Copyright Takedown for Linking to the "State of Open Source" Report
A few days ago I received a notification from Reddit advising my account has been given a warning, saying that a comment of mine had been removed for potential copyright infringement. The notification explained that this was based upon a takedown notice being submitted, and that they determined my comment did violate Reddit’s copyright policy.
The comment was for this /r/opensource post, and my comment text was as follows:
Once again the actual report is gated behind a form reqesting a bunch of personal details without clear justification or purpose.
Here’s the after-form landing page where the report download is provided: <link_redacted>
Here’s the post from last year with a discussion with someone from OpenLogic regarding this: https://www.reddit.com/r/opensource/comments/1agg086/comment/kogrd2t/
I’ve redacted a link to avoid any further kind of attempted copyright takedown on my personal site/domain/hosting. It was a link to the download page for the “State of Open Source Report” PDF, which was only a minor variation to the advertised URL for the download, which requires filling in a form to access the advertised PDF report.
Who performed the takedown?
The report itself a joint project between Perforce OpenLogic, the Open Source Initiative, and the Eclipse Foundation. The link I had shared led to the OpenLogic site, which is a part of Perforce. I contacted Reddit to query the source of the complaint, and the response confirmed it had come from an employee at Perforce.
Is the takedown valid?
I am not a legal expert in any way. To me it’s dubious. On one hand I did publish a link which skipped their form (and marketing data acquisition funnel) but the linked page was a normal public page on their website. The linked download page had no warnings or advisories against sharing. The PDF has no license or legal notices apart from a generic copyright notice:
© Perforce Software, Inc. All trademarks and registered trademarks are the property of their respective owners. (0320CK25)
It doesn’t specifically provide rights to redistribute, although I did not distribute the PDF itself, just the page where OpenLogic provide it, but maybe subverting their form via a direct public link is enough to be considered a copyright issue? I suppose you see links to torrents and other material being taken down via DMCA, but this was something advertised as a free download on the OSI site (reference image, context of image).
Why did I post the link?
I posted a link out of fustration regarding the privacy considerations given in being able to view/access the report. I don’t think it does open source any favours to have OSI-backed & advertised reports being released via means which are very questionable in regards to user data and privacy.
My specific concerns can be read via my comment on the Reddit post for last year’s report, which did get a response from OpenLogic:
My original comment on their post
The link to the report leads to an openlogic page, which requires you to submit your details to an adobe platform (Marketo) to access the report, without clear advisory about what your details are required for, or how they’d be used. Your email also gets sent to emailable.com on input.
Very questionable in regard to privacy.
You can prepend “success/” to the start of the URL path (just after the domain) to work around the form. I’m not sure the implications of sharing the link though.
OpenLogic response
Hi there! I am the Associate Marketing Director for OpenLogic. I understand your concerns about how your data is used. Here is a link directly to our privacy policy. https://www.openlogic.com/privacy-policy
We do no sell data, however we do reach out, following global SPAM compliance standards, to see if the reader has a need for Open Source Support. Thank you for not sharing the link, our team relies on this information for better understanding of who is reading our content.
This our 4th year producing a comprehensive State of Open Source Report. We hope you enjoy it!
My response to OpenLogic
Thanks for the response, but nothing on that makes it clear you’re opting in to be contacted by you for that purpose, nor does it make it clear that you’re sending user data to adbobe/emailable systems. Pointing to a generic privacy policy may help be somewhat compliant, but it doesn’t make this less questionable/sketchy. Those services are not even listed there. Do you feel that the user has provided “specific and informed” consent for what is being done with their data?
Looking further, the whole privacy story of the website looks questionable. Watching network requests on a fresh load, before accepting the privacy banner (which only informs about cookies, not other activity being tracked), I’m seeing tracking requests for many different services, including but not limited to:
Google, LinkedIn, ZoomInfo, Bing, 6sc.co (potentially Symentec), nr-data.net (New Relic), Driftt, Bing.
What’s the lesson?
Companies will attempt to use copyright to protect against subverting their lead generation process, especially when you call out their questionable considerations to user data privacy.