top | item 34583932

Ask HN: LinkedIn sent me a cease and desist for my Chrome extension. Help?

225 points| namuorg | 3 years ago

Hi HN,

I'm the creator and solo developer behind Browserflow, a Chrome extension that lets you automate any website. (Show HN from around a year ago: https://news.ycombinator.com/item?id=29254147). Basically, it's a general-purpose browser automation tool like Selenium/Puppeteer/Playwright that anyone can use without writing code.

The Browserflow website includes examples of automations people often request, including scraping popular websites like LinkedIn. A few days ago, I received a cease and desist letter from LinkedIn: https://browserflow.app/linkedin.pdf

As a one-man operation with modest resources, I'm hoping I can get some help from the HN community in understanding what this means to avoid getting sued into oblivion. :)

At first I thought that I'd be fine if I removed all references to LinkedIn from the Browserflow website, but I'm not so sure about that. One of LinkedIn's demands is to “Cease and desist developing, offering, or using software or programs with features developed, marketed, or intended for automating activity on LinkedIn’s website or app, scraping LinkedIn member data, or otherwise violating the LinkedIn User Agreement”.

Even if I removed all the LinkedIn examples, Browserflow could still be used to automate or scrape LinkedIn because, well, it's a browser automation tool. Is LinkedIn demanding that I stop developing Browserflow altogether?

The letter cites hiQ Labs, Inc. v. LinkedIn Corp as the legal precedent for why Browserflow is in violation, but there are some differences between hiQ and Browserflow that I thought might be meaningful:

1. Browserflow is not designed specifically for scraping LinkedIn: It's a tool for general-purpose browser automation, not a service that scrapes LinkedIn and resells the data.

2. Browserflow does not scrape LinkedIn on its own: Any automation of LinkedIn is initiated by the user using their own LinkedIn account.

2. Browserflow does not create or use fake LinkedIn accounts.

I'd be fine with removing all the LinkedIn examples from the website, but I'd like to continue building Browserflow because I love working on it and it's my livelihood. I'd appreciate any advice or help. Thanks!

146 comments

[+] onion2k|3 years ago|reply

To be fair to LinkedIn they do list a specific and limited set of problems in their letter. They're not asking you to stop building BrowserFlow, but to stop advertising it as a LinkedIn scraping tool, and using their logo to do that. It sounds to me (not a lawyer) that removing all the LinkedIn examples from your website and stopping using their logo would be enough to satisfy their request...

[+] samwillis|3 years ago|reply

IANAL, but I think this is right.

My understanding of the LinkedIn v HiQ case is that it's legal to scrape public pages no matter what is in the website terms.

Scraping "privet" pages can be illegal as you have had to explicitly agree to the terms.

Your users would be breaking those terms, not you, as they do it on their own machine. As the parent said, just remove all reference to LinkedIn and you can move on.

[+] pbhjpbhj|3 years ago|reply

It's not trade mark infringement to use a logo to refer to a business entity, fwiw.

There was a recent piece of caselaw relating to scraping, in USA, IIRC. I seem to remember it was allowed for user accessible areas.

I'm not sure LinkedIn have a legal basis for their complaint, but of course that won't stop them.

This is not legal advice and does not relate to my employment.

[+] eschneider|3 years ago|reply

The about certainly sounds right, but do yourself a favor and check with an IP lawyer. A quick consult won't be too expensive and will probably save you down the line.

[+] truetraveller|3 years ago|reply

It's up to the user to use to use it on public pages vs private pages. I believe the most OP should do is be explicit: "This tool is only meant to scrape public pages". Just like a knife can be used to kill, does not mean Walmart should cease selling knives.

[+] riverlong|3 years ago|reply

This is not legal advice, but here's what I would do:

1. Recognize that they have requested exactly four specific actions from you (bullet points, second page)

2. Do not follow the 4th bullet point, affirming in writing any future conduct only opens you up to liability. (By affirming, you'd create some agreement that they could later make hay about you breaching if they're not happy with your future conduct.)

