We did quite extensive digging into the ToS and there was nothing explicitly forbidden about what he had done and they refused to point to any rule he had violated in particular. If they've updated it, it must have been in the last 4-5 months.
Thanks for your support! These videos were published 4 months ago, I posted a link to one of them 75 days ago on HN https://news.ycombinator.com/item?id=29056542 and my channel was suspended on Jan 7.
Looks like it's buried several layers deep, and very poorly worded. You need to go from the Terms of Service [0], to the Community Guidelines [1], to the subsection on "Harmful or dangerous content" [2]. Once there, the wording of the guideline is as follows.
> Hacking: Demonstrating how to use computers or information technology with the intent to steal credentials, compromise personal data or cause serious harm to others such as (but not limited to) hacking into social media accounts.
The placement of "with the intent to" is really weird to me. I could see it applying either to the demonstration being performed with intent, or the demonstrated usage having intent. The latter doesn't really make sense, because any basic computer usage could also be done with the intent to perform malicious actions. (e.g. "How to back-up your stored passwords", used maliciously to back-up somebody else's stored passwords.) The former would make sense, but not be applicable in this case. It would apply to cases where the video itself was an attempt to steal credentials, such as guiding people to a known compromised browser extension.
In order for this to apply, the "with the intent to" clause would need to be missing entirely. In that case, a demonstration alone would be enough to fall under that clause. So either Google poorly wrote their guidelines, or are poorly applying it.
But that's just from the strict letter of the ToS, which is as meaningless as a fart in a breeze when Google can unilaterally amend them. The real story is that Google is removing content in order to protect itself and others from embarrassment, and their actions to discredit and downplay responsible disclosure are what matter here, not their supposed justification of those actions.