In August 2024, GitHub removed the Bypass Paywalls Clean (BPC) browser extension along with 3,879 related forks, acting on a DMCA anti-circumvention complaint filed by the News/Media Alliance (NMA), which represents over 2,200 news and digital media publishers. The removal is notable because it targeted not just copyright infringement but the technology itself — under Section 1201 of the DMCA, tools that circumvent access controls are prohibited regardless of whether users access infringing copies.
What Bypass Paywalls Clean Did and Why It Was Targeted
BPC was a browser extension for Chrome and Firefox that allowed readers to access subscription-based news articles without paying. It used two primary techniques:
- Soft paywalls: removed JavaScript-based content restrictions that hide article text while keeping it in the page source;
- Hard paywalls: retrieved cached versions of articles from web archive services, bypassing authentication-gated content entirely.
The NMA’s complaint to GitHub identified four specific repositories as unlawful products: bypass-paywalls-chrome, bypass-paywalls-firefox, bpc_updates, and bypass-paywalls-clean-filters. The complaint argued these violated Section 1201 of the DMCA, which prohibits circumvention technologies independent of whether underlying content is infringed — a legal theory broader than typical copyright takedowns.
Legal Context: DMCA Section 1201 and Anti-Circumvention
Standard DMCA takedowns (Section 512) address infringing content. The BPC complaint invoked the less commonly used Section 1201, which targets tools that bypass “technological measures” controlling access to copyrighted works. This framing allowed the NMA to argue against the extension’s existence rather than specific infringing uses. TorrentFreak’s detailed analysis of the takedown noted that Section 1201 claims are comparatively rare on GitHub but carry significant weight.
The sweeping removal of 3,879 forks set a precedent for how broadly DMCA anti-circumvention requests can be applied to forked open-source repositories.
Developers, end users and publishers caught in the DMCA crossfire
- End users who relied on BPC to read news behind paywalls no longer have access to active, maintained versions of the extension via GitHub;
- Open-source developers building content access tools face a higher legal risk — this removal signals that DMCA Section 1201 can be applied to GitHub-hosted tooling broadly;
- News publishers gain stronger enforcement leverage for their subscription models, though circumvention tools typically persist through other distribution channels;
- Security researchers studying paywall architectures and content delivery systems lose a reference implementation.
What Developers and Organizations Should Know
- Review repository content for circumvention tools: extensions or scripts designed to bypass authentication, paywalls, or access controls may be vulnerable to Section 1201 DMCA complaints — even if no copyrighted content is stored in the repo.
- Understand the distinction between Section 512 and Section 1201: Section 512 targets infringing files; Section 1201 targets the circumvention technology itself. Projects in the latter category have fewer safe harbor protections.
- Monitor GitHub’s DMCA transparency reports for patterns in anti-circumvention enforcement as this area of copyright law develops.
The BPC removal demonstrates that anti-circumvention enforcement under DMCA Section 1201 can extend well beyond individual infringing files to entire project ecosystems, including thousands of developer forks. For open-source contributors, understanding the legal boundary between interoperability tools and circumvention technology is essential when publishing content-access projects on major code hosting platforms.
