program) from a central computer or website to a peripheral computer or device." by The American Heritage Dictionary of the English Language (5th Edition), so when you just watch videos, you download them already, don't you? What about watching them in browser, somewhere in embed on some website? Does that constitute a legitimate client (I guess so, because most of embeds still use YouTube Player after all)? That just makes me laugh : )
I am sure that RIAA lawyers would rofl at this yt-dlp labelling being an example of Google "... unethically misleading people and (committing) browser monopoly abuse". I want to live in that fantasy world with you though.
Come to our fantasy Linux land anytime you want. We circumvent all of the strange things both RIAA, MPAA, Google and many other companies do to attempt to lock information into a box with only one hole they allow you to look through.
Our fantasy land gets better every time your reality gets worse.
Which link exactly did you try to use? Or what specific version on the Github releases page? I checked both the latest windows and macos versions against Google Safe Browsing and all were fine.
Agree with sibling comment as someone who used Zen for many months, maybe as long as a year or two. It constantly breaks and often stays broken in small but fundamentally important ways, to the point that I just switched back to FF last week and am glad to be off the roller coaster. Before Zen I had tried Arc and left for a lot of the same reasons.
For all of the (valid) criticism against FF, it's still the best available browser that's not just an experiment IMHO.
Edit to add: part of the switch back is that FF now supports, to some degree, all the features I was using Zen for: vertical tabs (needs customization but works well enough), custom search "engines" (ie, shortcuts), split view, not-Chrome
I daily drove Zen for months. The design and implementation are overall fantastic. Unfortunately it still has chronic performance issues, gobbling up CPU randomly - and they don't seem to be too focused on despite it being a commonly reported issue.
I don't want to burn out my battery quicker than usual, so I was forced to switch off. I'm currently trying Orion instead and have been loving it - aside from several poorly implemented websites just not working on it. And the Cloudflare false positives, but that's as much or more an issue on Zen.
Website compatibility is inconsistent, extension compatibility is a slog, the desktop UI is confusing and nonstandard, WebKit itself is woefully incomplete, and on non-Apple platforms WebKit barely works covers conformance tests even with hardware acceleration disabled.
I don't use macOS anymore, but when I did I used Firefox without missing out on anything Safari would have given me. Now that I've abandoned macOS I don't think I can name one advantage of installing a WebKit browser on my system versus something Chromium-based.
Google needs to be at least what four companies.. gcp, youtube, search, workspaces...
Apple needs to be at least two hardware/os, music/tv+
Microsoft, meta, etc, Monopolies are bad and our SEC/FTC/Government is doing a poor job of controlling them. At least as equally trecherous are these businesses that overly vertically integrate... anyways, we're fucked.
Where is the incivility? If anything it's coming from those who project their simplistic ideas of others unto the complexity of others' persons to pigeonhole them into their own idiosyncratic mental categories.
The amounts of times someone invented something that was important to them and then never make any money from it only for some other entity to make tons of money from it is way too high.
The heuristics powering this, as well as the Windows Defender whitelisting, are terrible.
My understanding is that a specific binary needs to become popular for it to stop being flagged. This creates a chicken and egg problem. Users are not incentivized to use the program with the warning. But removing the warning requires many people to ignore the warning.
This is a big problem for anyone writing Windows software. An indie developer or small open source project is not going to do well with this.
>My understanding is that a specific binary needs to become popular for it to stop being flagged. This creates a chicken and egg problem.
Given the recent npm axios compromise this sounds like a pretty smart move?
Conveniently M$ lets you buy a signing certificate to fix this.
https://stackoverflow.com/questions/48946680/how-to-avoid-th...
Last I checked they can still quarantine your binary if it's properly signed and they decided it hasn't gained traction.
for what it is worth, when downloading the latest .exe from github, firefox says "this file is not commonly downloaded" and i have to select "allow download".
scans of it are fine.
probably just a heuristic-based false-positive, and not a news-worthy story of chrome abusing their monopoly or whatever.
Isn’t firefox using Google “safe browsing” database ?
The binaries they offer are complied using PyInstaller, which can give false positives in anti virus software.
Google has been anti yt-dlp before it was forked. They also have rules that carve out tools like this from their extension store and at Android, except enforcement is lacking sometimes.
Google is terrified of users having access users control to their video content.
yt-dlp breaks YouTube’s DRM. They could easily get the repo removed under the DMCA. They don’t.
Why would a browser(be designed to) care about this?
Because people download viruses from the internet all the time? "Common sense antivirus" might work fine if you're technically inclined, but that's not the case for everyone.
You could also ask why Android care about banning side loading to "prevent scams and spyware", and I honestly don't have an answer at all.
Because Google owns Youtube.
To protect the normies from harmful malware… not on their approved vendor list.
Reminds me of how Bing search for Google takes people to a page meant to resemble Google.com. Can't trust huge companies.
But as others have pointed out, it's probably a coincidence in this case. But who knows.
"Never let a good tragedy go to waste"
It's funny such a big corporations can't let such a small tool live.
Google is such an evil company, it is not even provided anything great anymore.
Anti-gravity paid plans suck, GCP is billing heavy. Today google sucks at most things
Their Android playstore hardly updates statistics once a day, so much for such a big data company with unlimited sources lol
Clear conflict of interest enabled by anti trust not being enforced.
Firefox gives a similar warning.
Which is why I download it from my Linux distribution's package manager. It's available on Termux too.
