Not the first time they've taken down Github repos, some with a legal basis (partial problem text, though Fair Use might overrule that if the cases ever made it to court), others with no involvement at all (https://github.com/egfx/React-Leaderboard still hasn't been restored, for example)
Personally, I would not trust a company this unethical to certify anything. Their excuse seems to be "we're using an external service" but they chose that external service and are fully responsible for these takedowns in their name.
> A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
DMCA 512(f) provides a penalty for misrepresentation; however, it is quite difficult to actually prove such things unless the plaintiff is very, very stupid (in Latin: pro se) or obviously acting with malice.
For example, if the thing you're taking down does use your content, but it falls under fair use, you can still get away with taking it down. There is no objective test for fair use and 512(f) does not mandate one; the criteria is just that you merely considered fair use. And since fair use is a bottomless pit of grey areas, you basically can't get a 512(f) ruling out of a legitimate copyright owner. It only catches the kinds of people who, say, pretend they're Bungie so they can file DMCA takedowns Bungie can't retract in Bungie's name.
The problem is that the penalty requires prosecution by a federal district attorney. I've never managed to get a DA to prosecute perjury. I even filed a complaint against a DA once when they perjured themselves in writing. It was ruled "accidental perjury" and the case was dropped. [note: perjury has an intent element, you can't accidentally perjure yourself]
Also, the above statement is vague. The perjury clause only applies to the final clause which states that the person making the request has the authority of the rights holder. It doesn't apply to the first clause stating that the information is accurate?
I haven't read the DMCA statute in years, so I don't know if the wording in that clause parrots the wording of the statute.
Hackerrank is one of the most unscrupulous companies I have seen. I honestly dont understand how anyone is capable of doing business with them.
My own personal experience with them as been bad. I had applied a few years ago to be a part of their intern team, I have received emails scheduling my interview with them and then they eventually ignored me.
Unfortunately the way the DMCA is written means that GitHub is acting prudently here. If GitHub does not take down content they receive a valid DMCA request for, they lose their safe harbor and can be made a defendant for a future frivolous copyright suit. Nobody should be taking flak for refusing to become a party to someone else's litigation.
Hello again, Vivek, founder/CEO here. In the interest of moving swiftly, here are the actions we are going to take:
(1) We have withdrawn the DMCA notice for sympy; Sent a note to senior leadership in Github to act on this quickly.
(2) We have stopped the whole DMCA process for now and working on internal guidelines of what constitutes a real violation so that these kind of incidents don't happen. We are going to do this in-house
(3) We are going to donate $25k to the sympy project.
As a company we take a lot of pride in helping developers and it sucks to see this. I'm extremely sorry for what happened here.
I have received fake DMCA requests from WorthIT Solutions, Pakistan that you guys seems to have hired. It is sent for a simple blog entry discussing about programming algorithm!
I guess it is pretty much perjury penalty risk free to make such DMCA declaration from outside of US:
>Declaration:
I have taken fair use into consideration.
I have a good faith belief that the use of the copyrighted materials as described above is not authorized by the copyright owner, its agent, or the law. I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
It would probably be prudent to withdraw your other DMCA notices until you figure this out. You're being given the benefit of the doubt, and the other counternotice on Github doesn't exactly portray you in the best light either.
It would probably be prudent to withdraw all existing notices, never submit one again, and send donations to every single project you have ever sent a DMCA notice to, and do everything in your power to get all content re-instated, everywhere.
You aren't even really a content company, this is such a bad look. Your value is in your network of people, not in the content.
Without a discussion of how/why you thought this would be a good idea and how this has been happening on an ongoing basis, we can't really accept your apology.
Regarding (3), are you going to make similar contributions to all of the other projects that you have issued unjustifiable takedown notices? As I see it, the only reason you are making this contribution is because you got called out in public and you are getting free PR.
Proportionate contributions to other projects and individuals would go a long way to showing that you are not just playing lip service to your admission of wrongdoing. You have hurt a lot of people, and you need to make amends for your shenanigans. At the very least, you need to comp any legal fees incurred by your actions.
Personally I like Hacker Rank and consider it a good way to learn about new algorithms but at the same time I do not like the style of interviews that require it and it makes me wish I could leave the industry because it's a waste of time for people with a lot of practical experience and who have a good portfolio of apps/sites they've created.
That said, I would recommend not doing DMCA at all unless it's really serious. Sounds like your company has a lot of problems with this. Think StackOverflow, there are plenty of sites that copy it but I'm not aware of them going after anyone. If anything all the copying of a site makes it more of an authoritative source because a lot of people reference it.
StackOverflow contributions are (thankfully!) licensed under the very permissive CC-BY-SA license. I suspect the sites ripping them off are not infringing copyright.
>"As a company we take a lot of pride in helping developers and it sucks to see this."
I don't understand this because as others on this thread have pointed out you have done this before.
Further isn't much of your own content just plagiarized from other people's previous FAANG interviews?
I've never used HackerRank as I view it as something of scourge on the industry but I will probably go to extra effort and recommend to other that they not use it either.
Reading elsewhere in the thread it looks like they have been relying on firms in Pakistan and elsewhere to scour the internet for strings that appear in Hacker Rank and submit DMCA takedowns when they find these strings elsewhere. This becomes awkward when it is in fact Hacker Rank that copied the strings from the source they are DMCAing.
They should probably never send a DMCA again. It's political suicide in this industry anyway.
We really need a strikes policy for DMCA submitters built into the legislation. Like submit three dubious claims, and you lose your copyright. I've been saying it for literally 15 years.
Nice I suppose these were the pointers given to you by your PR team? What prompted (2) after all this time, considering there are previous instances of HackerRank acting hostile?
Curious how things got to the point where it took public outrage on HN to move the needle on this issue. Legal department going crazy with stuff without you realizing it maybe?
Repentance was the last thing I expected to find in here, and it did go a long way towards lowering my blood pressure.
Please don’t ever use DMCA in this way again. Even if it were somehow borderline justifiable, your users will be motivated to lambaste your company into oblivion, and to wish non-existence upon your company. Probably not the best posture for anybody concerned.
> Hello again, Vivek, founder/CEO here. In the interest of moving swiftly, here are the actions we are going to take:
So you are taking action only after news spilled all over the internet? So I can assume that if no one(in internet terms) known about it (as described in links pointing to other DMCA cases), you would do nothing to remedy your illegal (from moral stand point of view, no real one) actions.
It's only illegal if you get caught and find someone willing to prosecute you. Also if penalty for breaking law is a fine, then this law only applies to poor people.
Not only that but the ENTIRE TEAM SECTION ON THEIR WEBSITE (worthitsolutions.co) IS A BLATANT LIE. Not one of those people is real. Every single biography link leads to Lorem Ipsum. It's a shady, secretive sweatshop operating out of Lahore, Pakistan.
I didn't want to mention it in my other comment but the mere mention of "Pvt Limited" in the DMCA takedown led me to believe the company is a disgusting boiler room right next to the tech support scammers we all know (if not literally the same scammers moonlighting as DMCA enforcers). It does seem I was right and stereotypes (unfortunately for the legitimate companies from these regions) still work.
Haha wow. What hurts my soul the most is that there is no penalty, legal, financial or reputational, for this kind of bogus behaviour, like how Sony's YT bots keep claiming ownership of any performance or recording of a piece of classical music because they hold copyright over one particular recording of that piece.
The fact that there isn't any downside just shows what poor legislation the DMCA is.
If you told me that the DMCA was written entirely by the music copyright industry and handed to compliant congress members to rubber stamp, I'm likely to believe you.
One way for HackerRank to do the right thing would be to sue WorthIT for breach of contract and loss of reputation. Their contract must have included some requirements for due diligence on filing those notices, and having these bogus DMCA notices does hurt HackerRank’s reputation, especially with its target audience.
Only way to make this stop is make companies like WorthIT feel financial pain from their actions.
There's also an argument to be made that this is on HackerRank. Just because they're using a contractor to do the dirty work doesn't excuse them from responsibility for this sloppiness.
You’re assuming that this company is actually a separate entity and not some sketchy relatives of the hackerrank management providing for international cover for their bogus DMCA attacks.
What I suspect happened is that the HackerRank test legitimately (fair use) included parts of the docs (the exercise could’ve been about the library those docs are for), DMCA enforcement has been outsourced to the lowest bidder and these idiots just did a blanket search for some phrases from the test, found the official docs and DMCA’d it.
The only real solution here seems to be to find a way to hold HackerRank to account for this (in the most costly way possible), so they face an incentive to do meaningful due diligence and evaluate before partnering with someone that acts as their agent.
Ultimately it wasn't them that did this, but unless they bear a significant cost from doing so, which causes them to pursue their DMCA agent for negligence or breach of contract (or whatever other remedy is available to them), I don't see this type of thing changing.
Once a DMCA agent becomes a liability, the market will be forced to mature, and buyers will need to do due diligence to minimise their likelihood of being opened up to a large and costly battle as a result of the negligence of their agent.
The CC licenses should probably be adjusted to make a DMCA attempt a permanent revocation of license. That way DMCAs can flow in the opposite direction and people can learn things.
What scares me the most about this story is how easily it could've been a small software shop running their entire operations on GitHub getting DCMA'd without any merit, and just losing access to an important repo within 24 hours. And imagine they don't know about Hacker News. Or they posted something which didn't get enough upvotes for the offending company to respond and resolve it quickly.
As a software developer, I've surrendered so much autonomy for the sake of convenience. When it works 99% of the time, things are awesome. But god forbid you are the 1%, cause there is usually no talking to real people to get support. The only recourse is shouting about it on Twitter/HN and hope someone notices, thereby leaving everything to chance - that just makes me sad to my core.
Why did github disable the whole website when a single page was reported? From the other notices I see that there are specific files which get removed. Doesn't even make sense
I'm happy that this is now on the front page because that's how fraudulent DMCA requests get fixed :)
The goodwill lost will now surely exceed the money they saved by not doing proper due diligence. I'm optimistic that HackerRank won't make the same mistake again and other companies might take notice, too.
It would be nice if a lawyer got censured for this. That's how fraudulent DMCA takedowns should get fixed.
It would also be nice if Github would implement instant restoration via counternotice as allowed by the DMCA. Implementing only half of the law enables this sort of abuse.
You don't have to be a lawyer to send a DMCA takedown.
Companies have historically gotten away with these reckless takedowns because the law just requires that "the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law." (17 U.S.C. § 512(c)(3)(A)(v))[^1]
In a recent 9th Circuit case, Lenz v. Universal Music Corp[^2], the court held that Lenz could sue Universal Music for a bad faith takedown. Specifically, "failure to [consider fair use] raises a triable issue as to whether the copyright holder formed a subjective good faith belief that the use was not authorized by law."
However, proving that it was in bad faith could be tricky.
Hello, I'm Vivek, founder/CEO of HackerRank. Our intention with this initiative is to takedown plagiarized code snippets or solutions to company assessments. This was definitely an unintended consequence. We are looking into it ASAP and also going to do an RCA to ensure this doesn't happen again.
Thanks Vivek for responding. Speaking as one of the maintainers of SymPy (who received the DCMA takedown request by email) I would like to note some points:
1. If you do a web search for "HackerRank DMCA" you will find similar examples of this that have happened in the past (with exactly the same text).
2. The text of the request is not in any way designed to enable a reasonable response. No detail is given about what the infringing content is so there is no way to comply.
3. It is also clear from this and previous cases that whatever process is used to identify potential targets for DMCA yields false positives and no reasonable judgement seems to be applied in whether or not to issue a takedown request.
I also think that GitHub's processes are faulty here:
1. We were given one business day to reply. I replied within 2hrs to say that the request was obviously spam and then sought legal advice. The repo (and website) were shut down before we could get legal advice. One day is nowhere near enough time. The request came in on Thursday night (UK time) and in the UK both Friday and Monday are public holidays this weekend. I don't even know what one "business day" means in this situation.
2. GitHub gives some guidance for how to submit a counter claim but none of the information is applicable to a case like this where so little information is given that is simultaneously impossible to comply with the request and impossible to dispute it. If GitHub makes it this easy to spam DMCA requests then they should also provide some guidance for how to deal with spam requests.
I wonder if the FSF or someone else can come up with a good template response to DMCA requests that just don't have enough information in them. If the request doesn't even explain how you could comply then it should be possible to respond to that in a blanket fashion.
Oscar, thank you for responding and I'm terribly sorry for the disruption this has caused. I should have taken this more seriously when it sprung up on HN the first time but for whatever reason we just fixed that problem and moved on. This is a serious one and we are working on a strategy that is sustainable.
Meanwhile, if we need to make a monetary contribution for your effort or anything more we could do to promote, what would be the best way to do it? If you'd like to send me an email to discuss further, I'm available at vivek at hackerrank
I'm looking at the page that was taken down[1] and it seems to be largely full of pretty basic code snippets demonstrating how to use the Solvers module.
Your DMCA request[2] includes the statements that say, in part, that Fair Use has been considered, that you own the copyright, and that the information in that statement is true and accurate.
Could you elaborate what on that page you consider to be your copyrighted content, and how you came to hold that copyright? Is it the code snippets, as per your comment? Did your company have an employee write that content?
When the DMCA takedown request was being drafted, did someone consider whether those snippets are even qualifies as an Original Work? I'm getting at whether they contain even a minimal level of creativity, as the US Supreme Court has said is a requirement for copyright[3].
Possible solutions to affect some justice and reclaim your image:
1. Fire WorthIT Solutions (no RCA necessary, do not automate or outsource DMCA, even if it's human based automation)
2. Apologise to SymPy
3. Discuss internally the cost-vs-benefit (more than monetary) of embarking on copyright policing as part of your company's future strategy
4. Blog results of #3
WRT #3, sustainability comes to mind - if dissemination of solutions is a serious threat to your current business model/implementation (something you might want to validate anyway) then consider adapting to mitigate it to the point of irrelevance. Perhaps you are already doing this, but DMCA policing is at best a distraction and at worst a PR nightmare and menace to FOSS like today, it also doesn't scale well.
Thanks for showing up here and replying. I can understand the net being cast too wide for a real problem you are trying to solve. It does have real consequences for already under-resourced communities, though.
I appreciate the "fix-it-twice" attitude implied by the RCA promise (Root Cause Analysis for those who also had to look it up). Also, consider recognition and restitution for the unnecessary work you created for the NumFOCUS director, a NumFOCUS lawyer, and the SymPy maintainers.
A $25k donation to NumFOCUS would be a good start.
If you are willing to talk about what happened publicly, I'm starting a podcast/video series to discuss business and open-source. This would make an interesting conversation. Perhaps we can turn this into a positive to raise awareness and inspire better behavior in the industry? Ping me.
Great way to get $25k (and I'm with you, I don't mean that sarcastically or that you don't deserve it), the company needs to pay up to manage somewhat their reputation.
Dear Vivek, thank you for the note. I am the original author of SymPy. Most people who work on SymPy myself included do it in our free time. So far this has cost many hours of my and many other people's free time to try to figure out what is going on and to get this resolved. I also personally reject your allegations against us.
I thought about this situation and how your company could make this right. If you would be willing to help improve the SymPy project, I think it would be very well received. If you are interested, please let us know! See Travis Oliphant's reply, you could for example donate some money to NumFOCUS. We are very good with using money that people or companies donate to fund development and we can really boost SymPy forward big time with a generous donation.
No you aren't. You are only sorry this made it to the front page of HN. Revoke the contract and stop with DMCA takedowns. Unless your company has invented brand new ways of solving common algorithms everything you are doing is most likely derivative work anyway.
This company hires fresh college graduates to regurgitate famous algo problems in different wordings and slight variations and then claim copyright. Just look at their problems.
Also they take pictures and videos of candidates while taking interviews. Without that permission they don’t allow the test.
They’re not part of the problem - they’re the problem.
Are you seriously claiming copyright over other people's solutions? You have *no* right, legally or ethically, to exercise any kind of control over "solutions to company assessments" under the DMCA.
At worst, you can try to exercise the controls in the EULA that your victims agreed to, but this sounds like abuse of the legal system.
You can't copyright algorithmic code snippets. It's like trying to copyright math. You will have an insane amount of false positive from every repository that have ever implemented a prefix sum or binary search. (Or anything autocompleted using github copilot or alphacode which I believe is trained on competitive programming styled submissions from codeforces and atcoder)
The solution would be to build some sort of cheat detector and punish only the candidate. Don't take down and lose the goodwill of the entire programming community by abusing draconian laws.
I'm sorry. I should have clarified and I can't edit my original comment now. I meant plagiarized problem statements. Usually these sites have the entire problem statements from our website along with the solution (aka code snippets to solve.)
A person driving 100 miles per hour down a residential street and crashing into something is an unintended consequence, but not unforeseen.
This may have been "unintended" but when you have a company file DMCA notices on your behalf without proper supervision (especially when they had filed DMCA notices like this against other open source libraries) it is not "unforeseen" for them to file a DMCA notice against a completely innocent project.
At the very minimum the open source library that was affected and their maintainers deserve monetary recompense for the time and stress that your actions have cost them.
It would actually probably count as a derivative work under US copyright law. (Don't misread me: I do not endorse, condone, or make excuses for US copyright law. I'm just describing it).
edit: Here's an example,
- "In so doing, the magistrate judge agreed with plaintiffs’ assertion that the solution manuals sold by defendant qualified as “derivative works” under the Copyright Act. As in Pavlica v. Behr and Addison-Wesley Publ’g Co. v. Brown, defendant’s manuals complemented plaintiffs’ 187 copyrighted textbooks, had no “independent economic value” and were “meaningless’ without the textbooks because they merely provided answers to questions posed in the textbooks."
To ensure that they aren't liable to HackerRank for any infringing content, GitHub has to keep content down for at least 10 days after receiving a counter notification.
Do you plan to contact GitHub and give them a legally binding agreement to indemnify them for any infringement of HackerRank's copyright in the material they took down (I'm sure there is no such infringement, but by agreeing you won't sue GitHub for restoring the content, you effectively retract the notice and give them no reason to wait the 10 days)?
I think a sincere apology should include steps to urgently minimise the ongoing damage to the existing victims, not just analyse what went wrong to prevent hurting other victims.
It's not an either or. We need to do the takedown AND figure out a way where we can do things like randomizing questions but preserving the integrity of it to ensure a fair evaluation, etc.
Wait. Wait a minute. Just wait one little minute here...
Your company has issued a DMCA takedown notice for "plagiarized code snippets" against the library-in-questions own documentation? (The take down was issued against docs.sympy.org; linked directly within sympy's GIT repo README.md: https://github.com/sympy/sympy)
And this is an "initiative" your organization has undertaken? Have you thought this through?
Where should engineers who want to learn about sympy go to attain that knowledge?
Where did your team learn about and generate the assessment questions?
Where do you stop with this initiative? Would you issue takedown notices to MDN? Stack Overflow? What about VSCode Copilot?
> Our intention with this initiative is to takedown plagiarized code snippets or solutions to company assessments.
How can this be legal? Plagiarized is moreover a very conveniently vague word.
By this very vague definition the overwhelming majority of your own content has been seen on various parts of the internet way before you ever started your business.
There can't be a copyright on such a thing and I hope someone fights you in court, this is nothing short of bullying.
I hope that all of your snippets and solutions are continued to be spread as coding interviews need to disappear and are the ultimate evil our industry has been dealing with now for several years. Besides, it's not your property anyway, it's the property of those taking the coding interviews.
Allow me to strongly suggest you stop DCMAing things without a human-with-a-clue in the loop before firing.
I get it, I'm an automate-first type of person, too. But it appears your outfit has made a habit of doing this, and you're messing with innocent people for no good reason. Doing that in a `for` loop is irresponsible as hell, and frankly you deserve the bad press you're getting. I highly recommend you reconsider.
Legacy media companies do this kind of thing, too. I hope you're more interested in your reputation than they are.
> is to takedown plagiarized code snippets or solutions to company assessments
So which is it? Plagiarized or solutions? Because unless your company actually owns the copyright for the code in question, you have no right to it.
If a Google assessment asks “how many manhole covers are there in New York” and someone decides to create a repo with “Manhole covers in New York: 23,000” there is no copyright claim.
Do HackerRank users affirmatively sign a non-disclosure agreement? I checked your terms and there is not an apparent non-disclosure agreement. If not, there isn’t any legal recourse if users decide to talk about or solve your problems off the platform.
Educational and not for profit use is often protected by Fair Use. I didn’t see the repo in question so I can’t comment on if the use of the material meets the Fair Use criteria.
However if people are sharing their answers to your questions in a repo, especially for educational or non-profit value, there isn’t much you can legally do about it. For example, If I take the GMAT and I discuss a question on Twitter, that’s allowed by Fair Use. If I offer to sell a PDF of the entire test, that would not be protected.
If someone said “hey HackerRank’s Ruby test asked a question about finding the smallest value in an array” and then they posted a solution. That’s absolutely not violating a HackerRack copyright. People even have the right to describe their experience on HackerRank in great detail.
From your own policy: “Content that You own and post on or through HackerRank belongs to You..”
So if someone wants to post their solution to a question, your own terms allow that. It’s their solution, it belongs to the user.[1]
If someone else “plagiarizes” another user’s solution, HR doesn’t have standing for a DMCA takedown. The user that created the content does, but not HR.
However even if HackerRank did own the solutions, there is a high likelihood that Fair Use would be in effect.
I have a strong dislike of HackerRank type companies because it’s pretty rare that those ridiculously academic assessments predict real world performance. They are a screening tool for the lazy. A well designed, relevant code test relating to the work of the company or a solid technical interview is much more valuable in my experience. When I was interviewing with companies, I immediately passed on the job of HackerRank was part of the hiring process. I ended up at a FAANG for over 5 years, so it’s pretty clear that anti-HackerRank bias among potential employees like me have a detrimental effect on recruiting.
But it's working. Here is a DCMA the author tried to fight, saying hacker rank doesn't publish their solutions, and the solution is the sole work of the author:
Personally, I like designing and building software and have been doing so for 20+ years but after doing several HakerRank and Leetcode style interviews it makes me wish to do something else.
I’ve had FAANG recruiters tell me “study for hours per day for a few months” and then you can be ready. Even smaller companies focus on leetcode more than actual experience.
I’ve worked with plenty of optimal algorithms in my life but when I do I spend time researching and looking at many examples rather than having to memorize something that shouldn’t be memorized in the first place; but the way the interviews are done it seems like companies just want code monkeys (even the good paying companies).
No other well-paid profession tolerates this style of interview one you have experience. I would never recommend Software Engineering to anyone given the current environment.
automated programming tests are pretty dystopic, it's true.
especially if the web based editor doesn't support vim style key bindings.
amusing irony that likely parts of a question were lifted from the very source that was subject to the takedown.
bigger problem i have with coding tests is that they check if someone is familiar with some subset of reference material (usually algorithms). in my experience, anyone can pull those from a book in practice and real software engineering has little to do with that and more to do with having the knowledge and experience to avoid making a mess or building weird software.
That is not technically correct. There is no definition "as soon as they receive it". In fact the law calls for "expeditiously or remove" access. Courts confirmed many times that days or weeks is considered expeditious.
Github could've easily take the time and wait for SymPy to file counter notice which then allows Github to keep the content up up until courts say otherwise. Github instead elected to remove content immediately. By their choice.
If you don't take down something you get a DMCA notice for, do you lose safe harbor status for everything, or just for that one thing? If the latter, then wouldn't it be a good move for GitHub to ignore DMCA requests that their lawyers are sure wouldn't hold water?
> Before disabling any content in relation to this takedown notice, GitHub
> - contacted the owners of some or all of the affected repositories to give them an opportunity to make changes.
> - provided information on how to submit a DMCA Counter Notice.
I will add a fuck YC for insufficiency ethics filters on who they support
I suppose it can be hard to be perfectly prescient (I'm not)
but that is what lawyers are for, include a don't be a dick later on clause,
and enforce it.
> What content of your shitty ranking company could SymPy possibly have infringed on?
from the request[0]:
> Someone has illegally copied our client's technical exams questions and answers from their official website hackerrank.com and uploaded them on their platform without permission.
Archive of the allegedly infringing page is here[1].
Phew, this sounded like a scene from a Tarantino movie. We engage a 3rd party for this service. That said, ultimately, we are accountable for this because it's our reputation is at stake. We are looking into it ASAP and this action will be reverted. We do need to get to the RCA to ensure we are giving strict guidelines on DMCA activity with the 3rd party or perhaps even consider switching to a new one.
You are using a third party to perform an action which at core is counter to how the Internet works, AND you are using the same third party who has acted in bad faith before and did exactly the same thing to another victim of yours, and now you're deflecting onto the third party? This is entirely on you at this point.
> And FUCK me for not having the steel to just take my code off of GitHub. I am part of the problem.
as a user you literally are not the problem. the problem is the monopolization of technology by a small group of investors, which makes it nearly impossible for alternatives to rise.
why isn't a platform like Github part of the commons instead of a private, proprietary fiefdom? why is it instead the private property of, and part of the investment portfolio of, a person who says things like: "As the majority of hobbyists must be aware, most of you steal your software."
Although there is no commons alternative, there is Sourcehut - run by a team that is dedicated to the principles of free software. I should be giving them the money that I spend on GitHub.
At the very least, I should be giving them more money than I give GitHub... I will do that immediately.
Readit News
More information about previous DMCA abuse here: https://news.ycombinator.com/item?id=29239594
Personally, I would not trust a company this unethical to certify anything. Their excuse seems to be "we're using an external service" but they chose that external service and are fully responsible for these takedowns in their name.
For example they claim to own the copyright to find substring: https://news.ycombinator.com/item?id=29239926
Absolutely disgusting.
For example, if the thing you're taking down does use your content, but it falls under fair use, you can still get away with taking it down. There is no objective test for fair use and 512(f) does not mandate one; the criteria is just that you merely considered fair use. And since fair use is a bottomless pit of grey areas, you basically can't get a 512(f) ruling out of a legitimate copyright owner. It only catches the kinds of people who, say, pretend they're Bungie so they can file DMCA takedowns Bungie can't retract in Bungie's name.
Also, the above statement is vague. The perjury clause only applies to the final clause which states that the person making the request has the authority of the rights holder. It doesn't apply to the first clause stating that the information is accurate?
I haven't read the DMCA statute in years, so I don't know if the wording in that clause parrots the wording of the statute.
And there seems to this case that is worth keeping an eye on: https://www.techdirt.com/2021/03/11/court-allows-lawsuit-ove...
(1) We have withdrawn the DMCA notice for sympy; Sent a note to senior leadership in Github to act on this quickly.
(2) We have stopped the whole DMCA process for now and working on internal guidelines of what constitutes a real violation so that these kind of incidents don't happen. We are going to do this in-house
(3) We are going to donate $25k to the sympy project.
As a company we take a lot of pride in helping developers and it sucks to see this. I'm extremely sorry for what happened here.
I have received fake DMCA requests from WorthIT Solutions, Pakistan that you guys seems to have hired. It is sent for a simple blog entry discussing about programming algorithm!
I recommend training them or replacing them.
>Declaration: I have taken fair use into consideration. I have a good faith belief that the use of the copyrighted materials as described above is not authorized by the copyright owner, its agent, or the law. I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
You aren't even really a content company, this is such a bad look. Your value is in your network of people, not in the content.
Without a discussion of how/why you thought this would be a good idea and how this has been happening on an ongoing basis, we can't really accept your apology.
Proportionate contributions to other projects and individuals would go a long way to showing that you are not just playing lip service to your admission of wrongdoing. You have hurt a lot of people, and you need to make amends for your shenanigans. At the very least, you need to comp any legal fees incurred by your actions.
Personally I like Hacker Rank and consider it a good way to learn about new algorithms but at the same time I do not like the style of interviews that require it and it makes me wish I could leave the industry because it's a waste of time for people with a lot of practical experience and who have a good portfolio of apps/sites they've created.
That said, I would recommend not doing DMCA at all unless it's really serious. Sounds like your company has a lot of problems with this. Think StackOverflow, there are plenty of sites that copy it but I'm not aware of them going after anyone. If anything all the copying of a site makes it more of an authoritative source because a lot of people reference it.
I don't understand this because as others on this thread have pointed out you have done this before.
Further isn't much of your own content just plagiarized from other people's previous FAANG interviews?
I've never used HackerRank as I view it as something of scourge on the industry but I will probably go to extra effort and recommend to other that they not use it either.
Also @dang, has this post been pinned at the top of the page for everyone to see.
Edit: guess it's not..
They should probably never send a DMCA again. It's political suicide in this industry anyway.
We really need a strikes policy for DMCA submitters built into the legislation. Like submit three dubious claims, and you lose your copyright. I've been saying it for literally 15 years.
Oh really? You: commoditize humans by reducing them to a score, you: destroy their public contributions
Sounds like you're a pretty terrible dev advocate. You should be ashamed to show your username and affiliation on HN.
You've abused many other projects, some linked in the comments here, but you only seem to act when there's sufficient apparent public outrage.
1) register the copywrite of the tools you have written inhouse for hacker rank and 2) ONLY issue DMCA claims based on your registered copywrites.
The questions and peoples answers to them are not something you should EVER have even considered issuing takedown notices for.
Please don’t ever use DMCA in this way again. Even if it were somehow borderline justifiable, your users will be motivated to lambaste your company into oblivion, and to wish non-existence upon your company. Probably not the best posture for anybody concerned.
I hope other companies take note as well.
So you are taking action only after news spilled all over the internet? So I can assume that if no one(in internet terms) known about it (as described in links pointing to other DMCA cases), you would do nothing to remedy your illegal (from moral stand point of view, no real one) actions.
It's only illegal if you get caught and find someone willing to prosecute you. Also if penalty for breaking law is a fine, then this law only applies to poor people.Deleted Comment
Deleted Comment
[0]: https://www.mail-archive.com/php-webmaster@lists.php.net/msg...
The fact that there isn't any downside just shows what poor legislation the DMCA is.
If you told me that the DMCA was written entirely by the music copyright industry and handed to compliant congress members to rubber stamp, I'm likely to believe you.
Only way to make this stop is make companies like WorthIT feel financial pain from their actions.
Which is exactly what it is.
Deleted Comment
The takedown message is here – https://github.com/github/dmca/blob/master/2022/04/2022-04-1...
And the offending page is archived here, I wonder what part they wanted removed – https://web.archive.org/web/20220114132753/https://docs.symp...
The only real solution here seems to be to find a way to hold HackerRank to account for this (in the most costly way possible), so they face an incentive to do meaningful due diligence and evaluate before partnering with someone that acts as their agent.
Ultimately it wasn't them that did this, but unless they bear a significant cost from doing so, which causes them to pursue their DMCA agent for negligence or breach of contract (or whatever other remedy is available to them), I don't see this type of thing changing.
Once a DMCA agent becomes a liability, the market will be forced to mature, and buyers will need to do due diligence to minimise their likelihood of being opened up to a large and costly battle as a result of the negligence of their agent.
Not really. Nor have you considered who the actual author and copyright holder is.
Deleted Comment
As a software developer, I've surrendered so much autonomy for the sake of convenience. When it works 99% of the time, things are awesome. But god forbid you are the 1%, cause there is usually no talking to real people to get support. The only recourse is shouting about it on Twitter/HN and hope someone notices, thereby leaving everything to chance - that just makes me sad to my core.
You could definitely still blame the company at hand for not having redundancy and having a single point of failure, but the point still stands.
The goodwill lost will now surely exceed the money they saved by not doing proper due diligence. I'm optimistic that HackerRank won't make the same mistake again and other companies might take notice, too.
It would also be nice if Github would implement instant restoration via counternotice as allowed by the DMCA. Implementing only half of the law enables this sort of abuse.
Companies have historically gotten away with these reckless takedowns because the law just requires that "the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law." (17 U.S.C. § 512(c)(3)(A)(v))[^1]
In a recent 9th Circuit case, Lenz v. Universal Music Corp[^2], the court held that Lenz could sue Universal Music for a bad faith takedown. Specifically, "failure to [consider fair use] raises a triable issue as to whether the copyright holder formed a subjective good faith belief that the use was not authorized by law."
However, proving that it was in bad faith could be tricky.
Caveat: IANAL
[1]: https://www.law.cornell.edu/uscode/text/17/512#c_3_A_iv [2]: https://en.wikipedia.org/wiki/Lenz_v._Universal_Music_Corp.
[1]: github.com/github/dmca/
> Our help articles provide more details on our DMCA takedown policy and [how to file a counter notice][2].
[2]: https://docs.github.com/en/site-policy/content-removal-polic...
Sorry, everyone!
EDIT: update here https://news.ycombinator.com/item?id=31092085
1. If you do a web search for "HackerRank DMCA" you will find similar examples of this that have happened in the past (with exactly the same text).
2. The text of the request is not in any way designed to enable a reasonable response. No detail is given about what the infringing content is so there is no way to comply.
3. It is also clear from this and previous cases that whatever process is used to identify potential targets for DMCA yields false positives and no reasonable judgement seems to be applied in whether or not to issue a takedown request.
I also think that GitHub's processes are faulty here:
1. We were given one business day to reply. I replied within 2hrs to say that the request was obviously spam and then sought legal advice. The repo (and website) were shut down before we could get legal advice. One day is nowhere near enough time. The request came in on Thursday night (UK time) and in the UK both Friday and Monday are public holidays this weekend. I don't even know what one "business day" means in this situation.
2. GitHub gives some guidance for how to submit a counter claim but none of the information is applicable to a case like this where so little information is given that is simultaneously impossible to comply with the request and impossible to dispute it. If GitHub makes it this easy to spam DMCA requests then they should also provide some guidance for how to deal with spam requests.
I wonder if the FSF or someone else can come up with a good template response to DMCA requests that just don't have enough information in them. If the request doesn't even explain how you could comply then it should be possible to respond to that in a blanket fashion.
Meanwhile, if we need to make a monetary contribution for your effort or anything more we could do to promote, what would be the best way to do it? If you'd like to send me an email to discuss further, I'm available at vivek at hackerrank
Thank you & sorry!
I'm looking at the page that was taken down[1] and it seems to be largely full of pretty basic code snippets demonstrating how to use the Solvers module.
Your DMCA request[2] includes the statements that say, in part, that Fair Use has been considered, that you own the copyright, and that the information in that statement is true and accurate.
Could you elaborate what on that page you consider to be your copyrighted content, and how you came to hold that copyright? Is it the code snippets, as per your comment? Did your company have an employee write that content?
When the DMCA takedown request was being drafted, did someone consider whether those snippets are even qualifies as an Original Work? I'm getting at whether they contain even a minimal level of creativity, as the US Supreme Court has said is a requirement for copyright[3].
[1] https://web.archive.org/web/20220114132753/https://docs.symp...
[2] https://github.com/github/dmca/blob/master/2022/04/2022-04-1...
[3] https://www.copyright.gov/what-is-copyright/
Deleted Comment
All things considered, this company has done net negative impact to tech industry.
I appreciate the "fix-it-twice" attitude implied by the RCA promise (Root Cause Analysis for those who also had to look it up). Also, consider recognition and restitution for the unnecessary work you created for the NumFOCUS director, a NumFOCUS lawyer, and the SymPy maintainers.
A $25k donation to NumFOCUS would be a good start.
If you are willing to talk about what happened publicly, I'm starting a podcast/video series to discuss business and open-source. This would make an interesting conversation. Perhaps we can turn this into a positive to raise awareness and inspire better behavior in the industry? Ping me.
Most of which will go to director's salaries. What do these directors do apart from harassing conference members?
https://www.fast.ai/2020/10/28/code-of-conduct/
Dead Comment
I thought about this situation and how your company could make this right. If you would be willing to help improve the SymPy project, I think it would be very well received. If you are interested, please let us know! See Travis Oliphant's reply, you could for example donate some money to NumFOCUS. We are very good with using money that people or companies donate to fund development and we can really boost SymPy forward big time with a generous donation.
Also they take pictures and videos of candidates while taking interviews. Without that permission they don’t allow the test.
They’re not part of the problem - they’re the problem.
At worst, you can try to exercise the controls in the EULA that your victims agreed to, but this sounds like abuse of the legal system.
guess what, it's still offline for DCMA.
The solution would be to build some sort of cheat detector and punish only the candidate. Don't take down and lose the goodwill of the entire programming community by abusing draconian laws.
You might first investigate just how small the piece of code was on which nearly all of Oracle's case vs. Google rested.
https://news.ycombinator.com/item?id=11722514
A person driving 100 miles per hour down a residential street and crashing into something is an unintended consequence, but not unforeseen.
This may have been "unintended" but when you have a company file DMCA notices on your behalf without proper supervision (especially when they had filed DMCA notices like this against other open source libraries) it is not "unforeseen" for them to file a DMCA notice against a completely innocent project.
At the very minimum the open source library that was affected and their maintainers deserve monetary recompense for the time and stress that your actions have cost them.
Sorry, are you asserting that you hold copyright over solutions that other people write?
edit: Here's an example,
- "In so doing, the magistrate judge agreed with plaintiffs’ assertion that the solution manuals sold by defendant qualified as “derivative works” under the Copyright Act. As in Pavlica v. Behr and Addison-Wesley Publ’g Co. v. Brown, defendant’s manuals complemented plaintiffs’ 187 copyrighted textbooks, had no “independent economic value” and were “meaningless’ without the textbooks because they merely provided answers to questions posed in the textbooks."
https://www.law.com/newyorklawjournal/almID/1202435027834/ (2009)
https://www.courtlistener.com/docket/4345754/pearson-educati... (the ruling is available here, gratis)
Do you plan to contact GitHub and give them a legally binding agreement to indemnify them for any infringement of HackerRank's copyright in the material they took down (I'm sure there is no such infringement, but by agreeing you won't sue GitHub for restoring the content, you effectively retract the notice and give them no reason to wait the 10 days)?
I think a sincere apology should include steps to urgently minimise the ongoing damage to the existing victims, not just analyse what went wrong to prevent hurting other victims.
Leetcode for instance puts the solutions out there.
Your company has issued a DMCA takedown notice for "plagiarized code snippets" against the library-in-questions own documentation? (The take down was issued against docs.sympy.org; linked directly within sympy's GIT repo README.md: https://github.com/sympy/sympy)
And this is an "initiative" your organization has undertaken? Have you thought this through?
Where should engineers who want to learn about sympy go to attain that knowledge?
Where did your team learn about and generate the assessment questions?
Where do you stop with this initiative? Would you issue takedown notices to MDN? Stack Overflow? What about VSCode Copilot?
Oooh boy I can't wait to begin publishing solutions to your company's assessments.
The risks from misrepresenting your copyright in these cases are not small. Diebold Election Systems paid $125,000 in a similar situation: https://www.eff.org/cases/online-policy-group-v-diebold
How can this be legal? Plagiarized is moreover a very conveniently vague word.
By this very vague definition the overwhelming majority of your own content has been seen on various parts of the internet way before you ever started your business.
There can't be a copyright on such a thing and I hope someone fights you in court, this is nothing short of bullying.
How can you shitbags take down SymPy and then show up on HN to actually make light of it with your crapola comments while it remains taken down.
Deleted Comment
I get it, I'm an automate-first type of person, too. But it appears your outfit has made a habit of doing this, and you're messing with innocent people for no good reason. Doing that in a `for` loop is irresponsible as hell, and frankly you deserve the bad press you're getting. I highly recommend you reconsider.
Legacy media companies do this kind of thing, too. I hope you're more interested in your reputation than they are.
So which is it? Plagiarized or solutions? Because unless your company actually owns the copyright for the code in question, you have no right to it.
If a Google assessment asks “how many manhole covers are there in New York” and someone decides to create a repo with “Manhole covers in New York: 23,000” there is no copyright claim.
Do HackerRank users affirmatively sign a non-disclosure agreement? I checked your terms and there is not an apparent non-disclosure agreement. If not, there isn’t any legal recourse if users decide to talk about or solve your problems off the platform.
Educational and not for profit use is often protected by Fair Use. I didn’t see the repo in question so I can’t comment on if the use of the material meets the Fair Use criteria.
However if people are sharing their answers to your questions in a repo, especially for educational or non-profit value, there isn’t much you can legally do about it. For example, If I take the GMAT and I discuss a question on Twitter, that’s allowed by Fair Use. If I offer to sell a PDF of the entire test, that would not be protected.
If someone said “hey HackerRank’s Ruby test asked a question about finding the smallest value in an array” and then they posted a solution. That’s absolutely not violating a HackerRack copyright. People even have the right to describe their experience on HackerRank in great detail.
From your own policy: “Content that You own and post on or through HackerRank belongs to You..”
So if someone wants to post their solution to a question, your own terms allow that. It’s their solution, it belongs to the user.[1]
If someone else “plagiarizes” another user’s solution, HR doesn’t have standing for a DMCA takedown. The user that created the content does, but not HR.
However even if HackerRank did own the solutions, there is a high likelihood that Fair Use would be in effect.
I have a strong dislike of HackerRank type companies because it’s pretty rare that those ridiculously academic assessments predict real world performance. They are a screening tool for the lazy. A well designed, relevant code test relating to the work of the company or a solid technical interview is much more valuable in my experience. When I was interviewing with companies, I immediately passed on the job of HackerRank was part of the hiring process. I ended up at a FAANG for over 5 years, so it’s pretty clear that anti-HackerRank bias among potential employees like me have a detrimental effect on recruiting.
[1] https://www.hackerrank.com/terms-of-service
https://github.com/github/dmca/blob/ea3736a0c4c9574e0c8cea06...
it's still offline for DCMA, since Dec '21
Deleted Comment
Your company does not own the basic algorithms that are the solutions to the tests on HackerRank.
Dead Comment
FUCK you HackerRank, for even entertaining the notion of litigating open source projects at scale for no good reason.
FUCK you for taking down the the documentation for a harmless open source symbolic mathematics engine without any justification that I can see.
What content of your shitty ranking company could SymPy possibly have infringed on?
Also an honorable FUCK you to GitHub for your DMCA policy to take down the repository without even a standby period (perhaps with a warning?).
And FUCK the internet in 2022 for its bureaucratic and corporate spirit.
And FUCK me for not having the steel to just take my code off of GitHub. I am part of the problem.
Personally, I like designing and building software and have been doing so for 20+ years but after doing several HakerRank and Leetcode style interviews it makes me wish to do something else.
I’ve had FAANG recruiters tell me “study for hours per day for a few months” and then you can be ready. Even smaller companies focus on leetcode more than actual experience.
I’ve worked with plenty of optimal algorithms in my life but when I do I spend time researching and looking at many examples rather than having to memorize something that shouldn’t be memorized in the first place; but the way the interviews are done it seems like companies just want code monkeys (even the good paying companies).
No other well-paid profession tolerates this style of interview one you have experience. I would never recommend Software Engineering to anyone given the current environment.
especially if the web based editor doesn't support vim style key bindings.
amusing irony that likely parts of a question were lifted from the very source that was subject to the takedown.
bigger problem i have with coding tests is that they check if someone is familiar with some subset of reference material (usually algorithms). in my experience, anyone can pull those from a book in practice and real software engineering has little to do with that and more to do with having the knowledge and experience to avoid making a mess or building weird software.
AFAIK, they're legally required to take down material as soon as they receive a DMCA notice or else lose their safe harbor status.
https://en.m.wikipedia.org/wiki/Notice_and_take_down
Github could've easily take the time and wait for SymPy to file counter notice which then allows Github to keep the content up up until courts say otherwise. Github instead elected to remove content immediately. By their choice.
Thank you for the link.
See https://github.com/github/dmca/pull/10944:
(Disclosure: I work at GitHub)Deleted Comment
This implies that GitHub is believing the DCMA notice is justified in the first place...
from the request[0]:
> Someone has illegally copied our client's technical exams questions and answers from their official website hackerrank.com and uploaded them on their platform without permission.
Archive of the allegedly infringing page is here[1].
0: https://github.com/github/dmca/blob/master/2022/04/2022-04-1...
1: https://web.archive.org/web/20220114132753/https://docs.symp...
I feel like hacker rank might be facing an uphill battle for this one.
as a user you literally are not the problem. the problem is the monopolization of technology by a small group of investors, which makes it nearly impossible for alternatives to rise.
why isn't a platform like Github part of the commons instead of a private, proprietary fiefdom? why is it instead the private property of, and part of the investment portfolio of, a person who says things like: "As the majority of hobbyists must be aware, most of you steal your software."
Although there is no commons alternative, there is Sourcehut - run by a team that is dedicated to the principles of free software. I should be giving them the money that I spend on GitHub.
At the very least, I should be giving them more money than I give GitHub... I will do that immediately.