3. Follow the 3rd bullet point rigorously. They do have a claim on Trademark infringement, and that will hold up well enough. Clean it up ASAP.

4. Take a legal position on where you stand vis-a-vis the LinkedIn User Agreement.

- BrowserFlow (or Road to Ramen LLC) is not a party to that agreement, so you can argue that you're not bound by it. The individual person who is using BrowserFlow is, since they have a LinkedIn account.

- If you want to play it safe, remove the LinkedIn examples from your website. (Bullet two.)

- I would not change the existing functionality of BrowserFlow -- my view here is that this is general-purpose tech and BrowserFlow doesn't have an agreement with LinkedIn. Any consequence of misuse of BrowserFlow is on the end-user, not you. (As spelled out by the terms at https://browserflow.app/terms, which contain a limitation of liability section.)

Do prepare for your LinkedIn account to be banned though.

[+] latchkey|3 years ago|reply

> Do prepare for your LinkedIn account to be banned though.

From all the recruiter spam I've received over the years, I almost see that as a good thing.

[+] mirekrusin|3 years ago|reply

If you invent browser which converts every page to pdf - you're in violation of some crap out there?

[+] belval|3 years ago|reply

Not a lawyer but:

> Cease and desist developing, offering, or using software or programs with features developed, marketed, or intended for automating activity on LinkedIn’s website or app, scraping LinkedIn member data, or otherwise violating the LinkedIn User Agreement;

> Cease and desist marketing or advertising Browserflow as a tool or service to be used in a manner that violates LinkedIn’s User Agreement, or promoting Browserflow in any way that represents or suggests functionality or features that can be used to violate LinkedIn’s User Agreement;

> Cease and desist violating LinkedIn’s intellectual property rights by removing from all Browserflow materials all unauthorized uses of logos likely to cause confusion with LinkedIn’s trademark; and

> Affirm in writing that you will not engage in any violations of the LinkedIn User Agreement in the future.

Just remove all LinkedIn examples and tell them you will stop marketing it as a LinkedIn scraping tool in the future. I don't know your extension if you make any "significant" money then get a real lawyer to look it over.

[+] bee_rider|3 years ago|reply

> Affirm in writing that you will not engage in any violations of the LinkedIn User Agreement in the future.

This seems like the weirdest one to me. I mean if they don’t have a LinkedIn user account, why should they abide by the User Agreement?

[+] Someone|3 years ago|reply

> Affirm in writing that you will not engage in any violations of the LinkedIn User Agreement in the future.

“I’ll never do it again” may help decrease the punishment if this ends up in court, but why would you promise that now? IANAL, certainly not for every jurisdiction on earth, but I would think that’s risky from your side in that you’d have to agree to their user agreement, even if, in the future, they put things in it that aren’t legally enforceable.

[+] heavyset_go|3 years ago|reply

I'd remove any mention of LinkedIn, but I also wouldn't tell them anything. You've removed anything they'd sue you to remove, writing to them afterwards gives them more material to nail you with in the future.

Not a lawyer, either.

[+] arwineap|3 years ago|reply

> Just remove all LinkedIn examples and tell them you will stop marketing it as a LinkedIn scraping tool in the future. I don't know your extension if you make any "significant" money then get a real lawyer to look it over.

Remove all linked in examples, and indicate that you will not include them in your docs again

I wouldn't admit to writing or advertising this as a linkedin scraping tool regardless of if that was my original intention or not

[+] mattnewton|3 years ago|reply

Do stop using their trademark or making reference to them immediately and let them know you have done so, ie points 1-3. But, I would say do not agree to any future conduct in writing on behalf of your business without talking to a lawyer first - I think you need to carefully word a response around that to avoid liability.

IANAL, this is not legal advice, etc.

[+] gremlinsinc|3 years ago|reply

could they say something like: you can use it to scrape popular social media sites, a few fictitious examples are: MaceBook, bootube, rinkedrin, rikrok.

people get the meaning without directly naming them.

