This is an official tracing app in several states in Germany, and probably soon in all of Germany.
You're talking about the older Corona Warn App which does similar things (and is generally considered too limited), but without direct data transfer to public health authorities. That's what the Luca app does.
Warn App is more for chance encounters tracking a person meeting other people.
Luca is more for checking in and out of stores and other locations.
[Edit:
I stand by every single word, in case people doubt it.]
They always said they could have easily integrated Luca like features but no, ofc we need to pick the option with millions of marketing money behind it instead of waiting for a privacy focused version.
Luca is a cash grab, and maybe more sinister. Since the CWA - the official contact tracing app - switched to not collecting a central database that could be misused we have conservative politicians firing against it. "We give too much importance to data privacy", of course without being able to mention a single feature that the privacy protecting app is missing. Now Luca arrived, with some semi-prominent advocates, and you see conservative politicians shoving millions into that abomination of proprietary, data collecting and now evidently copyright infringing garbage.
It is as if a certain political class had this dream scenario of a new location registry of every move of the population. That they did not get via the CWA app, and since then they attack it. But Luca could create it.
Don't forget: This is Germany. Very low corruption at the lower level of society (you will never see a bribe in everyday life) and the basic organisation of the country seems competent. Incredible high amount of corruption and incompetence in the higher spheres - Wirecard, Cum Ex, Kohls schwarze Kassen, the governing party (CDU) currently has a scandal about members gaining millions via corruption when organising FFP2 masks, the country completely failed to contain Covid after the first more or less successful lockdown. Luca fits right in.
> dream scenario of a new location registry of every move of the population
Not only politicians, I assume entities like Rundfunkbeitrag, Schufa, conuntless Inkasso will pay fortune to access such data.
> Very low corruption at the lower level of society [...] Incredible high amount of corruption and incompetence in the higher spheres
This is incredibly shocking for an newcomer to Germany. One swiftly hits the ceiling of 3-4k EUR net monthly and mortgage of 400-600k EUR with nowhere else to go, while watching enormous amounts of money being shuffled, fortunes hidden in idyllic villages, faceless dynasties owning chunks of industries, >1mln EUR apartments being purchased.
If they decide that you don't pay the license fee (doesn't matter if you really do), your live location will be beyond useful. They absolutely have the budget to implement the most invasive and abusive debt collection solution.
if they wanted to do that they'd probably have found another solution already through google's data at the very least. Probably apple/FB as well. Plus cell phone service providers.
I don't know why this new thing is your choice of how they'd get the data other than it being probably run as effectively as parler (edit: no data - gut feeling).
They somehow get this before Anmeldung, I lived in my apartment for 2 years before officially registering and received Rundfunkbeitrag letters + frivoulous copyright infringement notices (from a previous apartment).
> 2 years before officially registering and received Rundfunkbeitrag letters + frivoulous copyright infringement notices
This plus Jehovah Witnesses who stalk intercom labels and decide that you are a perfect (victim) fit for their "community", and you have the full German experience. Copyright bullies, debt collection predators, religious lunatics.
That's not true, you can see lot of small bribes in normal day-to-day transactions. Almost every single technician I met (for internet installation, electricity, washing machine installation, etc. Even insurance brokers) offered me to pay them cash directly to get some benefits or falsify some recorded data.
You run in strange circles. I have never ever experienced such a thing. What benefits do they offer? A faster appointment?
Cash in order to avoid taxes, sure, that happens, but again: it's not common. Almost always I simply get a paper bill, without any attempt to skirt that.
It's not about me, I live a perfectly normal, boring life. I'm not the one asking for bribes, and I always rejected them (I'm way too paranoid regarding regulations to accept that kind of stuff).
Same for the first two, but not the last. It's somewhat common for craftsmen to work "off the books" on smaller private contracts. It's a trade-off because obviously it's hard to claim liability when you have no proof they even worked on it and no contract specifying the work to be done. It's even more common in larger construction projects.
That's not too surprising IMHO, I would expect this to be more visible to foreigners. I myself have never seen any type of low-level corruption in my home country but I learnt that also happens quite often, it's just not too visible if you don't know where to look at.
I'm not from Germany, and do have a foreign name, I guess that may play a role.
Some handymen tried to double charge me, in cash of course, but that's the only thing I've experienced. The stats say 20% of Germans report having been asked for a bribe at some point in their lives. That's not great, but not terrible either.
Source for the 20%? Anecdotally I've never heard anyone being asked for one, other corrupt behaviour though for sure, things regarding land ownership, or zoning violations.
I mean, accepting a bribe or offering one is a way to fuck someone over.
But it's not "you have to pay more". More like "just so you know, I have access to this internal tool, you pay me now and this thing that isn't supposed to be possible due to your situation is now done".
Most common bribes I see is when I go to some countries and I am expected to pay an undisclosed fee to get better service. My anti-bribery training mentioned how these are often quite normal, and dressed up in terms like "facilitation fee", or "tip", but that if I were to pay such a fee I'd be breaking UK law.
Interesting! So you can't tip restaurant servers legally? Most point of sale machines for restaurants ask you to select a tip from a list of several standard optiins that usually puts 20% in the middle to make it seem normal, and like 15% is reserved as a mild complaint. So its not exactly undiaclosed, you can guess pretty well what it will be.
(a)P offers, promises or gives a financial or other advantage to another person, and
(b)P intends the advantage—
(i)to induce a person to perform improperly a relevant function or activity, or
(ii)to reward a person for the improper performance of such a function or activity.
The definition of improper broadly boils down to
> the test of what is expected is a test of what a reasonable person in the United Kingdom would expect in relation to the performance of the type of function or activity concerned.
