Permalink
Browse files

add 2013-05-22-Grooveshark.md

  • Loading branch information...
ScarlettSparks committed May 22, 2013
1 parent daed96d commit 9863d528780c193cd2aead22264318aaa73ea418
Showing with 35 additions and 0 deletions.
  1. +35 −0 2013-05-22-Grooveshark.md
View
@@ -0,0 +1,35 @@
+Dear GitHub Copyright Agent:
+
+I, the undersigned, state UNDER PENALTY OF PERJURY that:
+I am, a person injured, or an agent authorized to act on behalf of a person injured by a violation of the U.S. Copyright laws, in particular section(s) 1201(a)(2) and/or 1201(b)(1) of Title 17 of the United States Code, commonly referred to as the Digital Millennium Copyright Act, or "DMCA";
+
+I May Be Contacted At:
+Name of Injured Party : ESCAPE MEDIA GROUP, Inc. ("EMG")
+Name and Title: [private], In-House Counsel
+Address: 201 SE 2nd Ave Suite #201
+City, State, and Zip: Gainesville, FL 32601
+Email address: Legaldept@Escapemg.com
+Telephone: (954) 551-0889
+Fax: (727) 231-8312
+
+I have a good faith belief that the file-downloads identified below (by URL) are unlawful under these laws because, among other things, the files circumvent effective access controls and/or copyright protection measures;
+
+Reason:
+He has taken proprietary source code from inside of our application and posted it as a GitHub project, allowing users to circumvent our proprietary code and infringe our content.

This comment has been minimized.

Show comment Hide comment
@Starefossen

Starefossen May 23, 2013

This is complete bullshit!

@Starefossen

Starefossen May 23, 2013

This is complete bullshit!

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 23, 2013

GitHub legally can't interpret DMCA complaints. They have to honor them, or they lose safe harbor protections. See this comment for more info.

@bobthecow

bobthecow May 23, 2013

GitHub legally can't interpret DMCA complaints. They have to honor them, or they lose safe harbor protections. See this comment for more info.

This comment has been minimized.

Show comment Hide comment
@Starefossen

Starefossen May 23, 2013

Yes, but they are allowed to fight on their users behalf! As your can see her (https://www.eff.org/who-has-your-back-2013) there are some big companies that activly fights for their users in cases like this. @github should be one of them!

@Starefossen

Starefossen May 23, 2013

Yes, but they are allowed to fight on their users behalf! As your can see her (https://www.eff.org/who-has-your-back-2013) there are some big companies that activly fights for their users in cases like this. @github should be one of them!

This comment has been minimized.

Show comment Hide comment
@kennethreitz

kennethreitz May 23, 2013

Any user can rebuttle them.

@kennethreitz

kennethreitz May 23, 2013

Any user can rebuttle them.

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 23, 2013

None of those companies listed "fight on their users behalf" in cases like this. That list is all about protecting their users' data from the government, and has nothing to do with DMCA, takedown notices, or safe harbor provisions. Most companies on that list do exactly what GitHub does when they receive a DMCA takedown notice, because that's what they're required by law to do.

There is a very well established mechanism for dealing with things like this. It includes a process whereby people can claim that content infringes on their copyrights. It also includes a process for disputing such claims. It includes mandatory action by the service providers in both cases.

Anyone can claim to own the copyright to anything by sending a DMCA takedown notice. In order to preserve their safe harbor protection, a service provider must "expeditiously" take down all (alleged) offending content. In response, you should submit a counter-notice, claiming that they're full of it. Once you do that, the service provider must wait 10–14 days, then, unless a court order has been filed in that time, they must restore your content.

Getting upset with a service provider for following these process is not helpful, nor is it reasonable. There are ways a service provider can "fight on their users behalf" for DMCA issues though:

  • Be very responsive to both takedown notices and counter-notices. GitHub seems to be pretty solid on that front.
  • Be super transparent about the whole process. Let everyone know exactly who is filing takedown notices, and for what content. This repo is a great example of this, as is Google's posting to ChillingEffects.
  • Educate users on what's happening, and how to deal with it. I think GitHub's DMCA takedown help page does a pretty solid job of that.
@bobthecow

bobthecow May 23, 2013

None of those companies listed "fight on their users behalf" in cases like this. That list is all about protecting their users' data from the government, and has nothing to do with DMCA, takedown notices, or safe harbor provisions. Most companies on that list do exactly what GitHub does when they receive a DMCA takedown notice, because that's what they're required by law to do.

There is a very well established mechanism for dealing with things like this. It includes a process whereby people can claim that content infringes on their copyrights. It also includes a process for disputing such claims. It includes mandatory action by the service providers in both cases.

Anyone can claim to own the copyright to anything by sending a DMCA takedown notice. In order to preserve their safe harbor protection, a service provider must "expeditiously" take down all (alleged) offending content. In response, you should submit a counter-notice, claiming that they're full of it. Once you do that, the service provider must wait 10–14 days, then, unless a court order has been filed in that time, they must restore your content.

Getting upset with a service provider for following these process is not helpful, nor is it reasonable. There are ways a service provider can "fight on their users behalf" for DMCA issues though:

  • Be very responsive to both takedown notices and counter-notices. GitHub seems to be pretty solid on that front.
  • Be super transparent about the whole process. Let everyone know exactly who is filing takedown notices, and for what content. This repo is a great example of this, as is Google's posting to ChillingEffects.
  • Educate users on what's happening, and how to deal with it. I think GitHub's DMCA takedown help page does a pretty solid job of that.

This comment has been minimized.

Show comment Hide comment
@ap

ap May 23, 2013

None of those companies listed "fight on their users behalf" in cases like this.

Only Tron does that.

@ap

ap May 23, 2013

None of those companies listed "fight on their users behalf" in cases like this.

Only Tron does that.

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 23, 2013

@aspires You just won the Internet! 🏆

@bobthecow

bobthecow May 23, 2013

@aspires You just won the Internet! 🏆

+Please act expeditiously to remove the file-downloads found at the following URLs:
+
+https://github.com/wearefractal/groovr
+
+I have a good faith belief that the circumvention of effective access controls and/or copyright protection measures identified above is not authorized by law; and
+The information in this notice is accurate.
+
+Thank you for your kind assistance.
+
+Truthfully,
+
+[private]
+
+Grooveshark.com | In-House Counsel
+
+[private]
+

47 comments on commit 9863d52

@contra

This comment has been minimized.

Show comment Hide comment
@contra

contra May 22, 2013

Okay this is totally incorrect and there is no contact information on here to identify who filed it. How do I even respond to this?

Okay this is totally incorrect and there is no contact information on here to identify who filed it. How do I even respond to this?

@contra

This comment has been minimized.

Show comment Hide comment
@contra

contra May 22, 2013

@emglegaldepartment -

While you're at it why don't you take these down too

https://github.com/sosedoff/grooveshark
https://github.com/koehlma/pygrooveshark
https://github.com/tirino/grooveshark-api
https://code.google.com/p/jgroove/
https://github.com/theycallmeswift/grooveshark
https://github.com/xissy/node-grooveshark-streaming

The library I created is just a client for a publicly accessible API - in no way did I steal "proprietary source code" from your application.

@ScarlettSparks - Can you PM me the private name that was removed from the notice? We were in no way contacted before this notice was issued.

@emglegaldepartment -

While you're at it why don't you take these down too

https://github.com/sosedoff/grooveshark
https://github.com/koehlma/pygrooveshark
https://github.com/tirino/grooveshark-api
https://code.google.com/p/jgroove/
https://github.com/theycallmeswift/grooveshark
https://github.com/xissy/node-grooveshark-streaming

The library I created is just a client for a publicly accessible API - in no way did I steal "proprietary source code" from your application.

@ScarlettSparks - Can you PM me the private name that was removed from the notice? We were in no way contacted before this notice was issued.

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

@contra They don't have to notify you. The DMCA is awesome like that. To get your library back up, file a counter-notice:

  1. http://www.cs.cmu.edu/%7Edst/Terrorism/form-letter.html
  2. https://help.github.com/articles/dmca-takedown#b-counter-notification-policy

@contra They don't have to notify you. The DMCA is awesome like that. To get your library back up, file a counter-notice:

  1. http://www.cs.cmu.edu/%7Edst/Terrorism/form-letter.html
  2. https://help.github.com/articles/dmca-takedown#b-counter-notification-policy
@contra

This comment has been minimized.

Show comment Hide comment
@contra

contra May 22, 2013

@bobthecow - For a counter-notice to work I have to agree to remove the content and link to where the content has been removed. I am not going to remove the content - there is nothing wrong with it. I refuse to let some big company bully me with invalid DMCAs

@bobthecow - For a counter-notice to work I have to agree to remove the content and link to where the content has been removed. I am not going to remove the content - there is nothing wrong with it. I refuse to let some big company bully me with invalid DMCAs

@Vadiml1024

This comment has been minimized.

Show comment Hide comment
@Vadiml1024

Vadiml1024 May 22, 2013

But there IS contact information:
Email address: Legaldept@Escapemg.com

These people seems to be Grooveshark authors

But there IS contact information:
Email address: Legaldept@Escapemg.com

These people seems to be Grooveshark authors

@jblotus

This comment has been minimized.

Show comment Hide comment
@jblotus

jblotus May 22, 2013

just change the name of the repo to doucheshark.

just change the name of the repo to doucheshark.

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

@contra You agree to no such thing. The content was already removed by GitHub. You're filing a notice to get it put back. Once you file a counter-notice, GitHub has to restore it, and leave it up until/unless Grooveshark takes you to court:

  • GitHub shall promptly provide the Complaining Party with a copy of the Counter Notification;
  • GitHub shall inform the Complaining Party that it will replace the removed material or cease disabling access to it within ten (10) business days;
  • GitHub shall replace the removed material or cease disabling access to the material within ten (10) to fourteen (14) business days following receipt of the Counter Notification, provided GitHub’s Designated Agent has not received notice from the Complaining Party that an action has been filed seeking a court order to restrain Subscriber from engaging in infringing activity relating to the material on GitHub's system.

@contra You agree to no such thing. The content was already removed by GitHub. You're filing a notice to get it put back. Once you file a counter-notice, GitHub has to restore it, and leave it up until/unless Grooveshark takes you to court:

  • GitHub shall promptly provide the Complaining Party with a copy of the Counter Notification;
  • GitHub shall inform the Complaining Party that it will replace the removed material or cease disabling access to it within ten (10) business days;
  • GitHub shall replace the removed material or cease disabling access to the material within ten (10) to fourteen (14) business days following receipt of the Counter Notification, provided GitHub’s Designated Agent has not received notice from the Complaining Party that an action has been filed seeking a court order to restrain Subscriber from engaging in infringing activity relating to the material on GitHub's system.
@masukomi

This comment has been minimized.

Show comment Hide comment
@masukomi

masukomi May 22, 2013

@bobthecow is right on this one. The counter-notice is to say "you're full of it." to the people claiming you copied stuff, not to acquiesce to the demands.

@bobthecow is right on this one. The counter-notice is to say "you're full of it." to the people claiming you copied stuff, not to acquiesce to the demands.

@contra

This comment has been minimized.

Show comment Hide comment
@contra

contra May 22, 2013

@bobthecow @masukomi - I must have missed that second half. Thanks! I have emailed the complaining party and will file a counter-notice.

This whole process seems bizarre to me - my options are:

  1. Remove project
  2. Get sued into oblivion by large company

Is this really the only way to resolve this? All we were trying to make is an API client so people could build apps on top of the Grooveshark platform. I don't see how using a publicly visible API (the same one many people already use) is illegal.

If EMG can provide me more details on what lines of code they think are stolen, how we are circumventing something, etc. I would be glad to resolve this peacefully

@bobthecow @masukomi - I must have missed that second half. Thanks! I have emailed the complaining party and will file a counter-notice.

This whole process seems bizarre to me - my options are:

  1. Remove project
  2. Get sued into oblivion by large company

Is this really the only way to resolve this? All we were trying to make is an API client so people could build apps on top of the Grooveshark platform. I don't see how using a publicly visible API (the same one many people already use) is illegal.

If EMG can provide me more details on what lines of code they think are stolen, how we are circumventing something, etc. I would be glad to resolve this peacefully

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

For (a lot) more commentary on this whole process, check out the comments on the LayerVault takedown notice: 735e176

Especially this comment.

And the repo owner's counternotice: 6a33a21

For (a lot) more commentary on this whole process, check out the comments on the LayerVault takedown notice: 735e176

Especially this comment.

And the repo owner's counternotice: 6a33a21

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

@contra read that comment I linked :)

@contra read that comment I linked :)

@contra

This comment has been minimized.

Show comment Hide comment
@contra

contra May 22, 2013

@bobthecow - Thanks for the links

@bobthecow - Thanks for the links

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

@contra 'course none of this is stopping large companies from suing you into oblivion. They can still find a way to do that. But the counter-notice is often enough to keep 'em from abusing copyright law to get rid of things they don't like :)

@contra 'course none of this is stopping large companies from suing you into oblivion. They can still find a way to do that. But the counter-notice is often enough to keep 'em from abusing copyright law to get rid of things they don't like :)

@kevinpet

This comment has been minimized.

Show comment Hide comment
@kevinpet

kevinpet May 22, 2013

Github should send this one to their lawyers since it doesn't appear to be a properly formed DMCA takedown. It does not claim copyright infringement. Maybe there's something I'm not aware of, but I've never heard of the DMCA allowing takedowns via this method of something that is a circumvention method.

Github should send this one to their lawyers since it doesn't appear to be a properly formed DMCA takedown. It does not claim copyright infringement. Maybe there's something I'm not aware of, but I've never heard of the DMCA allowing takedowns via this method of something that is a circumvention method.

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

@kevinpet I think I recall seeing something about DMCA takedowns covering both copyright, and methods for circumventing that copyright, but I could be wrong.

If it is, in fact, an invalid notice, I believe that's also something that needs to be handled via the counter-notice, i.e. the notice should — in addition to the "I own this copyright" — claim:

The complaint does not follow the prescribed form for notification of an alleged copyright violation as set forth in the Digital Millennium Copyright Act, 17 USC 512(c)(3). Specifically, the complainant has failed to:

And list specifically why it's not a valid notice.

@kevinpet I think I recall seeing something about DMCA takedowns covering both copyright, and methods for circumventing that copyright, but I could be wrong.

If it is, in fact, an invalid notice, I believe that's also something that needs to be handled via the counter-notice, i.e. the notice should — in addition to the "I own this copyright" — claim:

The complaint does not follow the prescribed form for notification of an alleged copyright violation as set forth in the Digital Millennium Copyright Act, 17 USC 512(c)(3). Specifically, the complainant has failed to:

And list specifically why it's not a valid notice.

@sethwoodworth

This comment has been minimized.

Show comment Hide comment
@sethwoodworth

sethwoodworth May 22, 2013

The DMCA covers any software that circumvents DRM. If your library allows a user to circumvent any grooveshark DRM (no matter how trivial, ROT13 can count) then this is a valid takedown notice.

IANAL, and I don't know anything about grooveshark's DRM or your library.

The DMCA covers any software that circumvents DRM. If your library allows a user to circumvent any grooveshark DRM (no matter how trivial, ROT13 can count) then this is a valid takedown notice.

IANAL, and I don't know anything about grooveshark's DRM or your library.

@contra

This comment has been minimized.

Show comment Hide comment
@contra

contra May 22, 2013

@sethwoodworth - What qualifies as DRM? There is a session token that needs to be established to use the APIs - I'm not sure if that counts as DRM but that is what I suspect they are taking issue with

@sethwoodworth - What qualifies as DRM? There is a session token that needs to be established to use the APIs - I'm not sure if that counts as DRM but that is what I suspect they are taking issue with

@sethwoodworth

This comment has been minimized.

Show comment Hide comment
@sethwoodworth

sethwoodworth May 22, 2013

@contra I don't know. The legal text is extremely non-specific. If you are getting the session token from a running grooveshark web instance or something, it might count, I honestly don't know. Chillingeffects has a FAQ entry on What does circumvention mean?. A session token may or may not count, I honestly have no idea.

@contra I don't know. The legal text is extremely non-specific. If you are getting the session token from a running grooveshark web instance or something, it might count, I honestly don't know. Chillingeffects has a FAQ entry on What does circumvention mean?. A session token may or may not count, I honestly have no idea.

@dmuth

This comment has been minimized.

Show comment Hide comment
@dmuth

dmuth May 22, 2013

I don't know about breaking DRM, but the takedown notice contains this statement:

He has taken proprietary source code from inside of our application

If this is not true, then it seems to be to be a textbook case of libel. (defamation in writing)

Based on that alone, I would recommend talking to an attorney. Have you tried reaching out to the EFF? I suspect they would be all over this sort of thing.

I don't know about breaking DRM, but the takedown notice contains this statement:

He has taken proprietary source code from inside of our application

If this is not true, then it seems to be to be a textbook case of libel. (defamation in writing)

Based on that alone, I would recommend talking to an attorney. Have you tried reaching out to the EFF? I suspect they would be all over this sort of thing.

@contra

This comment has been minimized.

Show comment Hide comment
@contra

contra May 22, 2013

@dmuth - That portion is 100% incorrect - grooveshark is a flash app and the library in question was written in coffeescript for nodejs. I don't know how they could possibly think I copied their source code. I am trying to resolve this peacefully with EMG before talking to an attorney but they have not responded to my requests for more info via email or on here.

@dmuth - That portion is 100% incorrect - grooveshark is a flash app and the library in question was written in coffeescript for nodejs. I don't know how they could possibly think I copied their source code. I am trying to resolve this peacefully with EMG before talking to an attorney but they have not responded to my requests for more info via email or on here.

@joshryandavis

This comment has been minimized.

Show comment Hide comment
@joshryandavis

joshryandavis May 22, 2013

Mirror of repo in question: https://github.com/joshryandavis/groovr

Created from the Google Cache of the repo.

Mirror of repo in question: https://github.com/joshryandavis/groovr

Created from the Google Cache of the repo.

@ahmetb

This comment has been minimized.

Show comment Hide comment
@ahmetb

ahmetb May 22, 2013

Take JDownloader down, it is also open source and has Grooveshark plugin. Copy and paste album link from Grooveshark and it downloads the whole album SOOO GOOOD!

Take JDownloader down, it is also open source and has Grooveshark plugin. Copy and paste album link from Grooveshark and it downloads the whole album SOOO GOOOD!

@dmuth

This comment has been minimized.

Show comment Hide comment
@dmuth

dmuth May 22, 2013

@contra If they're not responding, it means that they're letting their lawyers speak for them. This is actually normal when you have legal representation.

It's all the more reason to speak to an attorney so that he can (in attorney-speak) send a response to their attorneys stating that they are full of crap, their claims are in bad faith and without merit, that they have damaged your reputation, and other legalistic things like that. :-)

@contra If they're not responding, it means that they're letting their lawyers speak for them. This is actually normal when you have legal representation.

It's all the more reason to speak to an attorney so that he can (in attorney-speak) send a response to their attorneys stating that they are full of crap, their claims are in bad faith and without merit, that they have damaged your reputation, and other legalistic things like that. :-)

@LarryBattle

This comment has been minimized.

Show comment Hide comment
@LarryBattle

LarryBattle May 22, 2013

Even though Groovr is an free open source Grooveshark API Client, it breaks the term of service agreement with GrooveShark.com unless written consent was given.

http://grooveshark.com/#!/legal/terms

Legal / Terms
Terms of Service

Last Updated: July 31, 2012

License and Site Access
...
Use of any automated script, program, and or mechanism to collect, scrape, retrieve, and or gather any information and or User Content from the Service is strictly prohibited without written consent for EMG.
...

Grooveshark Github Group
https://github.com/grooveshark?tab=members

Grooveshark, a subsidiary of Escape Media Group, EMG

Hmmm... I wonder if posting this comment broke the term of service too.

Even though Groovr is an free open source Grooveshark API Client, it breaks the term of service agreement with GrooveShark.com unless written consent was given.

http://grooveshark.com/#!/legal/terms

Legal / Terms
Terms of Service

Last Updated: July 31, 2012

License and Site Access
...
Use of any automated script, program, and or mechanism to collect, scrape, retrieve, and or gather any information and or User Content from the Service is strictly prohibited without written consent for EMG.
...

Grooveshark Github Group
https://github.com/grooveshark?tab=members

Grooveshark, a subsidiary of Escape Media Group, EMG

Hmmm... I wonder if posting this comment broke the term of service too.

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

ToS violations != DMCA violations. If this was just about the ToS, then using the DMCA to take the library down would be perjury.

ToS violations != DMCA violations. If this was just about the ToS, then using the DMCA to take the library down would be perjury.

@fastest963

This comment has been minimized.

Show comment Hide comment
@fastest963

fastest963 May 22, 2013

Hey guys, I'm an Engineer at Grooveshark and I handle developer relations.

Unfortunately, groovr appears to circumvent internal copyright protections for content hosted at Grooveshark. The groovr library offered a way to get, and subsequently allow you to easily download, song mp3s via a call (groovr.getSongFile). It was able to provide these services by using our internal authentication methods and internal API.

Grooveshark offers a public API (http://developers.grooveshark.com/) which allows you to search for content, authenticate users, view popular music, and more, all for free. Developers are encouraged to register for a key and use our content for their applications.

Hey guys, I'm an Engineer at Grooveshark and I handle developer relations.

Unfortunately, groovr appears to circumvent internal copyright protections for content hosted at Grooveshark. The groovr library offered a way to get, and subsequently allow you to easily download, song mp3s via a call (groovr.getSongFile). It was able to provide these services by using our internal authentication methods and internal API.

Grooveshark offers a public API (http://developers.grooveshark.com/) which allows you to search for content, authenticate users, view popular music, and more, all for free. Developers are encouraged to register for a key and use our content for their applications.

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

Welp. Circumventing DRM seems to be a pretty valid reason for a DMCA takedown notice.

@fastest963 It looks like this bit from the notice was inaccurate?

He has taken proprietary source code from inside of our application and posted it as a GitHub project, allowing users to circumvent our proprietary code and infringe our content.

Welp. Circumventing DRM seems to be a pretty valid reason for a DMCA takedown notice.

@fastest963 It looks like this bit from the notice was inaccurate?

He has taken proprietary source code from inside of our application and posted it as a GitHub project, allowing users to circumvent our proprietary code and infringe our content.

@joshryandavis

This comment has been minimized.

Show comment Hide comment
@joshryandavis

joshryandavis May 22, 2013

@fastest963 - Then it is up to Grooveshark to secure their internal authentication methods and internal API calls, not submit a bogus DMCA.

He has taken proprietary source code from inside of our application and posted it as a GitHub project.

At the very least GrooveShark could have submitted a truthful DMCA, because that statement is complete bullshit.

@fastest963 - Then it is up to Grooveshark to secure their internal authentication methods and internal API calls, not submit a bogus DMCA.

He has taken proprietary source code from inside of our application and posted it as a GitHub project.

At the very least GrooveShark could have submitted a truthful DMCA, because that statement is complete bullshit.

@contra

This comment has been minimized.

Show comment Hide comment
@contra

contra May 22, 2013

@fastest963 - getSongFile returns metadata about the file (which does include the mp3 url - this is from your API) but does not download anything. I am just exposing API information - there is no code in groovr that allows you to download the files. If I am in the wrong here I will absolutely remove the offending code - I just need more info from your end about this

@fastest963 - getSongFile returns metadata about the file (which does include the mp3 url - this is from your API) but does not download anything. I am just exposing API information - there is no code in groovr that allows you to download the files. If I am in the wrong here I will absolutely remove the offending code - I just need more info from your end about this

@1mentat

This comment has been minimized.

Show comment Hide comment
@1mentat

1mentat May 22, 2013

As far as I understand it, DMCA notices are for copyright violations, not DRM. This is a misuse.

As far as I understand it, DMCA notices are for copyright violations, not DRM. This is a misuse.

@dmuth

This comment has been minimized.

Show comment Hide comment
@dmuth

dmuth May 22, 2013

@fastest963 May I suggest locking down your internal authentication methods and API calls?

Now that the cat is out of the bag and this issue has attracted attention, I am willing to bet that other people are going to try using these mechanisms. Do you intend to DMCA them all?

@fastest963 May I suggest locking down your internal authentication methods and API calls?

Now that the cat is out of the bag and this issue has attracted attention, I am willing to bet that other people are going to try using these mechanisms. Do you intend to DMCA them all?

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

@1mentat The DMCA is very much about DRM:

The DMCA contains four main provisions:

  1. a prohibition on circumventing access controls [1201(a)(1)(A)];
  2. an access control circumvention device ban (sometimes called the "trafficking" ban) [1201(a)(2)];
  3. a copyright protection circumvention device ban [1201(b)]; and,
  4. a prohibition on the removal of copyright management information (CMI) [1202(b)].

From the ChillingEffects FAQ.

@1mentat The DMCA is very much about DRM:

The DMCA contains four main provisions:

  1. a prohibition on circumventing access controls [1201(a)(1)(A)];
  2. an access control circumvention device ban (sometimes called the "trafficking" ban) [1201(a)(2)];
  3. a copyright protection circumvention device ban [1201(b)]; and,
  4. a prohibition on the removal of copyright management information (CMI) [1202(b)].

From the ChillingEffects FAQ.

@eridal

This comment has been minimized.

Show comment Hide comment
@eridal

eridal May 22, 2013

James Hartig ‏@jameshartig 17m

he should be using the public API to get song URLs and not use the internal API.

...seems like changing how the library obtained the URL will resolve this.

James Hartig ‏@jameshartig 17m

he should be using the public API to get song URLs and not use the internal API.

...seems like changing how the library obtained the URL will resolve this.

@1mentat

This comment has been minimized.

Show comment Hide comment
@1mentat

1mentat May 22, 2013

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

Interesting:

The anticircumvention provisions prohibit circumvention of technological access protection systems as well as the distribution of tools that facilitate circumvention of access or copy protection systems. The publication of serial numbers, for example, would likely constitute the distribution of a "technology, product, service, device, component, or part thereof" that facilitates circumvention of an access control. Under 1201 such a tool must either be primarily designed for or produced circumvention, have limited commercial purpose other than circumvention, or be marketed for circumvention. It is unlikely, however, that the publication would constitute "copyright infringement" as defined.

While a service provider may be under no obligation to remove material in violation of the Anticircumvention provisions in order to maintain its safe harbor protection from copyright infringement, by hosting such material the provider is exposed to potential secondary liability under Section 1201 and may therefore have an independent reason for removing the material.

source

Interesting:

The anticircumvention provisions prohibit circumvention of technological access protection systems as well as the distribution of tools that facilitate circumvention of access or copy protection systems. The publication of serial numbers, for example, would likely constitute the distribution of a "technology, product, service, device, component, or part thereof" that facilitates circumvention of an access control. Under 1201 such a tool must either be primarily designed for or produced circumvention, have limited commercial purpose other than circumvention, or be marketed for circumvention. It is unlikely, however, that the publication would constitute "copyright infringement" as defined.

While a service provider may be under no obligation to remove material in violation of the Anticircumvention provisions in order to maintain its safe harbor protection from copyright infringement, by hosting such material the provider is exposed to potential secondary liability under Section 1201 and may therefore have an independent reason for removing the material.

source

@bobthecow

This comment has been minimized.

Show comment Hide comment
@bobthecow

bobthecow May 22, 2013

The ChillingEffects FAQ is a great resource for all things DMCA. I'd looked up specific things, but this is the first time I've read the whole thing.

tl;dr:

  1. The DMCA definitely covers DRM circumvention tools (Section 1201) as well as material which contains copyright violations (Section 512).

  2. DMCA takedown notices are only for violating content, i.e. Section 512 violations.

  3. How hard something is to circumvent doesn't have much bearing on whether it's illegal to distribute tools and/or content:

    Technological protection systems are already in place in DVDs, eBooks, video game consoles, robotic toys, Internet streaming, and password-protected sections of web sites. The fact that a digital protection may be really weak and easy to circumvent has not prevented courts from applying this law to punish those who bypass them. [emphasis added]

    So there goes the "you should protect your private APIs better" argument.

  4. It appears that circumvention tools which contain proprietary code would be subject to a DMCA takedown notice.

  5. You can still ask service providers to take down circumvention tools which do not themselves contain copyright violations, but you wouldn't do this via a DMCA takedown notice.

  6. A service provider does not lose their safe harbor protection if they don't take down circumvention tools when you ask 'em to. That said, they probably will take 'em down anyway, because they're exposed to secondary liability under Section 1201.

IANAL, etc.

The ChillingEffects FAQ is a great resource for all things DMCA. I'd looked up specific things, but this is the first time I've read the whole thing.

tl;dr:

  1. The DMCA definitely covers DRM circumvention tools (Section 1201) as well as material which contains copyright violations (Section 512).

  2. DMCA takedown notices are only for violating content, i.e. Section 512 violations.

  3. How hard something is to circumvent doesn't have much bearing on whether it's illegal to distribute tools and/or content:

    Technological protection systems are already in place in DVDs, eBooks, video game consoles, robotic toys, Internet streaming, and password-protected sections of web sites. The fact that a digital protection may be really weak and easy to circumvent has not prevented courts from applying this law to punish those who bypass them. [emphasis added]

    So there goes the "you should protect your private APIs better" argument.

  4. It appears that circumvention tools which contain proprietary code would be subject to a DMCA takedown notice.

  5. You can still ask service providers to take down circumvention tools which do not themselves contain copyright violations, but you wouldn't do this via a DMCA takedown notice.

  6. A service provider does not lose their safe harbor protection if they don't take down circumvention tools when you ask 'em to. That said, they probably will take 'em down anyway, because they're exposed to secondary liability under Section 1201.

IANAL, etc.

@damianb

This comment has been minimized.

Show comment Hide comment
@damianb

damianb May 22, 2013

Unfortunately, groovr appears to circumvent internal copyright protections for content hosted at Grooveshark. The groovr library offered a way to get, and subsequently allow you to easily download, song mp3s via a call (groovr.getSongFile). It was able to provide these services by using our internal authentication methods and internal API.

Grooveshark offers a public API (http://developers.grooveshark.com/) which allows you to search for content, authenticate users, view popular music, and more, all for free. Developers are encouraged to register for a key and use our content for their applications.

So...

  1. the legal team was full of bullshit with the claim of "taking proprietary source code", and owes the developer a retraction & apology or otherwise risks libel.
  2. "His library used our API to serve our data in a way we didn't intend to serve it originally!" is a very poor way to handle the situation. If you're going to behave this way, please just shut your API down as it's completely useless to the rest of the internet.
  3. Who's going to bother developing libraries for a service that's going to tell you to piss off and drop a takedown notice on you without warning, without any attempt to contact or resolve the problems otherwise?

I was a grooveshark member before this, but now I'll be looking to delete my account.


I do consider this entire situation ironic considering the atrocious amount of copyright-infringing content that's uploaded on a regular basis to Grooveshark.

Unfortunately, groovr appears to circumvent internal copyright protections for content hosted at Grooveshark. The groovr library offered a way to get, and subsequently allow you to easily download, song mp3s via a call (groovr.getSongFile). It was able to provide these services by using our internal authentication methods and internal API.

Grooveshark offers a public API (http://developers.grooveshark.com/) which allows you to search for content, authenticate users, view popular music, and more, all for free. Developers are encouraged to register for a key and use our content for their applications.

So...

  1. the legal team was full of bullshit with the claim of "taking proprietary source code", and owes the developer a retraction & apology or otherwise risks libel.
  2. "His library used our API to serve our data in a way we didn't intend to serve it originally!" is a very poor way to handle the situation. If you're going to behave this way, please just shut your API down as it's completely useless to the rest of the internet.
  3. Who's going to bother developing libraries for a service that's going to tell you to piss off and drop a takedown notice on you without warning, without any attempt to contact or resolve the problems otherwise?

I was a grooveshark member before this, but now I'll be looking to delete my account.


I do consider this entire situation ironic considering the atrocious amount of copyright-infringing content that's uploaded on a regular basis to Grooveshark.

@jweyrich

This comment has been minimized.

Show comment Hide comment
@jweyrich

jweyrich May 23, 2013

This DMCA notice looks like a huge misunderstanding. IMHO, Grooveshark should retract publicly.

This DMCA notice looks like a huge misunderstanding. IMHO, Grooveshark should retract publicly.

@rikur

This comment has been minimized.

Show comment Hide comment
@rikur

rikur May 23, 2013

+1 The DMCA statement is bogus, I hope GrooveShark apologizes soon.

+1 The DMCA statement is bogus, I hope GrooveShark apologizes soon.

@chasetec

This comment has been minimized.