[+] bityard|3 years ago|reply

> but I'd like to continue building Browserflow because it's my livelihood

You're asking random internet weirdos for business legal advice when you should definitely be contacting your lawyer instead.

[+] yellow_lead|3 years ago|reply

Since when does everyone have a lawyer waiting at their beck and call?

[+] KieranMac|3 years ago|reply

Lawyers can be random internet weirdos, too.

[+] verdverm|3 years ago|reply

1) Talk to a lawyer, many will do an initial consultation for free. Expect to pay money to have them help you with response letters. I would not recommend doing this alone

2) It does sound like your app is more general, like you say, similar to browser automation tools or AutoHotKey. The user requests are not coming from an IP you control. Remove references / examples to LinkedIn for sure. This is basically what they are asking you to do. Talk to a lawyer

Side note, I thought LinkedIn lost that case on appeal, and after being sent back down from the Supreme Court for re-evaluation.

https://www.zdnet.com/article/court-rules-that-data-scraping...

[+] KieranMac|3 years ago|reply

Again, this is old news and wrong.

https://blog.ericgoldman.org/archives/2022/12/hello-youve-be...

[+] seng|3 years ago|reply

There's both local and cloud version of the app. The cloud version of the app runs from the infra that he manages. Hence, he would liable for the violations that happen using the cloud platform that he manages.

[+] phphphphp|3 years ago|reply

A big part of LinkedIn's business is providing tools for recruiters to search the database of profiles and extract information, essentially, your extension is compromising their core revenue-generating product and you're loudly announcing it on your website. I am not a lawyer so take this with a grain of salt, but if you remove all reference to LinkedIn from your website immediately (and maybe go as far as blocking it for use on LinkedIn) you should be fine.

And for future reference, be very careful when promoting the way that people are using your product: plausible deniability is your friend.

[+] rootusrootus|3 years ago|reply

> And for future reference, be very careful when promoting the way that people are using your product: plausible deniability is your friend.

That seems like excellent advice. After looking at the examples on the site, I'm kinda surprised LinkedIn is the only company that's complaining. It'd be safer to make some leading suggestions to get people thinking of all the interesting things they could automate, but without ever using names, company specific-terminology, etc. Otherwise this arguably isn't a general purpose tool, it's advertising specific features.

[+] henryfjordan|3 years ago|reply

IANAL. You probably should get a lawyer ASAP.

Linkedin vs hiQ was about the ability to scrape public data. (https://calawyers.org/privacy-law/ninth-circuit-holds-data-s...)

Pretty much everyone agrees that you need to follow the Linkedin terms if you are logged in, and those say no scraping. Your site has examples of scraping data from logged-in pages.

Normally you could say "it's just a tool, there are legit uses, go after the users", like in the Betamax case: https://en.wikipedia.org/wiki/Sony_Corp._of_America_v._Unive....

By including examples of breaking the Linkedin ToS on your site though, you might have opened yourself up to some kind of claim, maybe tortuous interference. I don't really know though, you should get a lawyer to look for you.

Again, I am not a lawyer, do not trust me, I am just some idiot who likes to read about copyright law about the internet on the internet. Get your own lawyer.

[+] bxji|3 years ago|reply

There was a third ruling in November 2022 for the case, so I wouldn’t say hiQ won. Based on a quick scan, the ruling ended up being that hiQ did violate TOS but that no action ended up being taken for either side.

https://www.natlawreview.com/article/court-finds-hiq-breache...

[+] clint|3 years ago|reply

If its your livelihood, hire a lawyer to look into this. The dweebs on this forum are not going to be able to help you here.

[+] ugjka|3 years ago|reply

The problem here is that one of his examples involves "scraping linkedin". Just get rid of that

[+] tenebrisalietum|3 years ago|reply

Not a lawyer.

Showing people examples of a website really looks like you're advertising that your extension will work with that site, and it's probably not too far from successfully arguing intent. So begin by getting rid of that.

Maybe add a couple disclaimers:

"The terms of service of some websites do not allow automated workflows. This extension is not intended to be used to collect data in contradiction to a site's Terms of Service. Please thoroughly read and understand the site's Terms of Service before using this extension. [Developer] cannot assume any responsbility for any action a website may take against you or your account as a result of the use of this tool."

[+] localhost3000|3 years ago|reply

A few years ago I got multiple cease and desist emails from a FAANG for a Chrome extension they didn't like. I ignored them and they eventually went away. Sending scary sounding emails to indie devs is extremely low cost.

[+] guntars|3 years ago|reply

How could the OP make it a higher cost without necessarily having to get a lawyer themselves? This kind of behavior by LinkedIn leaves a bad taste in my mouth because it’s essentially bullying and I wish there was a way to bleed them a little by forcing them to have their $500/hr lawyer respond to some inane but legally necessary requests.

[+] tptacek|3 years ago|reply

Seems like a pretty simple thing you can do here is just remove any mention of LinkedIn from your product and its marketing. People can use a generic tool to mess with LinkedIn, but that's not your problem, and it's not what the C&D is saying. You went out of your way to market your extension as a tool for messing with LinkedIn in ways their user agreement prohibits. Consider just not poking the bear anymore.

I would talk to a lawyer before sending them a written response, but you probably don't need legal advice just to scrape LinkedIn out of your product materials.

[+] lesuorac|3 years ago|reply

> As the Court in hiQ Labs, Inc. v. LinkedIn Corp. found when it granted LinkedIn summary judgment against hiQ [1] ...

Keep in mind, LinkedIn ultimately lost that case [2]

> LinkedIn requires that you affirm that you have complied with LinkedIn’s requests, listed above, by February 10, 2023 ... In the event you do not comply with LinkedIn’s requests, LinkedIn will take appropriate action to protect its members and platform.

Definitely listen to the rest of the people who are saying talk to a lawyer. LinkedIn has obviously been doing the same in the interim; it'd be foolish to be the only side unprepared.

[1]: https://browserflow.app/linkedin.pdf [2]: https://en.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn

[+] Domenic_S|3 years ago|reply

> Keep in mind, LinkedIn ultimately lost that case

Not really - the wiki page is confusing but the link is there: "In a November 2022 ruling the Ninth Circuit ruled that hiQ had breached LinkedIn's User Agreement and a settlement agreement was reached between the two parties." [0]

It was a mixed ruling: hiQ successfully defended against the CFAA argument, and LI won the User Agreement argument.

This is why OP needs to talk to a lawyer of their own who deeply understands this area of law. We all can paste links till the cows come home but only a real lawyer is going to have useful advice.

More analysis by lawyers:

https://blog.ericgoldman.org/archives/2022/12/as-everyone-ex...

https://blog.ericgoldman.org/archives/2022/12/hello-youve-be...

(Disclaimer: I work at LI but don't work in and have no special insight into this area; comments are my own)

0: https://www.natlawreview.com/article/hiq-and-linkedin-reach-...

[+] blantonl|3 years ago|reply

You have should do the following immediately

1) Take down this post. LinkedIn's lawyers will almost certainly eventually read it and use whatever you've said here against you

2) Get an IP/Copyright lawyer and start following their instructions

This is really your only set of actions you should take if this extension is your "livelihood"

[+] samstave|3 years ago|reply

Linked in can get fucked ;

"Cease and desist developing, offering, or using software or programs with features developed, marketed, or intended for automating activity on LinkedIn’s website or app, scraping LinkedIn member data"

Then let me see exactly to whom you have been selling MY user data to, how much you made from it.

THEY need a cease and desist - because you are directly competing with their business model.

Fuck linkedin.

If you want anyone to stop scraping data, then you need to provide a dashboard to EVERY single linkedin user on exactly how linkedin has been using their PII to profit.

We need a change in the way people regard PII in silicon valley.

Just like it was stated - the only reason silicon valley is going after TikTok ban, is they cant compete with TikTok - so BAN them....

Linkedin does exactly what you are doing, thus they want you to cease and desist.

[+] siegel|3 years ago|reply

As an attorney who deals with responding to (and, well, also drafting) letters like this, I think LinkedIn may very well go away if you remove any reference to LinkedIn from your website and otherwise refrain from stating or implying that your tool can be used to scrape LinkedIn.

If you are ok with that, a carefully drafted response letter that shows that you take their concerns seriously and are taking steps to effect the above changes might end this. At a minimum, you'll be able to get clarity as to whether they want more that just stop referencing them.

[+] Awelton|3 years ago|reply

I can scrape linkedin with a python script. That doesn't mean linkedin can shut down python. I would think removing all the references to their company in particular would be enough for them to call off the dogs. For clarity, I am not a lawyer and I have thrown away every cease and desist I have ever received with no repercussions at all. You may not be so lucky and should probably talk to a lawyer.

[+] peter_d_sherman|3 years ago|reply

>I can scrape linkedin with a python script. That doesn't mean linkedin can shut down python.

Well said!

Also, what about copy-and-paste? The last time I checked, data could be highlighted in the browser, copied, and pasted to another application...

Does that mean that LinkedIn can shut down the copy-and-paste capability of someone's browser and/or operating system?

What about the "Save Page As..." functionality (the ability of a browser to save a page offline?)

Can LinkedIn shut down "Save Page As..." ?

Also, what about the Print Screen (take a screen snapshot) capabilities of someone's operating system?

Can LinkedIn shut down that?

Finally, there's literally oodles of software that can be used for web scraping; what follows below is just one non-canonical list:

https://github.com/lorien/awesome-web-scraping

Is LinkedIn going to shut down all of that software, all at the same time?

LinkedIn is apparently trying to use Law -- to try to solve what is, in essence, a technological problem!

Anyway, an excellent point using Python!

[+] indymike|3 years ago|reply

> Even if I removed all the LinkedIn examples, Browserflow could still be used to automate or scrape LinkedIn because, well, it's a browser automation tool. Is LinkedIn demanding that I stop developing Browserflow altogether?

First, talk to a lawyer. LinkedIn is highly litigious about scraping, and browser plugins often fall in that category. The law isn't settled on the issue at all, and here's a law firm (Farella Braun + Martel) article about HiQ vs LinkedIn from just a few weeks ago: https://www.fbm.com/publications/what-recent-rulings-in-hiq-...

[+] csydas|3 years ago|reply

As people have said, just contact a lawyer willing to provide a consultation, and likely take their services to get assistance in addressing a response.

You have time to get a consultation and draft a response; the language in use is overly broad in the letter and intentionally so. This is to be rebutted and basically tell them "you will stop advertising that it _can_ scrape LinkedIn, but LinkedIn cannot outright ban any tool that might be used for scraping as that's not their right." A real attorney will write this in a very nice way with proper wording that you will stop advertising that it can scape LinkedIn but they can stuff the other parts of the demands wherever is convenient for them.

It will cost a bit of money regrettably, but it should be manageable.

[+] freediver|3 years ago|reply

Get legal advice.

It is not clear how is it that your company is violating their user agreement, when it is the users using the extension that are. The extension on its own does nothing? This is my very layman reaction and first thing I would seek to understand better from legal council.

[+] Dr_ReD|3 years ago|reply

- not a lawyer here -

I'd immediately remove every reference to linkedin -anywhere- and hard-block their domain in the code. Only after, I'd probably seek a release from the injunction.

Perhaps you should involve a lawyer, but if you won't, then limit yourself to a brief matter of fact explanation of what you've changed, focusing especially on the block in the source code. Do not address their points yourself. Refrain from any commentary, apologies, admissions.

I wouldn't go any further without a lawyer.