Tipping at starbucks, or tipping a barman, or tipping a hotel member holding open a door, is certainly not what a reasonable person in the United Kingdom would expect.
"Tipping" is quite normal in the US. "Tipping" is quite normal in many African countries too. If you don't tip, you'll struggle to get any service (when you're running a project or whatever). It's a whole can of worms when normal activities in a country require a small payment.
Note also that if I tell my local project manager to make it happen, I'm on the hook for it if he "bribes" someone just as much as if I did it myself.
I'm sure the intent of the law is to prevent UK citizens from paying money to bypass bureaucracy (I had a very painful process importing some equipment at an airport once, they did not want to give me a receipt for the $1500 I wanted (and was supposed to) pay, they just wanted $50 to waive me through, or to stop me from paying an official $200k to let me build a pipe through a village, or whatever.
However it also means it's harder to make their project run smoothly in Guatemala ("Oh yes you can unload your lorry of course, this paperwork seems fine, but unfortunatly I need to check with my manager and he's currently out of town for 3 days. cough."), and means that you'll be subjected to a lengthy search at an airport (just long enough to miss your flight) for no reason unless you donate to their orphan fund or whatever.
I struggle to see the difference between that (which wouldn't be the case in the UK) and tipping a postman (which again I've never seen in the UK). The former I assume is illegal, the latter not, but it's not clear.
By enshrining English exceptionalism in UK law does seems rather off to me -- basically "treat all countries as if they were Britain, salute the Queen, and up the East India Company"
Does it matter that the tip is given after the service insteaf of before? My kids yoga teacher has a "pay what you can or what it is worth to you" scale so disadvantaged kids can come. I think of tips kind of like that.
Er... do you mean offering to work "off the record" without paying taxes for it ("Schwarzarbeit")? That't tax evasion, not corruption, but yeah, that's pretty common, even in Germany.
That's interesting that in German, Dutch and French we will talk about "black work" (schwarzarbeit (DE), travail au noir (FR), zwart werk (NL)) meaning undeclared/unreported work.
I see multiple probable origins on the net :
- Coming for the german "schwarzarbeit" during end of 1st, in-between or during the occupation during 2nd WW and translated in French/Dutch from there.
- Patron making employees works during the evening/night during the Middle albeit work was restricted only during day time.
I did not really find authoritative sources for the origin of the expression so take that whole bag of salt.
AFAIK you are correct. Before the first world war taxation was different in most of those countries and work was not taxed directly at all otherwise only in war years (i.e. the first world war) so the meaning is new. There was no need for a word for something which did not exist.
No, I mean someone offering you to give them some cash to ignore some rules (or not report what they should), or to actually change recorded data in a way that benefits you. A clear case: insurance brokers who offer you to change some records so that you can get a private insurance in cases where you shouldn't.
I don't know why you're getting downvoted. Where I live, they recently said they will open shops for a couple of days, and you can get in if either
1) you received a vaccine
2) you use the "Luca" app
so it doesn't matter who developed it, it's being used as an official app (at least in some places).
The other "official app" ("Corona Warn App") is also not developed by the government or any government-employed developers. That distinction is no distinction.
"Official" means that the government has adopted it and given it a special status.
The federal government and state governments have endorsed the Corona Warn App. No special privileges in lockdown are connected to it. No special use by public health authorities is made of it.
Several state governments and municipal government have endorsed (and bought licenses to!) the Luca app. Special privileges in lockdown are connected with it, not everywhere, but in many places. Public health authorities are directly connected to Luca's servers.
If anything, the Luca app is more official than Corona Warn App where it's in use (several German states), and poised to become more important as more states introduce it.
There is a big difference between commissioning a product (work for hire) and buying a product that has been already developed.
The federal government actually owns the IP of the Corona Warn App. Luca is merely licensed by various state and local governments. You can’t expect the buyer of a software to assume responsibility for copyright violations. It’s like blaming someone for a (hypothetical) copyright violation in Windows because they sell a server that has Windows pre-installed.
>>> You can’t expect the buyer of a software to assume responsibility for copyright violations
Yes you can. Certainly true in the US. Liability depends on state law and in how the contract is written. If the buyer did not specifically make that carve out, a judge may end up deciding.
If the seller specifically carved that in, the buyer can be liable too (along with the seller).
This is why most government entities are difficult to contract with. They have buyers that insist in specific contract language. Govt entities have templates preapproved by lawyers to prevent this sort of thing coming back to haunt them. So if you want to do business with the govt, that's the hoops you will need to jump over.
The app (Luca) that allegedly copied code from the linked one is used officially in some places in Germany (or at least some states/cities bought it, not sure how much actual use there is yet). It is not the main app for contact tracing (CWA).
They took code from the official Tracing app without attribution or retaining the copyright notice, which even 2-clause BSD would frown upon. And the original code is APL2.0, not BSD, you can't just sublicense like that.
This is not the official contract tracing app (that one can be found here https://github.com/corona-warn-app), its a commercial product that's only been "open sourced" under pressure of the public. Their service was financed be the same public figures that are now heavily pushing for its use.
And as one comment in the linked GitHub issue states, calling their license "open source" is really more of a marketing joke. Although the seem to have changed their restrictive license [1] to the GPL License [2]
Edit: Although its not the official apps, its heavily used by some official instances such as the health departments of some cities/states. The Luca app is financed by those departments purchasing a license. According to news, some licenses cost around 440k€ of taxpayer money [3]
This sounds like they do the same thing. But the luca app is for check-ins ( which are mostly still done with pen in paper in germany ). Check-ins are not supported by the official corona-warn-app (yet).
Also 2 states already purchased the app and 8 other announced to purchase it [1]. So if you live in one of these 10 states (out of 16) then you can consider the luca app to be official.
I'd like to mention that while Belgium did not everything right.
Having a rather small company "devside" to build the app ( it had references and a credible portfolio of > 100 apps) was a good thing for a good price.
They won from those that build the app in Germany and wanted big belgian telecom to join for the infrastructure for a much higher cost. While they only needed to change some parameters and localize it.
Result: 1 week of
delay ( 8 weeks was budgeted) and everything opensource from the start, is what I consider a good result.
Oh the irony. The LUCA app has been co-initiated and financed by Smudo [0], a famous German rapper. He was a supporter of Metallica suing Napster back in 2000 for copyright violation [1].
I would disagree. I remember for example how the discussion was about how the various pharma companies make lots of private money with the vaccines, but did receive generous government funding - and how the comment, also here on HN was: whatever, as long as the pandemie stops. And we are talking about a Corona app here.
So I think the sarcarsm was valid ... but probably not the whole discussion about
You might be getting closer but someone who is just barely making ends meet could be ruined by that, where someone with obscene wealth can lose even 10% and still buy a yacht minutes later.
Yeah, but he can only do that a few times. It's a much, much better system than what we have today for most things.
Of course, it hinges on being able to tell how much income they have, which is (at least in Germany) the hard part, as the defendant is not required to help.
And that generally does not matter, as the DA/judge will estimate the income based on available information. They will usually _not_ involve the tax authority, won't check your bank account etc. If their estimate is too high, you can provide information showing your actual income. If it's too low (which it usually is, because they're conservative in those estimates), you smile and walk out, having saved (a lot of) money.
In my homecountry someone gets hundreds of speeding tickets per year, always on the same road. Doesn't care.
With a properly scaling fine they'll stop doing that quickly or lose out on more than just a little yacht.
I'd say it's a pretty decent step, especially when combined with confiscation of the vehicle if it's a repeat offender or a severe case. As you said it may not be perfect...but I'd rather see that than some careless people risking lives of others just because a speeding ticket is small change for them.
Well so what, then they'll drive without a license. As long as the punishment isn't sufficient to make the person care enough you will only nudge the threshold a bit under which people actually feel it.
Edit: Same with using the phone while driving. It's one of the biggest contributing factors to road accidents, yet here the fine for doing it is barely above the price for a decent headset. So most just don't care and trust the fact that well under 1% will ever be caught because the police either doesn't care either or just doesn't have the manpower to effectively enforce it.
In Sweden the fine is in proportion to your income. If you go too fast they take your drivers license. Repeat speeding too many times and they might also take your license.
One could always establish a minimum-living income that was immune to fines based on ratio of income, or consider specific expenditures to be protected from the calculation (e.g. rent or cost of travel to work). However, I can see how that could eventually lead to the truism becoming "If the penalty for a crime is an income-ratio fine, then that law only exists for the middle class, and not for the lower or upper class" which would be... interesting.
When it comes to civil litigation, the poor and insolvent are already often considered judgment-proof [1]. So you could say we already have a little of that “laws exist only for the middle class” scenario.
Here in Denmark fines for drunk driving, driving while influenced by drugs, and driving while your license is suspended is income dependent. The exact fine is also dependent on your blood toxicity levels.
And if you are under 18 or have a low income you can get half off the fine.
I've often wondered whether penalties should target reputation more than they do, which would affect all classes of criminal including upper class. For example, as part of the sentence for violent crimes, the government could mail official press releases about the crime to all households in the area periodically for a certain amount of time after the conviction, or put up signs, at the criminal's expense (with a government cost-sharing for poorer criminals beyond whatever cost society would view appropriate to fine them - but mail and signage aren't that expensive). And companies convicted of a crime might have to fund government notifications of their crime to their customers and store/office visitors.
Details might need tweaking, but a version of this could really work.
There's a risk of that, yes. As I said, the details need tweaking. It would be especially helpful for wealthy, powerful, and/or corporate criminals who are probably paying for good private security regardless of their criminal record/sentence or lack thereof.
I do believe that the shame-feeling part of society is generally less likely to commit crimes. That is, it would work on them, but it wouldn't work on someone who does not care what their neighbors think of them.
Devils advocate: Someone with a yatch can have someone 'who barely makes ends meet' to do the dirty work, pay the now lowered fine. Payoff the poor guy and be done with it.
Lars has admitted multiple times he was wrong to lash out when they did. Go look up interviews yourself. Metallica have fully embraced digital platforms.
I haven't heard that name in quite some time! I remember receiving a relatively pissed off email from him in response to an interview request quite a few years ago. I guess the lasting negative impression I got of him from that exchange is not totally unfounded.
I can understand in the abstract that of course you could rap in German, but it's quite another to encounter evidence of this in the wild so to speak.
Having investigated further, I must say it's probably unfair against Gemany to not include the adjective old in the above statement, as Smudo (or at least the group he's in) is of early 90's vintage.
> I can understand in the abstract that of course you could rap in German, but it's quite another to encounter evidence of this in the wild so to speak.
Depending on what you consider "in the wild" but German rap is very popular in Germany and other German-speaking countries. People from Germany usually don't rap in English or French. Smudo is an old school, but are quite a bit of rapper that are popular right now, like Capital Bra, Apache 207, Samra, Lea, Mero, Loredana, Bushido, Sido, Olexesh, Kollegah, Farid Bang, RAF Camora, ... just on top of my head.
German lawyers are ecstatic over copyright issues. Soon they will form human centipede and demand 1000 EUR from everyone whose address they'll put their hands on.
No, they also like to do that with large companies. A few hundred € damage is too low for most companies to care much about it.
If the open source developer hires a lawyer I'm sure they'd be happy to make them some money. I wouldn't be surprised if they already got contacted. There are a lot of German lawyers out there looking for "victims" to sue on their behalf.
Yes, but even with companies, preferrably small ones. The ones who don't have a lawyer on payroll who handles such threats between second coffee and first lunch. Such that paying the demands is cheaper than hiring a lawyer.
Exactly right. The copyright, as it exists today, is a tool to protect money-making schemes (industry vs. "customers"). It once was meant as a tool to protect market access (industry vs. industry). If we can reform it back to that origin, I'd think we'd be in a much better place.
Here's a quick way to sweep this story under the rug:
Both CEOs of the company "Culture4Life GmbH" are politically well connected in Berlin. One is a clubowner, frequently in talks with government for tax-exemptions (eg. you pay less tax if you've employ a DJ...). The other one is a member of the Green party.
And we all know: Anyone who critcizes the left-wing sphere of Berlin is nothing but a racist. So there comes the rug.
EDIT: Also, the former CEO of said company is a lawyer with a reputation [1] whose main business partner is the ex-ceo of "Service und Dienstleistungen der ver.di GmbH", a temp-staffing agency run by Germany's biggest Union. Man... nothing to see here!
So I'm being inflammatory because I mention it's the Green Party and other Berlin leftists that are being involved?
It's not my fault that under the guise of being the force of good, of being the moral highground itself, of being pampered by decades of softball questions from nearly the whole of German Journalism, curruption can flourish.
It can do so even better if adherends of Berlin progressivism are being nurtured in the belief that, and opponents of Berlin progressivism are being threatened with that, every criticism of the left is guilty by association: Tin-Foil-Hat > Right-Wing > Nazi.
Just look at the FB profile of one their CEOs… full of "Nazis everwhere". It's the modern day.
Maybe I don't know the full story, but from reading this post and the comments it's a shame how peoples attitudes are towards this.
When people violate the GPL, it's most likely due to ignorance.
I really think we should encourage and act positively when commercial/corporate/enterprise crap opens up their source code.
When we find a GPL (or any license violation), why can't we approach it politely (in the first case), educate on the license terms and ask them to comply.
In this case, it's seems that's what happened. We notified, educated and they complied. Shouldn't this be rewarded and hailed as a success?
But now my worry is, with the amount of hate these guys received, other companies that are already worried about opening up their codebase and contributing back to OSS, have had their fears confirmed.
>I really think we should encourage and act positively when commercial/corporate/enterprise crap opens up their source code.
This is true.
>When we find a GPL (or any license violation), why can't we approach it politely (in the first case), educate on the license terms and ask them to comply.
I partially agree, but those companies often have an army of lawyers. It shouldn't be the responsibility of the internet to find GPL/license-violations in their code.
>But now my worry is, with the amount of hate these guys received, other companies that are already worried about opening up their codebase and contributing back to OSS, have had their fears confirmed.
> When people violate the GPL, it's most likely due to ignorance.
"OH, hey, a licence file. Let me delete that, I don't want to be bound bit it".
> When we find a GPL (or any license violation), why can't we approach it politely (in the first case), educate on the license terms and ask them to comply.
That was done, wasn't it? It was pointed out to the rightsholder that this commercial company was selling a product that included his code and were not complying with the licence.
> But now my worry is, with the amount of hate these guys received, other companies that are already worried about opening up their codebase and contributing back to OSS, have had their fears confirmed.
They can sometimes pay for separate licensing, or they can spend the money and write the software themselves. They want to keep it closed source and earn money by selling licenses (oh, the irony!) but shouldn't be called out when they violate other's rights because it might deter other violators? meh, I'm not buying it.
That is true, but I feel like we should apply different levels of scrutiny to some small project and an app developed by people with close ties to government officials who received literally millions of Euros in public funding to develop and license this app.
This isn't even a GPL violation as the code in question was licensed under a BSD license. They simply removed the original copyright notice, which may have been a genuine accident caused by misconfigured tooling (especially since someone mentioned they changed the formatting).
The reason people are outraged is entirely that this is a publicly funded multi-million Euro project that is already facing accusations of corruption/nepotism and tried to open-source wash a proprietary product (as the app wasn't even published under an open-source license at the time). You can't really point at this incident and derive a general point about "people's attitudes towards violating the GPL".
I am not familiar enough with BSD, but would it not be a licence breach, when you alter libraries with a BSD licence and redistribute those in a closed-source app?
At least with GPL that would most likely be the case.
If so, regardless of their "accidental tooling removing the copyright notice", they would be violating that copyright.
Oh, I'm not saying what they did wasn't illegal (tho IANAL, so I can't say whether this would indeed be considered copyright infringement and warrant damages in Germany). I'm just saying that forgetting that your autoformatter strips license comments when you copy permissively licensed third-party code into your codebase is a different level of impolite than using copyleft licensed third-party code with no intention to adhere to the copyleft restriction.
Completely agree, they were hit by an angry mob of unthankful people.
I think most in the mob are aware that their reaction is overblown. The list of OSS licenses is usually buried deep inside the docs and few ever read it. Luca made themselves vulnerable by opening up their code and the mob is using this weakness to attack them.
It's really about not wanting this app to succeed, because they are making good money and because there are valid privacy concerns. Maybe Luca should not be widely used, but then the politicians who bought it are at fault, not the developers. Also nobody is forced to install it.
Then there's the complaint about Luca's license. They open up their codebase and people complain that the license is not free enough? Mind blown, try that with any large company and see how far you get. Microsoft, give me your Office source code, or... I'll write an angry tweet!
So when does this app get banned from the Google Play Store and Apple App Store? They clearly violate some terms of service... if legit apps get banned then why not this behaviour?
IANAL, but since most software licences work because of Copyrights, I suspect "both": as in: it is a copyright infringement, which is how you can enforce the licence agreement to be followed.
I have never used a contact tracing app before. I never leave the house with my phone, and when I arrive at the pub, I get funny looks when I say I can't scan their barcode because I don't have a phone. This pandemic is just further enforcing the idea that you need a phone to operate in this world...
Regarding Germany's official Corona tracing app (not the of this post), by the end of last year there was a discussion about collecting movement data of the app users [0]. The discussion was part of the "German Infection Protection Act", resulted in public protests and in the end got declined. I wonder what the state of this is in other countries?
Likely. Why is everyone acting like this is some high conspiracy or even blaming the entire project - this was probably some lazy dev that didn't want to deal with the hassle of including the licence and just copy pasted the class. I used to do this when I was learning to code, I often reimplemented stuff already available for learning and would just copy paste large chunks. I didn't publish any work back then and I realised it was a bad habit because I didn't know what the code does - but I get where it comes from.
Mostly general distrust in the project by the German tech scene on Twitter.
Their marketing comes with weird "trust us" vibe and the German tech scene went through these conversations already with the concept of the official app.
Add to that their attempts at transparency which are often a little too late and vague, and you have internet outrage. (With this release for example people were expecting to see server-side code, not that of the Android app everybody could already find in the apk).
People see this as an act of either carelessness or malevolence which both is unacceptable in an application that collects and stores very personal data on a large scale.
I think you have unrealistic expectations of applications developed for public sector - I'm usually surprised if they do core of intended functionality correctly.
This isn't a project developed for the public sector really. Afaik it's a privately funded, for profit, product that has been licensed by several states in Germany by now.
Apart from that the official (indeed publicly funded) Corona-Warn-App did a much better job at this. (They actually did follow all the recent best practices in software-develoment + it's (mostly) run as a free software project, taking community contributions seriously, reacting to feedback and issues, etc.)
I see. Can you talk a bit more about the review process where you work to ensure no unlicensed code is committed? I assume there's either an automatic or manual, rigorous process that's followed.
> Why is everyone acting like this is some high conspiracy
Because everyone here is a coder and puts a lot of effort into their work, and doesn't want it get stolen.
We put a lot of effort into the Open Source projects we publish. Some of us are very generous and publish things to the public domain, but most of us at least want attribution for our work.
If you copy & paste code, strip the license, claim it's your code, and sell it for money, we consider you the scum of the earth. That's just not something that decent people do.
It could be an error; a junior dev may not know that just copy/pasting code from google search results is generally not allowed. But it's really something that everyone in our profession should know.
Just like a musician is expected to know that they need clearance for samples, or journalists know they need permission for publishing a photo, a programmer is expected to know that they need a license for reusing other people's code.
>If you copy & paste code, strip the license, claim it's your code, and sell it for money, we consider you the scum of the earth. That's just not something that decent people do.
Meh - I'd speculate it's a result of an underpaid coder with too much work - I've seen these kinds of projects before - people with connections in the public sector get the contract and then basically hire the lowest cost developers available.
> Just like a musician is expected to know that they need clearance for samples, or journalists know they need permission for publishing a photo, a programmer is expected to know that they need a license for reusing other people's code.
And yet those get violated all the time, even in big time publications and by big time artists.
I'm not defending the guy who did it - he did something wrong, but they corrected it and malice attributed to project seems misplaced.
On the flip side I think this could be handled better industry wide - like we already have security vulnerability scanning tools bundled with major code hosting platforms, they should probably figure out a way to do copyright infringement warnings .
You as a learner copypasting code isn't itself the problem. The problem is that this is a published, copyrighted work that has been included into another published, copyrighted work without adherence to license terms.
If I had copied Culture4Life's code and used it in my own project, they would be suing for tens of thousands of dollars in damages; and the law would agree that I should have to pay tens of thousands of dollars in damages for that infringement. Asking for attribution and a proper license declaration is the polite way to handle a license violation.
I don't know LUCA app, but the CoronaWarnApp[1] is not a "tracking application".
> The architecture follows a decentralized approach – based on the DP-3T and TCN protocols, as well as the Privacy-Preserving Contact Tracing specifications by Apple and Google.
Many, if not most, Corona "tracers" (note, the missing K) at least in Europe, work similar, if only because both Apple's iOS and Googles Android require such an architecture in order for those tracing apps to stay online and stay tracing.
I get the impression that copyright infringement on permissively licensed works is more the norm than the exception these days. It seems like most popular JavaScript libraries are MIT licensed, but it seems lost on the users that the MIT license requires attribution, something I rarely see on a lot of highly interactive websites that are almost certainly redistributing attribution-required code.
It would be interesting to see if one could make a bot that could detect minified versions of popular libraries and see what the compliance rate is.
163 comments
[ 4.3 ms ] story [ 214 ms ] threadYou're talking about the older Corona Warn App which does similar things (and is generally considered too limited), but without direct data transfer to public health authorities. That's what the Luca app does.
Warn App is more for chance encounters tracking a person meeting other people.
Luca is more for checking in and out of stores and other locations.
[Edit: I stand by every single word, in case people doubt it.]
See https://github.com/corona-warn-app/cwa-documentation/blob/ma... for details on how they do it.
It is as if a certain political class had this dream scenario of a new location registry of every move of the population. That they did not get via the CWA app, and since then they attack it. But Luca could create it.
Don't forget: This is Germany. Very low corruption at the lower level of society (you will never see a bribe in everyday life) and the basic organisation of the country seems competent. Incredible high amount of corruption and incompetence in the higher spheres - Wirecard, Cum Ex, Kohls schwarze Kassen, the governing party (CDU) currently has a scandal about members gaining millions via corruption when organising FFP2 masks, the country completely failed to contain Covid after the first more or less successful lockdown. Luca fits right in.
Not only politicians, I assume entities like Rundfunkbeitrag, Schufa, conuntless Inkasso will pay fortune to access such data.
> Very low corruption at the lower level of society [...] Incredible high amount of corruption and incompetence in the higher spheres
This is incredibly shocking for an newcomer to Germany. One swiftly hits the ceiling of 3-4k EUR net monthly and mortgage of 400-600k EUR with nowhere else to go, while watching enormous amounts of money being shuffled, fortunes hidden in idyllic villages, faceless dynasties owning chunks of industries, >1mln EUR apartments being purchased.
They already get your location (edit: I mean address here) when you register to the local administration (Anmeldebescheinigung).
My address is no secret, where I was last friday night (and tuesday morning) is.
I don't know why this new thing is your choice of how they'd get the data other than it being probably run as effectively as parler (edit: no data - gut feeling).
This plus Jehovah Witnesses who stalk intercom labels and decide that you are a perfect (victim) fit for their "community", and you have the full German experience. Copyright bullies, debt collection predators, religious lunatics.
That's not true, you can see lot of small bribes in normal day-to-day transactions. Almost every single technician I met (for internet installation, electricity, washing machine installation, etc. Even insurance brokers) offered me to pay them cash directly to get some benefits or falsify some recorded data.
Cash in order to avoid taxes, sure, that happens, but again: it's not common. Almost always I simply get a paper bill, without any attempt to skirt that.
It's not about me, I live a perfectly normal, boring life. I'm not the one asking for bribes, and I always rejected them (I'm way too paranoid regarding regulations to accept that kind of stuff).
Unreported work/income is estimated at about 10% of GDP: https://de.statista.com/statistik/daten/studie/20063/umfrage...
I'm not from Germany, and do have a foreign name, I guess that may play a role.
That's a good point I hadn't considered.
But it's not "you have to pay more". More like "just so you know, I have access to this internal tool, you pay me now and this thing that isn't supposed to be possible due to your situation is now done".
(a)P offers, promises or gives a financial or other advantage to another person, and (b)P intends the advantage— (i)to induce a person to perform improperly a relevant function or activity, or (ii)to reward a person for the improper performance of such a function or activity.
The definition of improper broadly boils down to
> the test of what is expected is a test of what a reasonable person in the United Kingdom would expect in relation to the performance of the type of function or activity concerned.
Tipping at starbucks, or tipping a barman, or tipping a hotel member holding open a door, is certainly not what a reasonable person in the United Kingdom would expect.
"Tipping" is quite normal in the US. "Tipping" is quite normal in many African countries too. If you don't tip, you'll struggle to get any service (when you're running a project or whatever). It's a whole can of worms when normal activities in a country require a small payment.
Note also that if I tell my local project manager to make it happen, I'm on the hook for it if he "bribes" someone just as much as if I did it myself.
I'm sure the intent of the law is to prevent UK citizens from paying money to bypass bureaucracy (I had a very painful process importing some equipment at an airport once, they did not want to give me a receipt for the $1500 I wanted (and was supposed to) pay, they just wanted $50 to waive me through, or to stop me from paying an official $200k to let me build a pipe through a village, or whatever.
However it also means it's harder to make their project run smoothly in Guatemala ("Oh yes you can unload your lorry of course, this paperwork seems fine, but unfortunatly I need to check with my manager and he's currently out of town for 3 days. cough."), and means that you'll be subjected to a lengthy search at an airport (just long enough to miss your flight) for no reason unless you donate to their orphan fund or whatever.
I struggle to see the difference between that (which wouldn't be the case in the UK) and tipping a postman (which again I've never seen in the UK). The former I assume is illegal, the latter not, but it's not clear.
By enshrining English exceptionalism in UK law does seems rather off to me -- basically "treat all countries as if they were Britain, salute the Queen, and up the East India Company"
It comes down to the definition of "improper".
I see multiple probable origins on the net : - Coming for the german "schwarzarbeit" during end of 1st, in-between or during the occupation during 2nd WW and translated in French/Dutch from there. - Patron making employees works during the evening/night during the Middle albeit work was restricted only during day time.
I did not really find authoritative sources for the origin of the expression so take that whole bag of salt.
so it doesn't matter who developed it, it's being used as an official app (at least in some places).
"Official" means that the government has adopted it and given it a special status.
The federal government and state governments have endorsed the Corona Warn App. No special privileges in lockdown are connected to it. No special use by public health authorities is made of it.
Several state governments and municipal government have endorsed (and bought licenses to!) the Luca app. Special privileges in lockdown are connected with it, not everywhere, but in many places. Public health authorities are directly connected to Luca's servers.
If anything, the Luca app is more official than Corona Warn App where it's in use (several German states), and poised to become more important as more states introduce it.
The federal government actually owns the IP of the Corona Warn App. Luca is merely licensed by various state and local governments. You can’t expect the buyer of a software to assume responsibility for copyright violations. It’s like blaming someone for a (hypothetical) copyright violation in Windows because they sell a server that has Windows pre-installed.
Yes you can. Certainly true in the US. Liability depends on state law and in how the contract is written. If the buyer did not specifically make that carve out, a judge may end up deciding.
If the seller specifically carved that in, the buyer can be liable too (along with the seller).
This is why most government entities are difficult to contract with. They have buyers that insist in specific contract language. Govt entities have templates preapproved by lawyers to prevent this sort of thing coming back to haunt them. So if you want to do business with the govt, that's the hoops you will need to jump over.
And as one comment in the linked GitHub issue states, calling their license "open source" is really more of a marketing joke. Although the seem to have changed their restrictive license [1] to the GPL License [2]
Edit: Although its not the official apps, its heavily used by some official instances such as the health departments of some cities/states. The Luca app is financed by those departments purchasing a license. According to news, some licenses cost around 440k€ of taxpayer money [3]
[1] https://gitlab.com/lucaapp/android/-/commit/a30432ec4a01c2ca...
[2] https://gitlab.com/lucaapp/android/-/commit/4433884f00462bae...
[3] (German) https://www.faz.net/aktuell/politik/inland/mecklenburg-vorpo...
Like Android.
This sounds like they do the same thing. But the luca app is for check-ins ( which are mostly still done with pen in paper in germany ). Check-ins are not supported by the official corona-warn-app (yet).
Also 2 states already purchased the app and 8 other announced to purchase it [1]. So if you live in one of these 10 states (out of 16) then you can consider the luca app to be official.
[1] (German) https://www.heise.de/hintergrund/Corona-Apps-Die-wichtigsten...
According to [1] version 2.0 will be released in two weeks and will support check-ins.
[1] (German) https://www.tagesschau.de/inland/corona-warn-app-check-in-10...
Having a rather small company "devside" to build the app ( it had references and a credible portfolio of > 100 apps) was a good thing for a good price.
They won from those that build the app in Germany and wanted big belgian telecom to join for the infrastructure for a much higher cost. While they only needed to change some parameters and localize it.
Result: 1 week of delay ( 8 weeks was budgeted) and everything opensource from the start, is what I consider a good result.
Respect where it's due! Hat off
https://github.com/covid-be-app
[0] https://www.chip.de/news/Kontaktverfolgung-mit-Luca-App-von-...
[1] https://www.heise.de/newsticker/meldung/Smudo-vs-Napster-Da-...
So I think the sarcarsm was valid ... but probably not the whole discussion about
That being said, Bubelich should definitely sue
"If the penalty for a crime is a fine, then that law only exists for the lower class."
Of course, it hinges on being able to tell how much income they have, which is (at least in Germany) the hard part, as the defendant is not required to help.
I'd say it's a pretty decent step, especially when combined with confiscation of the vehicle if it's a repeat offender or a severe case. As you said it may not be perfect...but I'd rather see that than some careless people risking lives of others just because a speeding ticket is small change for them.
Edit: Same with using the phone while driving. It's one of the biggest contributing factors to road accidents, yet here the fine for doing it is barely above the price for a decent headset. So most just don't care and trust the fact that well under 1% will ever be caught because the police either doesn't care either or just doesn't have the manpower to effectively enforce it.
1: https://en.wikipedia.org/wiki/Judgment_proof
Details might need tweaking, but a version of this could really work.
Someone with obscene wealth can be imprisoned and still buy a yacht - even incarceration has a much greater impact on a poor person.
As such, I'd rather fine them in proportion to their wealth.
Depends who is responsible for the actual "action", specially looking at Iraq.
I'll let things go after that much time has passed.
Nope.
https://youtu.be/LeKX2bNP7QM
I can understand in the abstract that of course you could rap in German, but it's quite another to encounter evidence of this in the wild so to speak.
Having investigated further, I must say it's probably unfair against Gemany to not include the adjective old in the above statement, as Smudo (or at least the group he's in) is of early 90's vintage.
Depending on what you consider "in the wild" but German rap is very popular in Germany and other German-speaking countries. People from Germany usually don't rap in English or French. Smudo is an old school, but are quite a bit of rapper that are popular right now, like Capital Bra, Apache 207, Samra, Lea, Mero, Loredana, Bushido, Sido, Olexesh, Kollegah, Farid Bang, RAF Camora, ... just on top of my head.
They will only send letters to people who cannot defend themselves.
If the open source developer hires a lawyer I'm sure they'd be happy to make them some money. I wouldn't be surprised if they already got contacted. There are a lot of German lawyers out there looking for "victims" to sue on their behalf.
Infringement is only frowned upon when it's your independent musician playing Bach on a YT video and of course he's "stealing" from the big players.
Both CEOs of the company "Culture4Life GmbH" are politically well connected in Berlin. One is a clubowner, frequently in talks with government for tax-exemptions (eg. you pay less tax if you've employ a DJ...). The other one is a member of the Green party.
And we all know: Anyone who critcizes the left-wing sphere of Berlin is nothing but a racist. So there comes the rug.
EDIT: Also, the former CEO of said company is a lawyer with a reputation [1] whose main business partner is the ex-ceo of "Service und Dienstleistungen der ver.di GmbH", a temp-staffing agency run by Germany's biggest Union. Man... nothing to see here!
[1] https://www.agrarzeitung.de/nachrichten/agrarspitzen/Maerche...
It's not my fault that under the guise of being the force of good, of being the moral highground itself, of being pampered by decades of softball questions from nearly the whole of German Journalism, curruption can flourish.
It can do so even better if adherends of Berlin progressivism are being nurtured in the belief that, and opponents of Berlin progressivism are being threatened with that, every criticism of the left is guilty by association: Tin-Foil-Hat > Right-Wing > Nazi.
Just look at the FB profile of one their CEOs… full of "Nazis everwhere". It's the modern day.
> And we all know: Anyone who critcizes the left-wing sphere of Berlin is nothing but a racist. So there comes the rug.
which distracts from the valuable rest of your comment.
I do this myself sometimes and have noticed that it usually steers the discussion away from the subject matter.
When people violate the GPL, it's most likely due to ignorance.
I really think we should encourage and act positively when commercial/corporate/enterprise crap opens up their source code.
When we find a GPL (or any license violation), why can't we approach it politely (in the first case), educate on the license terms and ask them to comply.
In this case, it's seems that's what happened. We notified, educated and they complied. Shouldn't this be rewarded and hailed as a success?
But now my worry is, with the amount of hate these guys received, other companies that are already worried about opening up their codebase and contributing back to OSS, have had their fears confirmed.
