Hacker News new | ask | show | jobs
by JoshTriplett 3464 days ago
To the extent copyright applies to such information (which would vary by jurisdiction and the details of the information), it most certainly doesn't fall in the "public domain" (a widely misused term). You've granted Github a license to use it, and Github allows others to view it. The question then becomes whether users of Github's API may copy that information. Legally, Github has the ability to grant permission to third parties, so if they choose to do so, you can't un-grant that permission, because you've already granted it to Github. However, Github doesn't have to grant that permission, and may set conditions on it via their ToS and their API ToS. And it doesn't seem entirely clear whether Github's ToS allows what Gitpay has done.

Legal issues aside, though, scraping another service to create pseudo-accounts and refusing to provide even an opt-out does not seem like a good business practice. While Gitpay appears to have done several things right that other services get wrong, this definitely isn't one of them, and it needs fixing.
2 comments
jrochkind1 3464 days ago
It is unlikely your contact details are copyrightable in the first place, in the US anyway.

It is unlikely you have the legal ability to prohibit someone from publishing your contact details... _under copyright_. There may be other laws related to privacy that are relevant.

If the publisher in question is referring to "public domain", they probably have no idea what they're doing legally, "public domain" is unlikely to be relevant.

Practically, I would complain to Github itself, who is likely to frown at them doing that, and cut off their API access or what have you.

link
hnysacct 3464 days ago
Yeah, contact details as far as I know aren't copyrightable nor under public domain. Things like your personal contact details though are subject to privacy violation laws if they are used without your consent, I believe. So nothing stopping from one publishing them, but if one asks to have personal detail taken down, they should be honoured without hesitation.

I've brought the issue to Github as well for them to judge whether there is any breach. They are best to decide I guess.

link
JoshTriplett 3464 days ago
> Things like your personal contact details though are subject to privacy violation laws if they are used without your consent, I believe.

Far fewer laws about that exist than most people think, especially in the US. Some law and case law exists, but fairly narrowly. "Public disclosure of private information" doesn't apply here, since you posted the information publicly. "Intrusion of solitude" and "false light" don't apply. You could perhaps make a case for "appropriation" (using someone else's information for commercial gain without consent), but submitting that information to Github (and thus granting permission to Github under their terms, which they can choose to further grant to others) would negate that.

In any case, making legal threats doesn't seem likely to help here, and seems like overkill given the current state of the situation.

link
hnysacct 3464 days ago
Good clarification! However, no legal threats have been made as of yet. Simply pointing out TOS clauses, and discussing the matter with the community.

By the time lawyers get involved, which would be after the New Year, then the author might have already merged the PR and problem solved.

At the moment, it's simply a matter of discussion.

No urgency to push the developers to take action either.

link
jrochkind1 3463 days ago
> So nothing stopping from one publishing them, but if one asks to have personal detail taken down, they should be honoured without hesitation.

I don't think that sentence describes any actually existing law in the US.

link
JoshTriplett 3464 days ago
Contact information, yes (though in other countries it may fall under "database rights", but those same countries have stricter laws about uses of personal information). But copyright would definitely apply to some other types of profile information, such as pictures and bios.

And yes, if the project refuses to fix this issue, contacting Github seems like the right next step.

link
TAForObvReasons 3464 days ago
> The question then becomes whether users of Github's API may copy that information.

Answered opaquely in terms of service:

> Customers may access their GitHub account data via an API (Application Program Interface)

My interpretation is that the "their" qualifier disallows people from using the API to access other people's data without proper authorization.

link
JoshTriplett 3464 days ago
> My interpretation is that the "their" qualifier disallows people from using the API to access other people's data without proper authorization.

That interpretation wouldn't make sense with many well-established uses of Github's APIs today. For example, consider a CI service that tests incoming pull requests, and shows the details of each pull request, including the user who submitted it.

Showing appropriate user information in context (associated with their Github contributions), however, seems quite different from mass-scraping user information to create fake "claim me" accounts. Github may or may not want to allow that (and they can always change or clarify their position).

link