HN
Today

Tell HN: Chrome says "suspicious download" when trying to download yt-dlp

Chrome's "Suspicious Download" warning for yt-dlp sparks a familiar HN debate about corporate control and potential anticompetitive practices. Many commentators see this as Google intentionally stifling a tool that circumvents YouTube's content control, rather than a mere security heuristic. This incident reignites concerns about browser monopolies and the challenges faced by independent developers in a landscape dominated by tech giants.

175
Score
57
Comments
#2
Highest Rank
4h
on Front Page
First Seen
Mar 31, 3:00 PM
Last Seen
Mar 31, 6:00 PM
Rank Over Time
1921722

The Lowdown

A Hacker News user reported that Chrome flagged yt-dlp as a "Suspicious Download" when attempting to acquire the latest version. The warning offered no explanation, leading to a lively discussion on the nature of browser security, corporate power, and software distribution.

  • The primary observation was Chrome's warning for a popular open-source video downloading tool, yt-dlp.
  • Commenters quickly attributed the warning to Google's ownership of YouTube and a perceived conflict of interest, suggesting an intentional move to hinder tools that bypass YouTube's content monetization.
  • Alternative technical explanations focused on false positives common with executables compiled using tools like PyInstaller, and general security heuristics that flag less popular or newly distributed software.
  • The 'chicken and egg' problem for indie developers was highlighted: warnings deter downloads, but widespread downloads are needed to build 'trust' with security systems.
  • Many users pointed to system package managers (e.g., brew, scoop, Linux distros) as reliable and unaffected methods for obtaining yt-dlp.

The incident crystallized broader concerns about browser control, the opaque nature of modern security warnings, and the ongoing tension between user autonomy and the business interests of large technology platforms.

The Gossip

Google's Grievous Gripe

A dominant theme revolved around Google's alleged malicious intent. Many commenters view the "Suspicious Download" warning as a deliberate act by Google to undermine `yt-dlp` due to its functionality, which allows users to download content from YouTube. This perspective suggests a clear conflict of interest, enabled by Google's market power in both browser and video platforms, leading to accusations of anticompetitive behavior and a lament for a less corporate-controlled internet.

Heuristic Headaches & False Flags

Another segment of the discussion attributed the warning to common technical issues rather than corporate malice. Commenters explained that `yt-dlp` binaries, often compiled with tools like PyInstaller, frequently trigger false positives in antivirus software and browser security heuristics. The core problem, as described, is a 'chicken and egg' scenario where new or less commonly downloaded software struggles to establish trust with these systems, regardless of its legitimacy, due to warnings deterring initial adoption.

Alternative Acquisition Avenues

Many users offered practical solutions and workarounds to bypass the browser warning. The most popular suggestions involved using system-level package managers such as `brew` for macOS, `scoop` for Windows, or a Linux distribution's native package manager. These methods are preferred for their reliability, security, and the ability to avoid direct browser download issues, highlighting a common strategy among technically savvy users to circumvent web-based software distribution challenges.