Building a Safe Space for Security Research

We set up a YouTube channel back in 2011, but switched to Vimeo in 2012. Earlier this year we started to move videos from our paid Vimeo account to YouTube.
Back in April, YouTube changed their policies to describe the following as “Harmful or dangerous content
Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data.
There’s a difference between malicious and instructional content. YouTube doesn’t seem to have made that distinction clear. Several security research channels have now experienced strikes and suspensions. As a security research conference, we want to upload all of our filmed content, including instructional workshops and talks. It’s not realistic to only upload defensive security videos, nor is it wise. The offensive research content is often instrumental for defenders as it shows them what they need to defend against. This leaves us in an awkward position with youtube, because of what we do.

We reached out to our friends at Google. As one Googler tweeted, there are limits to their influence.
Some accounts are now reinstated. Others once reinstated have problems again. The policy remains and it is clear: YouTube considers instructional offensive security research content harmful. By extension, the channels of many security events are at risk of content or channel removal.
Content moderation is hard for any community site. It’s difficult to strike a balance between heavy handedness and being too laissez-faire. YouTube’s policy change has chilling effects for legitimate security research and security conferences.
We planned to launch a Peertube instance in the new year after our YouTube move completed. It’s designed as a backup should content get taken down. In light of recent events we’ve set this up now. We also want people to be able to download our content for personal use. Our instance is up and you can watch our content without takedowns here.
We won’t be opening registration to the public. However, conferences who want to back up their talks to us can contact us via email and we’ll give them an account.

I’m a Security YouTuber, what can/should I do?

Firstly, back up your YouTube channel now. You can do this via Google Takeout. Alternatively you can download the content via Youtube-dl but the takeout route is better.
You can (and should) also back up your content to the Internet Archive. Make sure you check their terms of use and rights sections before uploading. There’s a handy guide here.
If you’re a security researcher with a YouTube channel and want to upload your videos to our site, contact us too. We want to be a safe space for all security research. We don’t have the resources to support open registration, but we’ll help where we can. We’re open to suggestions via twitter, email, or you can reach out to Steve on Mastodon.
There are some cool features on Watch. You can download all the videos, and subscribe via RSS. You can also follow a Watch account through federated social media platforms such as Mastodon. Everything is very alpha, and we have few resources to dedicate to content moderation.
We’ll keep posting to YouTube while we fill out our own space. Please bear with us when problems arise but together we can build a safe space for security research.


Steve co-founded 44CON with Adrian in 2011, running our quarterly training programme and the Call For Papers processes. When not running training Steve likes building hardware, breaking software and writing at