This is true.
>When we find a GPL (or any license violation), why can't we approach it politely (in the first case), educate on the license terms and ask them to comply.
I partially agree, but those companies often have an army of lawyers. It shouldn't be the responsibility of the internet to find GPL/license-violations in their code.
>But now my worry is, with the amount of hate these guys received, other companies that are already worried about opening up their codebase and contributing back to OSS, have had their fears confirmed.
Hate is too strong. It's more criticism.
"OH, hey, a licence file. Let me delete that, I don't want to be bound bit it".
> When we find a GPL (or any license violation), why can't we approach it politely (in the first case), educate on the license terms and ask them to comply.
That was done, wasn't it? It was pointed out to the rightsholder that this commercial company was selling a product that included his code and were not complying with the licence.
> But now my worry is, with the amount of hate these guys received, other companies that are already worried about opening up their codebase and contributing back to OSS, have had their fears confirmed.
They can sometimes pay for separate licensing, or they can spend the money and write the software themselves. They want to keep it closed source and earn money by selling licenses (oh, the irony!) but shouldn't be called out when they violate other's rights because it might deter other violators? meh, I'm not buying it.
This isn't even a GPL violation as the code in question was licensed under a BSD license. They simply removed the original copyright notice, which may have been a genuine accident caused by misconfigured tooling (especially since someone mentioned they changed the formatting).
The reason people are outraged is entirely that this is a publicly funded multi-million Euro project that is already facing accusations of corruption/nepotism and tried to open-source wash a proprietary product (as the app wasn't even published under an open-source license at the time). You can't really point at this incident and derive a general point about "people's attitudes towards violating the GPL".
At least with GPL that would most likely be the case.
If so, regardless of their "accidental tooling removing the copyright notice", they would be violating that copyright.
Also, IANAL.
I think most in the mob are aware that their reaction is overblown. The list of OSS licenses is usually buried deep inside the docs and few ever read it. Luca made themselves vulnerable by opening up their code and the mob is using this weakness to attack them.
It's really about not wanting this app to succeed, because they are making good money and because there are valid privacy concerns. Maybe Luca should not be widely used, but then the politicians who bought it are at fault, not the developers. Also nobody is forced to install it.
Then there's the complaint about Luca's license. They open up their codebase and people complain that the license is not free enough? Mind blown, try that with any large company and see how far you get. Microsoft, give me your Office source code, or... I'll write an angry tweet!
en : https://translate.google.com/translate?hl=en&sl=de&u=https:/...
[0] https://www.sciencemediacenter.de/alle-angebote/rapid-reacti...
- We are talking about a file of 200 lines of code.
- It's replaceable functionality that isn't exactly rocket science.
- The issue was fixed within a few hours.
[Edit: replaced "error" with "issue" to avoid implicit judgement and establish a common baseline]
It was fixed and nobody was harmed.
The outrage in GH issues is ridiculous.
Their marketing comes with weird "trust us" vibe and the German tech scene went through these conversations already with the concept of the official app.
Add to that their attempts at transparency which are often a little too late and vague, and you have internet outrage. (With this release for example people were expecting to see server-side code, not that of the Android app everybody could already find in the apk).
Apart from that the official (indeed publicly funded) Corona-Warn-App did a much better job at this. (They actually did follow all the recent best practices in software-develoment + it's (mostly) run as a free software project, taking community contributions seriously, reacting to feedback and issues, etc.)
Because everyone here is a coder and puts a lot of effort into their work, and doesn't want it get stolen.
We put a lot of effort into the Open Source projects we publish. Some of us are very generous and publish things to the public domain, but most of us at least want attribution for our work.
If you copy & paste code, strip the license, claim it's your code, and sell it for money, we consider you the scum of the earth. That's just not something that decent people do.
It could be an error; a junior dev may not know that just copy/pasting code from google search results is generally not allowed. But it's really something that everyone in our profession should know.
Just like a musician is expected to know that they need clearance for samples, or journalists know they need permission for publishing a photo, a programmer is expected to know that they need a license for reusing other people's code.
Meh - I'd speculate it's a result of an underpaid coder with too much work - I've seen these kinds of projects before - people with connections in the public sector get the contract and then basically hire the lowest cost developers available.
> Just like a musician is expected to know that they need clearance for samples, or journalists know they need permission for publishing a photo, a programmer is expected to know that they need a license for reusing other people's code.
And yet those get violated all the time, even in big time publications and by big time artists.
I'm not defending the guy who did it - he did something wrong, but they corrected it and malice attributed to project seems misplaced.
On the flip side I think this could be handled better industry wide - like we already have security vulnerability scanning tools bundled with major code hosting platforms, they should probably figure out a way to do copyright infringement warnings .
If I had copied Culture4Life's code and used it in my own project, they would be suing for tens of thousands of dollars in damages; and the law would agree that I should have to pay tens of thousands of dollars in damages for that infringement. Asking for attribution and a proper license declaration is the polite way to handle a license violation.
Also it’s a shame that there is no code to the rest (like backend) of this System.
I am totally fine judging something even for minor things when it was paid by tax money and it holds sensible data.
https://luca-app.de/securityconcept/intro/intro.html
> The architecture follows a decentralized approach – based on the DP-3T and TCN protocols, as well as the Privacy-Preserving Contact Tracing specifications by Apple and Google.
Many, if not most, Corona "tracers" (note, the missing K) at least in Europe, work similar, if only because both Apple's iOS and Googles Android require such an architecture in order for those tracing apps to stay online and stay tracing.
[1] https://www.coronawarn.app/en/
It would be interesting to see if one could make a bot that could detect minified versions of popular libraries and see what the compliance rate is.