Sorry, everyone!
EDIT: update here https://news.ycombinator.com/item?id=31092085
1. If you do a web search for "HackerRank DMCA" you will find similar examples of this that have happened in the past (with exactly the same text).
2. The text of the request is not in any way designed to enable a reasonable response. No detail is given about what the infringing content is so there is no way to comply.
3. It is also clear from this and previous cases that whatever process is used to identify potential targets for DMCA yields false positives and no reasonable judgement seems to be applied in whether or not to issue a takedown request.
I also think that GitHub's processes are faulty here:
1. We were given one business day to reply. I replied within 2hrs to say that the request was obviously spam and then sought legal advice. The repo (and website) were shut down before we could get legal advice. One day is nowhere near enough time. The request came in on Thursday night (UK time) and in the UK both Friday and Monday are public holidays this weekend. I don't even know what one "business day" means in this situation.
2. GitHub gives some guidance for how to submit a counter claim but none of the information is applicable to a case like this where so little information is given that is simultaneously impossible to comply with the request and impossible to dispute it. If GitHub makes it this easy to spam DMCA requests then they should also provide some guidance for how to deal with spam requests.
I wonder if the FSF or someone else can come up with a good template response to DMCA requests that just don't have enough information in them. If the request doesn't even explain how you could comply then it should be possible to respond to that in a blanket fashion.
Meanwhile, if we need to make a monetary contribution for your effort or anything more we could do to promote, what would be the best way to do it? If you'd like to send me an email to discuss further, I'm available at vivek at hackerrank
Thank you & sorry!
I'm looking at the page that was taken down[1] and it seems to be largely full of pretty basic code snippets demonstrating how to use the Solvers module.
Your DMCA request[2] includes the statements that say, in part, that Fair Use has been considered, that you own the copyright, and that the information in that statement is true and accurate.
Could you elaborate what on that page you consider to be your copyrighted content, and how you came to hold that copyright? Is it the code snippets, as per your comment? Did your company have an employee write that content?
When the DMCA takedown request was being drafted, did someone consider whether those snippets are even qualifies as an Original Work? I'm getting at whether they contain even a minimal level of creativity, as the US Supreme Court has said is a requirement for copyright[3].
[1] https://web.archive.org/web/20220114132753/https://docs.symp...
[2] https://github.com/github/dmca/blob/master/2022/04/2022-04-1...
1. Fire WorthIT Solutions (no RCA necessary, do not automate or outsource DMCA, even if it's human based automation)
2. Apologise to SymPy
3. Discuss internally the cost-vs-benefit (more than monetary) of embarking on copyright policing as part of your company's future strategy
4. Blog results of #3
All things considered, this company has done net negative impact to tech industry.
I appreciate the "fix-it-twice" attitude implied by the RCA promise (Root Cause Analysis for those who also had to look it up). Also, consider recognition and restitution for the unnecessary work you created for the NumFOCUS director, a NumFOCUS lawyer, and the SymPy maintainers.
A $25k donation to NumFOCUS would be a good start.
If you are willing to talk about what happened publicly, I'm starting a podcast/video series to discuss business and open-source. This would make an interesting conversation. Perhaps we can turn this into a positive to raise awareness and inspire better behavior in the industry? Ping me.
Most of which will go to director's salaries. What do these directors do apart from harassing conference members?
I thought about this situation and how your company could make this right. If you would be willing to help improve the SymPy project, I think it would be very well received. If you are interested, please let us know! See Travis Oliphant's reply, you could for example donate some money to NumFOCUS. We are very good with using money that people or companies donate to fund development and we can really boost SymPy forward big time with a generous donation.
Also they take pictures and videos of candidates while taking interviews. Without that permission they don’t allow the test.
They’re not part of the problem - they’re the problem.
At worst, you can try to exercise the controls in the EULA that your victims agreed to, but this sounds like abuse of the legal system.
guess what, it's still offline for DCMA.
The solution would be to build some sort of cheat detector and punish only the candidate. Don't take down and lose the goodwill of the entire programming community by abusing draconian laws.
You might first investigate just how small the piece of code was on which nearly all of Oracle's case vs. Google rested.
A person driving 100 miles per hour down a residential street and crashing into something is an unintended consequence, but not unforeseen.
This may have been "unintended" but when you have a company file DMCA notices on your behalf without proper supervision (especially when they had filed DMCA notices like this against other open source libraries) it is not "unforeseen" for them to file a DMCA notice against a completely innocent project.
At the very minimum the open source library that was affected and their maintainers deserve monetary recompense for the time and stress that your actions have cost them.
Sorry, are you asserting that you hold copyright over solutions that other people write?
edit: Here's an example,
- "In so doing, the magistrate judge agreed with plaintiffs’ assertion that the solution manuals sold by defendant qualified as “derivative works” under the Copyright Act. As in Pavlica v. Behr and Addison-Wesley Publ’g Co. v. Brown, defendant’s manuals complemented plaintiffs’ 187 copyrighted textbooks, had no “independent economic value” and were “meaningless’ without the textbooks because they merely provided answers to questions posed in the textbooks."
https://www.law.com/newyorklawjournal/almID/1202435027834/ (2009)
https://www.courtlistener.com/docket/4345754/pearson-educati... (the ruling is available here, gratis)
Do you plan to contact GitHub and give them a legally binding agreement to indemnify them for any infringement of HackerRank's copyright in the material they took down (I'm sure there is no such infringement, but by agreeing you won't sue GitHub for restoring the content, you effectively retract the notice and give them no reason to wait the 10 days)?
I think a sincere apology should include steps to urgently minimise the ongoing damage to the existing victims, not just analyse what went wrong to prevent hurting other victims.
Leetcode for instance puts the solutions out there.
Your company has issued a DMCA takedown notice for "plagiarized code snippets" against the library-in-questions own documentation? (The take down was issued against docs.sympy.org; linked directly within sympy's GIT repo README.md: https://github.com/sympy/sympy)
And this is an "initiative" your organization has undertaken? Have you thought this through?
Where should engineers who want to learn about sympy go to attain that knowledge?
Where did your team learn about and generate the assessment questions?
Where do you stop with this initiative? Would you issue takedown notices to MDN? Stack Overflow? What about VSCode Copilot?
Oooh boy I can't wait to begin publishing solutions to your company's assessments.
The risks from misrepresenting your copyright in these cases are not small. Diebold Election Systems paid $125,000 in a similar situation: https://www.eff.org/cases/online-policy-group-v-diebold
How can this be legal? Plagiarized is moreover a very conveniently vague word.
By this very vague definition the overwhelming majority of your own content has been seen on various parts of the internet way before you ever started your business.
There can't be a copyright on such a thing and I hope someone fights you in court, this is nothing short of bullying.
How can you shitbags take down SymPy and then show up on HN to actually make light of it with your crapola comments while it remains taken down.
For ch: char in solution.text:
If webpage.html.indexOf(ch) >= 0 then
DMCAReq.send()
End
EndI get it, I'm an automate-first type of person, too. But it appears your outfit has made a habit of doing this, and you're messing with innocent people for no good reason. Doing that in a `for` loop is irresponsible as hell, and frankly you deserve the bad press you're getting. I highly recommend you reconsider.
Legacy media companies do this kind of thing, too. I hope you're more interested in your reputation than they are.
So which is it? Plagiarized or solutions? Because unless your company actually owns the copyright for the code in question, you have no right to it.
If a Google assessment asks “how many manhole covers are there in New York” and someone decides to create a repo with “Manhole covers in New York: 23,000” there is no copyright claim.
Do HackerRank users affirmatively sign a non-disclosure agreement? I checked your terms and there is not an apparent non-disclosure agreement. If not, there isn’t any legal recourse if users decide to talk about or solve your problems off the platform.
Educational and not for profit use is often protected by Fair Use. I didn’t see the repo in question so I can’t comment on if the use of the material meets the Fair Use criteria.
However if people are sharing their answers to your questions in a repo, especially for educational or non-profit value, there isn’t much you can legally do about it. For example, If I take the GMAT and I discuss a question on Twitter, that’s allowed by Fair Use. If I offer to sell a PDF of the entire test, that would not be protected.
If someone said “hey HackerRank’s Ruby test asked a question about finding the smallest value in an array” and then they posted a solution. That’s absolutely not violating a HackerRack copyright. People even have the right to describe their experience on HackerRank in great detail.
From your own policy: “Content that You own and post on or through HackerRank belongs to You..”
So if someone wants to post their solution to a question, your own terms allow that. It’s their solution, it belongs to the user.[1]
If someone else “plagiarizes” another user’s solution, HR doesn’t have standing for a DMCA takedown. The user that created the content does, but not HR.
However even if HackerRank did own the solutions, there is a high likelihood that Fair Use would be in effect.
I have a strong dislike of HackerRank type companies because it’s pretty rare that those ridiculously academic assessments predict real world performance. They are a screening tool for the lazy. A well designed, relevant code test relating to the work of the company or a solid technical interview is much more valuable in my experience. When I was interviewing with companies, I immediately passed on the job of HackerRank was part of the hiring process. I ended up at a FAANG for over 5 years, so it’s pretty clear that anti-HackerRank bias among potential employees like me have a detrimental effect on recruiting.
https://github.com/github/dmca/blob/ea3736a0c4c9574e0c8cea06...
it's still offline for DCMA, since Dec '21
Your company does not own the basic algorithms that are the solutions to the tests on HackerRank.
(1) We have withdrawn the DMCA notice for sympy; Sent a note to senior leadership in Github to act on this quickly.
(2) We have stopped the whole DMCA process for now and working on internal guidelines of what constitutes a real violation so that these kind of incidents don't happen. We are going to do this in-house
(3) We are going to donate $25k to the sympy project.
As a company we take a lot of pride in helping developers and it sucks to see this. I'm extremely sorry for what happened here.
I have received fake DMCA requests from WorthIT Solutions, Pakistan that you guys seems to have hired. It is sent for a simple blog entry discussing about programming algorithm!
I recommend training them or replacing them.
>Declaration: I have taken fair use into consideration. I have a good faith belief that the use of the copyrighted materials as described above is not authorized by the copyright owner, its agent, or the law. I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
You aren't even really a content company, this is such a bad look. Your value is in your network of people, not in the content.
Without a discussion of how/why you thought this would be a good idea and how this has been happening on an ongoing basis, we can't really accept your apology.
Proportionate contributions to other projects and individuals would go a long way to showing that you are not just playing lip service to your admission of wrongdoing. You have hurt a lot of people, and you need to make amends for your shenanigans. At the very least, you need to comp any legal fees incurred by your actions.
Personally I like Hacker Rank and consider it a good way to learn about new algorithms but at the same time I do not like the style of interviews that require it and it makes me wish I could leave the industry because it's a waste of time for people with a lot of practical experience and who have a good portfolio of apps/sites they've created.
That said, I would recommend not doing DMCA at all unless it's really serious. Sounds like your company has a lot of problems with this. Think StackOverflow, there are plenty of sites that copy it but I'm not aware of them going after anyone. If anything all the copying of a site makes it more of an authoritative source because a lot of people reference it.
I don't understand this because as others on this thread have pointed out you have done this before.
Further isn't much of your own content just plagiarized from other people's previous FAANG interviews?
I've never used HackerRank as I view it as something of scourge on the industry but I will probably go to extra effort and recommend to other that they not use it either.
Also @dang, has this post been pinned at the top of the page for everyone to see.
Edit: guess it's not..
They should probably never send a DMCA again. It's political suicide in this industry anyway.
We really need a strikes policy for DMCA submitters built into the legislation. Like submit three dubious claims, and you lose your copyright. I've been saying it for literally 15 years.
Oh really? You: commoditize humans by reducing them to a score, you: destroy their public contributions
Sounds like you're a pretty terrible dev advocate. You should be ashamed to show your username and affiliation on HN.
You've abused many other projects, some linked in the comments here, but you only seem to act when there's sufficient apparent public outrage.
1) register the copywrite of the tools you have written inhouse for hacker rank and 2) ONLY issue DMCA claims based on your registered copywrites.
The questions and peoples answers to them are not something you should EVER have even considered issuing takedown notices for.
Please don’t ever use DMCA in this way again. Even if it were somehow borderline justifiable, your users will be motivated to lambaste your company into oblivion, and to wish non-existence upon your company. Probably not the best posture for anybody concerned.
I hope other companies take note as well.
So you are taking action only after news spilled all over the internet? So I can assume that if no one(in internet terms) known about it (as described in links pointing to other DMCA cases), you would do nothing to remedy your illegal (from moral stand point of view, no real one) actions.
It's only illegal if you get caught and find someone willing to prosecute you. Also if penalty for breaking law is a fine, then this law only applies to poor people.FUCK you HackerRank, for even entertaining the notion of litigating open source projects at scale for no good reason.
FUCK you for taking down the the documentation for a harmless open source symbolic mathematics engine without any justification that I can see.
What content of your shitty ranking company could SymPy possibly have infringed on?
Also an honorable FUCK you to GitHub for your DMCA policy to take down the repository without even a standby period (perhaps with a warning?).
And FUCK the internet in 2022 for its bureaucratic and corporate spirit.
And FUCK me for not having the steel to just take my code off of GitHub. I am part of the problem.
Personally, I like designing and building software and have been doing so for 20+ years but after doing several HakerRank and Leetcode style interviews it makes me wish to do something else.
I’ve had FAANG recruiters tell me “study for hours per day for a few months” and then you can be ready. Even smaller companies focus on leetcode more than actual experience.
I’ve worked with plenty of optimal algorithms in my life but when I do I spend time researching and looking at many examples rather than having to memorize something that shouldn’t be memorized in the first place; but the way the interviews are done it seems like companies just want code monkeys (even the good paying companies).
No other well-paid profession tolerates this style of interview one you have experience. I would never recommend Software Engineering to anyone given the current environment.
especially if the web based editor doesn't support vim style key bindings.
amusing irony that likely parts of a question were lifted from the very source that was subject to the takedown.
bigger problem i have with coding tests is that they check if someone is familiar with some subset of reference material (usually algorithms). in my experience, anyone can pull those from a book in practice and real software engineering has little to do with that and more to do with having the knowledge and experience to avoid making a mess or building weird software.
AFAIK, they're legally required to take down material as soon as they receive a DMCA notice or else lose their safe harbor status.
Github could've easily take the time and wait for SymPy to file counter notice which then allows Github to keep the content up up until courts say otherwise. Github instead elected to remove content immediately. By their choice.
Thank you for the link.
See https://github.com/github/dmca/pull/10944:
> Before disabling any content in relation to this takedown notice, GitHub
> - contacted the owners of some or all of the affected repositories to give them an opportunity to make changes.
> - provided information on how to submit a DMCA Counter Notice.
This implies that GitHub is believing the DCMA notice is justified in the first place...
from the request[0]:
> Someone has illegally copied our client's technical exams questions and answers from their official website hackerrank.com and uploaded them on their platform without permission.
Archive of the allegedly infringing page is here[1].
0: https://github.com/github/dmca/blob/master/2022/04/2022-04-1...
1: https://web.archive.org/web/20220114132753/https://docs.symp...
I feel like hacker rank might be facing an uphill battle for this one.
as a user you literally are not the problem. the problem is the monopolization of technology by a small group of investors, which makes it nearly impossible for alternatives to rise.
why isn't a platform like Github part of the commons instead of a private, proprietary fiefdom? why is it instead the private property of, and part of the investment portfolio of, a person who says things like: "As the majority of hobbyists must be aware, most of you steal your software."
Although there is no commons alternative, there is Sourcehut - run by a team that is dedicated to the principles of free software. I should be giving them the money that I spend on GitHub.
At the very least, I should be giving them more money than I give GitHub... I will do that immediately.
[0]: https://www.mail-archive.com/php-webmaster@lists.php.net/msg...
The fact that there isn't any downside just shows what poor legislation the DMCA is.
If you told me that the DMCA was written entirely by the music copyright industry and handed to compliant congress members to rubber stamp, I'm likely to believe you.
Only way to make this stop is make companies like WorthIT feel financial pain from their actions.
Which is exactly what it is.
More information about previous DMCA abuse here: https://news.ycombinator.com/item?id=29239594
Personally, I would not trust a company this unethical to certify anything. Their excuse seems to be "we're using an external service" but they chose that external service and are fully responsible for these takedowns in their name.
For example they claim to own the copyright to find substring: https://news.ycombinator.com/item?id=29239926
Absolutely disgusting.
> A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
For example, if the thing you're taking down does use your content, but it falls under fair use, you can still get away with taking it down. There is no objective test for fair use and 512(f) does not mandate one; the criteria is just that you merely considered fair use. And since fair use is a bottomless pit of grey areas, you basically can't get a 512(f) ruling out of a legitimate copyright owner. It only catches the kinds of people who, say, pretend they're Bungie so they can file DMCA takedowns Bungie can't retract in Bungie's name.
Also, the above statement is vague. The perjury clause only applies to the final clause which states that the person making the request has the authority of the rights holder. It doesn't apply to the first clause stating that the information is accurate?
I haven't read the DMCA statute in years, so I don't know if the wording in that clause parrots the wording of the statute.
And there seems to this case that is worth keeping an eye on: https://www.techdirt.com/2021/03/11/court-allows-lawsuit-ove...
The founder states in a comment (https://news.ycombinator.com/item?id=31091354) that "[their] intention with this initiative is to takedown plagiarized code snippets or solutions to company assessments", practically admitting that they are knowingly abusing DMCA systems to execute takedowns of other people's code. They can definitely take down plagiarized code snippets under the DMCA, but they have no right to take down "solutions to company assessments".
The takedown message is here – https://github.com/github/dmca/blob/master/2022/04/2022-04-1...
And the offending page is archived here, I wonder what part they wanted removed – https://web.archive.org/web/20220114132753/https://docs.symp...
The only real solution here seems to be to find a way to hold HackerRank to account for this (in the most costly way possible), so they face an incentive to do meaningful due diligence and evaluate before partnering with someone that acts as their agent.
Ultimately it wasn't them that did this, but unless they bear a significant cost from doing so, which causes them to pursue their DMCA agent for negligence or breach of contract (or whatever other remedy is available to them), I don't see this type of thing changing.
Once a DMCA agent becomes a liability, the market will be forced to mature, and buyers will need to do due diligence to minimise their likelihood of being opened up to a large and costly battle as a result of the negligence of their agent.
Not really. Nor have you considered who the actual author and copyright holder is.
As a software developer, I've surrendered so much autonomy for the sake of convenience. When it works 99% of the time, things are awesome. But god forbid you are the 1%, cause there is usually no talking to real people to get support. The only recourse is shouting about it on Twitter/HN and hope someone notices, thereby leaving everything to chance - that just makes me sad to my core.
You could definitely still blame the company at hand for not having redundancy and having a single point of failure, but the point still stands.
They would have built something over years and one morning entire thing is taken offline due to a fake DMCA notice. Then they have to issue a counter notice with all its legal implications and it also exposes all your private information including full address, name and phone number(in a wrong country, you become target of thieves as well). Then it takes almost a month before content is restored.
How can an individual fight this? How can you make companies misusing DMCA pay for it?
As a technologist perhaps solve it with tech, the first step would be to host your own content instead of using a third party app based in U.S. There is not a lot of deep tech to what GitHub gives as a githost, a self hosted gitlab serves just as well . Similarly for video photos etc, it is very hard and expensive to deliver video for millions/billions delivering video to few thousands is trivial. same thing for sub stack, medium etc
Generally these take down notices don’t go after your DC/ISP domain host provider that easily unless you are in the cross hairs of powerful lobbies like how Libgen or PirateBay are , so self hosting helps a lot.
If they do then there is distributed systems like IPFS etc can be resilient to notices.
In addition, all Google properties picked up the DMCA action on Google index and started sending me warning and suspension of ads etc.
I have sent a detailed counter notice. But even after 12 days, I am yet to hear back from Google.
So self-hosting may work for Github, but not if you want presence in Google index.
It's so depressing to see well-meaning philanthropy apathetically trampled by thugs in suits.
Perhaps you can host this stuff in countries that do not care much about copyright (China, Russia, etc.) but those usually come with their own problems.
Instead of avoiding countries, you should avoid hosters that will take such extreme measures following DMCA takedown requests. There are companies out there that will have a human read your counter notice and care about the legality of this whole situation, you just have to find them. That means avoiding big players like Github and building your own bespoke host, probably behind a Cloudflare or similar tunnel to prevent your website from going down because of DDoS attacks and traffic spikes, which will add significantly to hosting costs, especially if the library becomes successful.
To be honest, this sounds like solving the wrong problem. Hackerrank and their friends are the problem, not the people using Github's free service to host their documentation.
For example, the EU now has a DMCA-like copyright takedown process.
The goodwill lost will now surely exceed the money they saved by not doing proper due diligence. I'm optimistic that HackerRank won't make the same mistake again and other companies might take notice, too.
It would also be nice if Github would implement instant restoration via counternotice as allowed by the DMCA. Implementing only half of the law enables this sort of abuse.
Companies have historically gotten away with these reckless takedowns because the law just requires that "the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law." (17 U.S.C. § 512(c)(3)(A)(v))[^1]
In a recent 9th Circuit case, Lenz v. Universal Music Corp[^2], the court held that Lenz could sue Universal Music for a bad faith takedown. Specifically, "failure to [consider fair use] raises a triable issue as to whether the copyright holder formed a subjective good faith belief that the use was not authorized by law."
However, proving that it was in bad faith could be tricky.
Caveat: IANAL
[1]: https://www.law.cornell.edu/uscode/text/17/512#c_3_A_iv [2]: https://en.wikipedia.org/wiki/Lenz_v._Universal_Music_Corp.
[1]: github.com/github/dmca/
> Our help articles provide more details on our DMCA takedown policy and [how to file a counter notice][2].
[2]: https://docs.github.com/en/site-policy/content-removal-polic...
No other profession tolerates this horrible style of interview.
> We are taking a stand for developers and have reinstated the youtube-dl repo. Section 1201 of the DMCA is broken and needs to be fixed. Developers should have the freedom to tinker. That's how you get great tools like youtube-dl.
Now they are deleting obviously-compliant docs from nonsensical requests. I guess the "stand" went away with Friedman...
There was also the promise a $1m developer defense fund. I wonder what happened to that.
Too bad these perjery-as-a-service companies never get held to account.
I am curious also here about opensource. What was the license if any?
Also, which license allows you to copy (and modify) for your own use, whether personal or not to reproduce?
https://web.archive.org/web/20220114132753/https://docs.symp...
WorthIT is worthless.
and still more DMCA notices going in since this post has been up, Looks like they still haven't learnt there lesson despite what they have said in this thread
Apache responded by blocking all access from the bank's IPs including mirrors/other critical stuff...oops!
I recently received one from a Pakistani company hired by HackerRank. The material in question was a simple blog entry on a well known programming problem and its solution. The problem is DMCA doesn't provide any way to fight these fake requests and Google simply removes the content until you send a counter notification and wait for over 2 weeks.
DMCA should have a provision that if a company is misusing DMCA at large-scale, their requests should go through additional validation.
The real answer: don't do it, its not possible. You may have made some kind of contractual guarantee that you would prevent sharing of solutions, but that is your problem. This is stupid and silly and I will not be using hackerrank anymore.
> Allegedly Infringing Material Location Links:
“Allegedly”? Does this mean even the lawyers are not sure whether the material is infringing upon their client’s content or not?
As an individual this is so frustrating and if you mission is to support developers Vivek, I'm one developer that had quite the opposite experience.
I frankly am very frustrated by your company and you hiring folks to shakedown developers writing poen blogs or docs. If any company tries to get me to do a hackerrank interview to join I'm going to decline.
This is a disgrace How can something be taken down by nothing more than a notice?
What if the next one isn't as big as a project as sympy?
DMCA requests are absolutely broken
What a racket this place can be
This entire business model is shitty if it involves taking down the solutions for problems. None of this is novel and shouldn't be protected by anything (copyright or patents).
If the "external service" wins some money or closes down some competition, do they give it back and say "look that was an external service, nothing to do with us"?