So, Google's browser says downloading a tool to download files from Google's servers is "Suspicious"? Not surprising.
By the same standard, Chrome itself is "a tool to download files from Google's servers." Chrome doesn't only download from Google's servers, but the same thing applies to yt-dlp.
I'm equally not "surprised" by their bad behavior, but that shouldn't stop us from condemning Google for unethically misleading people and engaging in browser monopoly abuse.
---
EDIT: holding up (hilariously) RIAA lawyers as ethical role models only proves my point, thanks.
Actually that is what they want you to believe. Behind the scenes, secretly Chrome is mostly "a tool to upload files to Google's servers" but because it does not require any actions from the user to do that, many people miss that part.
Oops we accidentally stole, indexed and resold all your data. Sorry.
> Chrome itself is "a tool to download files from Google's servers."
...legitimately. While Google (I will reinforce: Google, not everyone) sees downloading of the videos and other content from the YouTube by third-party services as illegitimate because of YouTube's ToS. After all, they're making money from the YouTube Premium and "Download" option provided by it, so things like that are kinda expected to happen.
And no, I don't agree that it's right. While I can understand the position of Google, the method they (allegedly) used here... Well... I don't even know what to say. That's plainly wrong, in my opinion. After all, "download" is defined as "To transfer (data or a program) from a central computer or website to a peripheral computer or device." by The American Heritage Dictionary of the English Language (5th Edition), so when you just watch videos, you download them already, don't you? What about watching them in browser, somewhere in embed on some website? Does that constitute a legitimate client (I guess so, because most of embeds still use YouTube Player after all)? That just makes me laugh : )
I am sure that RIAA lawyers would rofl at this yt-dlp labelling being an example of Google "... unethically misleading people and (committing) browser monopoly abuse". I want to live in that fantasy world with you though.
Come to our fantasy Linux land anytime you want. We circumvent all of the strange things both RIAA, MPAA, Google and many other companies do to attempt to lock information into a box with only one hole they allow you to look through.
Our fantasy land gets better every time your reality gets worse.
`brew install yt-dlp` or `scoop install yt-dlp` :)
Yep. Never send a web browser to do a package manager's job.
Linux user here unaffected as I get it straight from my command line.
You wouldn't download a downloader.
Interesting to inspect any telemetry on this. Could end up on a list.
Which link exactly did you try to use? Or what specific version on the Github releases page? I checked both the latest windows and macos versions against Google Safe Browsing and all were fine.
I can't reproduce this either, OP is light on details.
Chrome for work, Safari or Arc for everything else. I envy you if your use of yt-dlp is work related.
you almost got it rigth. safari and arc are as bad as chrome. arc is just stable-chrome (it will have the same nonsense with a custom ui next release)
firefox sadly is still what you should use.
I started giving a try to Zen (based on firefox) a few days ago. I like it especially while heavily relying on a tiling window manager.
Agree with sibling comment as someone who used Zen for many months, maybe as long as a year or two. It constantly breaks and often stays broken in small but fundamentally important ways, to the point that I just switched back to FF last week and am glad to be off the roller coaster. Before Zen I had tried Arc and left for a lot of the same reasons.
For all of the (valid) criticism against FF, it's still the best available browser that's not just an experiment IMHO.
Edit to add: part of the switch back is that FF now supports, to some degree, all the features I was using Zen for: vertical tabs (needs customization but works well enough), custom search "engines" (ie, shortcuts), split view, not-Chrome
I daily drove Zen for months. The design and implementation are overall fantastic. Unfortunately it still has chronic performance issues, gobbling up CPU randomly - and they don't seem to be too focused on despite it being a commonly reported issue.
I don't want to burn out my battery quicker than usual, so I was forced to switch off. I'm currently trying Orion instead and have been loving it - aside from several poorly implemented websites just not working on it. And the Cloudflare false positives, but that's as much or more an issue on Zen.
Why is Safari as bad as Chrome?
Website compatibility is inconsistent, extension compatibility is a slog, the desktop UI is confusing and nonstandard, WebKit itself is woefully incomplete, and on non-Apple platforms WebKit barely works covers conformance tests even with hardware acceleration disabled.
I don't use macOS anymore, but when I did I used Firefox without missing out on anything Safari would have given me. Now that I've abandoned macOS I don't think I can name one advantage of installing a WebKit browser on my system versus something Chromium-based.
break this shit up, break all of this shit up.
Google needs to be at least what four companies.. gcp, youtube, search, workspaces...
Apple needs to be at least two hardware/os, music/tv+
Microsoft, meta, etc, Monopolies are bad and our SEC/FTC/Government is doing a poor job of controlling them. At least as equally trecherous are these businesses that overly vertically integrate... anyways, we're fucked.
It's over. The internet culture of the 20th and early 21st century has been appropriated for profit.
No it's not, and no it hasn't. That old Internet is still there, you just stopped going to it.
You going to assume my gender and race next? The bulk of my output on the internet is not on port 443.
You are not under attack. It’s just someone disagreeing with you. Please keep things civil.
Where is the incivility? If anything it's coming from those who project their simplistic ideas of others unto the complexity of others' persons to pigeonhole them into their own idiosyncratic mental categories.
We built it on enthusiasm for enthusiasts and for that reason alone, it became something great.
Then they stole it all for profit.
Probably not the first time in history this has happened.
The amounts of times someone invented something that was important to them and then never make any money from it only for some other entity to make tons of money from it is way too high.
And hopefully not the last