> EDIT: On second thought, I will not and just leave it at that. It seems the internet is fed on outrage and must interpret every intent as malicious.
Yes, I'm sure this is not malicious at all:
> Upon further investigation, it became clear that Wenzheng Tang is a Chinese national, but not resident in China. As a guest in his current country, his residency status is predicated on a number of conditions, one of which is not violating the law.
> If found in violation of laws, residency may be revoked and he may be deported to his home country.
> This becomes even further complicated given another repo of his - Fuck 学习强国, which is highly critical of the Chinese government. Were he deported to China, who knows how he may be received.
Also relevant is this line in the original DMCA email shown in the original issue:
> Otherwise, I will have to transfer information about you to lawyers who will cooperate with github.com and Chinese government to physically find you and stop the illegal use of licensed content.
The later comment I might have charitably excused as poor wording, but that line really highlights the threat being made. That this was in the original takedown letter just makes me even more worried about the business practices at Muse Group and its recent takeover of Audacity.
Agreed. The last comment that got everyone upset could be understood to be poorly worded, but that first one, which never was edited or deleted, is damning.
This is a shame, because Muse Score is a great piece of software.
This seems like a very uncharitable reading of that quote.
Btw, what is organisation meant to do in this situation? Sue the person they believe is infringing on their rights without regard to humanity? Ignore the issue altogether?
Presumably they are meant to add authentication to their API if they don't want a third party client accessing it. If they believe they have a leg to stand on they can try to get it removed from github. What you don't do is threaten to collaborate with the Chinese government to murder them.
Don't know why your getting downed, I'm reading this the same way as you. I don't know either party, don't know the history, without that, to me, it comes across as someone trying to avoid messing up someone's life, not someone dog whistling that that's what they are dangling. So to me you're asking a fair question to people who don't see it that way, what's the context that gives you a different read?
The threat they lobbed was fanciful, unrealistic, horrible and borne of a dive into his personal life to identify a risk factor designed not as an identification of real risk but to create fear to motivate a change in behavior precisely because they had no real legal leg to stand on.
This is not much different from noting someone is gay in a middle eastern country and pondering what would happen if they were outed while trying to coerce them to do what you would prefer.
He created a client to consume a public API not much different than youtube-dl for sheet music which can be used to download both works under a free license or under a non free license. If the usage is infringing it is infringement by the user of the works of someone like Sony. Muse has zero call to start some shit directly with the developer because they aren't the injured party and he's not the responsible party which is why they had to stoop to nonsensical threats.
Thanks for replying. I understand exactly the kind of threat (“gosh it would be a shame if your house burned down”) and agree that if that’s what muse are doing it’s reprehensible.
I interpret it slightly differently, I asked the question because I was genuinely interested in others reading of it, rather than trying to push a perspective
Seems I’m being downvoted for not interpreting the same way as others. I haven’t spouted anything offensive, I have told anyone they are wrong. I’m listening and reading other opinions carefully. HN is valuable because as long as people are genuine and open, not deliberately hurtful or malicious, it is a place where different perspectives can be examined and resolved. It is a place that has miraculously managed to facilitate free discussion without being colonised by so called free speech advocates dog whistling hate.
If you're motivated enough to down vote, could you please take the time to point of the parts of the thread that lead you to believe that I am mistaken to take the muse posts at their explicit meaning rather than the implied threat.
Otherwise we are conducting discussion by punishing dissent, which on a larger stage just supports the status quo of rights holder power. While I don't think this particular disagreement in itself is a hill I want to fight for, I think the way discussion happens here enlightens me and enriches my life and think its worth the effort to sustain that, and it is for that reason not out of some desire to provoke or trap, I am opening myself and my opinions up to critique, and genuinely ask what aspect of the posts you read as indicating a threat as opposed to the explicit claims. I'm not going to troll or flame back I'm just going to listen and re-read the post afterwards.
To be slightly fair to the guy, it seems like he's probably in the right about the details- it sounds like Muse Score is under very strict constraints to be able to do what they're doing, and this repo is basically just allowing users to violate the constraints that Muse Score was forced to operate under in order to continue hosting copyrighted works. Which is pretty unsurprising in my view. There's quite a few people in the thread who are basically arguing "But we don't like your business model" - to which the correct answer is "Well fuck off then".
He's gone way too far in trying to pursuade the commenters in that thread. But then there's 34 hidden comments (I don't seem to be able to open), a jump from October 2020 to yesterday and suddenly he's wading in to a debate on ethics in journalism and making what are at the very least poorly considered references to getting someone deported (I don't seriously believe that someone is going to get deported for copyright infringement unless they really really go out of their way to fight it).
It seems like they have fixed it. The tool now downloads music from IPFS. The developer apparently used the public API a while ago to mirror all the music to IPFS.
It's inappropriate everywhere, since it's worded just like a mafia thug would do.
They don't say "if you do X I will kill you", they say "what you're doing is dangerous, it would be a shame if some bad people would hurt you because of that".
As someone who's dealt with the mass of incompetence that can barely be described as a human organization which we refer to as the USCIS: That's a pretty shitty joke.
And how do they specify which access is authorised/unauthorised in their HTTP responses? How can we determine programmatically which use is unauthorised?
HTTP status codes are not legally binding. EULAs are.
Saying "if the status code isn't 401 then I'm authorized" is like saying "if the door opens, I'm allowed to enter". "Able to" and "allowed to" are not the same thing, especially when you were only "able" because you ignored DO NOT ENTER signs and picked locks.
The fact that you managed to defeat or bypass security measures intended to block you doesn't magically make your behavior legal.
oh, did I not mention that I'm sending an X-send-401-if-use-is-unauthorised-and-also-please-note-that-by-responding-to-this-http-request-you-agree-to-my-eula header in my request?
Yeah, sorry, looks like I did forget to mention that.
I'm sending that header, too. So as you can see, by responding to a request containing that header they're accepting my terms, which are legally binding just like their eula (and in fact specifically take precedence over their eula), and which compels them to detect any use not authorised under their eula and notify me with a 401, and that by failing to do so they're explicitly authorising the use.
So, yeah, it's pretty clear that if they're not responding with a 401, my use is authorised. Thanks for playing!
Cool, so that means you won't go after me after I figure out all your bank passwords and steal all your money? After all, the website sent back a 200 status code, which means I must have been authorized.
The manager's response seems to be empathetic and human, though it would've been better to keep it private.
The Russian developer's original email, however, is a travesty. Not only is it horrifically worded, but it actually does threaten the dev with the actions of the Chinese government. It's an awful thing to do and a PR nightmare for the company.
That's a good lesson for the rest of us: don't let your devs do the work of lawyers.
He didn't threaten the dev. He warned the dev what are the consequences (that would be ompoaed by others) of his actions in violating the law and getting Muse stuck in the middle.
Being a political activist is not an excuse to violate unrelated laws and demand everyone around you abet you.
It was definitely a threat. “It would be a shame if I were to report this unrelated repo to your government to demonstrate that you’re a political dissident. It would be a shame if your government were to punish you for it. Don’t get mad; I’m sure informing you of your personal risks.”
There's no mention of reporting any repos to the government. Only starting legal proceedings to stop their undeniably illegal activity, and that those proceedings might result in their deportation, and that for this person deportation is very dangerous because of the political climate in their home country.
Its not a threat, it's a warning about the danger of the person's position, and hopefully an incentive to stop their illegal and possibly criminal activity before legal proceedings start.
This is from the original email (not the message linked by OP!):
> Otherwise, I will have to transfer information about you to lawyers who will cooperate with github.com and Chinese government to physically find you and stop the illegal use of licensed content.
Yes, exactly! And then when you don't buy his new windows, he calls the cops and tells them to be on the lookout for your silver bmw with illegal tinted windows.
So, @hannasanarion, what's your job title as muse? Given your posts, I'm gonna go ahead and guess "Head of PR"?
If the original title is blatantly inaccurate or doesn’t properly describe the subject at hand, it makes sense to modify the title.
In this case, “threatens developer” is a bit of an understatement, if anything. The original comments—which have since been edited—specifically threaten to abuse the fact that the repo owner is a political dissident. “We will make sure your government goes after you for more than just copyright infringement” is a rather despicable threat.
Found another one from the same author of the original takedown request (Max Chistyakov, at the top of the submitted github issue):
> So, I decide to reach you before lawyers and publishers start working and physically found you. I recommend you to delete public repo and npm package. May be formatting your disk will be nice for you too.
So they have shown their true colors, if anyone had doubt and called "knee-jerk" over community reaction to Audacity takeover. Now it's safe to say with such "leadership" Audacity will not have its "Blender moment".
(just as I commented this on another earlier submission which didn't make it to the frontpage, because reasons)
It does seem that the developer is probably violating copyrights - you usually can’t just post Disney’s IP for others to freely use.
There does seem to be some gray area. Recent cases have been relaxing the grip of CFAA as it pertains to accessing publicly available APIs. 10-15 years ago it likely would have been a violation. Today I genuinely doubt it, especially if it received a knowledgeable judge like Alsup. But I bet a court would look at the copyright issues separately from the API access. While the API access is (probably?) not against the law, the copyright violations would probably stick without some amazing lawyer work. Perhaps you could make the argument that Muse made these public via their API rather than the developer who scraped them but I don’t feel like that would succeed because it’s really two independent faults. Muse failed to secure the IP and the developer didn’t just access, they republished on IPFS.
I had been very critical of the extreme nonsense of Tenacity / Sneedacity. I also felt the general outrage over un-materialized concerns of nebulous “telemetry” was unconvincing. I certainly never expected Muse Group to somehow lower the already low bar down to the Marianas Trench, and yet, here we are.
Here’s what Daniel wrote to the developer, in public:
>> Upon further investigation, it became clear that <developer> is a Chinese national, but not resident in China. As a guest in his current country, his residency status is predicated on a number of conditions, one of which is not violating the law.
>> If found in violation of laws, residency may be revoked and he may be deported to his home country.
>> This becomes even further complicated given another repo of his - Fuck XXQG which is highly critical of the Chinese government. Were he deported to China, who knows how he may be received.
As marcan said, that does appear to be blackmail. I have trouble finding a view of that in which it is not blackmail. Blackmail is a crime at state and federal levels for good reason.
I’m not a lawyer so I’d be interested to learn ways that this isn’t a violation of California penal code PC 519, very specifically PC 523, and more generally PC 518. If anyone could educate me and help me see how it is not blackmail/extortion, I would genuinely appreciate that.
Penal Code 518 defines the California crime of extortion. The law says that a person commits extortion by:
obtaining property or other consideration from another person without that person’s consent, …and doing so by means of force or fear.
Penal Code 519 says that, for purposes of extortion charges, fear is an emotion generated by certain specific threats.
These include the threat to:
…accuse a person, or that person’s relative or family member, of a crime,
…report a person’s immigration status or suspected immigration status.
64 comments
[ 2.9 ms ] story [ 140 ms ] thread> EDIT: On second thought, I will not and just leave it at that. It seems the internet is fed on outrage and must interpret every intent as malicious.
Yes, I'm sure this is not malicious at all:
> Upon further investigation, it became clear that Wenzheng Tang is a Chinese national, but not resident in China. As a guest in his current country, his residency status is predicated on a number of conditions, one of which is not violating the law.
> If found in violation of laws, residency may be revoked and he may be deported to his home country.
> This becomes even further complicated given another repo of his - Fuck 学习强国, which is highly critical of the Chinese government. Were he deported to China, who knows how he may be received.
> Otherwise, I will have to transfer information about you to lawyers who will cooperate with github.com and Chinese government to physically find you and stop the illegal use of licensed content.
The later comment I might have charitably excused as poor wording, but that line really highlights the threat being made. That this was in the original takedown letter just makes me even more worried about the business practices at Muse Group and its recent takeover of Audacity.
This is a shame, because Muse Score is a great piece of software.
Btw, what is organisation meant to do in this situation? Sue the person they believe is infringing on their rights without regard to humanity? Ignore the issue altogether?
I think about how Linux will be around forever, but Windows and MacOS could be gone/corrupt in as little as 5 years.
can we say that he probably saved his life from gulag by warning him?
This is not much different from noting someone is gay in a middle eastern country and pondering what would happen if they were outed while trying to coerce them to do what you would prefer.
He created a client to consume a public API not much different than youtube-dl for sheet music which can be used to download both works under a free license or under a non free license. If the usage is infringing it is infringement by the user of the works of someone like Sony. Muse has zero call to start some shit directly with the developer because they aren't the injured party and he's not the responsible party which is why they had to stoop to nonsensical threats.
This is also why the repo is still up now.
I interpret it slightly differently, I asked the question because I was genuinely interested in others reading of it, rather than trying to push a perspective
He's gone way too far in trying to pursuade the commenters in that thread. But then there's 34 hidden comments (I don't seem to be able to open), a jump from October 2020 to yesterday and suddenly he's wading in to a debate on ethics in journalism and making what are at the very least poorly considered references to getting someone deported (I don't seriously believe that someone is going to get deported for copyright infringement unless they really really go out of their way to fight it).
Instead, he threatens to send the developer to a gulag.
But probably, yes.
That is probably exactly why they are doing this. They lack the legal grounds to slience, so they instead opt for the feral means.
And how do they specify which access is authorised/unauthorised in their HTTP responses? How can we determine programmatically which use is unauthorised?
HTTP status codes are not legally binding. EULAs are.
Saying "if the status code isn't 401 then I'm authorized" is like saying "if the door opens, I'm allowed to enter". "Able to" and "allowed to" are not the same thing, especially when you were only "able" because you ignored DO NOT ENTER signs and picked locks.
The fact that you managed to defeat or bypass security measures intended to block you doesn't magically make your behavior legal.
Yeah, sorry, looks like I did forget to mention that.
I'm sending that header, too. So as you can see, by responding to a request containing that header they're accepting my terms, which are legally binding just like their eula (and in fact specifically take precedence over their eula), and which compels them to detect any use not authorised under their eula and notify me with a 401, and that by failing to do so they're explicitly authorising the use.
So, yeah, it's pretty clear that if they're not responding with a 401, my use is authorised. Thanks for playing!
The Russian developer's original email, however, is a travesty. Not only is it horrifically worded, but it actually does threaten the dev with the actions of the Chinese government. It's an awful thing to do and a PR nightmare for the company.
That's a good lesson for the rest of us: don't let your devs do the work of lawyers.
Being a political activist is not an excuse to violate unrelated laws and demand everyone around you abet you.
That’s a threat, plain and simple.
Its not a threat, it's a warning about the danger of the person's position, and hopefully an incentive to stop their illegal and possibly criminal activity before legal proceedings start.
Though let's be fair, we both know you're not delusional. You're just an employee.
...Surely you mean "ALLEGED illegal and possibly criminal activity".
...And surely you mean "ALLEGED undeniably illegal activity"
...right?
There's no 'alleged' about it, the guy did it, he admits it, he doesn't get how much hot water he's in.
> Otherwise, I will have to transfer information about you to lawyers who will cooperate with github.com and Chinese government to physically find you and stop the illegal use of licensed content.
This very much sounds like a threat.
So, @hannasanarion, what's your job title as muse? Given your posts, I'm gonna go ahead and guess "Head of PR"?
1. Don't send non-lawyers to handle legal disputes.
2. Don't send non-fluent English language learners to handle legal or PR disputes.
3. Don't make up editorialized titles for submitted links.
In this case, “threatens developer” is a bit of an understatement, if anything. The original comments—which have since been edited—specifically threaten to abuse the fact that the repo owner is a political dissident. “We will make sure your government goes after you for more than just copyright infringement” is a rather despicable threat.
> So, I decide to reach you before lawyers and publishers start working and physically found you. I recommend you to delete public repo and npm package. May be formatting your disk will be nice for you too.
from: https://github.com/alewin/CliChords
Just wow.
(just as I commented this on another earlier submission which didn't make it to the frontpage, because reasons)
It does seem that the developer is probably violating copyrights - you usually can’t just post Disney’s IP for others to freely use.
There does seem to be some gray area. Recent cases have been relaxing the grip of CFAA as it pertains to accessing publicly available APIs. 10-15 years ago it likely would have been a violation. Today I genuinely doubt it, especially if it received a knowledgeable judge like Alsup. But I bet a court would look at the copyright issues separately from the API access. While the API access is (probably?) not against the law, the copyright violations would probably stick without some amazing lawyer work. Perhaps you could make the argument that Muse made these public via their API rather than the developer who scraped them but I don’t feel like that would succeed because it’s really two independent faults. Muse failed to secure the IP and the developer didn’t just access, they republished on IPFS.
I had been very critical of the extreme nonsense of Tenacity / Sneedacity. I also felt the general outrage over un-materialized concerns of nebulous “telemetry” was unconvincing. I certainly never expected Muse Group to somehow lower the already low bar down to the Marianas Trench, and yet, here we are.
Here’s what Daniel wrote to the developer, in public:
>> Upon further investigation, it became clear that <developer> is a Chinese national, but not resident in China. As a guest in his current country, his residency status is predicated on a number of conditions, one of which is not violating the law.
>> If found in violation of laws, residency may be revoked and he may be deported to his home country.
>> This becomes even further complicated given another repo of his - Fuck XXQG which is highly critical of the Chinese government. Were he deported to China, who knows how he may be received.
As marcan said, that does appear to be blackmail. I have trouble finding a view of that in which it is not blackmail. Blackmail is a crime at state and federal levels for good reason.
I’m not a lawyer so I’d be interested to learn ways that this isn’t a violation of California penal code PC 519, very specifically PC 523, and more generally PC 518. If anyone could educate me and help me see how it is not blackmail/extortion, I would genuinely appreciate that.
Penal Code 518 defines the California crime of extortion. The law says that a person commits extortion by:
obtaining property or other consideration from another person without that person’s consent, …and doing so by means of force or fear.
Penal Code 519 says that, for purposes of extortion charges, fear is an emotion generated by certain specific threats.
These include the threat to: …accuse a person, or that person’s relative or family member, of a crime, …report a person’s immigration status or suspected immigration status.
New York’s law is quite similar, https://www.nysenate.gov/legislation/laws/PEN/135.60 but merely a class A misdemeanor.