Tell HN: Discord is violating open source licenses
What I found by downloading the (Linux) Discord client from discordapp.com was that they clearly were distributing source copies of my project, but it had no license or copyright mentioning me (which is required). I also found that they are distributing ffmpeg binaries but I couldn't find any matching LGPL license or source code in the distribution.
So of course I contacted them. First via GitHub where I have reached them before, and then two times via their support people on their home page. I get about the same response as any one else: "I'm sorry but we cannot help you. Were you satisfied with the support response?".
It's not okay for companies to pull their pants down and take a big dump on your personal work. Not when they clearly do not even bother with complying with basic open source exchanges. If I write something I want to be properly mentioned as is required in my very license.
Discord, is this so fucking hard to understand?
54 comments
[ 3.0 ms ] story [ 80.5 ms ] threadhttps://github.com/uWebSockets/uWebSockets
If they distributed the sourcecode, they'd have to include the license, but the zlib license has nothing to say about compiling it in.
——————————
Copyright (c) 2016 Alex Hultman and contributors
This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.
Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgement in the product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
——————————
a) This software is provided ‘as-is’, and as the author, you are not liable for damages if someone uses your library for something crazy.
b) Anyone can freely use it, for any purpose, with following restrictions:
1. “If you use this software in a product, an acknowledgement in the product documentation would be appreciated but is not required.”. They decided not to acknowledge the use of your library. You explicitly said this is OK.
2. Altered source code -> probably not.. it’s a web socket handling library.
3. This notice may not be removed. They have probably not removed it from their source code, given they distribute a binary.
edit: Found it, uws.js in resources/bootstrap/discord_rpc.zip
edit2: This is arguably worse, but the argument may be "it's a compiled binary":
discord_rpc.node is an ELF file. It's hard to see how that would not be considered a binary distribution (if it was that file alone, and not being distributed with source files)
If they are not distributing source code ("3. This notice may not be removed or altered from any source distribution."), it frankly does not matter if they disclose whether they use your library or not. And if they were distributing source code, the notice would just have to stay visible in the distributed source file. An average user wouldn't be able to find that anyway.
A compiled binary != distributing source code.
As a library user under the license you used, there is no legal obligation to include the actual license in (the documentation of) your app. If you wanted that, you should have included that in the license header of your source code. Sorry to break it to you, but they're probably not doing anything wrong here.
https://dl.discordapp.net/apps/linux/0.0.1/discord-0.0.1.tar...
expand that out, then navigate to: resources/bootstrap/
expand out: discord_rpc.zip
note the presence of uws.js which is the source code for this library.
Thus this is a distribution of this library as source, not binary.
Just to be clear, I'm not the original author, and thus have no ability to enforce copyrights for this library. Just someone who doesn't like the easy stuff of license/attribution being thrown away.
I don't know why you thought dev/tech support would be the path you go down. This is a legal issue, so if this matters to you, send them a legal notice. I've done the work of exporting their contact for you abuse@discordapp.com (from https://discordapp.com/tos)
If it was a mistake, an oversight, or just a total afterthought I'd say he started in the right place.
Being that the transaction happened on Github it's likely that the exchange will be public record should litigation ever take place.
Formally, neither the (US) legal code nor the zlib license says that you need to contact a violating company via some particular channel. A company is a single legal entity, and if you've contacted them somehow, you've contacted them, and they're now willfully violating the license.
Practically, abuse@ seems wrong; that's likely to reach an abuse department (which is just a specific support role that's empowered to do a specific subset of tasks), not a legal department.
Dev would be the first path I go down in this case. I'd like to think it was an honest mistake and if I made that mistake and someone brought it to my attention I'd be grateful this wasn't immediately escalated to legal.
I'd like to think everyone is chill/friendly, but I could be naive :)
http://www.eff.org
0: https://github.com/hammerandchisel/uWebSockets
https://github.com/hammerandchisel/uWebSockets/commit/cf2ebb...
Also, dev/tech support is absolutely the correct path in many cases, because they /lead/ you to legal, if necessary. Why users are claiming otherwise does not reflect the purpose of having a support network. Infact, abuse@discordapp.com is much more for actual abuse of discord TOS, not directly legal matters. I could easily turn it around and ask why anyone would think /that/ is the correct contact.
It truly is a world for the rich - money makes money. Censor and sue everything that goes in your way. Get bigger, sue more. Get richer. Disregard everything in your path.
I would give them extra time to respond. I don't see a valid reason or motivation on their part not to fix it.
0: https://github.com/uWebSockets/uWebSockets#widely-adopted
This is only the JS source code and there is no licensing information attached whatsoever.
This directly conflicts with uWebSocket's licence (https://github.com/uWebSockets/uWebSockets/blob/master/LICEN...), which clearly states:
"3. This notice may not be removed or altered from any source distribution."
You can try emailing the mods and asking them to lift the penalty.
I think everyone on HN could learn from this situation. I'm not sure how to contact mods but maybe reach out to them...maybe the algorithm took it out due to profanity?
Best of luck!
Group-Think is what runs things around here not fairness.
You can call it censorship if you want to but it's a community reaction.
Hey Alex, this definitely sounds like a miss on our part, so apologies.
As you know, we're fans of uws and not including the original license was a screw-up in our automation. We're working on fixing it and immediately releasing it with the proper license. I've also asked support to follow up with you directly in case there are further issues.
For the contact, either opening an issue on one of our repos or emailing our legal team (abuse@discordapp.com) would have been guaranteed to get you an accurate response. Unfortunately the verbiage you used in the email is very similar to that used in other support tickets we get for our API, and our team (as they did in your case) forwards users on to our API chat which can provide more in-depth/advanced support.
Any time someone or an organization brings in someone else's code and makes use of it, no matter what the license we really need to recognize that, it's just the morally responsible thing to do.
As far as ourselves, we're definitely using uWS and that is not going to go without recognition.
Nobody should need to "open a ticket", send an email or post on HN to get that sorted.
npm install and git clone making it way too easy for people not to give a crap about the works of others.
Good to see you guys are doing the right thing, uWS is a serious piece of tech and well worth recognition.
https://github.com/hammerandchisel/uWebSockets/commit/cf2ebb...
https://github.com/hammerandchisel/uWebSockets/commit/cf2ebb...