It seems this gpt4free was basically hijacking 3rd parties services that use GPT-4, bypassing the official OpenAI APIs in order to avoid paying for inference. Of course, that means that the hijacked 3rd parties are the ones footing the bill...
I'm not surprised they have been issued a takedown notice.
It's not clear to me that DMCA Takedown is an applicable legal process for that, but I guess when does that ever stop anyone these days.
What specific US laws do folks think that repo (or running/using the software in that repo) might have been violating? (I agree it seems likely that it's _some_ law, I'm not challenging that just asking if anyone has a legal analysis they want to share).
It's an excellent point. DMCA is for copyright. My take (I have a background in this area but IANAL): I think they can get away with the copyright because of the name/content usage (no one of the opposite end of the request is going to question that, it seems obvious), but I think it's clear to those in the know that's not WHY they went after this one.
In theory, they could probably use DCMA to go after anyone using the terms (right or wrong). In practicality, they used it as a tool to go after this particular one because they didn't like what they were doing.
Yeah what's curious to me is why OpenAI has grounds here vs [the abused 3rd parties]. Maybe they are trying to stand up for the people using their API as a courtesy because they want them to stay in business or something, but it seems the damaged parties are the 3rd party services bankrolling the access, and so they'd need to pursue legal action and/or patch their services.
I do imagine OpenAI has something in their terms where you're not allowed to use their APIs unless you agree to their terms, which includes payment and not using other accounts than your own (fraud). So maybe that's it?
CFAA[0] is one that comes to mind but I also think that has different issues with what might be overly vague terminology. It at least seems more applicable to this, though I am certainly not a legal expert.
They should be happy that OpenAI went after them with the DMCA and not for computer hacking and fraud, which is what they technically did by hijacking other people's API keys.
A lawyer must have advised this, as financial fraud likely has a higher burden of proof. They might still proceed with criminal charges (if a DA agrees) or a lawsuit.
Block access if you don't want them to access your data. No bills created.
However, if AI ends up being as mainstream as the average HN user is claiming, are you sure you aren't shooting yourself in the foot to not have your brand and product info not included in that data set if it replaces search engines?
Is it any different from a Google crawler? They put ads on your content on the SERPs after crawling it.
Why is OpenAI getting involved? They are getting paid either way. The third parties should do the takedown if they are not happy about their endpoint being scraped.
Presumably, they're looking out for their paying users (see: they want to keep those paying users), who would have a terrible experience if and when they found out someone else had been using their APIs and/or API keys.
This project is designed to allow people to use ChatGPT via reversed engineered private APIs. It's not surprising they went after this.
Here's the project description from the README:
Have you ever come across some amazing projects that you couldn't use just because you didn't have an OpenAI API key?
We've got you covered! This repository offers reverse-engineered third-party APIs for GPT-4/3.5, sourced from various websites. You can simply download this repository, and use the available modules, which are designed to be used just like OpenAI's official package. Unleash ChatGPT's potential for your projects, now! You are welcome ; ).
You are protected in your speech from the government. Commercial law does and will still apply. Arbitrary company decisions happen all the time, and GitHub makes it clear that they won’t refrain from deleting repos for whatever reason.
This is why Microsoft's takeover of Github (and OpenAI for that matter) is so tragic. They weren't required to take this down. It got taken down because Microsoft didn't like it. Microsoft now has their hooks in the open source community and can crush any project who does something they don't like.
I find it extremely sad that nowadays the EFF, FSF and ACLU are so watered down compared to the 90s (when I first read about abuses). With the wave of information and abuses that will come in the next years due to proprietary LLMs, i wish there was a new person with the drive of Stallman. Hunanity desperately NEED the new Stallmans, Lech Johansens, Russinovichs and Linuses of these new generations generations.
If the code in any way includes private API keys, or circumvents protections on another entity's private API keys, then this is intellectual theft and punishable by the law. I'm willing to bet that without those private keys, the repo is worthless.
>projects that you couldn't use just because you didn't have an OpenAI API key?
It's amazing how the repo phrases this like "having an OpenAI API key" is something that's gatekept, rather than something you get by making a free account. (You may not be able to use it, but the more honest phrasing of "don't want to pay for your own API usage" is apparently too transparent for what this is offering.)
It's a project that lets you piggyback off of others' ChatGPT API keys without their permission? If so, then it seems like it would violate both OpenAI's ToS as well as the ToS for any site that is being used as a proxy.
And is this a DMCA takedown? It's not actually specified in the readme update and I would have thought that the repo would have been hidden by now if it was one. Plus I'm not sure what they'd be claiming copyright on here (the API maybe?)
Just like all the code you write is just code you read elsewhere "repackaged". Ok sometimes you come up with what seems to be novel code, but we all know really you're just a sophisticated pattern matcher and you're just typing out the code you think is best at any given moment, based on everything you've seen and learnt from.
A lot of comments confuse this with a different repo. It has nothing to do with the name. This project is/was a way to use LLM APIs on someone else's dime. It's the equivalent of "S3 4 free" where someone would collect exposed AWS credentials and use them to store their stuff.
This isn't about exposed credentials though. It would be like an autmatic image uploder that could pick an image hosting site such as imgur and upload the image for you and give you a link. Services are offering the ability to host images for you. You aren't stealing imgur's s3 credentials. They just let any user upload images for free despite the fact it technically costs them money to host the file for you. Similarly there are sites offering the ability to serve LLM requests for you for free.
No, the 1:1 analogy you're looking for is realizing someone has a poorly protected api.domain.com endpoint that uploads images to their S3 bucket and then using that to host your own images in their bucket instead of paying for your own.
Gpt4free uses API vulnerabilities that ultimately proxy to OpenAI's API with someone else's OpenAI credentials so that you don't have to pay for it. That's the whole gimmick.
These API endpoints aren't public service open relays which seems to be what you're trying to claim in your analogy:
No service allows you to upload to some other user's Imgur account. The services like the ones you mentioned usually provide a service and do it on the user's behalf to the user's account.
Here is an interesting poem that the repo maintainer committed as a readme, incase anyone doesn't click the link:
We got a takedown request by openai's legal team...
here is a lil poem you can read in the meantime, while I am investigating it:
A little boy sat, in his humble abode.
He tinkered and toyed with devtools galore,
And found himself curious, eager for more.
He copy-pasted requests, with glee and delight,
A personal project, to last him the night.
For educational purposes, and fun it was too,
This little boy's journey had just begun anew.
Now far away, in a tower so grand,
A big company stood, ruling the land.
Their software was mighty, their power supreme,
But they never expected this boy and his dream.
As he played with their code, they started to fret,
"What if he breaks it? What if we're upset?"
They panicked and worried, their faces turned red,
As visions of chaos danced in their head.
The CEO paced in his office so wide,
His minions all scurrying to hide.
"Who is this child?" he cried out in fear,
"Who dares to disrupt our digital sphere?"
The developers gathered, their keyboards ablaze,
To analyze the boy's mischievous ways.
They studied his project, they pored through his code,
And soon they discovered his humble abode.
"We must stop him!" they cried with a shiver,
"This little boy's making our company quiver!"
So they plotted and schemed to halt his advance,
To put an end to his digital dance.
( I did not write it )
discord: https://discord.com/gpt4free
I wonder how long until GitHub acts on the DMCA? I am not familiar with the process.
OpenAI issues DMCA to GitHub, GitHub passes it along to the user, user... has the right to ignore it and leave all of the content up and update the README with a poem?
They put my site https://cocalc.com, which has chatgpt API integration, into this gpt4free. As a result, I had to modify https://cocalc.com to require sign in before providing the ChatGPT functionality to visitors, and I also explicitly updated our terms of service to clarify how our API can be used. I made a pull request https://github.com/xtekky/gpt4free/pull/461 to Gpt4free to have them remove cocalc. They were respectful, with some discussion back and forth, and they merged the PR. I personally don't think that Gpt4free should be taken down, so long as they respect the explicit requests of projects they proxy. They were certainly respectful with cocalc.
Readit News
It seems this gpt4free was basically hijacking 3rd parties services that use GPT-4, bypassing the official OpenAI APIs in order to avoid paying for inference. Of course, that means that the hijacked 3rd parties are the ones footing the bill...
I'm not surprised they have been issued a takedown notice.
What specific US laws do folks think that repo (or running/using the software in that repo) might have been violating? (I agree it seems likely that it's _some_ law, I'm not challenging that just asking if anyone has a legal analysis they want to share).
In theory, they could probably use DCMA to go after anyone using the terms (right or wrong). In practicality, they used it as a tool to go after this particular one because they didn't like what they were doing.
I do imagine OpenAI has something in their terms where you're not allowed to use their APIs unless you agree to their terms, which includes payment and not using other accounts than your own (fraud). So maybe that's it?
[0] https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
A bit like we are footing the bill for openai's training data.
However, if AI ends up being as mainstream as the average HN user is claiming, are you sure you aren't shooting yourself in the foot to not have your brand and product info not included in that data set if it replaces search engines?
Is it any different from a Google crawler? They put ads on your content on the SERPs after crawling it.
Dead Comment
Here's the project description from the README:
Source: https://github.com/xtekky/gpt4free/blob/6719bee133ce8202129e...You have to run the code to violate the terms of use, which is primarily used to bar you from the service for misusing it.
You are protected in your speech from the government. Commercial law does and will still apply. Arbitrary company decisions happen all the time, and GitHub makes it clear that they won’t refrain from deleting repos for whatever reason.
Deleted Comment
It's amazing how the repo phrases this like "having an OpenAI API key" is something that's gatekept, rather than something you get by making a free account. (You may not be able to use it, but the more honest phrasing of "don't want to pay for your own API usage" is apparently too transparent for what this is offering.)
I’m not saying this makes the above repo right, but it is gatekept.
That's a great reason for it to go somewhere.
And is this a DMCA takedown? It's not actually specified in the readme update and I would have thought that the repo would have been hidden by now if it was one. Plus I'm not sure what they'd be claiming copyright on here (the API maybe?)
Gpt4free uses API vulnerabilities that ultimately proxy to OpenAI's API with someone else's OpenAI credentials so that you don't have to pay for it. That's the whole gimmick.
These API endpoints aren't public service open relays which seems to be what you're trying to claim in your analogy:
- https://github.com/xtekky/gpt4free/issues/153
- https://github.com/xtekky/gpt4free/issues/125
https://github.com/xtekky/gpt4free/issues/153
ora.sh takedown request #125
https://github.com/xtekky/gpt4free/issues/125
OpenAI issues DMCA to GitHub, GitHub passes it along to the user, user... has the right to ignore it and leave all of the content up and update the README with a poem?