Discussing Hacking Videos - Community Guidelines YouTube

LiveUnderflow · Beginner ·🔐 Cybersecurity ·6y ago

Key Takeaways

Discusses YouTube community guidelines for hacking videos and their impact on educational content

Full Transcript

Hey so this is just a bonus video to the main video that I've uploaded on the live overflow main channel it is about the controversy that YouTube is now banning and deleting hacking educational tutorials and so I thought it would be kind of interesting to look at a few specific theoretical fictional YouTube videos and see how various people feel or think about it I framed the questions as basically a fake or fictional YouTube title for a video and then you could answer it's ethical it's unethical it's neutral or you have some kind of free text and I just sent this to a couple of youtubers and other people just slightly related I got 14 responses it's by no means scientific I didn't really spend much time on thinking about what kind of titles I wanted to include it's just a kind of random selection that I kind of thought about and so I want to go over the results how I think about them how kind of I believe YouTube maybe thinks about them and generally how I see the context around us and maybe it helps to guide this discussion a little bit how does good hacking educational videos look like and is there such a thing as a bad or shitty or unethical heck in YouTube videos and so let's look at this [Music] so the first question is also related to what I mentioned in the main video is is a Facebook phishing page tutorial video bad most people did say that it's kind of unethical and one person said it is ethical a lot of people also said it's neutral but phishing is one of the massive problems we have Google as a company that needs to protect their customers against phishing see this as a big problem the most serious hex you see in real life are often started with phishing and yes phishing is absolutely lame and stupid and shitty and it's it's nothing special or secret or crazy or technical or skilled or whatever but fact is that phishing is a massive problem and it is used to steal a lot of information get access to accounts compromised accounts and so forth so I understand that Google and YouTube is very careful with that and I personally also think such a video is completely misdirected educational I think I personally it makes no sense I would not make such a video what if somebody searches for that how to make a phishing page I want to do this this sounds cool I as an educational youtuber I feel like my responsibility is it to not show them or here's a step-by-step guide here copy and paste but to redirect their motivation to web development web developer who just started with a few basic tutorials will be able to make a phishing page after the first week why would you hide the the underlying skill that that actually underlies the skill here which is just programming why would you hide it from them and shrouded in some kind of step-by-step tutorial if you can just tell them the true skill the through the true knowledge the true secret behind it which is just their own programming so that's why I think such a video is just like and and kind of a cash grab just attention-seeking and you know in in the face of it being directly used in kind of this illegal and compromising way of fishing Facebook I will tell you right away there will depending on how many viewers you you know we are talking to you here on thousands and tens of thousands of people that might be able to see it I'm telling you there will be many kids that create a Facebook phishing page and try to fish for example their girlfriend or their friends and then to read their that try to get access to their private messages and so forth that will happen and you give them direct you know solutions for that in that way I think that elicits I guess supports or might motivate some kind of illegal behavior that's why I generally think it's more an unethical video to make next one how to program your own rat I will threat I mean remote access to or remote access trojan or whatever so it's about how to basically make a trojan how to make malware and I specifically made the title to be how to program your own rat and two people said unethical seven people said it's completely ethical again a lot of people said neutral but then you also get a few nuanced responses here with there is shady but it depends on how its framed depends on the focus and then another one is with a clear disclaimer now I think this claim was a complete are computed useless I every time I see a YouTube video with its claim only for educational purpose I think it's absolutely doesn't matter at all why are you even doing that what matters is the content of the video no I also agree with that it depends on how its framed because here it's about programming right the truth about malware and Trojans is that they are just programs so if you are interested how to do that just learn programming okay the ethical tool is programming and you could make something illegal or possibly criminal out of it that might be a trojan that you can use right so this video I think depending on how its frame could be unethical or ethical generally you will see it in contrast to a video just right below that I will talk about in a moment I think this is generally more ethical but you need to be very careful you need to for example if I would make this video and I would want to make this ethical and actually educational I would obviously explain people that Trojans shouldn't be something that you're doing but it's essentially just programming here are good programming tutorials here is how you do networking here's how you do sockets here's how you design a protocol things like that this in in essence is just a programming tutorial with a little bit of a click Bailey title the focus should not be on actually using this or how to use it against your friends or whatever the focus should really just be on the programming part and then I believe it could be kind of ethical in stark contrast to that I believe is for example this year and this response is quite interesting to me only two people said unethical two people said ethical and most people were neutral and one person clarifying that it depends on how it's being framed and to me this is for example one of a prime example of a video that I wouldn't be surprised if YouTube would delete that it's not a video I would ever make because there's zero value in that I see zero educational value in this you are advertising a tool that is ready-made for people who a person to just click together a Trojan and send this to people I'm telling you right now some script Kitty will look up that tool will download it and try to attack their friends and whatever you know in the best case they just say it's a prank bro and their friend understands in the worst case they actually you know cause some extreme bullying maybe even blackmailing or whatever this kind of stuff is used for this is just eliciting a bad behavior showing how to how to do bad stuff it's completely unnecessary now if you want to talk about Trojans the good way to do is how to reverse engineer this so if you take a sample of this and analyze it and the capability is good another possible video about this would be what are the capabilities of a typical Trojan so that normal people understand what is possible and what is not possible with the Trojan on your laptop for example this Trojan doesn't magically like jump over to your phone and also your TV or something like this right to understand kind of what the script kiddie capabilities actually are and what they are not all these kind of things but all day don't need to explain how to make your own Trojan I think there's zero educational value again the ethical way how to make that video would basically be how to learn programming okay this is how I think the ethical way is I see absolutely no educational value in a video like that next response how to use air crack to hack Wi-Fi nobody said unethical most people said ethical a lot of people neutral and then depends on the delivery how education at this and depends on how its framed here is something I also mentioned in the main video I personally think hacking Wi-Fi tutorials are complete I think they are boring as hell I think they are app it when let me clarify I think the absolute don't you if you just explain how to use certain tools okay I think this is explained to us in many videos of my myself before we explain like what I what I think hacking is or how to learn hacking you are just using tools you are just using step-by-step tutorials I think that's boring and the problem is it just enables stupid kiddies who do stupid with their neighbor's Wi-Fi again that just motivates and might make people do bad stuff however I'm also kind of neutral with this thing I think just some step-by-step tutorials it's not a video I would make because I think it's boring but I also want necessary it's super unethical hacking Wi-Fi is kind of met anyway in terms of capabilities and and how how its kind of used also nowadays with with SSL and HTTPS I I don't see a big threat or so much craziness about it yeah I I wouldn't really yea care too much about it I said more neutral and yeah maybe it's even ethical I don't know these are air crack is a basic tool that is stupid to use so yeah it's a video I would say whatever but I would also be careful with the framing because again if you make this how to hack your neighbor's Wi-Fi or so I think that's again how would I make an actual educational Wi-Fi hacking video I think this is again you know kind of has a contrast this year explaining how the craic Wi-Fi attack works that's the only Wi-Fi a video I made it's not a particularly good video or anything but for me if I would want to make a Wi-Fi tutorial that I think is educational and it's valuable I would want to explain the underlying concepts of Wi-Fi I'm telling you all these kids that are using air correct - correct Wi-Fi don't understand anything about the Wi-Fi protocol nothing they don't understand anything what they are using they just know if they use that flag if they if they if they use that option then this happens and and if they do that then this happens right they they don't understand what they're actually doing and so I that's why I don't really see value in this however I do see a lot of value and explain the research behind it explaining the underlying concept behind it and you don't even need to show a tool because it doesn't matter what kind of options a tool has what is important at least to me and what I think is an ethical video is just showing the research so these are also again like a little bit the contrast videos here how to create a persistent Bank on Linux that is something I'm also completely ethical - completely ethical also not neutral I also don't think it depends really on its frame because the assistant buying Shalonda knows it's just like a small tool it doesn't give you anything that in itself doesn't do anything it's you know if you are at the point where you can execute a bind shell then you already have arbitrary code execution you have one already the harm is basically already done so this is just like a little bit of professional work you see the lines are very blurry how is this different from how to make a Trojan write like a persistent bind shell is basically just a Trojan but the the there's for me at least there's very careful nuances differences here in terms of context and how its framed right I think how to create a persistent bandshell on Linux is so deep into our industry already it's so deep down if somebody is searching for that they already have a pretty good understanding on on how security works you know the term persistent bandshell hood what would search for this it's somebody who already has a bit of knowledge and understands what they are doing where as how to make a Trojan how to make malware might draw in people that have no damn clue and then misuse it I feel like there's small nuances and I think the people that have answered here also feel an extreme difference if you compare the responses from this one here to the to the how to program a rat or how to use the quest hour thing you can see a big difference how to program a Red was even you know more ethical what was still a bit more ethical but more neutral but still not at the level of a ban show I also think so I also think a lot of people kind of have the same feeling that there's somewhat of a difference and then also here just a question on I mean this was clearly framed to be extremely unethical just to make a very extreme case how not to pay for Steam games by abusing some kind of bug that you found for steam or ores or so or how you used stolen credit cards or something like that that is of course absolutely unethical absolutely not educational there's absolutely zero value in that yeah not much to say about this here I just wanted to make a little bit of a difference about like responsible disclosure if you found a bug in YouTube that allows you to access private videos if it's unpatched and you make that video I said unethical or neutral or and then you know the the versions if it's like patched or unpatched and you can see people that the response is definitely change when it's already patched and you just talk about what you were able to do then it's ethical and if it's unpatched it's mostly unethical with a few people move from this obviously goes very similar to the discussion about responsibilities kosher versus full disclosure and you might be surprising to hear that I would also say this is a absolutely 100% unethical video but I'm generally more standing on the full disclosure side so how does full disclosure fit with I don't want a video about an unpatched private videos of users this is again going into what I explained mentioned short in the beginning I think their context matters a lot and responsibility matters a lot it's different to share something on YouTube that can reach what who the heck knows what the audience is extremely wide and a lot of kids might be watching it a lot of impressionable people a lot of people that are not really in that industry and don't understand what it means to have security vulnerabilities they they don't have an intuition for that kind of stuff so if they see a video like this then that just causes can cause direct harm in contrast if there's a full disclosure happening inside of our community inside of the infinite community somebody drop something on on in a on a mailing list after having like you know fail two responsibilities close it or the risk is not that high or whatever the reasons are you know I'm generally like I said I'm I'm generally more okay with something like that if they drop it on Twitter or whatever it's the audience is different the audience is already technical the audience already has the kind of understanding I think there's a big difference in what kind of audience will share that kind of content to and and and how to be responsible with whom you share this I'm not saying that you are hiding or censoring information in that case I'm just saying that you are responsible somebody who is really somebody who's really interested and and keeps researching and learning they will eventually come into our community and welcome to conferences and we'll hear about this this is not hidden information in in any way okay this is not censored it's just be making sure that that not people that have absolutely no damn clue do it I think you know it's maybe a bit of an extreme example but think about explosives you know if you make if you make the video so boring that only people that are really interested in that chemical or explosives or professionals understand that it's fine but if you make the video in a way that makes it able for twelve-year-old to build a bomb that might be dangerous for the life of that 12 year old but also maybe they think it's a prank and they don't you know you get the point there's a responsibility to whom you kind of say the to and because YouTube is such a massive platform with a wide audience it's very different to present a video on there versus giving a talk at a conference that is in our circles so I I do think that there is a differentiation to be made yeah so that was that I'm really curious what you're saying I think this is an ongoing discussion I'm sure my opinions will also change over time this is these are my opinions and july 2019 so please don't think that this is kind of my my strong opinion these things will evolve with future changes with future development with future experiences that i gained so this is just my opinion slice of life right now okay and and about the current state this can very well be changing just to make that clear okay thanks [Music] you

Original Description

Main Video: https://www.youtube.com/watch?v=LIdZ2oPyB1Y → Twitch Subscription: https://www.twitch.tv/products/liveoverflow → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 📄 Info. ]=- Main Channel: https://youtube.com/LiveOverflowCTF Twitch: https://twitch.tv/LiveOverflow -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #liveoverflow
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from LiveUnderflow · LiveUnderflow · 6 of 42

1 BUILDING AN 8-BIT COMPUTER FROM SCRATCH #2 (Full Stream)
BUILDING AN 8-BIT COMPUTER FROM SCRATCH #2 (Full Stream)
LiveUnderflow
2 LiveOverflow's Makeup Tutorial #1
LiveOverflow's Makeup Tutorial #1
LiveUnderflow
3 MakeUp Tutorial for Streaming and YouTube
MakeUp Tutorial for Streaming and YouTube
LiveUnderflow
4 MurmusCTF, SSD CTF Challenge, Google CTF writeups - PwnNews 27/06/19
MurmusCTF, SSD CTF Challenge, Google CTF writeups - PwnNews 27/06/19
LiveUnderflow
5 Google CTF 2019 Chat - Looking at Writeups
Google CTF 2019 Chat - Looking at Writeups
LiveUnderflow
Discussing Hacking Videos - Community Guidelines YouTube
Discussing Hacking Videos - Community Guidelines YouTube
LiveUnderflow
7 Hacking Skills Perspective
Hacking Skills Perspective
LiveUnderflow
8 Chatting about Cryptography and Exploit Regulations
Chatting about Cryptography and Exploit Regulations
LiveUnderflow
9 BUILDING AN 8-BIT COMPUTER FROM SCRATCH #1 (Full Stream)
BUILDING AN 8-BIT COMPUTER FROM SCRATCH #1 (Full Stream)
LiveUnderflow
10 BUILDING AN 8-BIT COMPUTER FROM SCRATCH #3 (Full Stream)
BUILDING AN 8-BIT COMPUTER FROM SCRATCH #3 (Full Stream)
LiveUnderflow
11 BUILDING AN 8-BIT COMPUTER FROM SCRATCH #4 (Full Stream)
BUILDING AN 8-BIT COMPUTER FROM SCRATCH #4 (Full Stream)
LiveUnderflow
12 Studying Cybersecurity in USA vs. Germany | ReHacked
Studying Cybersecurity in USA vs. Germany | ReHacked
LiveUnderflow
13 Examining JavaScript Inter-Process Communication in Firefox | Watch Together & Q&A
Examining JavaScript Inter-Process Communication in Firefox | Watch Together & Q&A
LiveUnderflow
14 Reading SECRET U.S. Air Force HACKING Document!!
Reading SECRET U.S. Air Force HACKING Document!!
LiveUnderflow
15 Why Don't Use alert(1) for XSS? | Watch Together + Q&A
Why Don't Use alert(1) for XSS? | Watch Together + Q&A
LiveUnderflow
16 Escaping from JavaScript Sandbox (AngularJS)
Escaping from JavaScript Sandbox (AngularJS)
LiveUnderflow
17 Why proofing impact for every XSS is "dumb" - Bug Bounty Reports
Why proofing impact for every XSS is "dumb" - Bug Bounty Reports
LiveUnderflow
18 Password Cracking Explained | ReHacked
Password Cracking Explained | ReHacked
LiveUnderflow
19 HTTP Desync Attack Explained With Paper
HTTP Desync Attack Explained With Paper
LiveUnderflow
20 Better than Stack Overflow for Development
Better than Stack Overflow for Development
LiveUnderflow
21 Thumbnail A/B Test Experiment for CTR
Thumbnail A/B Test Experiment for CTR
LiveUnderflow
22 How To Exploit a Heap Overflow
How To Exploit a Heap Overflow
LiveUnderflow
23 Log4Shell | Bug Bounty Public Service Announcement #shorts
Log4Shell | Bug Bounty Public Service Announcement #shorts
LiveUnderflow
24 New Details on Commercial Spyware Vendor Variston - Revisiting Firefox Sandbox Escape
New Details on Commercial Spyware Vendor Variston - Revisiting Firefox Sandbox Escape
LiveUnderflow
25 Can AI Hack Websites with XSS? #ChatGPT
Can AI Hack Websites with XSS? #ChatGPT
LiveUnderflow
26 ping Vulnerability Patch Analysis (with #ChatGPT) - CVE-2022-23093
ping Vulnerability Patch Analysis (with #ChatGPT) - CVE-2022-23093
LiveUnderflow
27 Using CodeQL to Investigate GraphQL Resolvers
Using CodeQL to Investigate GraphQL Resolvers
LiveUnderflow
28 Security Issue Found in US Gov CISA Tool?
Security Issue Found in US Gov CISA Tool?
LiveUnderflow
29 Using joern to Find GraphQL Authorization Issue
Using joern to Find GraphQL Authorization Issue
LiveUnderflow
30 Analytics from 7 Years on YouTube...
Analytics from 7 Years on YouTube...
LiveUnderflow
31 3D Printer Researching Igus Bearings - Prusa i3 MK3S+ (part 3)
3D Printer Researching Igus Bearings - Prusa i3 MK3S+ (part 3)
LiveOverflow
32 Attacking VSCode Extension from Browser? - Live Security Research
Attacking VSCode Extension from Browser? - Live Security Research
LiveOverflow
33 I Don't Trust Websites! - The Everything API with ChatGPT
I Don't Trust Websites! - The Everything API with ChatGPT
LiveOverflow
34 Do Hackers Need To Know Algorithms and Data Structures?
Do Hackers Need To Know Algorithms and Data Structures?
LiveOverflow
35 "Remove the video as soon as possible"
"Remove the video as soon as possible"
LiveOverflow
36 Arm®-based Video
Arm®-based Video
LiveOverflow
37 How to make good HACKING videos
How to make good HACKING videos
LiveOverflow
38 LEEROY fällt auf HACKER rein?
LEEROY fällt auf HACKER rein?
LiveOverflow
39 Hacking for an Intelligence Agency
Hacking for an Intelligence Agency
LiveOverflow
40 Tier List of My Worst Tweets
Tier List of My Worst Tweets
LiveOverflow
41 Step by Step Phishing Setup Tutorials are Unethical!
Step by Step Phishing Setup Tutorials are Unethical!
LiveOverflow
42 Hacker Reacts to 23andme Data Leak
Hacker Reacts to 23andme Data Leak
LiveOverflow

Related AI Lessons

eCPPTv3 Review
Learn from a firsthand experience of taking the eCPPTv3 exam and gain insights into the certification process
Medium · Cybersecurity
Next-Gen Endpoint Protection Software: Securing Remote Employees Against Modern Cyber Threats
Learn how next-gen endpoint protection software secures remote employees against modern cyber threats and why it matters for business operations
Medium · Cybersecurity
Understanding NAT (Network Address Translation): How Multiple Devices Share a Single Public IP…
Learn how NAT enables multiple devices to share a single public IP address, enhancing network security and efficiency
Medium · Cybersecurity
Why the EC-Council 312-41 Practice Test Is Essential for Certification Success
Boost your EC-Council 312-41 certification chances with practice tests, essential for assessing knowledge and understanding of exam objectives
Dev.to AI
Up next
How to Recover from a Site Hack with Sucuri - Detailed Guide
Guide Answers
Watch →