Great to see companies getting exposed for these kinds of violations. However, their response of shooting the messenger tells me that they will not simply roll over and give up their source code.
I strongly suggest contacting the owners of the open source projects and talking them into having a lawyer send a message to them. Those projects have the necessary legal standing to bring a meaningful copyright infringement case against Voice.ai.
There are plenty of lawyers that will send a suitable message, at no cost to the projects, For example, the Software Freedom Law Center [0] provides free consultations and has a good track record.
My understanding (which may be incorrect) is that the FSF actively defends copyright on GNU projects. They do not defend other projects, but they will consult with attorneys on matters of the licenses themselves.
Nevertheless, I (and I'm sure many others here on HN) would enjoy seeing the response from the FSF.
They've already distributed the software. They are required per the license to distribute the source code. They can remove the source code that requires them to do this, but existing copies of the software must are covered under the license agreements.
> existing copies of the software must are covered under the license agreements.
While this is true, it should be noted that we can't know which license will be applied at this point.
Remember that (L)GPL forces you to release your source code under some specific circumstances, and the implied condition here is that you have accepted the license in the first place. If you didn't ever agree to that license, you are clearly violating GPL but otherwise any other restriction of GPL doesn't immediately apply to you; it will have to be resolved in the court. And it is entirely possible that you and original software author(s) can reach an entirely different agreement that doesn't involve GPL at all. So as a user, you can't technically request for source codes right now. (Of course, it still is a not-too-bad strategy for users as original software authors can always demand GPL.)
That is not how it works. It was copyright infringement for them to distribute the binary without the source code. If they are made aware of this and they continue to distribute it then it becomes willful infringement each time they distribute it.
Even they you were to distribute the code after the fact that doesn't forgive the copyright infringement they did early. In the end releasing the code doesn't do anything for them other than give away their IP. The best option in this scenario for them is to stop distributing the binary to avoid willful infringement and then work to remove the GPL code from the project and then start distributing it again.
Do remember that the GPL is not a EULA. It only applies when you make copies of the code.
Also random people can't sue over this infringement. Only the copyright owner of the code can do so.
> If they are made aware of this and they continue to distribute it then it becomes willful infringement each time they distribute it.
They have been made aware via email, and they continue to distribute it via the download link. The is no need to couch this as a hypothetical scenario.
I was talking about in general. Yes, in this case they are choosing to take on legal risk. This is typically fine because almost no one ever sues over free software.
I could be wrong, but I think you misunderstand how the GPL works. The GPL doesn't require distribution of the source code along with the binaries. Most organizations do that because it's easier than the other option, which involves providing the source code to users of the software on request.
So they aren't actually infringing the copyright unless they not only don't provide the source publicly, but also don't provide it on request for at least three years.
I was making a simplification. The license requires you to either distribute the source or distribute an offer on how someone can acquire the code.
b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years
It also would require the written notice which they didn't do.
The installer also doesn't even let you view the Terms and Conditions. It's styled as a link but it literally can't be opened: https://imgur.com/CUzLdRQ
> We use technology to check for infringement on the Internet and on social platforms and may automatically (or manually) issue takedown notices for content that infringes on our IP. Simply add our approved clip to your content to avoid takedown notices. We reserve all rights.
It would be legally wrong, but morally, it would be less cut and dry. I'm not saying it is moral either, but I would like to point out that those two things aren't equal.
Would it, actually? The EU allows for decompilation in very specific cases and the GPL license means that they must provide their source code because of the way they used the GPL'd code.
If someone in the EU were to request the source code, wait a while to give them a decent amount of time, and then get the source out themselves, I don't know if the court would argue in favour of Voice.ai.
You could argue that distributing the decompiled source would violate some kind of copyright, however the GPL also includes the freedom to redistribute the requested code.
Alternatively, only contributors to the GPL'd software have any legal standing against voice.ai as a random user's freedoms being violated are probably not enforced by the users themselves. The Praat people (a university) and the libgcrypt people (GnuPG) are the ones whose license has been violated so they should be the ones free to sue, possibly with external help (EFF etc.)
I've read about more unexpected turns happening in IP court, who knows what will happen. Morally decompiling would be right, but in a legally speaking I wouldn't risk it.
Unfortunately it seems like nowadays with open source being very widespread that many companies or people simply ignore/forget that these libraries that they include in their software aren't just "public domain" because the code is public, but they have a license that should be respected and actually has legal value, so what often ends up happening is that they take advantage of open source software or libraries in their proprietary software without even giving a crap about their authors and their community
But the first error is one that you seem to have made also: that there are different types of open source licenses. GPL or other copyleft licenses generally require you to disclose the code (or make a licensing deal in some cases). Things like the MIT license are much less restrictive.
Actually, it isn't. It's the same underlying principle.
All software must be paid for, with the exception of countries which have an actual public domain. Some software is paid for with money, some with acknowledgments, and some with source code sharing. Sometimes the developer demands postcards, and sometimes they demand that you not use it for evil purposes. All of these are forms of payment.
If you don't pay for it, you don't have certain rights to it.
That's a very liberal use of the verb "pay". Payment is not the same thing as compensation, payment implies money changing hands.
"Licensing" does not have to involve any sort of payment (or even compensation). There are free software licenses with no compensation requirements at all, yet they are not covering public domain software.
Critical distinction to whom? The users? The developers? The judge and jury?
If you get pulled over for speeding, you can't argue away the ticket by saying "yes officer, but speeding is easy to fix relative to hitting someone". If you continue to violate the law despite being notified of your exact violation, then you're probably due in for some punishment. I don't see how that's so hard to understand.
On the contrary, it’s actually quite easy. They can simply upload the repository on github’s or simply tar snapshots of the source for their releases and host it themselves.
No, the issue is not that it’s hard. It’s that they don’t want to comply with copyright law. That’s an issue of criminality, not difficulty.
It's not harder to 'give away' the source code. It's part of the license(s) of the code you are linking to create your binary. It's not hard at all, actually. On the contrary, it's very easy.
Somewhere where the user can find it. That may require UI work.
> much harder to give away the source code
tar cf gpl-mandated-source.tar.gz ~/Projects/voice.ai; drag file into dropbox and email link.
That's the nice thing about this particular violation, you don't need to go over the source code at all! You just need to send over the source files that you shipped!
> the first error is one that you seem to have made also
They don't seem to have made such an error though. Their comment was very general, and permissive licenses still have conditions like giving attribution.
Only if you distribute the code. You can go take some copyleft code, modify to you liking but only run on you backend servers and that is perfectly fine. Copyright license only triggers on distribution.
This is not correct. The AGPL which is also a copyleft license "triggers" without distribution. This is possible because you as the copyright holder can decide the terms of the license you offer, and these terms do not need to be related to your exclusive rights as a copyright holder.
How does that work? How does a copyright license apply if there is no distribution? What legal mechanism allows that? You can include a TOS in the code, but that isn’t enforceable because there is no agreement forcing function like “click to agree” nor am i required to even read it. And TOS doesn’t have any laws protecting it like copyright.
Edit: Instead of voting me down point out the relevant US law that allows copyright law that applies after the distribution like a TOS to person who didn’t distribute the code.
You can't use copyrighted material without explicit permission from its authors / right holders, fair use aside. Programs are copyrighted material (since 1974 in the US IIRC). The AGPL license is what will give you the permission to use AGPL'd software, but under conditions you need to respect, to the extent permitted by law (in both ways: some uses are illegal, and some restrictions imposed by the licenses could be unenforceable).
> Suppose you develop and release a free program under the ordinary GNU GPL. If developer D modifies the program and releases it, the GPL requires him to distribute his version under the GPL too. Thus, if you get a copy of his version, you are free to incorporate some or all of his changes into your own version.
> But suppose the program is mainly useful on servers. When D modifies the program, he might very likely run it on his own server and never release copies. Then you would never get a copy of the source code of his version, so you would never have the chance to include his changes in your version. You may not like that outcome.
> Using the GNU Affero GPL avoids that outcome. If D runs his version on a server that everyone can use, you too can use it. Assuming he has followed the license requirement to let the server's users download the source code of his version, you can do so, and then you can incorporate his changes into your version. (If he hasn't followed it, you have your lawyer complain to him.)
Copyright law only covers distributed software. It is not a terms of service and cover usage. GNU site has a bunch of articles on what it covers and what it doesn't.
AGPL doesn't cover internal software if you don't expose it outside of the company.
> AGPL doesn't cover internal software if you don't expose it outside of the company.
What about "internal" users of the company modified AGPL software (eg. employees)? I would be surprised if they are not entitled to having access to the source code under the very same AGPL terms (which gives them the right to distribute the software as well).
GPL and related licenses do allow personal use of modified software without publishing or distributing it, but company internal is not "personal" use: you are exposing some users to modified AGPL software.
I haven't read AGPL in detail so I could very well be wrong: can you point to the exact clauses which allow this exception? (Or rather, exact language that does not forbid it)
Note that users (in case of AGPL) or recipients (in case of GPL) of the software might decide not to exercise their rights, which could be pretty common for employees.
> 13. Remote Network Interaction; Use with the GNU General Public License.
> Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.
I don't see how this "protects" company from offering the software to all the "internal" users under AGPLv3, allowing them to distribute it along freely under the same license.
> AGPL doesn't cover internal software if you don't expose it outside of the company.
Yes indeed, you can use AGPL software internally without redistributing the source code, as you can with GPL software by the way (since AGPL is GPL + restrictions). The FSF actually considers a license that doesn't allow private use without distribution non-free, like the Watcom 1.0 license [1,2] (while the OSI does consider this license open source [3]).
Now, I think this is a property of the license, not the copyright laws which do allow authors to place such restrictions. That's why you can't freely use Windows or Photoshop privately.
Making the user click a "I agree" checkbox is one way of letting them know the terms and conditions, but not the only one.
Originally you said "Only if you distribute the code."
If you run software on your server, and someone outside accesses the software via a web page, even if the software is still only running on your server and hasn't been distributed outside the company, if it's under the AGPL, the company must make available the source code.
If i run a AGPl database like mongo(before they switched to their own license) and had a web app that used it to persist and read data. I would not be required any modifications to mongodb because i didn't trigger copyright. Now if I let people connect to mongodb through some managed service that i was selling, i would trigger copyright because mongo protocol is proprietary and covered by copyright law. This is a textbook example how it works.
If you used a brand new implementation of whatever protocol Mongo uses that's under a less restrictive license than AGPL, you would not trigger any obligation to share the source code.
"Proprietary" in "Proprietary protocol" pretty much means "specific" / "non-standard". And you can't legally prevent someone to reimplement your proprietary protocol. I don't even think you can copyright the protocol itself. You can copyright the documentation / specification document at best, and actual implementations of it.
In "proprietary software", though, "proprietary" means "non-tree", that is, not open-source as defined by the OSD / not free software as defined by the FSF / the GNU project. The meaning of this word is very different in those two separate concepts.
The AGPL network clauses only trigger on modification, so if you deploy mongo without modification and don't distribute any code, thats fine, even if you expose mongo on the public internet.
Read the AGPL again. It has specific clauses that say that integration, not modification, of AGPL’d software applies it. Just using the AGPL’d software is the trigger.
I don't see anything about integration in the license, there is no trigger about use AFAICT.
However, in item 13, it specifically says "if you modify the Program":
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.
c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.
See also, paragraph (b):
b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices".
> AGPL doesn't cover internal software if you don't expose it outside of the company.
Yes it does. AGPL is set up in a very strange way. The source code offering is a condition of modification. It has to be kept up to date at all times, even on software that can only be accessed internally.
Copyright grants the following fives rights: 1) reproduction, 2) adaptation, 3) publication, 4) performance, and 5) display. Distribution falls under 3 while creating a derived work falls under 2.
It's a very good point. The GPL is a license you can choose if you wish to do something that would otherwise breach copyright law. The loading and execution of copyrighted code wouldn't normally require a copyright license, so you can choose to disregard the GPL or any other license that will grant you extra powers.
For example both AGPL and GPL3 say
You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so.
GPL2 has a similar clause
To me, I get the feeling the drafters of the license believe that modifiying code, even privately, and not distributing it any further than your own laptop, requires acceptance of the license, thus modifying AGPL code would require acceptance of that license.
I'm not convinced that's correct, but maybe courts see it that way. After all I suspect if I modify a copy of close source software (to say bypass some security lock) that I obtain in accordance with copyright law, not making any copies (for the purpose of copyright law) of it, I would be in breach of copyright.
If that's the case, then if you don't modify an AGPL software and just run it, you don't need to agree to the license, but if you do modify it you are in breach of copyright law unless you agree to the license.
If you are running a server connected to the internet, and it exposes an open source function, it is essentially distributing the functions with every request.
Live application runtime bytes streamed vs bytes written to a disk is not a meaningful distinction.
So yes, it "triggers" (even) without distribution: the network service being directly accessible is a sufficient condition and the distribution not a necessary one (it is also a sufficient condition though).
Distribution is network protocol which they claim copyright over. It only covers outside distribution and can't cover standardized protocols and formats because they don't own the copyright on those. If postgres was AGPL, they can't claim that ANSI SQL triggers copyright because ANSI SQL is owned by INCITS.
I have hard time understanding your comment, and even your point actually.
Distribution is distribution: sharing the binary / source code of the thing.
Network protocols are not involved at all. Network connections between the software and the end-user are.
If a particular implementation of ANSI SQL was AGPL, and you modified and used this particular implementation and exposed it to the world, you would need to redistribute the code of this particular implementation.
But that does not change anything about ANSI SQL or about any other implementation of ANSI SQL.
If it's not already, it would be nice if Google and Apple made these types of violations grounds for revoking approval of apps from their app stores.
In general I abhor the whole concept of the "blessed app" walled garden gatekeeping, but if they're doing it anyway (and they are) they may as well do some good while they're at it.
I mean, if Voice.ai doesn't have the rights to distribute a piece of software, then google and apple also do not have rights to distribute it. (They may have required that voice.ai (or whoever) indemnify them against legal action resulting from voice.ai's actions)
Perhaps the authors of praat or libgcrypt could issue a DMCA takedown request to apple and google?
Isn't a copyright violation already some sort of grounds for removal? If someone uploaded an app with a bunch of disney copyrighted stuff it would be pulled pretty quickly.
I imagine at the least the original developers could file a DMCA notice.
I for the life of me can't understand removing people who point out such critical issues from your community. Is it greed? Ignorance? Complete unawareness of the Streisand effect?
I presume that this was an attempt to prevent the complainer from complaining in their public forum where it would be read by other users of their product.
Why check and see if they have a point, when it's easier to assume they're a crank and extortionist and ban them? Gets you the nice feeling of making it all go away immediately.
A lot of tech industry doesn't seem to take FLOSS license violations very seriously.
Maybe it'd help to instead call it "IP theft", which still sounds a bit serious.
I'm not a lawyer, so I don't know how this would work, but something like the following seems interesting...
In those cases in which IP theft appears to be intentional or grossly negligent, don't respond like a nonprofit flowerchild bringing peace and love to someone who simply didn't know. Instead, get a pitbull of a lawyer, to make the perpetrator actually regret it.
Which, for startups that made claims to investors regarding ownership/rights to the IP they used, could then trigger an additional concern: defrauding investors.
Then, after news of companies sorely regretting IP theft, a lot of companies proactively ban IP-theft-laundering tools like Copilot. And the companies that keep using tools like Copilot (or who don't excise existing stolen IP code quick enough, before forensic tools catch up, and catch them), start getting called to account by the pitbulls.
> Maybe it'd help to instead call it "IP theft", which still sounds a bit serious.
Please don't. "Theft" is something very different. We're talking about contract violations.
> Instead, get a pitbull of a lawyer,
This is a piece of advice I give to everyone starting their own business anyway. Have a attorney, and it should be the meanest attorney you can find. Especially if you're a nice person.
Is it considered contract violation because the IP was publicly visible? Or because there was a license that could be used without signing?
If neither of those were true (let's say it was company secret source code, which was never licensed, but a copy was obtained and used anyway), would it still be a contract violation?
> Is it considered contract violation because the IP was publicly visible?
Not because of that, no. It's a contract violation because there is a contract of sorts (the license agreement). If the code was obtained through hacking, breaking and entering, etc., then we would be talking about theft.
> Or because there was a license that could be used without signing?
It is not necessary to sign something in order to enter into a contractual relationship. There is some gray area in terms of whether or not specific sorts of licensing is legally effective (click-wrap agreements, etc.), but the principle holds generally.
A license is type of contract. If you are using something under the terms of a license, violating the terms of that license is a kind of contract violation.
> If neither of those were true (let's say it was company secret source code, which was never licensed, but a copy was obtained and used anyway), would it still be a contract violation?
No, there is no license there. It's hard to say what, if any, violation there is in that case without knowing the specifics of the case. It could be a copyright violation. If the code was actually stolen, then it could be theft or receiving stolen property. Or it could simply not be a violation.
IANAL, by the way. I'm just relating my understanding of things. I could be wrong.
There are a few problems. Not even developers of Open Source software take it seriously, as Software Conservancy is viewed as "extremist" when they file law suits attempting to enforce GPL, with Linux Foundation explicitly saying they were NEVER sue anyone.
so if the code owners do not care why should the companies infringing on the license.
Then there is big problems with calling it theft, as legally is it not. Infringement is not theft and in most jurisdictions (if not all) in the US you are barred from calling it theft in court.
This will end when authors of a GPL licensed project with few authors (to make it easy to get everyone on board) decide they'd like some money now please, get a decent law firm to take the case on contingency and hit some company hard.
Praat would actually be a good candidate with just 2 people contributing majority of the code.
Record labels argued in court that each song shared in p2p networks that was downloaded at least once entitled them to statutory 150k USD in damages. Using that same logic Praat authors could demand 150k per release of voice.ai software at the very least.
In fact I would really like them to do that - it would fund further development of Praat at least and set a precedent showing that GPL != public domain, which seems to be the perception of many companies including large corporations, simply because nobody will care to enforce it.
Software Freedom Conservancy does enforce copyleft licenses, including suing violators. Their current lawsuit against Vizio is interesting because they aren't suing as copyright holders, but as recipients of GPL binaries from Vizio, they say that they are a third-party beneficiary of the GPL and thus they ask the court to force Vizio to release the relevant source code. Thus they create the possibility for any user of GPL binaries to sue for source code release.
Sure, try to infringe on some dual license software where one kf the licenses is GPL, these have few authors for obvious reasons. I bet the authors of Qt would sue, with an easy case for damages.
Conservancy recommends that "Community-oriented enforcement must never prioritize financial gain" because "it can in some cases work against the purpose of copyleft". They do suggest it is reasonable to ask for costs for bringing the company into compliance (lawyers fees, staff time etc) though.
Yeah, I never understood this. Why go through all the hassle of arguing over license text on a mailing list for months on end when no one is going to actually use it in court?
Well the statement about never sueing anyone "just happened" to come about at the time that Linux Foundation was also transitioning itself from being User Supported to be Large Corporate Donor Supported "Foundation of Foundations" where by the largest companies in Tech became their support base and they ended all user memberships completely.
They are business association much like BSA, and less of an Open Source Steward these days and it is highly concerning the number of open source projects they hovering up under their "protection"
I had to list all the open source projects used within the org and all the licenses for both raising VC rounds and even when we did our IPO during diligence. Copyright infringement is enforced by the DMCA which gives copyright holders teeth to enforce their copyrights. I don't know anyone that doesn't take it seriously.
The theoretical risk is great and that's enough for some companies to take it very seriously. But I haven't heard of it happening much in practice and it seems like flagrant GPL violation stories are a fairly regular occurence.
I would assume that it also takes a certain scale to be able to manage things well in this regard. There's a nasty gap in between one person and ten people, made far worse if the company needs to hit a milestone yesterday or cease to exist.
I'm sure that these violations are 100x more common than they appear, and that most of the culprits go out of business for unrelated reasons before anyone notices. Even when stealing to get a head start, running a successful business is hard.
It's also about the money. Suing people is very expensive.
As an example, a very long time ago, I was ripped off by a software company for about $10k. I talked with my (rabid dog) attorney about suing them. His response: we would have to sue in a different state, where he wasn't licensed. That means I'd have to hire another attorney. While I would almost certainly win the lawsuit, once you added up my expenses to get there, I was likely to come out of it with little actual money even assuming that my costs in pursuing the lawsuit were covered (which is not guaranteed). When you take into account the time and energy I'd also have to put into it, there wasn't much chance that I'd come out ahead over just dropping the issue.
So his question was: the only reason to sue them is on principle. Financially, I'd come out behind. Can I afford to pay to stand on principle?
My team is about to launch a real time voice conversion system built in Rust without GPL violations, and we don't DRM our models, vits, vocoders, vad, etc.
>A lot of tech industry doesn't seem to take FLOSS license violations very seriously.
devil's advocate
Why should they? The original point of the GPL was to be the anti-copyright, the copyleft. The original point was to prevent companies suing individual developers, not to be some sort of gotcha for developers to sue companies. GPL is a shield, not a sword. Why would a company care about using GPL code in their proprietary products? It's fair use. Oracle vs Google proved it. You have no rights over code you released for free, and nobody is going to side with you as a developer suing to protect those rights. Everyone sees it as a bait and switch.
I don't think the author of the GPL would agree with your telling of the origin of it. It was specifically designed to ensure code released under it would remain free, including any changes made to it by companies and other developers.
The preamble to GPL v1:
"To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it."
https://www.gnu.org/licenses/old-licenses/gpl-1.0.html
To Google v Oracle, that was IIUC down to APIs usage being fair-use, not the code itself.
That isn't what happened in that court case, less what it "proved." Fair use is highly dependent on the specific details of the usage. Before it was ruled fair use, the specific kind of code in question in that case (headers/API definitions) was ruled, and long believed to be, ineligible for copyright.
Imagine explaining a soldier that they don't need to worry about being bashed to death with a shield because it a shield was designed to block blows.
Like the purpose for which the GPL was created is irrelevant to how it's being used, and people who are aware and desire to mitigate risks will be mindful of that.
> We use deep learning technology to create realistic AI voice clones that sound exactly like an impression of anyone in the world; whether it's your favourite reality star, game character, celebrity or cartoon character.
Their business model is creepy and unethical.
> Our Voice Universe community of contributors are training incredible voices every day to create hyper-realistic replicas that sound exactly like the real person!
And they even get their users to do the dirty work for them. Classy.
>> We use deep learning technology to create realistic AI voice clones that sound exactly like an impression of anyone in the world; whether it's your favourite reality star, game character, celebrity or cartoon character.
>Their business model is creepy and unethical.
That's the weird thing to me, at least market it in some way that's not creepy. This tech can be amazing for people who have recordings of their voice but lost the ability to speak out loud since; I certainly would want to use this software for that purpose if I were ever to lose my voice long term. Or you could go the unexplored business direction and market it for voice actors and the companies that hire them (especially the lower segment, like for ads) because a voice alone cannot be copyrighted.
But no, they went the "creepy internet stalker/misinformation generator/scammer" way. Quite unimaginative.
Not to mention they have the gall to include an ethics page on their site: https://voice.ai/ethics. Not that it mentions following the licenses discussed on this thread. ROFL but in a sad way.
> Every engineer should be able to say no to building something like this
Considering it is illegal, every person is able to say no. The engineers are likely complicit, either that they didn't check, or didn't care about the license.
I'm not a fan of the GPL but in these cases it's a choice to simply not use it as opposed to steamroll through it.
I wish the OSS community had a legal team that would represent license violations like this. I have heard the FSF doesn't go after these, and EFF doesn't really tackle licensing issues like this does it?
The Software Freedom Conservancy is another place to look. They defend the GPL for a number of member projects, much like FSF does for GNU projects. (I don’t know how a project would go about becoming a member of the Conservancy)
I understand the GPLv3 angle where the violation is clear, but not asking for other source code under LGPL:
> In accordance with the LGPL v2.1, I am requesting a copy of the libgcrypt source code plus the source code of VoiceAILib.dll and of any other components, tools, and/or scripts necessary to reproduce a working executable with my own version of libgcrypt.
I thought the required binaries (needed to re-link, .obj for Windows) could be requested but the source was not required, isn't that the point of LGPL?
The point of LGPL is that it’s less viral than the GPL, specifically for linking. If you link GPL code into your project, the whole project virally becomes GPL; with LGPL, the link is the boundary. You can still request a copy of the source of that library though.
It does not. There is no such thing in copyright law as one work changing the license of another work. The idea of "virality" is incorrect.
If an author is violating the GPL by distributing e.g. MIT licensed code that links to GPL code it's up to them to choose between switching the whole work to GPL, or stop distributing it, or keep using MIT and stop including the GPL part.
They can even keep using MIT in libraries that are included in the main project and other combinations.
Yeah, I’m simplifying because the linking part is the bit that’s relevant to this discussion; any other source that isn’t HN comments is a better way to get into the details. The general point stands, which is that GPL considers linking to incorporate the library into the work whereas LGPL says it doesn’t.
> or keep using MIT and stop including the GPL part.
Well, in this case it appears that they're violating the license of the permissively licensed code, which still requires attribution. Points for uniformity, I guess...
To be pedantic, if you're mixing your code with GPL code and distributing the result then you're obligated to make it all GPL in order to follow the license, but it does not by itself become GPL.
More precisely you can make it any license that is GPL-compatible (including MIT), and distribute the source in order to follow the license. But it's okay for people to strip the GPL bits and only follow the permissive license on the rest.
This has been done for QEMU in the past, for example (QEMU for historical reasons is a mishmash of GPLv2-compatible licenses, which is fine as long as the combination is distributed under the rules of GPLv2).
Separately (really stretching the edges of my understanding here as I have not kept up with any court cases, settlements, or other ways this has come up and been resolved), it's my understanding that the nature of dynamic linking in Windows DLLs is seen by some as a proper boundary against the full GPL, such that only an affected DLL would require its entire source code available rather than the entire program. I believe the justification in such a case is that the DLL is serving it's intended/entire purpose and could be replaced.
I'm far from an expert but thought this was an interesting technical issue affecting open source licensing (perhaps similar to closed-source kernel drivers?). If anyone has recent experience sorting this out "in the real world" (amicably or not!) I'd love to hear about it.
The wording in the original article seemed to imply turning over the source was required by the LGPL, but if I understand what you're saying (You can still request a copy of the source of that library though) it should be more of a "pretty please, if you're feeling generous".
IANAL but AFAIK, the license absolutely does require them to provide the source code for any LGPL libraries that they used. It does not affect/infect their other source code, as would be the case with the full GPL. However, voice.ai was foolish enough to include a GPLv3 component in their product, so all of their source code arguably has been affected by its terms.
The user has to be given a practical way to change the LGPLed code in any way he wants.
They have to provide a way to rebuild VoiceAILib.dll with a modified version of LGPLed library, or just link the LGPL licensed library into it's own dll and don't bundle it with their own code into the same dll.
Providing the full source code for the whole dll is also a way to satisfy the LGPL's license requirements, of course.
For the LGPL portion, it was linked statically, so they need to at minimum release enough of the code so that the LGPL portion can be relinked. This would not be an issue if it was linked dynamically. If they modified the LGPL portion they also need to make those modifications available to whoever they provided the binary to.
For the GPL portion they need to release the code for the whole binary.
AFAIK the point of the LGPL is that the LGPL license parts must be replaceable with a user-modified version. The easiest way to achieve that is through dynamic linking, but it's not the only way. They could release object files of their library and the LGPL licensed parts, document how to replace the object files of the LGPL licensed parts if you wish to do so, and how to link the whole thing into a dynamic library.
One thing I'd love to see would be a way for a copyright owner (e.g. GPL library developer) to get an injunction on an infringer prohibiting them from having "no reverse engineering" clauses in their license agreements.
Here's one way to by pass GPL restrictions when you must use it for whatever reason.
Create a separate service with all the GPL codes. Write your own micro service API to communicate with it. And then open source your micro service code without opening up your propitiatory part.
Of course someone else should have thought of it before. Searched and found first hit on stackoverflow. That says it's OK at least when used in a separate VM, no shared memory between the two.
If you run the server locally you'll still need to hand out the GPL'd code but that would likely work.
The moment you include an AGPL licensed piece of code this no longer works, though. The post only mentions GPL and LGPL, but they're also violating other licenses as pointed out here in the comments. I wouldn't be surprised if there's also an AGPL licensed piece of code in there that makes this workaround impossible.
Honestly, this workaround sounds like a lot of work to maintain long term while also putting you at the whims of library maintainers who may just switch out the license on you with newer versions, leaving you to do the maintenance and security monitoring of your dependency. If you need to put so much work into avoiding complying with the license you should consider just writing your own code instead.
Well, they are going to "fix" the problem by removing the FPL code. I don't trust that for a moment. They'll morr likely remove any identifying clues so no more gpl. Don't trust anyone
See? It is good to catch grifters abusing the GPL license and holding them accountable.
We can all do the same and file complaints like this one [0] about GitHub, OpenAI and Microsoft with their Copilot product and model being trained on AGPL-3.0 code and a mixture of incompatible licenses and also outputs sensitive info of developers.
Give that Truth Social was caught using Mastodon's source code and violated the AGPL license by giving no attribution and no copy of the source code which they later complied, now we are starting to see this with AI projects violating licenses of open source projects; the same should also apply to GitHub, OpenAI and Microsoft with their Copilot product.
As far as copilot is concerned, those repos might as well be closed source. They are not accepting the license, and don't care about it. Their goal/claim is that the language model will not retain copyrightable sequences.
> Their goal/claim is that the language model will not retain copyrightable sequences.
In case people are not aware, we know for a fact this is demonstrably false. It may not even be possible to achieve this with existing models. People have replicated entire sections of GPL code (with comments) using CoPilot. This is true of other models, like image generation models which can return clearly recognisable images which were present in their training sets.
As far as I know, an AI spitting out training data has clearly been overfitted on its input.
However, I think this may be intentional, as an AI that doesn't spit out the occasional bit of training data may not be delivering output of a high enough quality.
Time to let the free software foundation know. Is this something they are likely to help the authors of the IP theft take action against Voice AI for if they refuse to comply?
It's weird reading this thread on a site where I so often read "I don't believe in invisible property." Often applied to music, movies, or art.
I'm sure it's not as simple or hypocritical as the same people saying both things. And this specific story is about a very specific subversion of intellectual property rules to make it open. But it's a little weird hearing a complete lack of "information wants to be free" when the thing being "stolen" is our work.
I think the “information wants to be free” crowd would be happier if all work was free to be stolen. GPL enforcement is currently necessary to make that happen. It would be better if it wasn’t.
The original post is consistent with "information wants to be free" - we should be free to use and view Voice.ai source code, just as Voice.ai could use and view the code of these other projects they did. The only hypocrisy I see here is from Voice.ai, taking open source code themselves but then insisting (without any right to do so) that the result has become their proprietary "invisible property" and others can't do stuff with it.
I'm not sure. If software copyright didn't exist, then source code would still be treated as trade secret. Code obfuscation would be used to make reverse engineering harder and source code wouldn't be provided, which is not a lot of change for proprietary software. In addition, copyleft and free software attributions would not exist without a framework of enforcment. A clear loss for free software.
Free software, apart from some very permissive licenses, requires copyright to exist.
We'll find out when this issue eventually ends up in court. Copilot is the most notable example of this mess.
If a judge rules that AI will regurgitate existing code or that the network stores this code, these models will very quickly infringe the GPL and all matter of licenses at the same time.
If this is the case, you'll also need to figure out what GPL compliance looks like. The code training the network likely doesn't contain any code that must be shared, only the model being executed. Does that mean that providing the entire data set complies with GPL, leaving it up to the user to spend millions on training their own network? Or does the model file itself need to be distributed as-is?
