Hacker News new | past | comments | ask | show | jobs | submit login
HackerRank (YC S11) DMCA'ed the SymPy Docs [fixed] (github.com/sympy)
921 points by hrldcpr on April 19, 2022 | hide | past | favorite | 330 comments

Not the first time they've taken down Github repos, some with a legal basis (partial problem text, though Fair Use might overrule that if the cases ever made it to court), others with no involvement at all (https://github.com/egfx/React-Leaderboard still hasn't been restored, for example)

More information about previous DMCA abuse here: https://news.ycombinator.com/item?id=29239594

Personally, I would not trust a company this unethical to certify anything. Their excuse seems to be "we're using an external service" but they chose that external service and are fully responsible for these takedowns in their name.

Oh wow, a lot of fears people have in this thread apparently already happened.

For example they claim to own the copyright to find substring: https://news.ycombinator.com/item?id=29239926

Absolutely disgusting.

Part of the DMCA takedown process is:

  > A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Has this penalty ever been enforced?

DMCA 512(f) provides a penalty for misrepresentation; however, it is quite difficult to actually prove such things unless the plaintiff is very, very stupid (in Latin: pro se) or obviously acting with malice.

For example, if the thing you're taking down does use your content, but it falls under fair use, you can still get away with taking it down. There is no objective test for fair use and 512(f) does not mandate one; the criteria is just that you merely considered fair use. And since fair use is a bottomless pit of grey areas, you basically can't get a 512(f) ruling out of a legitimate copyright owner. It only catches the kinds of people who, say, pretend they're Bungie so they can file DMCA takedowns Bungie can't retract in Bungie's name.

Well, quoting u/formerly_proven from a 5 month old thread that someone linked above:

>Literally claiming copyright on this description for "find substring": "Given s and x, we want to know the zero-based index of the first occurrence of x in s" //

This is a functional description which has very limited possible English language forms and so it's highly unlikely to qualify for copyright in the first place. Anyone who has enough knowledge to file a DMCA request that is looking at this would consider that it is at worst Fair Use but in all probability is not infringing.

Seems a very strong case, if this quote is a true representation, for a claim of vexatious action.

The problem is that the penalty requires prosecution by a federal district attorney. I've never managed to get a DA to prosecute perjury. I even filed a complaint against a DA once when they perjured themselves in writing. It was ruled "accidental perjury" and the case was dropped. [note: perjury has an intent element, you can't accidentally perjure yourself]

Also, the above statement is vague. The perjury clause only applies to the final clause which states that the person making the request has the authority of the rights holder. It doesn't apply to the first clause stating that the information is accurate?

I haven't read the DMCA statute in years, so I don't know if the wording in that clause parrots the wording of the statute.

DAs are just lawyers with a fancy title, and that profession practices perjury as a second language. They won’t eat their own.

Not exactly that, as it was settled out of court, but https://torrentfreak.com/youtube-settles-lawsuit-with-allege... comes to mind. However that person did things that are quite a bit worse than what hackerrank did.

It has resulted in a settlement, and withdrawn complaints as far as I can tell: https://www.techdirt.com/2018/08/01/universal-retracts-dmca-...

And there seems to this case that is worth keeping an eye on: https://www.techdirt.com/2021/03/11/court-allows-lawsuit-ove...

Seems like the 2nd case was also settled. [1]

[1] https://www.courtlistener.com/docket/17353586/enttech-media-...

Hackerrank is one of the most unscrupulous companies I have seen. I honestly dont understand how anyone is capable of doing business with them. My own personal experience with them as been bad. I had applied a few years ago to be a part of their intern team, I have received emails scheduling my interview with them and then they eventually ignored me.

GitHub don't seem to be getting near enough flak in this thread.

Unfortunately the way the DMCA is written means that GitHub is acting prudently here. If GitHub does not take down content they receive a valid DMCA request for, they lose their safe harbor and can be made a defendant for a future frivolous copyright suit. Nobody should be taking flak for refusing to become a party to someone else's litigation.

wow, this is scary

Hello again, Vivek, founder/CEO here. In the interest of moving swiftly, here are the actions we are going to take:

(1) We have withdrawn the DMCA notice for sympy; Sent a note to senior leadership in Github to act on this quickly.

(2) We have stopped the whole DMCA process for now and working on internal guidelines of what constitutes a real violation so that these kind of incidents don't happen. We are going to do this in-house

(3) We are going to donate $25k to the sympy project.

As a company we take a lot of pride in helping developers and it sucks to see this. I'm extremely sorry for what happened here.

Hey Vivek,

I have received fake DMCA requests from WorthIT Solutions, Pakistan that you guys seems to have hired. It is sent for a simple blog entry discussing about programming algorithm!

I recommend training them or replacing them.

I guess it is pretty much perjury penalty risk free to make such DMCA declaration from outside of US:

>Declaration: I have taken fair use into consideration. I have a good faith belief that the use of the copyrighted materials as described above is not authorized by the copyright owner, its agent, or the law. I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Unfortunately, that penalty has no teeth, regardless of where the filer is.

It would probably be prudent to withdraw your other DMCA notices until you figure this out. You're being given the benefit of the doubt, and the other counternotice on Github doesn't exactly portray you in the best light either.

It would probably be prudent to withdraw all existing notices, never submit one again, and send donations to every single project you have ever sent a DMCA notice to, and do everything in your power to get all content re-instated, everywhere.

You aren't even really a content company, this is such a bad look. Your value is in your network of people, not in the content.

Without a discussion of how/why you thought this would be a good idea and how this has been happening on an ongoing basis, we can't really accept your apology.

Regarding (3), are you going to make similar contributions to all of the other projects that you have issued unjustifiable takedown notices? As I see it, the only reason you are making this contribution is because you got called out in public and you are getting free PR.

Proportionate contributions to other projects and individuals would go a long way to showing that you are not just playing lip service to your admission of wrongdoing. You have hurt a lot of people, and you need to make amends for your shenanigans. At the very least, you need to comp any legal fees incurred by your actions.

Hello Vivek,

Personally I like Hacker Rank and consider it a good way to learn about new algorithms but at the same time I do not like the style of interviews that require it and it makes me wish I could leave the industry because it's a waste of time for people with a lot of practical experience and who have a good portfolio of apps/sites they've created.

That said, I would recommend not doing DMCA at all unless it's really serious. Sounds like your company has a lot of problems with this. Think StackOverflow, there are plenty of sites that copy it but I'm not aware of them going after anyone. If anything all the copying of a site makes it more of an authoritative source because a lot of people reference it.

I flat out refuse to be interviewed using it and if the company doesn’t drop the requirement, I drop them.

Same here, know lots of developers in the same boat.

HackerRank - the #1 way to find developers with zero self respect

also the #1 way to weed out self important idiots.

bad hacker rank tests are bad, but not all hacker rank tests are bad.

You don't have to insult people to get your argument across.

Could just say, for example, you don't think it's a disrespect to oneself to attend Hacker Rank tests and explain why.

it's fairly simple, at some point you have to evaluate somone technical skills to make sure they are suitble for the job, and well designed tests do that.

There is an abundance of bad tests out there, but blanket statements that you won't use a tool that is used for assessing candiates is just as rediculas as saying you won't give apply to jobs that ask for your cv to apply.

Well no, if a company is happy to pay six figures but lacks the desire to spend an hour or two pair programming or even just creating a tech test, their priorities are all wrong and I don’t want to work for them. Hiring is about people and not robots, so using automated tests like Hacker Rank that almost always have zero bearing on how a problem would be solved in a real environment is a testament to a lazy hiring process and an extremely poor reflection on the company. Don’t try to automate something that should intrinsically involve human interaction.

Comparing it to a CV is a false equivalence because it takes me O(1) effort to make and CV and O(n) to do some stupid timed algorithm test for every company that is interested in the value of my labour.

I understand why you're getting downvoted but I have to say that I agree with the gist of what you're saying. We use HackerRank mostly just to package a problem set and put a timer in place for upload, nothing more clever than that, so if someone pattern matched "HackerRank test" to "disrespectful" I would think of that as a severe red flag and move on to another candidate.

There are many "in good faith" steps that both parties must do in the interview process, wherein if either party drops the ball it really makes sense for both parties to cut their losses and move on; which I believe is what you are getting at.

> it's fairly simple, at some point you have to evaluate somone technical skills to make sure they are suitble for the job, and well designed tests do that.

There is employment contract for a trial period, because you only know how good coder is when they face real problems/code. Writing sort algorithms on white board might look cool, but in real world you will search internet for best algorithms for your case, look up generic one, so you will not make a trivial error writing it from memory, or just use equivalent of std::sort.

These kinds of tests can be easily cheated and they are a poor predictor of the quality of an engineer work in the real world.

I'd rather not work with people selected this way. There are plenty of companies using much better filtering processes.

You can call me whatever you'd like, but I'm a service provider and I have no obligation to offer my service to anyone.

StackOverflow contributions are (thankfully!) licensed under the very permissive CC-BY-SA license. I suspect the sites ripping them off are not infringing copyright.

>"As a company we take a lot of pride in helping developers and it sucks to see this."

I don't understand this because as others on this thread have pointed out you have done this before.

Further isn't much of your own content just plagiarized from other people's previous FAANG interviews?

I've never used HackerRank as I view it as something of scourge on the industry but I will probably go to extra effort and recommend to other that they not use it either.

Wow! Guess we will never know if this would have happened if it did not make it to the front page of HN.

Also @dang, has this post been pinned at the top of the page for everyone to see.

Edit: guess it's not..

Upvote it for the algo even though it doesn't make sense.

Don't upvote. They're only doing this for PR. Let their reputation be judged by their real world acts, not their marketing.

Or better, downvote it.

Hi Vivek, why was the DMCA filed in the first place?

Reading elsewhere in the thread it looks like they have been relying on firms in Pakistan and elsewhere to scour the internet for strings that appear in Hacker Rank and submit DMCA takedowns when they find these strings elsewhere. This becomes awkward when it is in fact Hacker Rank that copied the strings from the source they are DMCAing.

They should probably never send a DMCA again. It's political suicide in this industry anyway.

We really need a strikes policy for DMCA submitters built into the legislation. Like submit three dubious claims, and you lose your copyright. I've been saying it for literally 15 years.

That is how business is run in the US, but not exclusively. They don't want to have dirty hands and hired some company with specific profile to do this job for them. They took a time to find company like this. This is not an unexpected accident. And when things become hot, they blow some money to shut other mouths.

Shady practice for the bad people who got caught several times. Taking responsibility for them will be ceasing whole business. Just stop doing bad things.

>Reading elsewhere in the thread it looks like they have been relying on firms in Pakistan and elsewhere to scour the internet for strings that appear in Hacker Rank and submit DMCA takedowns when they find these strings elsewhere.

Who ever thought this was a good idea? Those firms and the "monkeys" they hire have an incentive to send takedowns everywhere to make it look like they are "doing something".

But since there are no consequences for sending them to the wrong places, I guess they don't care much.

Except hitting HN frontpage

"As a company we take a lot of pride in helping developers"

Oh really? You: commoditize humans by reducing them to a score, you: destroy their public contributions

Sounds like you're a pretty terrible dev advocate. You should be ashamed to show your username and affiliation on HN.

Nice I suppose these were the pointers given to you by your PR team? What prompted (2) after all this time, considering there are previous instances of HackerRank acting hostile?

I presume making the first page of HN was the prompt.

Would you have done it had it not come to HN's attention? Don't bother answering this, it's rhetorical, and I'd expect a lie for an answer, anyway.

You've abused many other projects, some linked in the comments here, but you only seem to act when there's sufficient apparent public outrage.

As far as (2) is concerned there is only one solution

1) register the copywrite of the tools you have written inhouse for hacker rank and 2) ONLY issue DMCA claims based on your registered copywrites.

The questions and peoples answers to them are not something you should EVER have even considered issuing takedown notices for.

"For now" isn't enough, it needs to be "for good."

Curious how things got to the point where it took public outrage on HN to move the needle on this issue. Legal department going crazy with stuff without you realizing it maybe?

Repentance was the last thing I expected to find in here, and it did go a long way towards lowering my blood pressure.

Please don’t ever use DMCA in this way again. Even if it were somehow borderline justifiable, your users will be motivated to lambaste your company into oblivion, and to wish non-existence upon your company. Probably not the best posture for anybody concerned.

I hope other companies take note as well.

Mate its not repentance, its just his PR team.

Dmca as process should be stopped, you buffoon

It is better to stop doing business. I guess!

> Hello again, Vivek, founder/CEO here. In the interest of moving swiftly, here are the actions we are going to take:

So you are taking action only after news spilled all over the internet? So I can assume that if no one(in internet terms) known about it (as described in links pointing to other DMCA cases), you would do nothing to remedy your illegal (from moral stand point of view, no real one) actions.

It's only illegal if you get caught and find someone willing to prosecute you. Also if penalty for breaking law is a fine, then this law only applies to poor people.

You are not really sorry and will do this again. I won't be using HackerRank for my recruitment purposes.

Thank you for stepping up and taking this seriously and quickly helping to restore the SymPy Documentation to the internet.

“For now”

This same DMCA company (WorthIT Solutions) previously tried to DMCA the php docs range function page on behalf of HackerRank [0]. Pretty crazy.

[0]: https://www.mail-archive.com/php-webmaster@lists.php.net/msg...

Not only that but the ENTIRE TEAM SECTION ON THEIR WEBSITE (worthitsolutions.co) IS A BLATANT LIE. Not one of those people is real. Every single biography link leads to Lorem Ipsum. It's a shady, secretive sweatshop operating out of Lahore, Pakistan.

Yup, and a couple of the stock photos of "Our team" are duplicates. Crazy. How does an outfit like this get hired?

The entire "Our Team" page is unchanged from the web site template they used:


Is the theme pirated? That would be the icing on the cake

Here's an archive.org snapshot of the evidence, for future archivists:


is that a joke? I mean a bunch of stock photos of white hipster people with an address in Lahore?

No - that does seem to be their site. I mean that is disturbing on all sorts of levels. From "that's just poor web dev copy paste", to "those americans won't hire anyone who looks like us" to ... hell I don't know.

that just bothers me

A real American firm would know to be more diverse!

Because there are lazy companies like Hacker Rank on the market to hire them.

Stop pulling responsibility from Hacker Rank. They hired this firm because they do business like this.

well, how did HR get through YC?

You don't become a billionaire by writing too many checks. Hence why they outsourced their goon squad to Pakistan.

that is not what i asked. why did YC fund hackerrank? sounds like a shitty idea and bad for our industry.

> that is not what i asked. why did YC fund hackerrank? sounds like a shitty idea and bad for our industry.

Idea of assigning number to a person and then judging that person based on that number? How it could happen in real world... Also if people are willing to pay for it (even if they don't know about it yet)in capitalism it is a good argument to pump money into it.

Also: https://news.ycombinator.com/item?id=31052764

That's what vc companies do...

They're talking about the company HackerRank hired to do DMCA takedowns, Worthit Solutions.

i know

I think that entire page is left over from the Pitch Wordpress template that they used for the website, it even links to the Pitch live preview site.

Wow, how did HackerRank end up hiring them? Incompetence all around.

The DMCA's work, don't they? It's not incompetence, just unethical, evil, and potentially illegal, but they know you'll go bankrupt litigating them.

I didn't want to mention it in my other comment but the mere mention of "Pvt Limited" in the DMCA takedown led me to believe the company is a disgusting boiler room right next to the tech support scammers we all know (if not literally the same scammers moonlighting as DMCA enforcers). It does seem I was right and stereotypes (unfortunately for the legitimate companies from these regions) still work.

"Pvt Limited" just denotes a company registered in India, Bangladesh, or Nepal and this isn't a good heuristic considering the huge number of companies.

Yep, I am aware and that was my point. I’m sure that the vast majority of these companies serving their local area are legitimate. But when it comes to exporting abroad and IT specifically I’ve only ever had bad experiences to the point where it is an automatic red flag and so far that heuristic has served me well.

It does not change the fact that the full responsibility is on Hacker Rank.

Haha wow. What hurts my soul the most is that there is no penalty, legal, financial or reputational, for this kind of bogus behaviour, like how Sony's YT bots keep claiming ownership of any performance or recording of a piece of classical music because they hold copyright over one particular recording of that piece.

The fact that there isn't any downside just shows what poor legislation the DMCA is.

If you told me that the DMCA was written entirely by the music copyright industry and handed to compliant congress members to rubber stamp, I'm likely to believe you.

One way for HackerRank to do the right thing would be to sue WorthIT for breach of contract and loss of reputation. Their contract must have included some requirements for due diligence on filing those notices, and having these bogus DMCA notices does hurt HackerRank’s reputation, especially with its target audience.

Only way to make this stop is make companies like WorthIT feel financial pain from their actions.

There's also an argument to be made that this is on HackerRank. Just because they're using a contractor to do the dirty work doesn't excuse them from responsibility for this sloppiness.

Especially given that the false takedown of the PHP docs dates back to January.

Issuing false takedowns against organizations whose code you use for free is a pretty bad look.

(It's also a pretty crummy product, I used to use it as an interviewer and am glad I no longer have to.)

May we hear more about why it’s a poor product?

To his credit, the CEO read my comment and reached out to me (as he noted in the sibling comment). Since that email answers your question, and also adds some useful context, I'll just share that:

> So, I generally have a personal rule against disparaging things that other people made because I know how hard it is to make stuff and how criticism feels. I ignored that rule in this instance only because I've been a victim of DMCA misuse from a company and have learned the hard way that the only real repercussions anyone will face are reputational.

> For context on my experience with HackerRank, I have used both the take-home test product and the real-time test product. It has been almost a year since I have used either, since I left that job.

> I found the real-time product frustrating to use; frequently I could not rely on the candidate seeing the same state I did. I forget exactly what the problem was but candidates were often confused by the console not appearing and things like that. In some instances, either I or candidates were booted out of an interview in progress and had to refresh the page. Usually we worked it out pretty quickly, but losing precious time can make candidates nervous and it's not a great first experience with the company for them. I also found that code execution ran slowly, in both the real-time product and the take-home test -- we weren't running big programs, I'm not sure what was so slow.

> On the take-home side, for context, I was one of several people responsible for the take-home coding test for my department and was also (unofficially) the go-to person to look into assignments that were flagged for plagiarism. I found the plagiarism detection results to be pretty incomprehensible -- sometimes I'd see tests with very high plagiarism scores and no signs of obvious plagiarism, or things like a 90% score with just a few innocuous lines of overlap with the alleged source. I understand that flagging false positives for human review is generally preferred here to false negatives, but my main concern here is that if recruiters within an organization take these numbers at face value, they end up rejecting candidates pretty much randomly, or because the candidate wrote idiomatic code that looks like everyone else's because it's the idiomatic solution in that language.

i will add to this that if recruiters or code interview people expect you to be a liar or fraud, by default, then they will be looking for evidence and the slightest misstep will instantly be a “fail” with the excuse that they prefer to have missed a great candidate than risk hiring a bad one, which is the typical passive aggressive BS you deal with.

the problem is really coding interviews in general, not just HR itself. who wants to do this type of shit in a browser anyway?

Sorry to hear. I just sent you a note. Appreciate your response.

This is how the US Sarbanes–Oxley Act works. During giant accounting scandals in late 1990s / early 2000s, corps were using the onion approach with external vendors to cover-up shady/illegal practices. SOA basically says "no" to this now. We need the same for DMCA.

Yes, there seems to be a need to blame the lawyers and not the company engaging those lawyers.

Another way to make it stop is for companies to stop using HackerRank.

You’re assuming that this company is actually a separate entity and not some sketchy relatives of the hackerrank management providing for international cover for their bogus DMCA attacks.

Which is exactly what it is.

https://docs.sympy.org/ is down …seems like a lame move for a programming-oriented company.

The takedown message is here – https://github.com/github/dmca/blob/master/2022/04/2022-04-1...

And the offending page is archived here, I wonder what part they wanted removed – https://web.archive.org/web/20220114132753/https://docs.symp...

What I suspect happened is that the HackerRank test legitimately (fair use) included parts of the docs (the exercise could’ve been about the library those docs are for), DMCA enforcement has been outsourced to the lowest bidder and these idiots just did a blanket search for some phrases from the test, found the official docs and DMCA’d it.

This seems plausible.

The only real solution here seems to be to find a way to hold HackerRank to account for this (in the most costly way possible), so they face an incentive to do meaningful due diligence and evaluate before partnering with someone that acts as their agent.

Ultimately it wasn't them that did this, but unless they bear a significant cost from doing so, which causes them to pursue their DMCA agent for negligence or breach of contract (or whatever other remedy is available to them), I don't see this type of thing changing.

Once a DMCA agent becomes a liability, the market will be forced to mature, and buyers will need to do due diligence to minimise their likelihood of being opened up to a large and costly battle as a result of the negligence of their agent.

The CC licenses should probably be adjusted to make a DMCA attempt a permanent revocation of license. That way DMCAs can flow in the opposite direction and people can learn things.

Realistically speaking, you’d still need to enforce breaches of whatever license you choose but most open-source projects don’t have the resources to pursue those cases.

Maybe there’s a case for a consortium of open-source projects that can pool its resources and serve as an insurance policy to fight back against license violations or malicious/stupid DMCA takedowns.

We have so many organizations but in the last 2 decades nobody has thought of creating colloborative legal fund and insurance system to combat and in many cases enforce licensing violation.

Open source projects should have a kind of union of their own. Then again I wonder if it would ever be possible because corporate money has became a key donation source and in many cases many OS projects themselves have become corporatized.

Whenever you file a DMCA appeal with GitHub/etc you would have the option to file a takedown on the jack ass. Some projects doing it occasionally would trigger the right conservative fears at corporations to reduce the market.

We already have precedent for this kind of thing too, for patents. For example, the Mozilla Public License says this:

> If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate.

> I have taken fair use into consideration.

Not really. Nor have you considered who the actual author and copyright holder is.

What scares me the most about this story is how easily it could've been a small software shop running their entire operations on GitHub getting DCMA'd without any merit, and just losing access to an important repo within 24 hours. And imagine they don't know about Hacker News. Or they posted something which didn't get enough upvotes for the offending company to respond and resolve it quickly.

As a software developer, I've surrendered so much autonomy for the sake of convenience. When it works 99% of the time, things are awesome. But god forbid you are the 1%, cause there is usually no talking to real people to get support. The only recourse is shouting about it on Twitter/HN and hope someone notices, thereby leaving everything to chance - that just makes me sad to my core.

Git is a distributed VCS, everyone has a clone of the repo, and at least one person has the latest main branch.

A lot of open source projects rely on GitHub for their community, funding and discoverability. Dismissing that would be dishonest.

With GitHub allowing editing on the web using devcontainers and VSCode, someone might not have a copy of the repo locally.

You could definitely still blame the company at hand for not having redundancy and having a single point of failure, but the point still stands.

Why did github disable the whole website when a single page was reported? From the other notices I see that there are specific files which get removed. Doesn't even make sense

I'm happy that this is now on the front page because that's how fraudulent DMCA requests get fixed :)

The goodwill lost will now surely exceed the money they saved by not doing proper due diligence. I'm optimistic that HackerRank won't make the same mistake again and other companies might take notice, too.

It would be nice if a lawyer got censured for this. That's how fraudulent DMCA takedowns should get fixed.

It would also be nice if Github would implement instant restoration via counternotice as allowed by the DMCA. Implementing only half of the law enables this sort of abuse.

You don't have to be a lawyer to send a DMCA takedown.

Companies have historically gotten away with these reckless takedowns because the law just requires that "the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law." (17 U.S.C. § 512(c)(3)(A)(v))[^1]

In a recent 9th Circuit case, Lenz v. Universal Music Corp[^2], the court held that Lenz could sue Universal Music for a bad faith takedown. Specifically, "failure to [consider fair use] raises a triable issue as to whether the copyright holder formed a subjective good faith belief that the use was not authorized by law."

However, proving that it was in bad faith could be tricky.

Caveat: IANAL

[1]: https://www.law.cornell.edu/uscode/text/17/512#c_3_A_iv [2]: https://en.wikipedia.org/wiki/Lenz_v._Universal_Music_Corp.

Github does provide pretty descriptive method of submitting in their dmca repository readme [1], and in every takedown notice, as well.

[1]: github.com/github/dmca/

> Our help articles provide more details on our DMCA takedown policy and [how to file a counter notice][2].

[2]: https://docs.github.com/en/site-policy/content-removal-polic...

This is still an asymmetric, unfair process. Automatic takedowns from bad faith actors are catered to left and right but you have to negotiate a bureaucracy with manual review to get restoration. The DMCA doesn't require this to receive safe harbor protection.

Provide a form where an up to date contact point can be submitted that you can forward to the plaintiff and then restore the content. It's that simple. They can deal with litigating the dispute from that point on and Github is not responsible.

Hello, I'm Vivek, founder/CEO of HackerRank. Our intention with this initiative is to takedown plagiarized code snippets or solutions to company assessments. This was definitely an unintended consequence. We are looking into it ASAP and also going to do an RCA to ensure this doesn't happen again.

Sorry, everyone!

EDIT: update here https://news.ycombinator.com/item?id=31092085

Thanks Vivek for responding. Speaking as one of the maintainers of SymPy (who received the DCMA takedown request by email) I would like to note some points:

1. If you do a web search for "HackerRank DMCA" you will find similar examples of this that have happened in the past (with exactly the same text).

2. The text of the request is not in any way designed to enable a reasonable response. No detail is given about what the infringing content is so there is no way to comply.

3. It is also clear from this and previous cases that whatever process is used to identify potential targets for DMCA yields false positives and no reasonable judgement seems to be applied in whether or not to issue a takedown request.

I also think that GitHub's processes are faulty here:

1. We were given one business day to reply. I replied within 2hrs to say that the request was obviously spam and then sought legal advice. The repo (and website) were shut down before we could get legal advice. One day is nowhere near enough time. The request came in on Thursday night (UK time) and in the UK both Friday and Monday are public holidays this weekend. I don't even know what one "business day" means in this situation.

2. GitHub gives some guidance for how to submit a counter claim but none of the information is applicable to a case like this where so little information is given that is simultaneously impossible to comply with the request and impossible to dispute it. If GitHub makes it this easy to spam DMCA requests then they should also provide some guidance for how to deal with spam requests.

I wonder if the FSF or someone else can come up with a good template response to DMCA requests that just don't have enough information in them. If the request doesn't even explain how you could comply then it should be possible to respond to that in a blanket fashion.

Oscar, thank you for responding and I'm terribly sorry for the disruption this has caused. I should have taken this more seriously when it sprung up on HN the first time but for whatever reason we just fixed that problem and moved on. This is a serious one and we are working on a strategy that is sustainable.

Meanwhile, if we need to make a monetary contribution for your effort or anything more we could do to promote, what would be the best way to do it? If you'd like to send me an email to discuss further, I'm available at vivek at hackerrank

Thank you & sorry!

If you don't want to utterly destroy your company's reputation and have every company that depends on Python or other critical open source infrastructure boycotting you, you need to stop. Just stop. Don't send out any DMCA notices at all, not unless you encounter a case of infringement so blatant that it is obvious to all. And then make the decision yourself, don't contract it out. The risk of damage to others and blowback to you is too great. You're risking the failure of your company if something like this happens another time after two high-profile cases; damage to your company could be that bad.

And here's the thing: if there's a match between the SymPy Docs and something you consider yours, the copying was quite likely in the reverse direction: the solution you claim copies something out of the SymPy documentation (which is legal, but it isn't yours).

You agree to

> stop. Just stop. Don't send out any DMCA notices at all, not unless you encounter a case of infringement so blatant that it is obvious to all. And then make the decision yourself, don't contract it out.


Sounds great - did you make similar promises last time?

> plagiarized code snippets

I'm looking at the page that was taken down[1] and it seems to be largely full of pretty basic code snippets demonstrating how to use the Solvers module.

Your DMCA request[2] includes the statements that say, in part, that Fair Use has been considered, that you own the copyright, and that the information in that statement is true and accurate.

Could you elaborate what on that page you consider to be your copyrighted content, and how you came to hold that copyright? Is it the code snippets, as per your comment? Did your company have an employee write that content?

When the DMCA takedown request was being drafted, did someone consider whether those snippets are even qualifies as an Original Work? I'm getting at whether they contain even a minimal level of creativity, as the US Supreme Court has said is a requirement for copyright[3].

[1] https://web.archive.org/web/20220114132753/https://docs.symp...

[2] https://github.com/github/dmca/blob/master/2022/04/2022-04-1...

[3] https://www.copyright.gov/what-is-copyright/

I wonder how many of the HackerRank questions are themselves plagiarized from other places?

They started by stealing and now these thieves want to claim all code.

Exactly, I have been sent on HackerRank by potential employers twice and every time I was given the usual coding challenge I had already seen on leetcode or similar.

Possible solutions to affect some justice and reclaim your image:

  1. Fire WorthIT Solutions (no RCA necessary, do not automate or outsource DMCA, even if it's human based automation)
  2. Apologise to SymPy
  3. Discuss internally the cost-vs-benefit (more than monetary) of embarking on copyright policing as part of your company's future strategy
  4. Blog results of #3
WRT #3, sustainability comes to mind - if dissemination of solutions is a serious threat to your current business model/implementation (something you might want to validate anyway) then consider adapting to mitigate it to the point of irrelevance. Perhaps you are already doing this, but DMCA policing is at best a distraction and at worst a PR nightmare and menace to FOSS like today, it also doesn't scale well.

0. Dissolve HackerRank.

All things considered, this company has done net negative impact to tech industry.


Because it is a horrifically flawed metric by which to hire engineers, and is teaching upcoming crops of engineers valueless skills to enter the industry

As someone who (last week) ok'ed a guy with 35 years experience to skip the first round of interviews, only to then watch him struggle to write syntactically-correct code in a language he's (allegedly) been using for longer than I've been alive, I disagree. HR isn't a be-all-end-all metric, and it certainly has its faults, but it's very useful as a first-round filter.

This is a false dilemma.

The point is to find another evaluation metric.

Did you give your guy an IDE that he would normally use? That your company normally uses? A real world problem to solve? Resources he would normally use? Resources people at your company use on a day to day basis?

White boarding or using codepen isnt remotely close to evaluation for the actual job, and neither are data structure brainteasers, curious what you and your candidate did.

You got one false positive and now want to use a system known for its false negatives.

If you're just using HackerRank as a first round filter to see if they can write syntactically-correct code in a language... you don't need hackerRank. Or to restate this, if your interview process can't filter out such a candidate without using hackerRank, your interview process itself is flawed.

Their interview process surely can handle "can this person code fizzbuzz", but it makes no sense to take time from one of your engineers to test this when it can be trivially handled by something like hackerrank.

I don't understand why people find this practice questionable, it saves time for both company and candidate.

I wrote a response to this already here: https://news.ycombinator.com/item?id=31092829

But perhaps a different way of answering your question would be a more apt response?

Take this with a grain of salt, but in my experience of building organizations, it seems to me that in social systems, as opposed to engineering systems / code, the most powerful organizational forces are the second order and tertiary effects of the policies that are institutionally put in place. Not the first order effects.

The first order effect of using HR/LC easy questions might be that it weeds out people who really can't code in a language. And in that result, using HR and LC in your interview process, isn't a bad thing.

But the 2nd order effects of using HR/LC are often disastrous. Because once you start using HR/LC as your FizzBuzz question resource, you've made it easy for interviewers in your organization to start using HR/LC questions for more than just a FizzBuzz replacement. Maybe interviewers go to HR/LC for medium, hard questions. Maybe more?

HR/LC elevate what should be a small (though important!) part of the interview process, to one of the most important, hardest, and complex parts of the interview process. In most interviews I have witnessed in the last few years, this comes at the expense of other things that _should_ be more important parts of the interview process. And that's what is disasterous.

That's the issue with HackerRank and LeetCode. It is intentional from HR and LC's point of view. And is an unignorable, indeed one of the most important aspects of adopting a policy of using HR/LC in your organization.

I never said HR is the solution for first-round filtering, I'm saying it's a solution that works, regardless of its intended purpose.

Hmmm. Can copilot pass HackerRank tests?

I disagree. Kind of. There are many questions that are bullshit puzzle types but I do think HR and LC provides value of teaching when a Data Structure or algorithm is suitable for use. At the very least, It’s far better means of understanding the flexible use that college textbooks don’t teach while having test cases to see pitfalls of implementations. Having a community that shows ingenious ways of tackling problems is valuable too.

I agree that a good interview process should check that the applicants have their bases covered with algorithms and data structures. I agree that having a compendium of good questions to ask for this purpose is useful. And I agree that HackerRank and LC have compendiums of such questions.

However, I disagree that that makes HR or LC valuable or a positive in the interview process. Basic DS and Algo questions do not require the types, number, or complicated questions one finds in HR or LC. Such questions are easy to come up with and test, and should be a notable, but minor part of the interview process.

HR and LC take what should be a minor (though important!) part of the interview process, and blow them to huge proportions, and thereby distort and harm the very process they're supposed to be helping. They do this, in an attempt to present themselves as having a larger value add than they actually do.

a good college education covers all of the above. we don't need HR or LC.

1. Surprisingly, there are master's degrees in computer science out there that cannot solve fizzbuzz.

2. No license is required to work as a software engineer.

3. It is up to each company to verify their candidates.

fizzbuzz is the least of your concern if you do these type of interviews. the problem is that you will be asked a question which required several hours to produce an optimal solution, yet you are supposed to deliver this solution in under 5-10 minutes, and the only way to do that, is to repeatedly grind the solution and memorize it and then quickly reproduce it in the interview. as such, the style of interviewing is broken, and optimizes for candidates willing to endlessly grind LC or HR, and memorize the solutions. in the end, everyone loses. coding interviews are there to exhaust the candidate so when the offer stage finally arrives, they take any offer. all it does it put everyone in a bad position.

and you are mistaken that it's up to the company to decide what happens. as an industry of professionals, it is our decision.

If you have a computer science degree, you are expected to know fundamental topics such as data structures and algorithms.

As a professional software engineer, you are expected to be proficient at those skills to an extent in which you can demonstrate them in practice.

The burden of verifying you acquired the skills associated with your education falls on the employer.

Fizzbuzz is trivial and should not be a problem for any developer at any level. Writing a binary search function should not be a problem either.

But I agree that the industry's obsession with competitive programming has gone too far in some cases, especially in cases where the skills being tested are not relevant for the job.

no, the burden falls on the college. that is the point, if the college is good, then you cannot graduate unless you mastered both theory and practice. and i am not talking about fizzbuzz, read my comment.

In an ideal world, yes.

In practice, many colleges fail to teach those skills.

And accreditions depend on governments which are sometimes corrupt or inept.

companies can keep a list of universities and decide to only screen those who do not have a degree from those universities. the list can be dynamically changed based on on the job feedback.

any university in western europe is pretty hard to graduate at without actually having these skills. so it is pointless to enforce coding interviews for those who graduated there. you can’t “buy” a degree there.

If you do that, you will be recruiting talent that is not necessarily good at programming and you will be excluding talent with exceptional programming skills.

If you build software that sounds like a bad idea.

The most valuable companies in the world all converged into the same recruiting processes for a reason.

Because it is a leech of a company. It can get away with it until something like that happens. Which part don't you understand?

Good distillation. Will follow-up with a blog post on this.

5. Quit and do something actually worthwhile for education with whatever sum you earned from this blend of entitlement, carelessness and greed.

Thanks for showing up here and replying. I can understand the net being cast too wide for a real problem you are trying to solve. It does have real consequences for already under-resourced communities, though.

I appreciate the "fix-it-twice" attitude implied by the RCA promise (Root Cause Analysis for those who also had to look it up). Also, consider recognition and restitution for the unnecessary work you created for the NumFOCUS director, a NumFOCUS lawyer, and the SymPy maintainers.

A $25k donation to NumFOCUS would be a good start.

If you are willing to talk about what happened publicly, I'm starting a podcast/video series to discuss business and open-source. This would make an interesting conversation. Perhaps we can turn this into a positive to raise awareness and inspire better behavior in the industry? Ping me.

> A $25k donation to NumFOCUS would be a good start.

Most of which will go to director's salaries. What do these directors do apart from harassing conference members?


Great way to get $25k (and I'm with you, I don't mean that sarcastically or that you don't deserve it), the company needs to pay up to manage somewhat their reputation.


Travis is the creator of NumPy.

I know and so what?

edit: what triggered me is that he is here promoting his podcast!!??!!? seriously, a little EQ will go a long way.

I'm sorry about triggering you. I can see your point. I did not mean to focus attention away from what happened and how to avoid it.

I am sincerely interested in seeing if the HackerRank leadership will reach out and discuss. I was not intending to promote anything I'm doing right now. I suspect they won't but I will talk to them respectfully if they do.

Let's promote the SymPy maintainers, though. Let's also promote NumFOCUS, because they do a valuable service to community-driven projects and could help SymPy respond to this sensibly. Let's also promote NumFOCUS because they efficiently and tirelessly work to help the projects they fiscally sponsor (like SymPy) -- providing legal support: https://numfocus.org/.

Perhaps something good can come out of this, still.

It is fucking happening.

Now that you've been called out publicly...

What are you doing about all the other bogus DMCA claims you company has sent (itself or via its external contractors)?

What are you doing to ensure this never happens again?

Why should we believe your answers, and how can we see concrete evidence that you've stopped doing this and made up for all the times you've done it in that past?

> What are you doing about all the other bogus DMCA claims you company has sent

Multiple commenters asked him this and he never replied. Disappointing but not surprising. It's all just superficial hand waving. They are sorry but only for bring caught.

It would be interesting to know, in comparison, how high the fees are to the company that sends the DMCA takedown requests

And how much it costs to defend oneself against such a request

I believe they would "donate" the money, but that's only if they can get a signed agreement not to be countersued.

Dear Vivek, thank you for the note. I am the original author of SymPy. Most people who work on SymPy myself included do it in our free time. So far this has cost many hours of my and many other people's free time to try to figure out what is going on and to get this resolved. I also personally reject your allegations against us.

I thought about this situation and how your company could make this right. If you would be willing to help improve the SymPy project, I think it would be very well received. If you are interested, please let us know! See Travis Oliphant's reply, you could for example donate some money to NumFOCUS. We are very good with using money that people or companies donate to fund development and we can really boost SymPy forward big time with a generous donation.

Yes, absolutely. Apologies for the disruption we caused. We are going to make a donation and here are the changes we are making https://news.ycombinator.com/item?id=31092085

No you aren't. You are only sorry this made it to the front page of HN. Revoke the contract and stop with DMCA takedowns. Unless your company has invented brand new ways of solving common algorithms everything you are doing is most likely derivative work anyway.

This company hires fresh college graduates to regurgitate famous algo problems in different wordings and slight variations and then claim copyright. Just look at their problems.

Also they take pictures and videos of candidates while taking interviews. Without that permission they don’t allow the test.

They’re not part of the problem - they’re the problem.

Are you seriously claiming copyright over other people's solutions? You have *no* right, legally or ethically, to exercise any kind of control over "solutions to company assessments" under the DMCA.

At worst, you can try to exercise the controls in the EULA that your victims agreed to, but this sounds like abuse of the legal system.

But it's working. Here is a DCMA the author tried to fight, saying hacker rank doesn't publish their solutions, and the solution is the sole work of the author: https://github.com/github/dmca/blob/ea3736a0c4c9574e0c8cea06...

guess what, it's still offline for DCMA.

The problem with the DMCA is that if the claimant disagrees with your counter notice, the content stays offline for at least enough time for a lawsuit be be filed over the contents of the post, if the claimant is actually willing to take the matter to court.

I don't think anyone will actually go through the expenses to go to court over a code snippet on Github, unless they're particularly principled, wealthy, and retired and I think Hackerrank will definitely try to send their in their legal team.

By just filing a counter notice, you're also doxing yourself to people who clearly have no interest in following the law.

Github seems to have processed the DMCA counter notice but the content is still offline. From that I gather that Hackerrank filed a lawsuit or the counter notice was retracted somehow, or Github is violating the DMCA by keeping the content offline.

> The problem with the DMCA is that if the claimant disagrees with your counter notice, the content stays offline until a lawsuit is fought out over the contents of the post.

Not quite. The obligation of the service provider when they receive a counter-notice is to inform the person who filed the original notice, and give them 10-14 days to file a court order to block the content. If they don't get that court order in that time, the service provider must put the content back up or risk losing their DMCA safe harbor.


You're absolutely right, I've edited my comment.

Yeah, the fact that the DMCA works like that makes it a guilty-until-proven-innocent system.

100% and that is ridiculous, it's going to be a cancer on the open source community. Basically patent troll level harassment, except you didn't need to go through any of the "work" or "effort" to acquire a patent, and you don't have to actually bring a suit in court for the damage to be done.

exactly. the solutions are the property of those taking the interviews.

You can't copyright algorithmic code snippets. It's like trying to copyright math. You will have an insane amount of false positive from every repository that have ever implemented a prefix sum or binary search. (Or anything autocompleted using github copilot or alphacode which I believe is trained on competitive programming styled submissions from codeforces and atcoder)

The solution would be to build some sort of cheat detector and punish only the candidate. Don't take down and lose the goodwill of the entire programming community by abusing draconian laws.

> You can't copyright algorithmic code snippets. It's like trying to copyright math.

You might first investigate just how small the piece of code was on which nearly all of Oracle's case vs. Google rested.


This is a misunderstanding of the case, as rayiner’s comment in that thread attests. That code was not the only code that was copied, there were also tens of thousands of lines of interface code that were the same. The case rested on whether the interface code was copyrightable. Oracle used that smaller sample as evidence that Google had copied carelessly from copyrighted material.

I'm sorry. I should have clarified and I can't edit my original comment now. I meant plagiarized problem statements. Usually these sites have the entire problem statements from our website along with the solution (aka code snippets to solve.)

Most, if not all, of the problem statements won't even qualify for copywrite, they are generic problems that people have been stating for decades or more and as such are extreamly unlikly to be unique or original to hackerrank.

I am sure however you have already assesed this and applied for the appropriate registration for these works that you are claiming to own the copywrite to? right?

In those cases, does the presence of the solution not make it count as fair use?

> This was definitely an unintended consequence.

A person driving 100 miles per hour down a residential street and crashing into something is an unintended consequence, but not unforeseen.

This may have been "unintended" but when you have a company file DMCA notices on your behalf without proper supervision (especially when they had filed DMCA notices like this against other open source libraries) it is not "unforeseen" for them to file a DMCA notice against a completely innocent project.

At the very minimum the open source library that was affected and their maintainers deserve monetary recompense for the time and stress that your actions have cost them.

> solutions to company assessments

Sorry, are you asserting that you hold copyright over solutions that other people write?

It would actually probably count as a derivative work under US copyright law. (Don't misread me: I do not endorse, condone, or make excuses for US copyright law. I'm just describing it).

edit: Here's an example,

- "In so doing, the magistrate judge agreed with plaintiffs’ assertion that the solution manuals sold by defendant qualified as “derivative works” under the Copyright Act. As in Pavlica v. Behr and Addison-Wesley Publ’g Co. v. Brown, defendant’s manuals complemented plaintiffs’ 187 copyrighted textbooks, had no “independent economic value” and were “meaningless’ without the textbooks because they merely provided answers to questions posed in the textbooks."

https://www.law.com/newyorklawjournal/almID/1202435027834/ (2009)

https://www.courtlistener.com/docket/4345754/pearson-educati... (the ruling is available here, gratis)

IANAL but I believe the case is different for algorithmic solutions.

The solutions to a particular textbook are entirely useless outside the context of the textbook, but the solution to "efficiently find a substring within a string" is useful in day-to-day programming. The takedown isn't aimed at the result of "convert 700m to feet", but "describe the process of converting between metres and feet", which is plain ridiculous.

Yeah this stood out to me too. If I publish code that I wrote for no remuneration, how does HackerRank claim to own the copyright to that code?

They explicitly don’t. See this: https://www.hackerrank.com/terms-of-service

Is someone going to start asserting copyright over people's varied fizzbizz solutions? Fucking bonkers!

To ensure that they aren't liable to HackerRank for any infringing content, GitHub has to keep content down for at least 10 days after receiving a counter notification.

Do you plan to contact GitHub and give them a legally binding agreement to indemnify them for any infringement of HackerRank's copyright in the material they took down (I'm sure there is no such infringement, but by agreeing you won't sue GitHub for restoring the content, you effectively retract the notice and give them no reason to wait the 10 days)?

I think a sincere apology should include steps to urgently minimise the ongoing damage to the existing victims, not just analyse what went wrong to prevent hurting other victims.

Unless in that time the people who filed the notice withdraw it and acknowledge the error. Then GitHub can immediately restore it.

I’m curious - why even bother? What will you do if someone torrents the solutions? Focus on figuring out another solution.

Leetcode for instance puts the solutions out there.

It's not an either or. We need to do the takedown AND figure out a way where we can do things like randomizing questions but preserving the integrity of it to ensure a fair evaluation, etc.

Why do the takedown though? You’ll never get rid of solutions being online.

There are solutions to most questions on leetcode on GitHub as we speak.

I don’t get it. If your assessment is designed that knowing the solution ruins it then your assessing process is broken.

I’ve literally showed candidates the solution to leetcode questions and they still don’t get it. Trying to remove solutions seems like a poor use of effort imho.

Is your company's legal position seriously that you hold copyright on independently written solutions to your prompts? If so, I'd love to see you sued for this. This issue goes way beyond just one misfire.

Exactly. When you file a DMCA takedown notice you are asserting under penalty of perjury that you own the copyright. While few have suffered consequences for false notices, pissing enough people off might change that.

> figure out a way where we can do things like randomizing questions but preserving the integrity of it to ensure a fair evaluation, etc

How does any of these have anything to do with copyright infringement in the context of DMCA takedown? Do you even own the copyright to the alleged leaked solution?

This is a horrible abuse of the DMCA. HackerRank does not own the copyright to independent solutions.

No, no you dont need to do take downs, ever.

literaly everything your assessing is programming 101. its not something that you can or should be asserting any copywrite on.

infact I would challange you to register the copywrites on your questions/answers and see exactly how far you get with that process before you even consider sending a single DMCA notice.

no, you need to find a better business idea

For content you copied to begin with????

> we need to do the takedown

You’ve made a serious mistake somewhere in your reasoning. What you believe is the property of your relatively insignificant enterprise, the whole rest of the world knows damn well is not your property.

Besides, this is small potatoes. Why don’t you copyright Wikipedia, then DMCA WikiMedia, then put your copy behind a paywall.

Wait. Wait a minute. Just wait one little minute here...

Your company has issued a DMCA takedown notice for "plagiarized code snippets" against the library-in-questions own documentation? (The take down was issued against docs.sympy.org; linked directly within sympy's GIT repo README.md: https://github.com/sympy/sympy)

And this is an "initiative" your organization has undertaken? Have you thought this through?

Where should engineers who want to learn about sympy go to attain that knowledge?

Where did your team learn about and generate the assessment questions?

Where do you stop with this initiative? Would you issue takedown notices to MDN? Stack Overflow? What about VSCode Copilot?

> Our intention with this initiative is to takedown plagiarized code snippets or solutions to company assessments.

Oooh boy I can't wait to begin publishing solutions to your company's assessments.

I hope you can go beyond root cause analysis and publish some kind of cost-benefit analysis.

The risks from misrepresenting your copyright in these cases are not small. Diebold Election Systems paid $125,000 in a similar situation: https://www.eff.org/cases/online-policy-group-v-diebold

> Our intention with this initiative is to takedown plagiarized code snippets or solutions to company assessments.

How can this be legal? Plagiarized is moreover a very conveniently vague word.

By this very vague definition the overwhelming majority of your own content has been seen on various parts of the internet way before you ever started your business.

There can't be a copyright on such a thing and I hope someone fights you in court, this is nothing short of bullying.

I hate you and your company and will make every effort to not support anyone who uses it in any form whats over.

How can you shitbags take down SymPy and then show up on HN to actually make light of it with your crapola comments while it remains taken down.

"Design an automated DMCA takedown algorithm in 40 minutes"

   For ch: char in solution.text:
     If webpage.html.indexOf(ch) >= 0 then 

I hope that all of your snippets and solutions are continued to be spread as coding interviews need to disappear and are the ultimate evil our industry has been dealing with now for several years. Besides, it's not your property anyway, it's the property of those taking the coding interviews.

Allow me to strongly suggest you stop DCMAing things without a human-with-a-clue in the loop before firing.

I get it, I'm an automate-first type of person, too. But it appears your outfit has made a habit of doing this, and you're messing with innocent people for no good reason. Doing that in a `for` loop is irresponsible as hell, and frankly you deserve the bad press you're getting. I highly recommend you reconsider.

Legacy media companies do this kind of thing, too. I hope you're more interested in your reputation than they are.

> is to takedown plagiarized code snippets or solutions to company assessments

So which is it? Plagiarized or solutions? Because unless your company actually owns the copyright for the code in question, you have no right to it.

If a Google assessment asks “how many manhole covers are there in New York” and someone decides to create a repo with “Manhole covers in New York: 23,000” there is no copyright claim.

Do HackerRank users affirmatively sign a non-disclosure agreement? I checked your terms and there is not an apparent non-disclosure agreement. If not, there isn’t any legal recourse if users decide to talk about or solve your problems off the platform.

Educational and not for profit use is often protected by Fair Use. I didn’t see the repo in question so I can’t comment on if the use of the material meets the Fair Use criteria.

However if people are sharing their answers to your questions in a repo, especially for educational or non-profit value, there isn’t much you can legally do about it. For example, If I take the GMAT and I discuss a question on Twitter, that’s allowed by Fair Use. If I offer to sell a PDF of the entire test, that would not be protected.

If someone said “hey HackerRank’s Ruby test asked a question about finding the smallest value in an array” and then they posted a solution. That’s absolutely not violating a HackerRack copyright. People even have the right to describe their experience on HackerRank in great detail.

From your own policy: “Content that You own and post on or through HackerRank belongs to You..”

So if someone wants to post their solution to a question, your own terms allow that. It’s their solution, it belongs to the user.[1]

If someone else “plagiarizes” another user’s solution, HR doesn’t have standing for a DMCA takedown. The user that created the content does, but not HR.

However even if HackerRank did own the solutions, there is a high likelihood that Fair Use would be in effect.

I have a strong dislike of HackerRank type companies because it’s pretty rare that those ridiculously academic assessments predict real world performance. They are a screening tool for the lazy. A well designed, relevant code test relating to the work of the company or a solid technical interview is much more valuable in my experience. When I was interviewing with companies, I immediately passed on the job of HackerRank was part of the hiring process. I ended up at a FAANG for over 5 years, so it’s pretty clear that anti-HackerRank bias among potential employees like me have a detrimental effect on recruiting.

[1] https://www.hackerrank.com/terms-of-service

But it's working. Here is a DCMA the author tried to fight, saying hacker rank doesn't publish their solutions, and the solution is the sole work of the author:


it's still offline for DCMA, since Dec '21

Can companies of guys like this one be penalized for sending automated DMCA requests?

Will you just stop with the DMCA bs, where you threaten random websites that talk about generic programming?

Your company does not own the basic algorithms that are the solutions to the tests on HackerRank.


I apologize in advance for the profanity. This really pissed me off.

FUCK you HackerRank, for even entertaining the notion of litigating open source projects at scale for no good reason.

FUCK you for taking down the the documentation for a harmless open source symbolic mathematics engine without any justification that I can see.

What content of your shitty ranking company could SymPy possibly have infringed on?

Also an honorable FUCK you to GitHub for your DMCA policy to take down the repository without even a standby period (perhaps with a warning?).

And FUCK the internet in 2022 for its bureaucratic and corporate spirit.

And FUCK me for not having the steel to just take my code off of GitHub. I am part of the problem.

HackerRank and LeetCode are a scourge on our industry, for more reasons than this shitty behavior.

Well said!!

Personally, I like designing and building software and have been doing so for 20+ years but after doing several HakerRank and Leetcode style interviews it makes me wish to do something else.

I’ve had FAANG recruiters tell me “study for hours per day for a few months” and then you can be ready. Even smaller companies focus on leetcode more than actual experience.

I’ve worked with plenty of optimal algorithms in my life but when I do I spend time researching and looking at many examples rather than having to memorize something that shouldn’t be memorized in the first place; but the way the interviews are done it seems like companies just want code monkeys (even the good paying companies).

No other well-paid profession tolerates this style of interview one you have experience. I would never recommend Software Engineering to anyone given the current environment.

> No other well-paid profession tolerates this style of interview one you have experience.

Not exactly true, pretty common in finance/trading as well.

It's the result of making IQ tests for jobs illegal. Leetcode and the trick questions asked in finance are just IQ tests in disguise. You can't regulate your way out of the market - if companies want smart people they'll find a way to hire smart people.

IQ tests for employment are not inherently illegal. It’s only illegal if whatever you’re testing has no bearing on the job so as to be used as a proxy for discrimination.

So a job that involves complex problem solving in unique situations would be perfectly reasonable to have an IQ test qualification. But not for something like sweeping the floors or working the assembly line in a meat processing plant.

Difference with trading though is someone is a great trader at one hedge fund they can jump ship pretty easy without hurdles. In fact they compete to get good traders.

For Software Engineering you have to jump through hurdles each time even if you have accomplished a lot at past jobs. I might be wrong but it feels like there are far more Software Engineers compared to jobs than 10 or 20 years ago.

