My Pluralsight courses get pirated all the time. I used to have Google alerts for them but frankly, the flood of emails I’d get each day just didn’t justify the “return” I’d get by forwarding them on to the Pluralsight piracy folks. I ended up rationalising it with the tongue-in-cheek analogy that those who would seek to pirate my security content are probably more likely to do evil things with it thus causing others to realise that they need security training! Of course I hope that’s not actually the case – my courses being used for evil – but the light-hearted view of things made me a little less upset about people ripping off my hard-earned work.

But then this happened:

@troyhunt Hi Troy. Looks like someone stolen your course from pluralsight and sold on udemy https://t.co/xxrQCRrIoO https://t.co/EwpaVCO7a7 — Michal Koczwara (@MichalKoczwara) November 26, 2015

Now I originally thought that this was just another case of normal old piracy and I’d simply ignore it and get on with life. But then I saw it was on Udemy which is a familiar name in the online training space, perhaps it was simply a case of someone else creating a course with the same name as mine. That’d be fine as after all, this is Ethical Hacking content that aligns to the CEH syllabus so indeed there could well be other courses with the same name. Here’s what I saw on Udemy when I went and checked it out:

Oh wow – it’s made by “Roy H.”, what are the chances?! And then I watched the intro snippet… and heard my voice. This wasn’t just the same course title, it was literally my course. Except for the bits that weren’t, namely the fact that they’d cropped out the “Hi, I’m Troy Hunt” audio intro and replaced the first slide with my info on it. Here’s what that screen above should look like:

That’s just effectively a splash screen though, get into things and here’s the overview slide in the video I found on Udemy:

Now this is mine. Well almost, there was one little bit missing down the bottom right of the screen:

Every Pluralsight video is watermarked so obviously someone had intentionally gone out of their way to remove this. Blanking out the watermark on a resource such as a white slide is one thing, but blanking it out across all the videos where it frequently appears overlaid in places not easily removed is something altogether different. Places like this:

That’s in my original one, I couldn’t see what was on Udemy because only the intro was free and I wasn’t about to pay $47 to watch my own pirated course!

This had me rather perplexed because as far as I knew, Udemy reviews training courses that go into their library. How could they miss this?! And for that matter, how could they miss all the times where I say “refer to my other Pluralsight courses”? There are way too many instances of this to be seamlessly edited out. Unless they didn’t actually review the course…

But let me back up for a moment; after discovering this, I shared some pretty candid thoughts on Twitter:

Stunned that @udemy is selling a pirated copy of my course under another author's name. Keep that in mind when choosing where to learn from. — Troy Hunt (@troyhunt) November 27, 2015

Well over 80,000 people have seen that tweet now so clearly it got some traction. One of those people was Rob Conery who as well as being a lovely bloke, is the guy who founded TekPub which was later bought by Pluralsight. He, of all people, knows what it’s like to deal with piracy. As well as founding an online training company, Rob has done many fantastic courses on a really broad range of topics, one of which is MeteorJS and it just so happened that Udemy had a course on that too:

Wow @udemy pirated my MeteorJS course COMPLETELY @troyhunt. Looks like @pluralsight might need to get on this https://t.co/JfWOrhLrLS — Rob Conery (@robconery) November 27, 2015

I was stunned – how on earth does this happen?! Frankly there’s no excuse for this happening once, but twice – something is amiss. Rob very quickly wrote about How Udemy Is Profiting From Piracy where he was, well, let me just say “direct” and well within within his right to be so too IMHO. I’m going to refer to a few of the things he picked up on shortly.

Now to be clear, both Rob’s and my courses have now been removed and I almost wasn’t going to write anything further, but for one remaining nagging issue which is the paradox I’ll come to shortly. Following this event, CEO Dennis Yang wrote Maintaining the integrity of our Udemy community. Dennis followed up by phoning me in Australia yesterday, a gesture which I genuinely appreciate and it left me with no doubt that despite some people’s speculation to the contrary, it’s not Udemy’s intention for piracy to occur in this fashion, but certainly he acknowledged in both the blog and on the phone that it is indeed a problem. Assuming he’ll likely read this response, thank you Dennis, the call was genuinely appreciated. In fact in fairness, each contact I had from folks at Udemy (several people reached out privately) was very positive; nice people acknowledging bad things had happened.

Getting back to Dennis’ article though, the mechanism for dealing with piracy at Udemy boils down to this document about copyright policy. It then goes on about steps and procedures including the requirement for a physical or electronic signature, identification of works, a statement about your complaint and various other bits and pieces. In short, the onus is on you as the person being disadvantaged by their actions to prove that your work has been ripped off. I didn’t feel this was reasonable, then I read this tweet and the penny dropped:

@troyhunt @udemy do you even understand udemy is basically like YouTube. These things happen. But they should take it down. — Robert Noack (@robertnoack) November 27, 2015

Yes! It’s exactly like YouTube or MEGA or anywhere else where people can freely upload content without oversight by the platform provider. In fact I was privately given that same YouTube analogy by a Udemy employee but here’s the problem with that position; YouTube allows anybody to upload anything without any review – is that what Udemy is? Or are they providing high quality education? It can’t be both and this is the paradox I referred to.

Here’s a great example of what I mean: you can go onto YouTube (it’s kinda like Udemy…) and be trained by Anonymous on how to DDoS someone:

Let me go out on a limb here and suggest that this content possibly wasn’t reviewed for technical accuracy. I’ve no idea who Anonymous is at the best of times either, it could be anyone posting that material… But hey, YouTube is a resource where anyone can upload anything and we all know that – we don’t expect everything to be accurate. I’ve posted training material there myself before, for example my World’s Greatest Azure Demo and whilst I hope this is taken somewhat more seriously than the one above, it went through exactly the same degree of rigour by the platform provider: none.

Let me put this into context by sharing the process I go through with everything produced for Pluralsight. Before even starting a course there’s a formal proposal and usually multiple discussions with my editor. In fact I have two editors who are both awesome and support me with courses aligning to different areas of the Pluralsight library; rarely a day goes by where I’m not in contact with one or both of them. A course proposal then leads to a contract with an agreed scope and terms for my royalties. Then, each time I produce a module (usually about 30 – 45 minutes of content), it’s submitted to Pluralsight where my editor reviews it. A peer then goes through and watches every single second of the video and tells me anything that needs improving; technical facts, the way I present info, audio glitches, even if a mouse cursor momentarily flashed across a slide. Once the course is live, I have ongoing engagement with the folks who watch the course via the discussion board, including on the rare occasions where a quality issue slips through the aforementioned processes whereby we get it fixed up and republished quick smart. There are extensive quality controls in place and perhaps unfairly, the expectation I had of Udemy is that they’d have something if not quite as extensive, at least sufficient to identify an issue as obvious as these piracy examples.

But that’s evidently not how it works there and whilst I don’t know how much review there actually is, clearly the lack of it lead to the problems Rob and I had. But unfortunately, it’s much broader than that:

My latest @pluralsight course was pirated by @udemy as well. Thanks for the heads up @robconery and @troyhunt. — Richard Cirerol (@codeprogression) November 28, 2015

And even broader than that too:

This one is really broad:

Hey @udemy - For the third time this year, my content is being stolen and sold on your site. https://t.co/zFc9OAfLK3 Don't use Udemy, folks. — Jeffrey Way (@jeffrey_way) October 2, 2015

And more:

@robconery they've got my course on there also from packt — Dane Grant (@danecando) November 29, 2015

In fact in that last case, Rob points out that there may have been somewhat of a giveaway that the course was sourced from somewhere else via the competitor’s watermark they published it with!

Edit: Rob has since pointed out that there’s apparently a publishing agreement between Udemy and Packt. I haven’t personally confirmed with Dane, but it sounds like that might be a communications issue with him and Packt rather than a piracy issue. There is no such agreement with Udemy and Pluralsight.

Much of Udemy’s explanation for these events is pinned on the fact that ultimately, they’re an open marketplace for courses. They have more than 35k of them on an extremely diverse set of topics, for example multiple palm reading courses. They’ve elected to go broad across a whole range of topics whereas Pluralsight goes deep primarily within the technology space. Online education is a huge market; there’s a heap of room for players with different approaches and by no means do I intend for this to merely be a negative review of a competitor. But they have to decide if they’ve going to be an “open marketplace” where anything can be posted with minimal review or if they’re going to provide high-quality training; which is it, because clearly it can’t be both. (Incidentally, the premise that an open marketplace puts all responsibility on the sellers and none on the platform provider is eerily similar to Silk Road’s defence. It ultimately didn’t work out real well for them…)

Along with a bunch of other news outlets, Motherboard wrote about this incident yesterday and made a poignant observation that’s key to the paradox I’m talking about:

It’s not clear whether at any point in the process of creating courses, Udemy verifies anything about the instructor’s identity, or even looks at the instructional videos that get uploaded.

I genuinely want to see Udemy be successful at what they’re doing and contributing to the overall viability of online learning. They suffer from piracy too and I’ve no doubt that like me, many Udemy authors – some of whom I know personally and are world class trainers – have their content ripped off and traded frequently. But Udemy needs to be part of the solution, not part of the problem. And they have to sort out this positioning which is setting an expectation for quality but then not watching the content – all of the content – and ensuring it’s consistent with what their customers believe they should be getting.

I’ll leave you with one more comment from Rob which accurately summarises what many of us are feeling right now: