WingNews logo WingNews
top | item 41351797

What should I do when someone blatantly copy my open-source project on GitHub?

45 points| edwinkys | 1 year ago

Hi HN,

I created an open-source vector database a couple months back called OasysDB. It's not a popular project but it serve a specific use case and has a small community behind it.

So, recently, someone in the community sent a link to me about a repository that after digging deeper into it seems like a blatant copy of OasysDB v0.4 (It's now v0.7). They changed all of the initial branding and information to their own branding like name, author, email, etc.

This is their repository: https://github.com/Sahomey-Technologies/sahomedb

This is OasysDB v0.4: https://github.com/oasysai/oasysdb/tree/v0.4.0

I honestly don't know what to do. I know that OasysDB is open-source and thus, free to modify and redistribute. But, I feel like this is more like a plagiarism and a bit unethical to do.

If anyone got similar experience, I'd like to hear some advice.

Thank you in advance.

46 comments

order

Buttons840|1 year ago

It's Apache licensed. Clause 4 does say some things about accreditation, etc.

IANAL, but simplifying the [what-I-call] legal enumeration, it says: "You must retain, in the Source form of any Derivative Works that You distribute, all copyright notices from the Source form of the Work".

Did you put any copyright notices in your work? If not, it may be too late, because they can continue to distribute the old version that did not have copyright notices.

There's also some requirements that they clearly identify anything they have changed, but I'm guessing they haven't changed much. Maybe their sneaky way of changing the branding would violate this? I don't know, IANAL.

If you believe they have not complied with this part of the license, then what they are doing is no different than hosting your copyrighted movie or book on GitHub and you can send a takedown request, sue for damages, etc. It may not be worth the cost though.

gillesjacobs|1 year ago

> Did you put any copyright notices in your work? If not, it may be too late, because they can continue to distribute the old version that did not have copyright notices.

This is not how copyright works. Without a license, default copyright law applies, and no one can make any copy of the code and profit from it, even if published on Github. Copyright protection is automatic under the Berne Convention, implemented by the US Copyright Act and EU Directive 2001/29/EC, meaning no registration or notice is required for protection.

electronW1zard|1 year ago

I think the developer doing this is: https://github.com/obaraelijah

And it looks like he's done the exact same with a pen-testing project called Kraken: https://github.com/myOmikron/kraken-project

Probably trying to pad out his Github for freelancing.

zo1|1 year ago

Looks like he's also made everything non-public. Way too much bad publicity, so he'll probably do it again under a different organization. Cause now when someone searches for this "Sahomey Technologies" they find out he's blatantly copying github repos to pad his business.

On a side note, this person has 132 repos on his profile. They're probably trying to game the whole thing to make it seem like they have an active Github profile.

0x3444ac53|1 year ago

I laughed a little at "Open Source Enthusiast". Seems like he's enthusiastic for the wrong reasons, and missing the point of open source

edwinkys|1 year ago

Yeah. I'm sure it's for something like that.

0xmarcin|1 year ago

You may always put an "innocent" looking file into the output binary that states who is the actual authors. Say you may create AUTHORS file in your repo, but store a SHA512 of that file in some obscure file in resources e.g. META-INF/ArtifactSignId, don't automate this step in any way, do it manually. A lot of people that are mindlessly copy'ing your work will not bother doing anything more than remove some stuff & search'n'replace author name. Then you will have a proof in case this other fork gained popularity (not very probable) that it was stolen.

I would not stress over it until that other person sets up a project webside and starts a marketing campaign. Most probably it is only about making a good looking GitHub profile.

edwinkys|1 year ago

Yeah, I think they're just trying to ramp up the GitHub profile. But you're suggestion is some next level cool stuff there and I'll definitely keep it in mind.

ncclporterror|1 year ago

This guy is also copying medium posts without attribution, first one I looked at:

https://awstip.com/using-nginx-as-an-api-gateway-ce7781c712b...

Stolen from: https://marcospereirajr.com.br/using-nginx-as-api-gateway-7b...

zo1|1 year ago

Nice find! This person is so blatant with their plagiarism, he doesn't even bother to change a thing.

Here's another one: https://medium.com/towardsdev/managing-complex-rust-workspac... Blatantly copied from: https://matklad.github.io/2021/08/22/large-rust-workspaces.h...