Granted not all software jobs as the last one I got I just had to interview a CEO and show my portfolio. Seems like the algo challenges are really geared toward Silicon Valley but not it's ending up a lot of tech jobs.

Neither HackerRank nor Leetcode invented this style of interview. The questions you're complaining about predate both sites. The sites were created to help you study for those questions, they did not significantly popularize the questions.

Except, there's a difference when you're in a room with somebody who can tell when the shitty site or the vague nature of a question makes it difficult to complete the request. They can also better gauge someone's understanding of subject matter, merely by talking through the question, approach, etc.

The availability of these sites makes it seem like it's a standard, which adds to the problem. Some small company might not have taken that approach. Now, you don't want to fall behind by not making use of a widely-accepted "standard" practice.

I agree with many parts of your comment. I have been in interviews where the interviewers themselves clearly had no fundamental understanding of the problem or solution. To be clear, I didn't either, but asking clarifying questions got me nowhere.

> Now, you don't want to fall behind by not making use of a widely-accepted "standard" practice.

Absolutely. I can understand Google asking you to write a k-way distributed sort off the top of your head, but I've had similar questions from an "enterprise gone unicorn" that were clearly still in the "wtf even is cloud" phase.

Even so, there is either someone available for some clarification, in my experience. Obviously, this varies across companies and at various levels of helpfulness. Your point is valid, though. The other part there is that it puts the onus on the third-party site(s), exacerbating the problem; whereas, if the interviewers do not understand the question, they are more likely to focus on one of those items to correct going forward.

automated programming tests are pretty dystopic, it's true.

especially if the web based editor doesn't support vim style key bindings.

amusing irony that likely parts of a question were lifted from the very source that was subject to the takedown.

bigger problem i have with coding tests is that they check if someone is familiar with some subset of reference material (usually algorithms). in my experience, anyone can pull those from a book in practice and real software engineering has little to do with that and more to do with having the knowledge and experience to avoid making a mess or building weird software.

Fuck the DMCA, not GitHub!

AFAIK, they're legally required to take down material as soon as they receive a DMCA notice or else lose their safe harbor status.


That is not technically correct. There is no definition "as soon as they receive it". In fact the law calls for "expeditiously or remove" access. Courts confirmed many times that days or weeks is considered expeditious.

Github could've easily take the time and wait for SymPy to file counter notice which then allows Github to keep the content up up until courts say otherwise. Github instead elected to remove content immediately. By their choice.

That's fair. I didn't mean it literally, but should've been more precise since we're talking about a law.

I wonder how many tech companies w/ platforms have any delay. Is there precedent?

There are cases mostly around Facebook and Youtube taking weeks and prevailing on the judgement. Currently there is no established limit.

European legislators are trying to establish some time limits but these are mostly around toxic content not related to copyright.

People and corporations complicit with unjust laws are partially responsible for the injustice.

This. Especially those with real power, such as trillion dollar corporations.

That's reasonable. Apologies to GitHub. If software companies didn't do it, the DMCA goon squad would go after the data centers.

Thank you for the link.

If you don't take down something you get a DMCA notice for, do you lose safe harbor status for everything, or just for that one thing? If the latter, then wouldn't it be a good move for GitHub to ignore DMCA requests that their lawyers are sure wouldn't hold water?

As I understand, there are different safe harbors and each applies at the "service" level. It's "online service providers" that have safe harbor status.

If you lose safe harbor status you become liable for infringing content on that service.

Infringement still has to happen and you'd still have to be taken to court and lose, but it's now "as if" you yourself uploaded everything.

So in this instance GitHub would be fine, but if they didn't take down the content then they themselves would become liable for any fringing content on their platform.

Or rather Microsoft would become liable, I suppose.

IANAL. That's just my rough understanding.

Fenwick and West has a lovely 36-page FAQ: https://assets.fenwick.com/legacy/FenwickDocuments/DMCA-QA.p...

> your DMCA policy to take down the repository without even a standby period (perhaps with a warning?).

See https://github.com/github/dmca/pull/10944:

  > Before disabling any content in relation to this takedown notice, GitHub
  > - contacted the owners of some or all of the affected repositories to give them an opportunity to make changes.
  > - provided information on how to submit a DMCA Counter Notice.
(Disclosure: I work at GitHub)

One of the SymPy maintainers said they responded within 2 hours: https://news.ycombinator.com/item?id=31091731

Unless i'm mistaken about the law[0], they can only restore it after 10 business days to give the legal team of HackerRank (the claimant) time to file suit.

0: 17 U.S.C. § 512(g)(2)(b) and (c) https://www.law.cornell.edu/uscode/text/17/512

>> > - contacted the owners of some or all of the affected repositories to give them an opportunity to make changes.

This implies that GitHub is believing the DCMA notice is justified in the first place...

I will add a fuck YC for insufficiency ethics filters on who they support I suppose it can be hard to be perfectly prescient (I'm not) but that is what lawyers are for, include a don't be a dick later on clause, and enforce it.

> What content of your shitty ranking company could SymPy possibly have infringed on?

from the request[0]:

> Someone has illegally copied our client's technical exams questions and answers from their official website hackerrank.com and uploaded them on their platform without permission.

Archive of the allegedly infringing page is here[1].

0: https://github.com/github/dmca/blob/master/2022/04/2022-04-1...

1: https://web.archive.org/web/20220114132753/https://docs.symp...

intersting, im not seeing anything that looks like it would be copywritable at "questions and answers" on that archive page.

I feel like hacker rank might be facing an uphill battle for this one.

Phew, this sounded like a scene from a Tarantino movie. We engage a 3rd party for this service. That said, ultimately, we are accountable for this because it's our reputation is at stake. We are looking into it ASAP and this action will be reverted. We do need to get to the RCA to ensure we are giving strict guidelines on DMCA activity with the 3rd party or perhaps even consider switching to a new one.

You are using a third party to perform an action which at core is counter to how the Internet works, AND you are using the same third party who has acted in bad faith before and did exactly the same thing to another victim of yours, and now you're deflecting onto the third party? This is entirely on you at this point.

I literally said this in the comment above -- "That said, ultimately, we are accountable for this because it's our reputation is at stake."

I don’t like this phrasing because it sounds like you only care because it’s on the front page of HN and it’s a bad look — “because [your] reputation is at stake”.

You should care because paying someone to disrupt totally innocent open source projects is a shitty thing to do. Filing false DMCA requests on your behalf is also illegal. I like to think that if this never got any attention and your reputation wasn’t at stake, you’d still be adamant about doing the right thing. “Perhaps even consider switching“ providers doesn’t reflect the urgency in getting this right.

Here's what we are doing: https://news.ycombinator.com/item?id=31092085 You are right. HN thread triggered this. And we are working on fixing this at the core.

Better be true this time, because you have been forgiven before, haven't you?

Great response, credit where credit’s due.

That's what people say when they are ceremonially falling on their sword and don't think they really did anything wrong.

> And FUCK me for not having the steel to just take my code off of GitHub. I am part of the problem.

as a user you literally are not the problem. the problem is the monopolization of technology by a small group of investors, which makes it nearly impossible for alternatives to rise.

why isn't a platform like Github part of the commons instead of a private, proprietary fiefdom? why is it instead the private property of, and part of the investment portfolio of, a person who says things like: "As the majority of hobbyists must be aware, most of you steal your software."

I do think that I am part of the problem.

Although there is no commons alternative, there is Sourcehut - run by a team that is dedicated to the principles of free software. I should be giving them the money that I spend on GitHub.

At the very least, I should be giving them more money than I give GitHub... I will do that immediately.

Sourcehut is also subject to US law and would have to take down your project if this company files a false claim against you. The problem in this case isn't GitHub, it's the filing of false DMCA notices. And that's not solely a US problem, it can happen in the EU as well.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact