"In parallel, the user had joined our public Discord server and engaged in conversations on how to violate the product’s terms of service, such as reverse engineering, which led to a ban by our volunteer community moderators. This was completely unrelated to the source code request, which no one, especially not our Discord moderation team, was aware of at the time.
This is a particularly funny reason from Voice.ai, since by linking against LGPL libraries, Ronsor was absolutely permitted to reverse engineer the binary under the terms of the LGPL:
You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, [...]
I hope the rightsholders sue them for this scummy behavior.
> "We hope that this will ultimately strengthen our relationship with the open source community, and are thankful to our Discord members for their support."
Yeah, ok. It’s amazing how tone deaf companies can be when it comes to the hacking community. You want a healthy relationship with the “open source world” or not? Because banning people without stating the reason will not do you any favors. Especially so when the supposed crime is disassembly. How about explaining what all that obfuscated data collection is used for instead of chasing down curious hackers?
> Ronsor's post also questions the app's heavy use of obfuscation and the data it collects, which consists of: motherboard and CPU info; audio interfaces; OS version; enabled network interfaces, IP address, and MAC address; computer hostname; and Voice.ai install path
Reverse Engineering is allowed as far as I understand. This is why Nintendo cannot take down the Dolphin Emulator.
As well your TOS only applies to those who agree. If someone pirates your software, or gets a free copy from "someone", to reverse it then you are SOL.
Note that it says you cannot restrict reverse engineering for debugging modifications to the LGPL code. I'd expect all you'd need to reverse engineer from the proprietary code to support that is how it expects to call the LGPL code. E.g., things like how it is passing arguments, how it finds the library entry points, and things like that.
From what you've quoted it sounds like one could craft a reverse engineering ban that only covers parts of the combined work that have nothing to do with modifying the LGPL code and have that be compatible with LGPL.
They are required to provide the full source code for the versions that included the GPLv3 code. There is no exemption to this requirement. Removing the code is not sufficient; it shipped, so they must abide by its terms.
Otherwise, the relevant package authors should take them to court, because this should be a slam dunk win. We need more precedents for these licenses, and I am almost entirely certain that there will be lawyers that would take the case pro bono.
Violating the rules of the GPL would make it so they don't have the right to distribute that GPL code, but I can't see it making it so they are obligated to release their other code.
Yes, violating the GPL's rules means that you don't have the right to distribute that GPL code. If someone has already been distributing that GPL code against the GPL's rules, then they're committing copyright infringement. Generally speaking, most GPL copyright holders would prefer that infringers bring their distribution in line with the GPL's terms (by releasing the rest of it as GPL) than get monetary damages, but you're probably correct that they wouldn't be obliged to release their other code.
I think when the original person said "they are required to provide the full source code for the versions that included the GPLv3 code," they probably meant that in order to avoid copyright infringement, they must do that. The GPLv3 does give you the opportunity to cure violations of the license which would be done by releasing the other code under the GPLv3 (or compatible license).
Obligatory IANAL and I'm not commenting on voice.ai in particular.
Correct me if I'm wrong, but aren't the claimants also entitled to request that the defendant suspend use of the code while the trial is in progress? That's often as much of a punishment as any monetary damages awarded at the end of trial. You have to stop using our work because you're causing additional harm, now let's argue about how bad the harm was.
US copyright law permits hefty statutory damages[1] for each willful infringement, so the copyright holder could be looking at a massive payday with competent counsel. Note that the statutory damage is per copy distributed!
> Generally speaking, most GPL copyright holders would prefer that infringers bring their distribution in line with the GPL's terms (by releasing the rest of it as GPL)
I think the more common request is to remove GPL components from the distribution.
Something similar happened recently with Stockfish and ChessBase. They reached an agreement that ChessBase will no longer sell their product without complying with GPL but they aren't forced to distribute the source if they decide to stop selling.
Cleanroom exists for a reason. One of the first things I learned about code copyright is that the Ship of Theseus applies. You can't take a game engine for instance, incrementally replace every line of the original code, and then claim you have a completely independent work. It's still based on the original code.
Actually it does not. Cleanroom is not legally required and is actually discouraged by the (US) legal system. Directly reading the disassembled/decompiled code to learn the procedures/ideas is a fair use, as a matter of law.