My open source project got stolen by a HN user

Hey everyone, I've got a bit of a situation and could use some insight.

So, I created this open-source project called Outstatic (https://outstatic.com), it's been my pet project for a while. But here's the twist: I just found out someone on HN (https://news.ycombinator.com/user?id=hoofhearted) took my entire project, renamed it, and has been showing it off all over the internet as their own thing.

I'm not usually one to call people out, but this is just too much. The only reason I found out was because this person was asking for help with my project on our Discord server, and I got curious.

Turns out, they've been pretending to develop this 'new' project since April and have even been warned by the mods here for spamming about it. When I casually mentioned that I stumbled upon their project and that it looked cool, they went on and on about their 'original vision' and even had the nerve to ask me to join them as a co-founder!

I understand that open source means people can use and modify the work, but claiming total credit and denying any connection to the original project? That's a bit much. I did bring up the issue of giving credit and licensing, and the response was a vague promise of 'eventually' doing it.

Just wanted to get this off my chest and see what you all think. It's a weird spot to be in, for sure.

He's fooled a bunch of people into joining and contributing to “his project”. So I feel like I should at least warn them that they are making contributions to a "stolen” project.

Here's a list of posts where this person claims they built everything and intentionally mention all the tech stack but leaves “Outstatic” out of it: https://dub.sh/code-theft

Well, your license gave them permission to pretty much do anything. As nefarious as it may be, it is not illegal.

https://github.com/avitorio/outstatic/blob/canary/license.md

solardev · 2 years ago

It's not really about the law either, it's just a total dick move. They could've approached the OP about being co maintainers, or simply say that it's a forked version with improvements, or whatever. No need to steal credit and impersonate the OP.

hoofhearted · 2 years ago

In high-school, I got suspended a number of times for playing around with the school computers and stuff lol.

We didn’t grow up with a lot of money, so I didn’t get to play with fancy systems until school.

The things that I got in trouble for in school are now the same things that I make a living on; protecting apps from younger versions of me lol.

Some colleagues asked me before “but who would be dumb enough to try and log into a sensitive system?”.

My reply would be a naive 16 year old high schooler who doesn’t realize what they are doing, or the skill set that they may harness.

hoofhearted · 2 years ago

I have screenshots of conversations with OP offering to co maintainers and partners.

OP actually agreed, and then blocked me on Twitter lol..

No where am I impersonating OP. I am my own person, and will never claim to be someone else.

100% authentic Brandon Owens. I’ve been an ADHD disrupter all my life, ever since I was in grade school. Why would I stop now?

https://brandonowens.me/

AndreVitorio · 2 years ago

Yes, MIT License allows for modification, not going around claiming you wrote all the code.

hoofhearted · 2 years ago

Elegant operates from within the United States of America, and we can say what we want without your approval as per the first amendment of the U.S. constitution correct?

I gave you credit, did everything you asked, kissed your butt, asked you to let me join your project.

You are just scorn over something and have decided to come to the internet and spread lies and slander our name.

It’s reassuring though to see the large majority of comments on this thread say that I didn’t do anything wrong, and tough shit on your part.

Get over it already, and work on fixing your bugs and user friction so that I can use your code directly in my project without having to rewrite it unit tests and solid design principals.

Tiberium · 2 years ago

For more context, the author of the fork seemed to have stepped in to "answer" some of the concerns in the Reddit thread by OP, and some of it is just plain hilarious.

https://www.reddit.com/r/nextjs/comments/17wujjc/my_open_sou...

Claiming that the project is "a copy of a copy" because the author forgot to switch the license from the template MIT which had "Vercel" in it - https://www.reddit.com/r/nextjs/comments/17wujjc/comment/k9j...

Claiming code (!) contributions to the project, while there is only a single commit by him (fixing typos) and he has an unresolved conversation in a single GH issue - https://www.reddit.com/r/nextjs/comments/17wujjc/comment/k9j... (the commit is https://github.com/avitorio/outstatic/commit/442a3189697540e..., issue https://github.com/avitorio/outstatic/issues/73)

That wasn’t the claim at all actually

I had also been working to resolve a number of major issues within Outstatic such as licensing and GDPR concerns with the author himself privately; as to not disclose major issues on a public forum like that from out of respect.

I appreciate and understand your feelings.

What changes or updates can I make based on your feedback?

https://dub.sh/code-theft

ricardobeat · 2 years ago

I checked the source code in both projects and it seems that a fair amount of rework has happened already. They don’t really look alike beyond bits of structure and the basic layout.

