Hacker News new | past | comments | ask | show | jobs | submit login
Voice.ai denies claim it violated open source software license requirements (theregister.com)
121 points by consumer451 on Feb 18, 2023 | hide | past | favorite | 22 comments



  "In parallel, the user had joined our public Discord server and engaged in conversations on how to violate the product’s terms of service, such as reverse engineering, which led to a ban by our volunteer community moderators. This was completely unrelated to the source code request, which no one, especially not our Discord moderation team, was aware of at the time.
This is a particularly funny reason from Voice.ai, since by linking against LGPL libraries, Ronsor was absolutely permitted to reverse engineer the binary under the terms of the LGPL:

  You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, [...]
I hope the rightsholders sue them for this scummy behavior.


Also in the PR statement:

> "We hope that this will ultimately strengthen our relationship with the open source community, and are thankful to our Discord members for their support."

Yeah, ok. It’s amazing how tone deaf companies can be when it comes to the hacking community. You want a healthy relationship with the “open source world” or not? Because banning people without stating the reason will not do you any favors. Especially so when the supposed crime is disassembly. How about explaining what all that obfuscated data collection is used for instead of chasing down curious hackers?

> Ronsor's post also questions the app's heavy use of obfuscation and the data it collects, which consists of: motherboard and CPU info; audio interfaces; OS version; enabled network interfaces, IP address, and MAC address; computer hostname; and Voice.ai install path


Is there any way to prevent reverse engineering with TOS in the US? That's impossible in France, probably the same in the rest of the EU


Reverse Engineering is allowed as far as I understand. This is why Nintendo cannot take down the Dolphin Emulator.

As well your TOS only applies to those who agree. If someone pirates your software, or gets a free copy from "someone", to reverse it then you are SOL.


Note that it says you cannot restrict reverse engineering for debugging modifications to the LGPL code. I'd expect all you'd need to reverse engineer from the proprietary code to support that is how it expects to call the LGPL code. E.g., things like how it is passing arguments, how it finds the library entry points, and things like that.

From what you've quoted it sounds like one could craft a reverse engineering ban that only covers parts of the combined work that have nothing to do with modifying the LGPL code and have that be compatible with LGPL.


If I thought someone had stolen my code, I'd want to reverse engineer to be sure as well.

"He was trying to haxxors us" might be part of the story arc but they seem to be claiming it's the beginning instead of the middle.


They are required to provide the full source code for the versions that included the GPLv3 code. There is no exemption to this requirement. Removing the code is not sufficient; it shipped, so they must abide by its terms.

Otherwise, the relevant package authors should take them to court, because this should be a slam dunk win. We need more precedents for these licenses, and I am almost entirely certain that there will be lawyers that would take the case pro bono.


Violating the rules of the GPL would make it so they don't have the right to distribute that GPL code, but I can't see it making it so they are obligated to release their other code.


Yes, violating the GPL's rules means that you don't have the right to distribute that GPL code. If someone has already been distributing that GPL code against the GPL's rules, then they're committing copyright infringement. Generally speaking, most GPL copyright holders would prefer that infringers bring their distribution in line with the GPL's terms (by releasing the rest of it as GPL) than get monetary damages, but you're probably correct that they wouldn't be obliged to release their other code.

I think when the original person said "they are required to provide the full source code for the versions that included the GPLv3 code," they probably meant that in order to avoid copyright infringement, they must do that. The GPLv3 does give you the opportunity to cure violations of the license which would be done by releasing the other code under the GPLv3 (or compatible license).

Obligatory IANAL and I'm not commenting on voice.ai in particular.


Correct me if I'm wrong, but aren't the claimants also entitled to request that the defendant suspend use of the code while the trial is in progress? That's often as much of a punishment as any monetary damages awarded at the end of trial. You have to stop using our work because you're causing additional harm, now let's argue about how bad the harm was.


US copyright law permits hefty statutory damages[1] for each willful infringement, so the copyright holder could be looking at a massive payday with competent counsel. Note that the statutory damage is per copy distributed!

[1] https://www.ce9.uscourts.gov/jury-instructions/node/708


> Note that the statutory damage is per copy distributed!

Statutory damages are per work infringed, not per copy. See 17 USC 504 (c)(1) here [1].

[1] https://www.law.cornell.edu/uscode/text/17/504


> Generally speaking, most GPL copyright holders would prefer that infringers bring their distribution in line with the GPL's terms (by releasing the rest of it as GPL)

I think the more common request is to remove GPL components from the distribution.


GPL violations are not as slam dunk as you think. Prosecuting copyright in court is very expensive.

By the same logic, Animal Crossing: New Horizons is available under GPLv3 because they shipped xBRZ.


I wasn't sure of this claim and it looks like it's unclear if they did ship GPL xBRZ code: https://twitter.com/_Ninji/status/1242853245564919821


Something similar happened recently with Stockfish and ChessBase. They reached an agreement that ChessBase will no longer sell their product without complying with GPL but they aren't forced to distribute the source if they decide to stop selling.

https://stockfishchess.org/blog/2022/chessbase-stockfish-agr...


In that case it seemed to me that the Stockfish devs tried to get the maximum compensation possible but wanted to get the dispute over with.


Cleanroom exists for a reason. One of the first things I learned about code copyright is that the Ship of Theseus applies. You can't take a game engine for instance, incrementally replace every line of the original code, and then claim you have a completely independent work. It's still based on the original code.


> Cleanroom exists for a reason

Actually it does not. Cleanroom is not legally required and is actually discouraged by the (US) legal system. Directly reading the disassembled/decompiled code to learn the procedures/ideas is a fair use, as a matter of law.


Past discussion with a link to Ronsor's blog post. https://news.ycombinator.com/item?id=34681636

It looks like the source code of 0.1.25.1 has still not been released yet publicly.


[deleted]


They have already removed Praat in later versions.


You can catch someone on camera committing a crime and the first thing their lawyer will tell them is to deny it.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: