Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How to stop download.cnet.com from hosting my app?
152 points by textman on July 3, 2021 | hide | past | favorite | 57 comments
download.cnet.com is hosting an ancient version of my app and I never submitted it to them or contacted them in any way. They simply stole my installer and content from my website without asking or getting permission. I won't get into my reasons for not wanting any of these download sites to offer my software. They are of course entitled to provide a link to my website and some do that and only that which is OK.

there is a link in in old HN post (https://news.ycombinator.com/item?id=2910554) that no longer works: http://cnet-upload.custhelp.com/app/answers/detail/a_id/2064

anyone know if there is good contact form or email address for any of these download sites to ask that they not offer my app?

If I am not successful getting them to comply, would a DMCA be appropriate and would I be asking for legal troubles if I submit a DCMA?



OP here. thanks for the suggested links which I will try. I hope I don]t offend any open source folks here but this is commercial software with a EULA that clearly states the software may not be redistributed without written permission so it is a license violation and has cost me some $. I found out from a potential customer that alerted me to this and said he thought my software being on sleazy download sites creates a bad image for me. I am a tiny, 1 person bootstrapped operation so I really don't want to go the DMCA route if I can avoid it.


In that case you are definitely in the right position legally. The DMCA is about as simple as it gets. No lawyer is needed, its just a form letter. Most likely they will just take it down, only if the uploader submitted a counter-notice would you have to take further legal action.


Agreed. A DMCA is the correct route, won't cost you anything, and will work. Be sure to send it to their upstream providers too.


> Be sure to send it to their upstream providers too.

Not immediately.

> we recommend that you submit a notification pursuant to the DMCA directly to the originating site. In order for a DMCA takedown notice to a system caching service provider to be effective under 17 U.S.C. 512(b), the notice provider must demonstrate either (a) that the content has already been removed from the originating site or (b) the notice provider has obtained a court order requiring the content be removed from the originating site or access to the content to be disabled.

https://www.fastly.com/acceptable-use/


I work in the web hosting industry. A lot of times people will only send dmca complaints to our upstream providers. Those upstream providers require us to take that information offline or else they'll actually cut off our access. It's a dirty tactic but it is effective.


> sleazy download sites

Shame. Download.cnet.com (and cnet itself) were pretty top-tier in the early public-Internet days (mid to late 90's). Guess it's a slum now


I myself have downloaded so many softwares from the cnet.com but now I don't trust it.


FWIW, I consider myself an open source person, but that doesn't mean that code that isn't open source should be freely redistributed with no regards for the original license.

I wonder how many people are still in the original "all software should be free" mindset.


If the version of your software they are hosting is subject to a non-permissive license, you should simply be able to tell them so and theoretically, they're obligated to take it down. The DMCA may or may not be precisely the right tool (license violation and copyright violation are similar but not 100% the same thing), but it should also work OK. (IANAL, but this is my experience.)

If your software is MIT licensed or similar, you can still ask, but you're probably SOL if they don't agree to remove it. With those kinds of licenses, they're under no obligation to remove it just because you ask them.

Simply contacting them at any of the email addresses listed here: https://www.cnet.com/about/contact-us/ or calling them should get you routed to the right person eventually. You could also try generic emails like legal@cnet.com, abuse@cnet.com, dmca@cnet.com, etc. In the worst case, here's a list of CNet employees: https://www.cnet.com/about/meet-us/ - figure out their email format (e.g. firstname.lastname@cnet.com) and shoot them some emails.

However, you should be prepared for them to simply do nothing unless/until there's an attorney involved.

Do you stand to lose income or receive some other kind of material injury if they don't take it down?

Edit: The help center at the bottom of the Download site took me here: https://cbsi.secure.force.com/CBSi/articles/en_US/Knowledge/... - this might be what you want?


> (license violation and copyright violation are similar but not 100% the same thing)

How? Absent a license, there is nothing permitting the redistributing of software. There is no such thing as a “license violation”; if you do not fulfill the terms of the license, you have no license to distribute, and are violating copyright.


One example: "If the licensing agreement states that a licensee will have to pay additional fees for use beyond the scope of the agreement, a breach of the licensing agreement on these grounds generally will be considered a breach of contract, rather than copyright infringement."

https://www.romanolaw.com/2020/01/13/is-breach-of-a-licensin...


IMHO, that kind of thing is a contract, not a copyright license. And a contract is only valid if certain conditions are fulfilled, like if you signed it, if both parties are actually aware that a contract has been established, etc. (Exact conditions vary with jurisdiction.)

The main point is, you can’t be party (and bound) to a contract if you only downloaded something without the direct knowledge of the provider.

EDIT: To clarify: You are still always bound by copyright law, and always need a license to distribute. If you don’t fulfill the terms of a license you were given, then you don’t have permission to distribute, and are violating copyright if you do.


You're gonna need to back that up with legal text (by which I mean a lawyer's interpretation matching yours).


(Jumping into the discussion with an example)

Let's say a person buys a train ticket from A to B, let say from Brussels Airport to Brussels Central Station. The ticket states that in order to be valid, you need to pay a second fee, a special fee because this is the airport transportation route. The person refuses and goes onto the train anyway. What crime did the person commit? A ticket violation or Fare dodging?

You get a similar situation when it comes to parking. If a person has a valid parking ticket but are parking when they are cleaning the street (i.e. during a no-parking period), the violation is not a parking ticket violation. It is a parking violation, just like any other parking without permission. The fact that the person has an ticket doesn't change anything.

Breach of contract against the ticket holder is very unlikely. Breach of contract against the ticket seller is possible. In the end, the most likely outcome of a person without a valid ticket is that they get treated exactly the same as a person without a ticket at all.


I can't really tell if you're agreeing or disagreeing, and I'm not even sure a ticket violation is a "crime"? But regardless, I don't understand the need to stretch analogies from other domains when there is so much case law out there specifically about EULAs. I'm pretty sure it's well-established [1] that EULAs can be enforceable contracts and breach of them can be treated as a breach of contract. This doesn't depend on there being copyright violations, e.g. there can be different licenses depending on commercial usage vs. non-commercial usage despite the copying being done in exactly the same manner. There should be no need to draw analogies from fare dodging to see what the law says here. I find countless links on this when Googling (and I'm basically leaving a different link in each comment), but see for example [1].

[1] https://www.mondaq.com/unitedstates/licensing-syndication/84...


An EULA is not a copyright license, nor does it give permission. The practice of EULA comes from Shrink wrap contracts, i.e. a contract that dictate how a product is used after a person have physically bought it. The origin of those are Standard form contracts.

One major difference between copyright law and contract law is that one is defined under international agreement, and the other is defined by each nation. There is no Berne Convention for contracts and EULA's. There is no obligation between nation to recognize EULA "rights".


IANAL, but I’d start here:

https://en.wikipedia.org/wiki/Meeting_of_the_minds


Yeah, that's not gonna fly, sorry. I've wished the contract world worked that way, but my understanding has been it doesn't, and you're gonna need a lawyer's interpretation matching yours to back up your claim, not your own interpretation of a link to Wikipedia.


You’re being very dismissive and condescending when your link does not back up your claim either, from what I could tell.

Also, from what I understand, this kind of thing varies from place to place. You might be correct about your own situation, but not about mine.


Wow. I said you need a lawyer's interpretation. You just left me a 5-second link to Wikipedia and yet I'm the one who's condescending?

I'm not going to put any more effort into my comments than you are, except I'll leave one more link in case it's helpful and leave this at that: https://toslawyer.com/are-end-user-license-agreements-enforc...

P.S.: This is obviously all about the US; if you're arguing about another country then we're speaking past each other rather pointlessly.


Here’s a link for you:

https://www.gnu.org/philosophy/enforcing-gpl

Eben Moglen is professor of law and legal history at Columbia University Law School.


With regards to US law, and again, IANAL, so if an attorney chimes in I'd defer to them:

"License" is a very general concept. You can give somebody "license" to do almost anything. See e. g. https://www.law.cornell.edu/wex/license

"Copyright" is a specific thing that you can possess - see the definition here: https://www.copyright.gov/help/faq/definitions.html

You can therefore grant somebody license to use something over which you hold copyright. You can also grant them license to do all sorts of other things, and you can breach the license in all sorts of ways. See for instance:

https://www.lexology.com/library/detail.aspx?g=e4b1226a-b6b4...

My main point, though, is that simply informing CNET that they are in violation of a program's license should be enough to make them stop, in theory. You may not need a DMCA takedown to do it, though one wouldn't hurt.

> Absent a license, there is nothing permitting the redistributing of software.

That's not true, because of fair use: https://en.wikipedia.org/wiki/Fair_use.

> if you do not fulfill the terms of the license, you have no license to distribute, and are violating copyright.

You may still have a license to distribute. You just aren't, in this case, distributing in accordance with that license. Licenses don't necessarily terminate upon violation (though they often do).


Can you find one case ever where distributing an entire copyright-protected unlicensed software program was ruled fair use?


Sure, though it may depend on how you define "entire program".

https://www.jdsupra.com/legalnews/a-short-history-of-the-fai... has a few, including Sony Computer Entm’t, Inc. v. Connectix Corp., where the entirety of the BIOS for the PlayStation was copied. I think that counts as an entire, copyright-protected, unlicensed piece of software.

I suppose one could argue the BIOS were not necessarily "redistributed", depending on how you define that term, but I think it counts. There are some other examples in there as well.


> https://cbsi.secure.force.com/CBSi/articles/en_US/Knowledge/... - this might be what you want?

That contact is for CBS Interactive. CNET was sold to Red Ventures in October of last year, so OP needs to contact Red Ventures' legal department, or CNET's. (they could try to contact CBSI, but there's no guarantee they'll forward on the message)

Red Ventures contact info: https://www.redventures.com/contact CNET's contact info: https://www.cnet.com/about/contact-us/ An additional contact form for CNET: https://cbsi.secure.force.com/CBSi/submitcase?template=templ...

OP should get on the phone to CNET and ask them who to direct DMCA takedown notices to, and mention that the legal contact info is still pointing to CBS Interactive. OP should send a physical copy of the DMCA takedown notice in the mail (certified mail) as well as e-mail, and follow up after a few weeks. They will probably take longer than normal as it seems they're still cleaning up from the acquisition.


I saw the Red Ventures info, but given that the Download site's help pages still link to CBS, is it possible not every part of CNET was sold or there's some other arrangement going on there?

Either way, I think your fundamental advice (call and ask where to send legal process) is probably right.


> you should be prepared for them to simply do nothing unless/until there's an attorney involved.

your answer is illogic masquerading advice. Why would you expect them to do nothing if you file a DMCA? yeah, that's right, all your analysis dodged the DMCA that you put a question mark next to for no reason.


> Why would you expect them to do nothing if you file a DMCA?

I didn't say "expect", I said "be prepared for", and that advice is relevant regardless of whether the communication is a DMCA takedown or a regular one. Large companies routinely ignore complaints and legal requests of all kinds from smaller entities or individuals and get away with it.

See, for example, https://turbofuture.com/internet/how-to-combat-plagiarism-wh...

Here's one case where Twitter ignored a series of DMCAs until it was sued (and maybe even after, the article doesn't say): https://www.digitalmusicnews.com/2016/01/14/twitter-sued-for...

There are hosting companies who make money by ignoring copyright violation notices: https://www.quora.com/What-is-DMCA-ignored-hosting https://www.reddit.com/r/webhosting/comments/jbwvin/blueange...


For the future, and as a Windows/OSX-specific hack, there are HFS/NTFS extended attributes attached to any downloaded file indicating the domain/URL it came from. You could introspect this and refuse to run the installer with a suitably angry message.

edit: ah sucks, seems on Windows this only gives you the network zone the file came from, not the URL. I think on OS X it is definitely the URL though https://superuser.com/questions/1513910/windows-extended-att...


> The "hint" you are referring to is the Zone.Identifier - which only tells you what internet zone it was downloaded from (trusted, internet or untrusted). It's only available for browser downloads to an NTFS disk

~ from the superuser link above.

So what actual use is this small field? Wouldn't it be more useful for windows to provide the url and some function to determine if it was trusted?


I can see how they ended up with an attribute that did not duplicate a potentially private URL. Consider downloading from an Intranet and copying to a USB pen that is then handed over to a customer

It also freezes in place the network policy active at the time of download.

Would personally still prefer the URL!


People are suggesting sending a DMCA takedown notice, but is download.cnet.com hosting OP's software because a user has uploaded it? If they have chosen to host it themselves, why isn't this ordinary copyright infringement for which the operators of the site would be liable without any safe harbor under the DMCA to protect them in the first place? The US legal system provides for considerable damages in cases of copyright infringement, so if there is reasonable evidence for a claim and OP believes they have lost money as a result of the infringing hosting, an initial discussion with a real IP lawyer might be a more useful starting point for OP here.