This is exactly the intent of a MIT license. The only unfair aspect is that they seem to have removed the original license notice, which is a requirement.

Their project is MIT licensed too, so if you like what they’re doing you can play your Uno reverse card!

The /source directory in his repo is 90% our code. But look, I'm not mad he is using our project, it's open source after all. I'm happy it is and people can do whatever with the code.

What I'm exposing here is an attempt at making people believe he is the author of said code. Not someone who took 90% of a project and is building something with it, but that he wrote the entirety of the code.

This a comparison of the src folders using Meld: https://postimg.cc/sM2HDP7G

In the scrollbars on the right, blue is modified, green is new, black is equal. Only a handful of hooks, helpers and simple components are still the same. 90% sounds quite far from reality.

Not that I think the lack of credit given to the original project isn’t scummy, but… it’s just someone being an asshole, not much you can do about that.

sydbarrett74 · 2 years ago

Relevant portion below, taken from this page (https://dev.to/sadeedpv/someone-copied-my-code-on-github-and...):

'With the MIT license, you should really also put your copyright and license notices at the top of each source file in a comment in addition to the license file in the repo. This way if someone uses one or more files but not entire repo, your copyright notice and license declaration stays with your code, unless they deliberately remove it. With only a license file you risk someone who only needs one of your source files separating those notices from your code accidentally with no ill-intention toward you or your work.'

eviks · 2 years ago

No way, especially with bigger licenses that are hard-breaked, it's such a wasteful tax on readers' attention to have the first page of every file be some legal garbage

And the risk of copy&pasting just the code someone needs (it's not always/mostly at a file level) doesn't disappear

That 'legal garbage' is what reduces ambiguity.

As far as a tax on the reader, the reader is free to scan past the copyright section.

Your argument is vacuous.

simne · 2 years ago

Sorry disclaimer, I'm too lazy to immediately check everything myself, but will, and will write confirmed or not-confirmed.

So, I read comments and few surface details. What I note:

1. Original project is MIT licensed. MIT only forcing, IF you use it, to make special page with mentions of all MIT licensed code used in project and nothing more.

2. ANY software project could being divided to separate independent parts, which will be then rewritten based on clean room methodology, and after this you could just remove ANY mentions of MIT licensed code which was used earlier. As I understand, person who copied your project, rewritten all your code himself and NOW he have not any your code in project.

Unfortunately, now you only can do something much exceed properties of your tween, so he will have to race with you or you'll win.

codegeek · 2 years ago

It is definitely unfair at say the least. I do see that their About text in Github has outstatic but that is it. If the code was directly copied pasted (regardless of MIT license), he should at least mention your project as a courtesy. This is why we can't have nice things. I don't know how to help you more but I do feel your pain and I wish there weren't people like this in the world. But they do exist.

Yes, he just added that. After a long discussion he said he was "about to do it" and it was just a big coincidence that I brought it up. After 6 months of going around claiming he wrote all the code.

gt565k · 2 years ago

oneepic · 2 years ago

I think you're right that he stole your work without proper attribution. I'd suggest reporting his Reddit thread(s) if you haven't already. Or start a new thread like this HN one.

He took your advice, and posted slander on the next.js thread and caused a ton of people to start messaging me and harassing me and our project contributors.

The next.js mods review his claims and said that he didn’t have any grounds for a claim because he used an open mit license.

They locked the thread and said the matter was over.

OP blew it up and tried to take it further to other subreddits, and this stupid drama even pulled in Lee Robinson from Vercel.

I am making updates to my project based off the communities feedback.

Is there anything else you can recommend?

Thanks for the suggestion. I did create a thread on Reddit:

Hey Andre, I apologize for any grievances or ill feelings you have towards Elegant or my team.

I’m sorry for any miscommunications or misunderstandings, and I would be more than happy to take this offline and resolve this without continuing to pull in the development community.

elliotwu · 2 years ago

Elegant-cli's author's mistake was not including a full-text copy of your MIT license (which has your name) in the repository (his own MIT license does not count as a "proxy"). That is precisely what the MIT license requires, and hence a direct non-compliance by Elegant-cli.

However, the MIT license does not dictate how Outstatic should be mentioned in Elegant-cli's marketing materials (like their website or README file).

Though poor etiquette, it is permissible for Elegant-cli to not mention you or Outstatic anywhere else, so long as full-text license copy with your name is included in the repository.

If you needed that kind of attribution, you should have picked something like the BSD-4-Clause (https://spdx.org/licenses/BSD-4-Clause) or MIT-advertising (https://spdx.org/licenses/MIT-advertising.html) licenses, instead of the MIT license.