DEV Community

Cover image for Someone copied my code on Github and claimed it to be his own project.

Someone copied my code on Github and claimed it to be his own project.

Sadeedpv🥇 on July 15, 2022

Last week, a guy copied my source code from Github, even the comments I have written in my source code. Since it wasn't much big of a project, It d...
Collapse
 
cicirello profile image
Vincent A. Cicirello • Edited

The answer to your question depends on the license that you applied to your work. Your post doesn't indicate, but since you have a relatively small number if GitHub repositories I took a look. Some of your repos have no license specified, some have the MIT license, and 1 the Apache license. Here's a bit of an answer for all 3 cases.

Case 1: no license specified.
Technically, if you have not specified a license, and have also not explicitly put the work into the public domain, then nobody but you can legally make a copy. Whether you have explicitly stated this anywhere or not, this case is essentially a copyright with all rights reserved. If this is your intention then it should probably be a private repository. People fork and clone public repos all the time including those without licenses stated. Many mistakenly think no license means public domain which it does not.

Case 2: MIT license.
This is an all-permissive license. It allows others to do almost anything with your code. They can copy it as is. They can use it in closed source commercial software. They can change it. They can give it away for free with or without changes. They can sell it with or without changes. And so on and so forth. The only requirement is that they keep the copyright notice and license notice in tact in any copies they distribute including in "substantial portions". However, they can redistribute it with or without changes under whatever license they want. The main purpose of requiring keeping the notice is so that others know how that portion was originally licensed. They can copy non-substantial portions without including your copyright notice and license notice.

With the MIT license, you should really also put your copyright and license notices at the top of each source file in a comment in addition to the license file in the repo. This way if someone uses one or more files but not entire repo, your copyright notice and license declaration stays with your code, unless they deliberately remove it. With only a license file you risk someone who only needs one of your source files separating those notices from your code accidentally with no ill-intention toward you or your work.

Case 3: Apache license.
One of your repos uses the Apache license. Like the MIT, this is all-permissive. There are a few differences but mostly allows others to use your code how they see fit. One of the differences is that the Apache requires that any changes to your code are identified so that others know that it was changed and how. The MIT doesn't require this although many do this anyway. You should read through it for other differences as well.

As with MIT, you should also put copyright notice at top of each source file, but not the full license (too long for that). Near bottom of Apache license there is an abridged notice that you should include in comment at top of each source file. The reason for including this in the source files is the same as before---to ensure that your copyright and license notices stay with your code if only part is reused.

An all-permissive license such as MIT or Apache is as close to putting something in public domain as it gets without actually doing so. In some countries, it is the closest you can get to putting something in public domain.

If you want to retain more rights to your work, then check out so-called copyleft licenses. The GPL 3.0 is the most common of these. With the GPL 3.0, those redistributing copies or derivative works must also license with GPL 3 in addition to keeping your notices. Essentially it keeps derivative works open source, whereas MIT and Apache do not.

Collapse
 
sadeedpv profile image
Sadeedpv🥇

I have made the repo private since yesterday, So I guess it shouldn't be a problem anymore. I appreciate that you took the time to look into the problem and thanks for your effort ❤️

Collapse
 
cicirello profile image
Vincent A. Cicirello

You're welcome. Before I saw your reply I added a paragraph to end of my comment on GPL license which has a copyleft requirement. Not sure if that may be useful to you or not.

Thread Thread
 
sadeedpv profile image
Sadeedpv🥇 • Edited

I don't have much idea about what copyleft concept is. Where can I read more on the topic?

Thread Thread
 
cicirello profile image
Vincent A. Cicirello

The short explanation of "copyleft" licenses is that if you apply a "copyleft" license to your code, then anyone who creates a derivative work from your code must apply the same license to their code. This implies that any derivatives of the derivative, etc also will have the same license. In essence, it keeps your code and anything derived from it open source. Whereas with an all permissive license like MIT, there is no such obligation on those who create derivatives (e.g., MIT licensed code can be used by others, including derivatives, in closed source software). In both cases, you are still the copyright owner, but you license away more of your rights with MIT or Apache than you do with the GPL and other "copyleft" licenses.

Here's a link that explains in more detail: gnu.org/licenses/copyleft.en.html

Collapse
 
marvellous890 profile image
Ajayi Marvellous

Making the repo private doesn't solve the problem. He has already copied the code and I'm sure others have done the same, but you just saw that of his'. I think the solution is simply licensing. Thanks to Vincent A. Cicirello for clarifying all types of open source licences.

Collapse
 
philip profile image
Philip Kumah Jr

well not if he also posts it as he claims it be his.

Collapse
 
incrementis profile image
Akin C.

Hello Vincent A. Cicirello and Sadeedpv,

First I want to thank you Sadeedpv for your article.
I realize it's more of a question than an article, but in my humble opinion you're raising a topic that feels underappreciated and underrepresented.

I would also like to thank you, A. Cicirello, for taking the time to share some clarificaton regarding licenses.

Collapse
 
williamhenderson profile image
William Henderson

This is not quite right - the GitHub terms state that by publicly making your code available on the service anyone has the right to fork your code, but if it does not have a licence, they cannot do anything with the forked code and it must remain linked to the source repo

Collapse
 
cicirello profile image
Vincent A. Cicirello

Thanks. I just edited my comment to remove the line about forking.

Collapse
 
polterguy profile image
Thomas Hansen

Incredibly good answer 😊💪

Collapse
 
mikko_rantalainen_03ce77b profile image
Mikko Rantalainen

I otherwise agree but you shouldn't need to declare the license in every file separately. That was just a workaround for old US copyright system loophole which has been blocked as far as I know.

If somebody copies a source code file that doesn't contain copyright marking, modern copyright law basically defines that as "copyrighted, all rights reserved" and therefore it cannot be used unless some kind of license is obtained. A license in top level file called LICENSE is good enough for that permission but would obviously result in MIT or Apache 2.0 depending on what actually reads in that file.

Collapse
 
cicirello profile image
Vincent A. Cicirello

@mikko_rantalainen_03ce77b reread my comment at top of thread, which explains why you should include copyright and license notices at top of every source file. Without doing so, your notices and code can inadvertently end up separated when others use it. For example, the only thing MIT license requires is to retain these notices. If person A uses a single file from your repository that you licensed via MIT and you had no notice in the source file, then person B discovering your code in person A's repository will not know that you are the copyright holder of that file or how you originally licensed it. Person B will assume it is person A's code and will assume that the license of person A's repository applies to it. Person A did nothing wrong as they didn't remove your notice because it wasn't there to begin with. If person A's license is more restrictive then person B will mistakenly think those added restrictions apply to your code too.

Thread Thread
 
mikko_rantalainen_03ce77b profile image
Mikko Rantalainen

If the file doesn't contain copyright notice, it will fall in the case 1 and as you wrote, "nobody but you can legally make a copy". If somebody copies the file anyway, the extra license notice is not going to prevent it.

And if somebody copies your code to be part of their software, they might as well delete the notice, too, so it wouldn't matter anyway.

I think code is typically copy-pasted nowadays, not copied as verbatim files.

Thread Thread
 
cicirello profile image
Vincent A. Cicirello

Wrong. Deleting your notice from the file would violate most, if not all, commonly used open source licenses, including permissive licenses like MIT. Violate license terms == copyright infringement.

Thread Thread
 
mikko_rantalainen_03ce77b profile image
Mikko Rantalainen

Copying the file without license is also a copyright infringement, right? Zero difference in legal sense.

Thread Thread
 
cicirello profile image
Vincent A. Cicirello

If someone is copying the file to use in another project with a compatible license, they likely already have a license file. The only way your license doesn't get lost in the process is if your copyright notice and license notice are in the file.

Every commonly used open source license explicitly indicates to put your copyright notice and license notices in comments at the top of each source file. For longer licenses like Apache and GPL, they have a shorter notice to use in the source comments with link to full version. But they all state that you should put the notices in the source comments.

This isn't at all debatable. It's the correct way to apply a license as documented literally within the text of most (if not all) of the most commonly used licenses themselves.

Collapse
 
codenameone profile image
Shai Almog

If the project has a license and copyright that requires attribution you can report him to his host. You can also comment or use the contact form to try to convey the problem.

Notice that some copying does fall under the fair use doctrine and is OK. I see my code and writing all over the web. Often misused by spammers. Unfortunately there's not much I can do about that.

Collapse
 
bokmann profile image
David Bock

You can make a copyright claim and send a takedown notice to github. I have done this on private work-related contracts when a contractor shared an otherwise private, copyrighted project. Complete instructions are here:

docs.github.com/en/site-policy/con...

Github will take it down, the person can appeal, and your takedown notice will become a matter of public record with identifying attributes removed. If you really care about this, and contacting them has had no effect, follow those instructions to resolution.

Collapse
 
sadeedpv profile image
Sadeedpv🥇

Thanks for the feedback ❤️

Collapse
 
traleeee profile image
Tra Le

You have to search for open source licenses.
You can readmore here

Collapse
 
sadeedpv profile image
Sadeedpv🥇

Hey, which license would you recommend to prevent users from copying the projects and publishing them as their own?

Collapse
 
dogers profile image
Dogers

It depends what your goal is - if you don't want anyone to see/use/edit your code at all, don't make it public and write your own closed source license.

If you just don't want people to claim your code as their own then a "copy-left" license is probably what you want. Jmaus post and link is probably the best - dev.to/jmau111/comment/2082h

Thread Thread
 
raibtoffoletto profile image
Raí B. Toffoletto

I'm sorry to read that @sadeedpv

I'd use GPL 3. They need to refer tonand keep they project opensource. Otherwise private way it's.... =\

Collapse
 
mistval profile image
Randall

I really enjoyed Vincent's answer and learned from it.

But my perspective is that it's really not worth worrying about, unless you intend to make money from it, and are willing to litigate. If not, just take it in stride and forget about it. If anything, consider it a compliment.

I put all my open source code under the MIT license. Some of it is fairly significant and I've seen parts of it copied without respecting the license. But it doesn't really bother me honestly. If people are finding it useful and building things with it, I'm happy.

Collapse
 
sadeedpv profile image
Sadeedpv🥇

I did try to talk to him. But he seems to ignore my messages.

Collapse
 
ghostclonelol2000 profile image
<}:-{~ .A.K.a. DOOM

me

Collapse
 
stefjoosten profile image
Stef Joosten • Edited

To present somebody else's work as your own is illegal. It doesn't matter which license you offer; it is illegal. This right is protected under the Universal Copyright Convention (UAC) and Bern Convention, both of which are internationally agreed treaties that most countries have adopted.
The right to call yourself author cannot be sold or given away because the author has written the work and nobody can change that. It is in the law of every country that has adopted one or both of these two conventions. Whatever the license you give, no one but the author is allowed to call him or herself the author.

So what if someone does copy your work and takes full credit? As you have experienced, licensing does not prevent people from stealing your work. I reckon you have felt the pain and frustration yourself. I know it too and you have my full sympathy. Rest assured that the law is on the side of the author, whatever the license may be.

The problem is of course that the person who wrongfully claims authorship does not abide by the law. Who is going to stop him? There are things you can do in the judicial world (like sueing), but also things you can do in the social world (like exposing this person or trying to discuss it), or do things in the technical world (like hiding or blocking your work) or you can even ignore it. Please consider your optioins carefully because each option comes with risks and downsides too.

Collapse
 
danbulant profile image
Daniel Bulant

If you have no license at all, MIT or Apache license, you can ask GH to change the repo/take it down, if the user claims they made the software even if they did not.
However, you should make reasonable effort to contact the person and ask them nicely to change their text.

Collapse
 
vtsen profile image
Vincent Tsen

Unpreventable if it is public, regardless of what license or implicit license you have. Whether they want to credit you is totally up to them. If I were you, I will learn to let go and continue to contribute to the community.

Collapse
 
fredysandoval profile image
Fredy Sandoval

Github is slowly dying, many people are promoting to take his code out of Github.

Collapse
 
eljayadobe profile image
Eljay-Adobe

If not Microsoft CodePlex GitHub, where are people moving their projects to?

Collapse
 
rajdeep profile image
Rajdeep Malakar

You have other options like GitLab (Open-Source), Atlassian BitBucket or your own Git Host (there are several Open-Source softwares like Gitea, Gogs which helps you to setup your own Git Host, however, on a large scale, you can consider GitLab Self-Hosted Instance as it provides many features). Many people are now moving their projects to GitLab and some are moving to their own Git Host.

Collapse
 
dancherbu profile image
Daniel Cherbu

CVS is a great alternative.

Thread Thread
 
eljayadobe profile image
Eljay-Adobe

What is the website for CVS?

Is it as fully functional as an open source project repository as GitHub? (Their web interface has to be better, because GitHub's UI leaves a lot to be desired.)

Collapse
 
swedishbotmafia profile image
swedishbotmafia • Edited

This is a scenario I've reported someone to the FBI. The codebase belonged to a university technically so it's probably easier. If they're American the FBI takes that shit seriously. If they're a foreign national; that can forfeit any opportunity they might have that leads them to the US.

Collapse
 
collimarco profile image
Marco Colli

Please clarify what is the license of your project, otherwise this post is meaningless...

Collapse
 
sadeedpv profile image
Sadeedpv🥇

It does not have a license

Collapse
 
collimarco profile image
Marco Colli

Ok, then nobody is allowed copy your work, because copyright (all rights reserved) is implicit if you don't specify a license. In any case it's always better to clarify that on public repositories.

Collapse
 
spo0q profile image
spO0q

you might want to read that

Collapse
 
rangercoder99 profile image
RangerCoder99

If it's public and got no license specified you can't really do anything if it did have an license you can contact github for help...

All my are private for this reason..

Collapse
 
azlan_syed profile image
Azlan-Syed

anything on github is opensource so it may be that the guy is doing that and he is not violating anything

Collapse
 
oszii profile image
OSZII

I would contact this person and give him a warning so that he know if he copies it next time without asking legal actions will take place

Collapse
 
francoishill profile image
Francois • Edited

I have found this site very useful for concise information on software licenses
tldrlegal.com/

Collapse
 
wetndusty profile image
wetndusty

Every John Lennon have his own Mark David Chapman. Enjoy.