Another: https://towardsdev.com/understanding-and-implementing-enums-... Copied from: https://oliverjumpertz.com/blog/rusts-enums-explained/

And another: https://towardsdev.com/rust-what-inline-can-do-for-your-prog... Copied from: https://matklad.github.io/2021/07/09/inline-in-rust.html

More: https://towardsdev.com/idiomatic-caching-in-rust-133784ed114... Copied from: https://matklad.github.io/2022/06/11/caches-in-rust.html

asdf6969|1 year ago

Stop caring about this. You should be happy that people think your project is useful.

edwinkys|1 year ago

Yes. One part of me is a bit happy since people wouldn't just copy unknown & useless project

kaffeeringe|1 year ago

Yes. Don't be right. Be clever.

mouse_|1 year ago

Your repo is licensed as Apache 2.0. It seems these guys MAY be in violation of that license. My first steps would be to fully understand the license you chose to apply to your original code, and then figure out if that's something you can report to GitHub for infringing.

edwinkys|1 year ago

Hey, thank you for your suggestion. I tried to read the license and if I'm not mistaken, they need to attribute the copyright to the original project, no?

theginger|1 year ago

Fork their project, add something giving your appropriate credit and create a pull request. If they merge it, problem solved. If not you can hit them with a take down notice if it really bothers you.

effie|1 year ago

What is the difference between legitimately taking advantage of open-sourceness and plagiarism? Attribution? If so, try to contact them and ask them to put your name/link to each file derived from yours.

edwinkys|1 year ago

Thank you for the reply. This is my first time having this issue and I'm not quite sure either. I just think that giving credit where credit is due seems more ethical.

I will definitely try to contact them either via the repo issue or their Discord.

jokethrowaway|1 year ago

Someone copied a gist of mine from 2011, changed my name and made a blogpost about it.

Let them be, no point in wasting time worrying about small fraudsters. Cut them off and blacklist them so you will never have anything to do with them.

I recommend not to shame them publicly if you live in a country without freedom of speech (most of the world except from the USA) or they might have grounds for suing you for defamation (even if you are right and you can prove it).

Source: Someone scammed my landlord (and me) for tens of thousands and now he added me on LinkedIn. He's doing fine, probably doing some other real estate scams on top of some small BS companies that keep failing every 2-3 years (probably to avoid paying taxes). The police is not interested. The court case was dropped. Really tempted to out him online but lawyers don't recommend it. Justice is pretty weak in our times.

edwinkys|1 year ago

Sorry to hear that happen to you. I agree. I don't plan to escalate it. My current plan is to reach out to them and maybe report it to GitHub if ignored.

sbank|1 year ago

Not the first repo he is plagiarizing. One of the first things I see when visiting his profile:

https://github.com/obaraelijah/redis-proto

From:

https://github.com/dpbriggs/redis-oxide

But Elijah Samson / obaraelijah / elly sam has started removing or making repositories private now that he has been found out.

edwinkys|1 year ago

It seems like it. I'm curious as to why would he do this? Some people say that it's for portfolio to get a job. But wouldn't recruiter be able to tell that this is not their work?

H3BCKN|1 year ago

I know it's not directly related to your question. But great work. Kudos for your project.

edwinkys|1 year ago

Hey, thank you so much for your kind words!

jowdones|1 year ago

>> In every licensed file, original copyright, patent, trademark, and attribution notices must be preserved

Well, Edwinkys, it's your fault for not adding a copyright notice to each file. I recommend add one now at least, so future forks will have your name it it.

Something like this: https://github.com/aquarians/Public/blob/main/Aquarians/Back...

edwinkys|1 year ago

I see. I am not quite familiar with the legality of the licensing and stuff. I will keep this in mind for future reference.

throwaway48540|1 year ago

Did they include your original copyright notice? If so, they're free to change the branding, name, contact information and so on - they simply forked your project.

edwinkys|1 year ago

Unfortunately not. I tried to find some form of attribution to the original project but I couldn't find any.

kareiva|1 year ago

It looks like the person doing the copying didn't even bother to change the pictures properly (the background does not match). So I think if your great project lives on, this copy work is going to be just a bad and unsuccessful fork, maybe even one of few. Don't spend too much effort on this and just try to focus on your own project.

edwinkys|1 year ago

Yeah! That's what I noticed as well from the banner.

InitEnabler|1 year ago

Have you attempted to put a issue on there repo and/or reach out privately?

edwinkys|1 year ago

That's a great idea! I will try that.