Show comment Hide comment
@chasetec

chasetec May 23, 2013

When you say a "publicly accessible API", did you agree to a license like the one at http://developers.grooveshark.com/api? If so, are you compliant? If not, then what did you expect? The front yard of my house is publicly accessible but that doesn't mean you are entitled to setup camp on it. Yeah, the wording of the DMCA could have been better or maybe even a DMCA wasn't the right method for a take down but unless you are licensed and compliant you really can't complain about this too much. Try to remember it isn't a programmer sending these out, some lawyer found a grooveshark program, saw that it wasn't licensed or violated the license, and saw that there is "source code". To the best understanding of the lawyer you have unauthorized grooveshark source code, which is kind of what you have but not exactly.

When you say a "publicly accessible API", did you agree to a license like the one at http://developers.grooveshark.com/api? If so, are you compliant? If not, then what did you expect? The front yard of my house is publicly accessible but that doesn't mean you are entitled to setup camp on it. Yeah, the wording of the DMCA could have been better or maybe even a DMCA wasn't the right method for a take down but unless you are licensed and compliant you really can't complain about this too much. Try to remember it isn't a programmer sending these out, some lawyer found a grooveshark program, saw that it wasn't licensed or violated the license, and saw that there is "source code". To the best understanding of the lawyer you have unauthorized grooveshark source code, which is kind of what you have but not exactly.

@kybernetyk

This comment has been minimized.

Show comment Hide comment
@kybernetyk

kybernetyk May 23, 2013

Oh, ... just don't create open source for shitty closed down services. Why support those idiots by doing a lot of development work for free when they try to fuck over the open source community?

Alone the trend of sanctioned web APIs with dev-tokens that can be revoked is retarded. In my times we scraped the shit out of websites and sent GET/POST requests as we liked. Today's generations are weak corporate slaves that drank too much API kool-aid.

tl;dr you created the problem yourself with your toxic behavior. stop it.

Oh, ... just don't create open source for shitty closed down services. Why support those idiots by doing a lot of development work for free when they try to fuck over the open source community?

Alone the trend of sanctioned web APIs with dev-tokens that can be revoked is retarded. In my times we scraped the shit out of websites and sent GET/POST requests as we liked. Today's generations are weak corporate slaves that drank too much API kool-aid.

tl;dr you created the problem yourself with your toxic behavior. stop it.

@ricardobeat

This comment has been minimized.

Show comment Hide comment
@ricardobeat

ricardobeat May 23, 2013

@chasetec a user, individually, might be violating the terms by using this program, but the program itself or the author is not subject to it.

@chasetec a user, individually, might be violating the terms by using this program, but the program itself or the author is not subject to it.

@Starefossen

This comment has been minimized.

Show comment Hide comment
@Starefossen

Starefossen May 23, 2013

@contra You need to file a DMCA Counter Notification Letter. You have the support of the Open Source Community!

http://www.durangobill.com/Fight_DMCA_Abuse.html
http://futurequest.net/Services/TOS/DMCA/CounterNotification.php

@contra You need to file a DMCA Counter Notification Letter. You have the support of the Open Source Community!

http://www.durangobill.com/Fight_DMCA_Abuse.html
http://futurequest.net/Services/TOS/DMCA/CounterNotification.php

@L0j1k

This comment has been minimized.

Show comment Hide comment
@L0j1k

L0j1k May 23, 2013

This is absolutely in every way imaginable an advertisement on why you should not have anything to do with Grooveshark.

If you trust anything Google shows you and combine it with this incident, it looks like they really, REALLY suck at the DMCA: http://arstechnica.com/tech-policy/2013/04/court-denies-grooveshark-dmca-protection-for-songs-like-johnny-b-goode/

This is absolutely in every way imaginable an advertisement on why you should not have anything to do with Grooveshark.

If you trust anything Google shows you and combine it with this incident, it looks like they really, REALLY suck at the DMCA: http://arstechnica.com/tech-policy/2013/04/court-denies-grooveshark-dmca-protection-for-songs-like-johnny-b-goode/

@damianb

This comment has been minimized.

Show comment Hide comment
@damianb

damianb May 31, 2013

@contra has Grooveshark et al apologized to you and recanted their claim about you allegedly "stealing proprietary source code"?

@contra has Grooveshark et al apologized to you and recanted their claim about you allegedly "stealing proprietary source code"?

@contra

This comment has been minimized.

Show comment Hide comment
@contra

contra Jun 1, 2013

@damianb - Nope. The email I sent just got me the same cookie cutter response that has already been posted.

@damianb - Nope. The email I sent just got me the same cookie cutter response that has already been posted.

@damianb

This comment has been minimized.

Show comment Hide comment
@damianb

damianb Jun 1, 2013

@contra Interesting. Especially considering they've not sent further takedown requests on mirrors of the removed project, I think they're trying to keep mum at this point. Maybe they're getting better lawyers.

@contra Interesting. Especially considering they've not sent further takedown requests on mirrors of the removed project, I think they're trying to keep mum at this point. Maybe they're getting better lawyers.

Please sign in to comment.