The AI people argue that AI learns concepts from code and does not store or replicate the input code directly, though I very much doubt that given that AI will spit out code it has been trained on verbatim. If this is the case then the code may have been processed by the algorithm, but the license impact would be similar to processing it in another way: just because you compress up a bunch of code doesn't mean you need to open source your compression tool.
We need clear legislation for this because the court cases are going to be a clusterfuck.
I've also read GPL code and that doesn't make anything I write GPL. It matters if the code was substationally copied or not.
So I think I would apply the same rules to AI. In general not all code produced is infringing on the copyright of all authors of training data. However there have been some clear cases of copying (GPL license text and a matrix multiplication routine for example) that do appear as copyright violations.
Imagine a model. It reads source code, and learns by heard how to execute it. Now you use that model to execute GPLed code + some changes to the code you instruct your model to also take into account. You don't need to adhere to the GPL license because your machine is merely "learning" not executing – Tadaa!
Truth is that the insight that there is no difference on data and program code in particular stands here. If the model can act on the code. It can be said to execute it.
Could you not say the same about a human? Also what you described is probably fine under the GPL because the input is source code which the users could view and edit (and if it’s not running locally the GPL doesn’t apply, only AGPL)
The healthy approach would be that AI models can 'study' code as much as they want and aggregate what they learn into a model. The 'right to read' is a thing. But the end user of the model should take care that the output they get is not infringing on anyone's copyright.
I wonder if GPL provisions regarding DRM removal and modification supersede anything in voice.ai license. If yes deobfuscating it, removing DRM and releasing it should be perfectly legal.
They can sue for damages, because the clean-hands doctrine doesn’t apply to suing for money, only applies to suing for equity (anything that isn’t money).
The doctrine if unclean hands may only be used as a defense in claims of equity – which are claims in which the court seeks to make things equal or fair, though not by ordering the payment of damages
IANAL - just noticed that and thought you might find it interesting…
That's my understanding as well, but lacking the knowledge to remove DRM and willingness to become a target of a lawsuit to prove a point I am not going to test that legal theory just yet.
To clear up this confusion about "lashing out": You gave the impression of violating the TOS by debating an offline version and offering to provide information about it, so you could circumvent DMCA takedowns. That's when the volunteer mods had a group chat and decided a ban.
We've been here before - if someone points out that the contract is void, and you ban them for then talking about or doing things that the contract forbids, the proper action is to turn around to the people who make the product you're a community mod for and go "hey, uh, it looks like you've tricked us into enforcing an illegal contract" instead of banning the person pointing out the thing you're community modding for is in multiple violations of the law.
> I personally recommend downloading a copy of the Voice.ai software and contacting the developers to request source code.
This approach is what drives corporations to adopt zero-GPL policies. The GPLv3 explicitly includes language about how to cure a violation (spoiler alert: it's not "haha, we caught you - now hand over all of your source!"), and both of the mentioned violations are available under GPLv3.
This person needs to notify the copyright holders of the GPL libraries, who can then contact the copyright holders of the violating software, starting the timer on the window in which the offending software must be cured.
> This approach is what drives corporations to adopt zero-GPL policies.
Good. It's literally the point of choosing the GPL that organisations producing proprietary software can't benefit and mix in GPL licensed work without publishing the source.
It still doesn't accomplish anything. There's nothing magic about the GPL as a license which can force proprietary code to be released as open-source. Emailing someone and saying "your product contains GPL'd code, so give me your proprietary source code" is meaningless.
The copyright-holder can take action against an organization producing proprietary software who is violating their copyright. Legally, they're violating the rights of the copyright-holder, not the end-user.
> The claim that a GPL violation could lead to the forcing open of proprietary code that has wrongfully included GPL'd components is simply wrong. There is no provision in the Copyright Act to require distribution of infringing work on altered terms. What copyright plaintiffs are entitled to, under the Act, are damages, injunctions to prevent infringing distribution, and--where appropriate--attorneys' fees. A defendant found to have wrongfully included GPL'd code in its own proprietary work can be mulcted in damages for the distribution that has already occurred, and prevented from distributing its product further. That's a sufficient disincentive to make wrongful use of GPL'd program code. And it is all that the Copyright Act permits.
It doesn't really matter if in practise the source is released, that's just one possible (ideal) outcome. As long as damage is done to those that abuse the license, that's ultimately what matters as a disincentive to prevent further/on-going abuse.
> A defendant found to have wrongfully included GPL'd code in its own proprietary work can be mulcted in damages for the distribution that has already occurred, and prevented from distributing its product further. That's a sufficient disincentive to make wrongful use of GPL'd program code. And it is all that the Copyright Act permits.
From your own quote. This is ultimately good enough. You either get the source or the proprietary software is knee-capped/no longer allowed to be distributed. From a Free Software perspective that's a win.
Is there a problem with corporations that have no intention to contribute source code back to the public adopting zero-GPL policies? It seems that this conveys more of a disadvantage upon them than the presumed alternative (they use GPLed code with abandon to build more closed-source products more easily, knowing that if caught they can always weasel themselves out of any consequences by a "curing" process), resulting in closed-source software being of lower quality, resulting in fewer incentives for users to run it and more market share and eyeballs for open-source software, which is an outcome well-aligned with the preferences of the typical developer who puts their software under GPL.
If you're talking about using GPL software in-house, that's perfectly fine. The GPL only requires you make changes available to those that you distribute the software to. So if you download GPL software, make changes to it or integrate it into your own program, and then you keep all that strictly in-house (only your own company employees can see it and use it), that's not a GPL violation, and you don't have to give your changes (or other software linked to it) to anyone outside the company.
> This approach is what drives corporations to adopt zero-GPL policies.
Good! That’s precisely the whole point of the GPL. That is: to prevent proprietary code, which harms users, from being mixed with Free Software! Proprietary software is harmful to the users. OpenAI is malware, it has cryptominers in it. It also sets off antivirus scanners. Now we’ll get to see if their claims are true by looking at the code for ourselves
The whole point of GPL is that nobody gets to ride free without contributing sources back to community. Of course companies prefer Apache or similar licenses. But then you end up with Amazon taking over products they didn't develop, never paid a cent to original developers and squeezed all fiscal potential out of the product, killing off the original.
Actually, if you can make money from my old code it makes me happy.
You are correct in that Bezos does little for the community, and AWS tends to repackage community projects. Yet, most firms do put in many paid hours on kernel development etc.
Yeah, well, you know, that's just, like, your opinion, man.
Most of my code, being I usually just make python wrappers around C/C++ libraries I want to play with, retains whatever license the original library uses. That’s the license they want, that’s the license I follow.
The rare occasion I actually put up original code on GitHub (not really sure I’ve ever done that though, I have a bad yak shaving addiction…would have to check so “theoretically”) I just use a BSD license because I don’t care — some jurisdictions require a license, that the most free one and I’d be happy if someone used my code for whatever.
I also like the LGPL or wxWidgets licenses, as it encourages professional linux application development/ports. (Qt5 was an example of doing things wrong in my opinion.)
I agree it is a personal choice, and I like giving people more freedom to build.
The punitive culture around GPLv3 is especially unsavory. =)
Some people like being nice and that's great! However, I don't think there's anything inherently wrong in authors who put their blood and sweat into the software they write and expecting some kind of concession for it. If that's not what you want to do, then that's your choice. But flippantly characterizing authors who really only want the source code to be made public as "punitive" and "especially unsavory" really rubs me the wrong way when they're basically giving away their labor for free – it's downright altruistic compared to the unsavory, punitive measures many corporate entities would rather take.
I never inferred other people should choose a specific license, but rather stated the fact GPL can contaminate large bodies of work completely unrelated to community projects (mostly v3 I take issue with). The state of Steam game compatibility is a demonstration of the conflicting use-cases hobbling a platforms potential.
In my opinion LGPL is better for libraries as if you modify lib source it obligates community participation, but doesn't force your entire project into public view when a linker touches the wrong GPL lib.
We can disagree, and from each perspective believe we are correct. I'll stick with Apache 2.0, as its better suited for my projects.
Nothing in the GPL/LGPL requires this, only distributing sources down to your users, who may or may not then redistribute the sources back upstream to the community.
Sure, I was just pointing out a misconception in your understanding of these licenses. They only require distributing downstream to your users, not back to the upstream community.
Having various people threatening patent/legal enforcement is another issue. One may believe porting to another platform like ARM64 with a patch would be clear, but people often confuse GPL means free as in free beer... it isn't... and some get extremely aggressive/possessive over mundane issues.
I go by the lawyers consensus, not some opinion on the internet from some unknown region of the world. Note, the user-base doesn't care, they only want a program to work on their platform. Some upstream publishers on the other hand can be disrespectful at times, as some can assume the worst... it usually has nothing to do with the FOSS foundations themselves.
Thanks for your opinion though, it is good to see people still interested in community projects. Happy computing, =)
Except, there are a lot of folks here who seem to think everything should fall under GPL. Even LGPL can create distribution porting/legal problems on other platforms if static linking is needed. Hence the wxWidget license covers the issue.
Some people are way more aggressive than the foundation. QED =)
> Except, there are a lot of folks here who seem to think everything should fall under GPL.
Except, there’s nothing forcing someone to take a GPL’d library and integrate it into their application.
If you don’t like the license don’t use the code and later whine about “punitive” actions taken against you.
At this point there’s no excuse for not knowing that the GPL is very restrictive and the code isn’t free-for-all. No excuse except maybe they think they won’t get caught by including some reverse-engineering clause in their TOS so people can’t find out. That worked out pretty well for these folks, no?
Many projects release under multiple licenses, and try to cover everyone's use-cases. So a user may be violating GPL rules, and not violating the rules at the same time. One often can't tell by simply looking at the source or .so dump alone.
My point was, I personally don't want to inflict my own idealism on people 10 years from now, that will be doing something completely unpredictable. =)
In 2023, after decades of abusive proprietary software, I believe all software should be maximally copyleft (AGPL). So I think watering down of copyleft licenses isn't a good idea.
Sometimes people choose a compromise, so others do not suffer the weight of personal idealism.
I rather people have unrestricted development options, and not feel like they entered a Faustian bargain. Its a personal choice, but I have only been coding since 1993… so probably don’t know any better. lol =)
I strongly suggest contacting the owners of the open source projects and talking them into having a lawyer send a message to them. Those projects have the necessary legal standing to bring a meaningful copyright infringement case against Voice.ai.
There are plenty of lawyers that will send a suitable message, at no cost to the projects, For example, the Software Freedom Law Center [0] provides free consultations and has a good track record.
[0] https://softwarefreedom.org/about/contact/