- Of the many videos hosted by Reddit, some are hosted externally (e.g., by YouTube, Imgur, Gfycat). Some are hosted by Reddit itself.
- There is no easy, "native" way to download rhe videos hosted by Reddit itself.
- SaveVideo is a Reddit bot that can be summoned by mentioning it in a comment. When mentioned, /u/SaveVideo will reply with a direct link to the linked video.
- The creator of SaveVideo (an independent developer) received a fake takedown notice and, interpreting the notice as legitimate, shut down the bot.
- Widespread backlash against the decision garnered the attention of Reddit admins, culminating in this update.
The strangest thing about the attached PDF is that it seems to have the footer from Reddit’s Zendesk system attached. I don’t really understand how or why the attacker would have either edited a Zendesk page, or submitted a ticket, then exported the PDF, and then sent it to the hosting provider. Further, how did the hosting provider evaluate this notice and why did they determine that it was legitimate? It seems to commingle vague legal threats and the Reddit Terms of Service, when the trademark violations enough would normally warrant some action.
What compliance or security team evaluated this? There isn’t even a physical address for legal correspondence, or any letterhead from a law firm? It doesn’t even include boilerplate invoking DMCA! It just references 15 USC section 1063, which is trademark law!
I could see a provider reacting to a fake notice that’s seemingly real, but forged. But the fact that they reacted without any mention of DMCA and vague perceived references to ToS makes me think the provider dropped the ball badly here. I don’t see why they would have taken action or forwarded it.
Edit: I guess I could see forwarding akin to “we got this thing that doesn’t seem legit?” but that’s about it. If they wanted to invoke the ICANN domain trademark conflict process, they would have sent it to the registrar or another governing body. The whole thing is just really odd.
It's pretending to be a notice from Reddit about TOS violations, not a legal notice. The wording is indeed pretty bizarre on closer inspection ("will face strict verdict from USA Jurist section"), but a hosting provider who sees this is unlikely to read very far beyond the first page, which does sound reasonably plausible.
There is no mention in the linked reddit post that the bot's hosting provider took any action in response to the notice. I can't see any such action mentioned anywhere else.
What's the motive for someone going through the effort of faking a good enough take-down notice? There's no immediate financial gain. I doubt there's a reddit bot competitor that somehow needs the extra market share, whatever market it would be. This smells like reddit admins walking back after a lawyer on the staff got too feisty, but the original takedown notice PDF cites Huffman as approving it. Not that I support his recent steering of the business, but it names names. And it doesn't look to be the caliber of writing I would expect from a top 500 visited website's company's legal team
This whole thing is fishy as heck. I've mostly stopped caring about that site, since it's become an astro-turfing testbed, but my latent fondness of the good ole days has got me curious about this.
Not everything needs a financial motive, sometimes people are just assholes with too much time on their hands. For example, the Titanfall games have been made pretty much unplayable because someone got mad at the company for not giving the games enough attention, so they've been DDoS'ing the servers for a long time.
> What's the motive for someone going through the effort of faking a good enough take-down notice?
I doubt it takes that much effort. If I recall correctly the whole idea originated from some 4ch spin-off a couple of weeks ago. Someone probably just picked it up and simply did it, because ... well, "reddit is cancer".
I could vaguely imagine someone wanting to snag the domain from the original dev for fifty bucks and spin up a site to ‘save reddit videos... if you give us your phone number’.
One of the likely motives: Taking out a free competing system so your own, paid/"ad-supported"/"spyware-supported" SaaS service for downloading videos gets more exposure. It's astonishing how many scam sites operate with the "download a video from anywhere after installing my 'downloader app'" premise.
That being said, I do think reddit admins backpedaling on something that blew up in their faces to be a much more likely explanation.
How to prevent fake notices from causing this harm? A malicious actor could easily send a bunch of these (or just a few) fake notices well enough to scare people to taking content down
The safe harbor provisions mean the service provider has the obligation to remove the content upon receipt of a notice, genuine or not. The law was designed with the assumption that the courts are the proper forum to resolve issues like this - unfortunately legislators were not thinking of social media when the DMCA was written.
You would probably be appalled at the grammatical errors that make their way through the courts without any correction.
On one hand - lawyers are hired to know the law, not grammar. On the other hand - one would think enough reading of legal texts would filter out some bad issues. Perhaps it's now at the point where lawyers are learning bad grammar from their legal studies.
The sentence that really got me was where the PDF states
>you (owner of Redditsave.com) are responsible for paying your Attorney’s monthly bills.
I don't know if the snarky replies to you have actually read the PDF -- some of the EGREGIOUS grammatical errors should've at the very least set someone's spidey senses tingling about the legitimacy of the takedown notice (or, "Website Take Down", in its own words).
Some choice selections (with my comments in parentheses) :
> (The whole section under "Misusing Reddit's API" is clearly written by someone for whom English is not a first language.)
> Breaking Redditquette (Redditquette?)
> You must "Take Down Redditsave.com and its services" within 3-4 days otherwise- We are
going to file a lawsuit under trademark infringement US law U.S.C. § 1063 section. (The totally random quoting and capitalisation doesn't make sense)
> As Redditsave.com misused the Media API and costs Bandwidth of Reddit servers, we need a "Compensation Penalty" of 1,000,000 or 1 Million American Dollars. (The totally random quoting and capitalisation doesn't make sense, and legalese wouldn't call it "American Dollars" imho)
> If you failed to pay the compensation will face strict verdict from USA Jurist section. (Gibberish)
> Then, We hardly advised to takedown the mentioned services also. (Gibberish)
SaveVideo is not open sourced I believe, but I'd guess they look at the video page, get the various bitrates from the settings (or just cycle through the limited options and see what doesn't 403/404), and just direct-link to those URLs. With this knowledge, the following charge in the PDF should've tipped them off as well.
> To our knowledge, the URLs indicated provide access to a service (and/or software) that circumvents Reddit's rolling cipher, a technical protection measure, that protects our members’ works on Reddit from unauthorized copying/downloading.
The first paragraph of the fake takedown notice contains the sentence: "We took every report seriously", which doesn't make a lot of sense (the canonical phrasing is, of course, "We take every report seriously").
It's very unlikely a lawyer acting on Reddit's behalf would write this. In any case, the least one can do when receiving a C&D notice is to reach out to the other party to understand their problem and demands.
I swear, the Reddit mobile site is the biggest piece of shit I have seen in a long time. First, it asks you every single time to use the app, even if you hit no every single time. Then it shows you literally 3 comments before you scroll into some other random fucking post that I don't care about. Fuck Reddit.
The worst part is on a technical level it works fine. It is intentionally crippled for business reasons. They have also been trying to optimise for consuming as much content as fast and for as long as possible. Showing full comment threads and then ending the page is a prompt for someone to finish reading and turn off their phone while if you can show them a never ending stream of crap they will view for longer and see more adverts.
I wonder if leadership has intentionally made the decision that losing users to mobile frustration and third party apps is worth it to increase first party app conversion or if they're just ignorant.
On my iPhone I use a shortcut from the share pane which opens up the current page in Narwhal. It's another step but makes it a much better user experience than the mobile site.
Personally I believe one of the worst social media services when it comes to straight up propaganda, manipulation, indoctrination, and radicalization has got to be Reddit.
While I’m glad that SaveVideo is back, it doesn’t hide the fact that the Admins make really stupid and user hostile decisions and it was entirely within the realm of possibility that they’d ban SaveVideo.
I wasn't here for the news yesterday. What exactly happened any why is this user hostile? I can see how it's within the realm of possibility that SaveVideo is hosting copyrighted content. For example, I've seen a lot of clips from TikToks, YouTube videos, and even movies reposted on reddit and then saved.
[+] [-] kuyan|4 years ago|reply
- Of the many videos hosted by Reddit, some are hosted externally (e.g., by YouTube, Imgur, Gfycat). Some are hosted by Reddit itself.
- There is no easy, "native" way to download rhe videos hosted by Reddit itself.
- SaveVideo is a Reddit bot that can be summoned by mentioning it in a comment. When mentioned, /u/SaveVideo will reply with a direct link to the linked video.
- The creator of SaveVideo (an independent developer) received a fake takedown notice and, interpreting the notice as legitimate, shut down the bot.
- Widespread backlash against the decision garnered the attention of Reddit admins, culminating in this update.
[+] [-] fastssd|4 years ago|reply
[+] [-] anoraca|4 years ago|reply
[+] [-] Shank|4 years ago|reply
What compliance or security team evaluated this? There isn’t even a physical address for legal correspondence, or any letterhead from a law firm? It doesn’t even include boilerplate invoking DMCA! It just references 15 USC section 1063, which is trademark law!
I could see a provider reacting to a fake notice that’s seemingly real, but forged. But the fact that they reacted without any mention of DMCA and vague perceived references to ToS makes me think the provider dropped the ball badly here. I don’t see why they would have taken action or forwarded it.
Edit: I guess I could see forwarding akin to “we got this thing that doesn’t seem legit?” but that’s about it. If they wanted to invoke the ICANN domain trademark conflict process, they would have sent it to the registrar or another governing body. The whole thing is just really odd.
[+] [-] Clewza313|4 years ago|reply
[+] [-] aasasd|4 years ago|reply
[+] [-] spuz|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] desine|4 years ago|reply
This whole thing is fishy as heck. I've mostly stopped caring about that site, since it's become an astro-turfing testbed, but my latent fondness of the good ole days has got me curious about this.
[+] [-] hn8788|4 years ago|reply
https://twitter.com/alphaINTEL/status/1414551059528306688
[+] [-] numlock86|4 years ago|reply
I doubt it takes that much effort. If I recall correctly the whole idea originated from some 4ch spin-off a couple of weeks ago. Someone probably just picked it up and simply did it, because ... well, "reddit is cancer".
[+] [-] aasasd|4 years ago|reply
[+] [-] DocTomoe|4 years ago|reply
That being said, I do think reddit admins backpedaling on something that blew up in their faces to be a much more likely explanation.
[+] [-] dang|4 years ago|reply
Reddit tells “Save Video” bot to shut down or face lawsuit - https://news.ycombinator.com/item?id=27820874 - July 2021 (5 comments)
An impersonator issued a fake Reddit take down notice against SaveVideo - https://news.ycombinator.com/item?id=27818514 - July 2021 (366 comments)
[+] [-] corin_|4 years ago|reply
[+] [-] skunkworker|4 years ago|reply
[+] [-] schelling42|4 years ago|reply
F12 -> Network -> Sort by Size -> Top entry is the direct link to the video. (Usually named DASH_720 or similar.)
[+] [-] crtasm|4 years ago|reply
[+] [-] nthitz|4 years ago|reply
[+] [-] kumarm|4 years ago|reply
Google removed the app immediately and informed us. By the time Google looked at our counter and reinstated the app, Holiday season was over.
Google got lot better in last 10 years related to DMCA on apps though.
[+] [-] sidechaining|4 years ago|reply
[+] [-] snuxoll|4 years ago|reply
[+] [-] desine|4 years ago|reply
On one hand - lawyers are hired to know the law, not grammar. On the other hand - one would think enough reading of legal texts would filter out some bad issues. Perhaps it's now at the point where lawyers are learning bad grammar from their legal studies.
The sentence that really got me was where the PDF states
>you (owner of Redditsave.com) are responsible for paying your Attorney’s monthly bills.
[+] [-] notRobot|4 years ago|reply
[+] [-] historyloop|4 years ago|reply
[+] [-] shrikant|4 years ago|reply
Some choice selections (with my comments in parentheses) :
> (The whole section under "Misusing Reddit's API" is clearly written by someone for whom English is not a first language.)
> Breaking Redditquette (Redditquette?)
> You must "Take Down Redditsave.com and its services" within 3-4 days otherwise- We are going to file a lawsuit under trademark infringement US law U.S.C. § 1063 section. (The totally random quoting and capitalisation doesn't make sense)
> As Redditsave.com misused the Media API and costs Bandwidth of Reddit servers, we need a "Compensation Penalty" of 1,000,000 or 1 Million American Dollars. (The totally random quoting and capitalisation doesn't make sense, and legalese wouldn't call it "American Dollars" imho)
> If you failed to pay the compensation will face strict verdict from USA Jurist section. (Gibberish)
> Then, We hardly advised to takedown the mentioned services also. (Gibberish)
In addition, I don't quite know how the bot works, but Reddit don't really obfuscate their video URLs (or use a "rolling cipher") -- it's a plain set of .mp4 links that you can access from looking at network requests in your web dev console. But even after that, you can just guess the mp4's URL from the "v.reddit.com" URL. Give it a go -- go to something like https://v.redd.it/wr3u5cij3la71, then try various bitrate combinations: https://v.redd.it/wr3u5cij3la71/DASH_720.mp4, https://v.redd.it/wr3u5cij3la71/DASH_480.mp4, https://v.redd.it/wr3u5cij3la71/DASH_240.mp4
SaveVideo is not open sourced I believe, but I'd guess they look at the video page, get the various bitrates from the settings (or just cycle through the limited options and see what doesn't 403/404), and just direct-link to those URLs. With this knowledge, the following charge in the PDF should've tipped them off as well.
> To our knowledge, the URLs indicated provide access to a service (and/or software) that circumvents Reddit's rolling cipher, a technical protection measure, that protects our members’ works on Reddit from unauthorized copying/downloading.
[+] [-] bambax|4 years ago|reply
It's very unlikely a lawyer acting on Reddit's behalf would write this. In any case, the least one can do when receiving a C&D notice is to reach out to the other party to understand their problem and demands.
[+] [-] svnpenn|4 years ago|reply
[+] [-] SilverRed|4 years ago|reply
[+] [-] Stratoscope|4 years ago|reply
https://old.reddit.com/
https://i.reddit.com/
e.g. for this post:
https://old.reddit.com/user/SaveVideo/comments/ojohbq/update...
https://i.reddit.com/user/SaveVideo/comments/ojohbq/update_s...
[+] [-] Zababa|4 years ago|reply
[+] [-] Clewza313|4 years ago|reply
[+] [-] rcfaj7obqrkayhn|4 years ago|reply
[+] [-] only_as_i_fall|4 years ago|reply
[+] [-] wkavey|4 years ago|reply
[+] [-] skunkworker|4 years ago|reply
[+] [-] encryptluks2|4 years ago|reply
[+] [-] MaxikCZ|4 years ago|reply
[+] [-] PhasmaFelis|4 years ago|reply
[+] [-] BuyMyBitcoins|4 years ago|reply
[+] [-] xmprt|4 years ago|reply