This is precisely what the dcma is for


But it could backfire, if you can't pay for a lawyer I suppose.

I suspect DMCA is for big companies with a legal department only.


> But it could backfire, if you can't pay for a lawyer I suppose.

How? If anything, the biggest complaint about the DMCA is that it has no penalties even against people acting in obviously unreasonable ways.

> I suspect DMCA is for big companies with a legal department only.

No? Looks like you just send a certified letter to the address listed at https://www.redventures.com/legal/cmg-terms-of-use.html under "Legal Complaints" and you're done.

(IANAL, of course, but nothing here seems special)


Bacfire how?


Maybe misfire is a better term. The DMCA process ends up with a lawsuit if the 2 parties don't agree. This means that the submitter of the complaint has to be ready for an expensive legal battle even if they win, or can drop the whole thing.

The US justice system encourages anyone with deep enough pockets to freely step over the law when their opponent can't outspend them.


There’s no plausible scenario where sending a DMCA notice gets you into a lawsuit you don’t want to be in.


I said nothing about "lawsuit you don’t want to be in". A DMCA claim either ends in an agreement (CNET agrees it's infringement or the submitter agrees it's not), or else the submitter has to go to court to prove their case. As I said they can of course "drop the whole thing": avoid any lawsuit but also drop the claim. Which is where the "misfire" rather than "backfire" analogy comes from.

Unlike the usual YouTube situations, CNET is both the online service provider and the party accused of infringing so the content can only go down if CNET agrees to take it down, or a court decides this.


No. If CNET refuses to take it down, you (OP) could file a lawsuit, but CNET has no grounds to sue you for a DMCA notice that you are legally correct in sending.


No to which part exactly? Nothing in "ends up with a lawsuit if the 2 parties don't agree [...] or can drop the whole thing" suggests CNET can file a lawsuit. Without an agreement the only way to take down the content is a lawsuit.


I think the fundamental dispute is this: sure, CNET could ignore the DMCA notice, but in that case the developer is in no worse shape legally than if they don't file the notice at all.

So "backfire" is definitely not the right word, and "misfire" is true but not a reason to discard the best, cheapest weapon in this fight.


Your app could show a popup, warning that a new version is available together with a link or an alternative mechanism to download the latest version from your website.

Obviously your app cannot do this now.

Hope this could be useful to others in the future.


Short answer: file a DMCA takedown notice if you want them to stop violating your copyright (distributing it without permission). Anything else is wasting time; they will ignore polite letters.


First thing to try is the "Report Software" link, and say that you're the author, and it's against the EULA to redistribute the software, and you will take legal action if it's not removed with x days.

Just the threat of legal action may be enough to get them to remove it.


I always do something like that, if a company doesn't treat me well. Quite often it works. The important thing is to set a reasonable deadline.


Are they violating your copyright? Does the license of the software which they obtained allow them to give copies away? If not, then this is a straight case of copyright infringement.


I don’t know about your options, but download it and see if it’s actually your installer or if someone has modified it.


Send a DMCA to them. They'll either comply or ignore it in most cases.


Did they alter your app in any way? Did you check the hashes?


Download.com used to put a wrapper around other peoples software, I'm not sure if they still do this.


No matter how slimy CNET is (and that is very slimy) I don’t really consider it “stealing” that they downloaded something you specifically provided as a download.

But they do a lot of misrepresentation (apart from other slimy things) and you are well within your rights to object.

As another posted commented: this is what filling a dmca claim is for, and you can do it without paying a lawyer or anyone else. The only problem is whom to send it to. You’ll find that CNET’s download is actually download.com. You’ll have to start there.


> I don’t really consider it “stealing” that they downloaded something you specifically provided as a download.

AFICS, The issue is not that they downloaded it, but that they are hosting it.


they wrap my installer inside their installer which includes some sort of toolbar I am checking out before I finish installing it because I read some reports it is malware.


Ugh, that’s even more disgusting than I thought, and that kind of thing is like “stealing” — your reputation in this case. Good luck with dmca, possibly a trademark fraud case too, which could have actual financial consequences for them.


If so, that is horrible behaviour on their part.


Vile beyond any stretch of reason. Here's hoping you find a valid way to "put them in their place" as it were… Wishing you the absolute best of luck handling/resolving this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: