Licence? What licence? All your links are belong to us!



  • Today I have stumbled across a rather serious issue regarding image licenses in a forum software we all know only too well.

    In this post I added an image, and I did it by url. To stress I did not upload that image .

    Looking at the raw code of the post, you can see that that image is now delivered from http://what.thedailywtf.com/ and not from the original source:

    <img src='/uploads/default/3534/5700069f0bcf7d79.jpg'>

    Furthermore, it is delivered from a directory named uploads giving the impression that I uploaded that picture.

    And it has been altered: it is now 500x500, whereas the original was 600x600.

    No reference whatsoever as to the original source of the image is given; it is presented as is.

    I don't know intellectual property law in the USA well enough; as for Germany that behaviour is infringing intellectual property law in more than one way.

    For legal reasons, I will therefore in future refrain from adding links to images on the web.

    IANAL, but IMHO this behaviour of Discourse is completely unacceptable. And if only because the behaviour of Discourse in regards to image links presents a serious risk to any website running Discourse as forum software.


  • ♿ (Parody)

    What if I told you... whenever you visited a web page, your computer makes multiple copies of copyrighted bytes and then transforms those bytes without explicit permission into photons without any reference whatsoever to the original source of the copyrighted bytes.

    I actually am a lawyer, and this is why computers are illegal in Germany. I hope you're not using one in that jurisdiction.

    --
    Filed under: Should be a Meta post, but the post content itself justifies the WTF


  • Winner of the 2016 Presidential Election

    Doesn't that fall under personal use or something?

    I am really unsure. For example I am able to buy a DVD and watch the movie inprinted on it but am not allowed to show it publicly.

    That might be a completely different field but that is how I (a non law-person) would compare it to (and the forum would be the piblic broadcast).

    So clarification on that would be great.

    Filed Under: This Topic has peaked my interest



  • @apapadimoulis said:

    What if I told you... whenever you visited a web page, your computer makes multiple copies of copyrighted bytes and then transforms those bytes without explicit permission into photons without any reference whatsoever to the original source of the copyrighted bytes.

    Believe it or not, local copies on my machine (or a company's proxy server) are something completely different from taking someone's picture, altering it, storing it on one's own site and delivering it from there.

    @apapadimoulis said:

    I actually am a lawyer

    As I said: I don't know US intellectual property law well enough. Discourse's behaviour may fall under "fair use", I don't know. If you are comfortable with the situation, ok. After all, it is your site.


  • Winner of the 2016 Presidential Election

    To be fair, you could just credit the picture manually with a link after posting it. Would be more work but at least you would feel like you did the right thing.

    Filed Under: Just a thought



  • My impression is, they do this automatically when you link directly to an image. Probably a way to prevent topics from becoming a graveyard of broken links as time goes by.

    Not sure about the legal ramifications, but to me it feels morally OK. When you hotlink, the target site is already not getting any traffic from the bandwidth they provide. Taking over the image hosting is in their best interest. And if they don't want that, they can easily prevent hotlinking to images from outside of their site (or a whitelist).

    Summary: if you want to credit the author, don't hotlink. Or provide a link in addition to the hotlink.


  • ♿ (Parody)

    @faoileag said:

    Believe it or not, local copies on my machine (or a company's proxy server) are something completely different from taking someone's picture, altering it, storing it on one's own site and delivering it from there.

    Not really, it's all just caching... and any alteration is done indiscriminately for performance/usability purposes. The end-user experience is effectively identical: they visit a web page, and they see a picture embedded in that web page. The forums are simply acting as a neutral hosting provider, and this is industry standard behavior (Twitter, FB, etc do this too). If we get a DCMA takedown notice, we do just that.

    It's most definitely a copyright violation to embed copyright images in your page (whether you "hotlink" or cache link), and it may even be a copyright violation to directly hyperlink to the image. But, unless you're linking to 1000's of full-res Getty stock images, or doing other similar stuff, no one really cares.



  • @apapadimoulis said:

    Not really, it's all just caching...

    In Germany, at least, it is different. Files stored in the cache folders of a browser are not considered "downloaded" for legal purposes.



  • Look...there are worse more savage things to be concerned about...

    No I'm not talking about starvation or war...I am talking about the illegal use of fonts. Illegally using fonts kills maybe 3 to 5 kittens annually (and those numbers are rising). So while you are distracted with your image poaching, up to a handful of kittens needlessly perish in fear and isolation...

    And that's EXACTLY what the government wants you to be worried about.

    'They' want you to be distracted and concerned about the image thing while the font thing (the real crime) gets committed right under our noses and in plain sight!

    And which is worse? (Sigh)...maybe we'll never know.

    ;)



  • @apapadimoulis said:

    The forums are simply acting as a neutral hosting provider, and this is industry standard behavior (Twitter, FB, etc do this too).

    Since I actually couldn't recall just how Twitter, Facebook & Co. do this, I checked:

    • Google Image search does indeed cache images locally, but gives the original source on mouseover. More, if you click on the image to see the full set card, the image served is not the cached image but the image from the source.
    • Facebook and Twitter are different from Google in that you have to get the images into the Twitter- or Facebookverse - both don't crawl the web. But unlike Discourse, the only means you have to get an image into Facebook or Twitter (as opposed to referencing it via bit.ly or other url-shortening services), is by uploading the image.

    So no, I would not say that Discourse's behaviour is industry standard behaviour. At least concerning the ability for users to post a link to an image that is then "localized", Discourse seems to be on a path of its own.



  • @faoileag said:

    So no, I would not say that Discourse's behaviour is industry standard behaviour. At least concerning the ability for users to post a link to an image that is then "localized", Discourse seems to be on a path of its own.

    Google mail does it like Discourse, except that they don't alter the image (AFAIK).

    Anyway, fuck the law: keeping the hotlink would be a security problem, redirecting your users' browsers to arbitrary files located on other servers, which can be changed according to the exploit du jour.

    TL; DR: you shouldn't flame Discourse for the one thing it does (mostly) right.



  • I'm not sure the security argument is really relevant here, because you can just as easily point it at an image with embedded code, and I suspect that there's at least one exploit that would allow arbitrary embedded js code in a remote image to execute upon import. The difference is people haven't bothered to explore this option in relation to discourse.

    Also, 'fuck the law' arguments tend to be exactly the kind of arguments that result in web masters getting massive slaps /fines or takedown requests. While unlikely to occur here specifically because of the type of things we talk about, what if discourse were used on a popular site that talked about celebrities? Images and leaks hosted directly on the site rather than at a more or less 'neutral' third party like imgur can lead to direct action taken against the site.

    But like i've said elsewhere, I don't believe europe or any of the eastern world is a target market for discourse, simply because of how things have been implemented.



  • Well, copyright laws are made to be misused, and rehosting an image is no different from hotlinking an image except that:

    1. Hotlinked images take bandwidth from the original host.
    2. Rehosted images don't disappear if the original site vanishes from the internet.
    3. The owner of the site that rehosts the image can be sure the image will not change arbitrarily.

    I can't think of any benefit to not rehosting the image. If you're breaking copyright laws by having the image on your site, you're doing it either way.

    If we had edit history viewing not-disabled, the complaint about the original URL being hidden would be void as well.



  • I'm aware of the benefits of rehosting images, and personally I support it in a general sense.

    However, this is a discussion about the legality of doing it, not the discussion of the benefits of rehosted images.

    A downside would be google image search taking you to TDWTF rather than the original site owner for the product, or people being confused why an image of < x > is located on TDWTF.

    Or, TL;DR; Images should only be moved to be hosted on TDWTF when explicit requests are made through the uploader tool. Not automatically when the image is linked. If you want to get fancy, hotlink until the site returns a 404, and use a back up of the image you downloaded originally. (But this also leads to other issues, strictly legally speaking)


  • Discourse touched me in a no-no place

    @ben_lubar said:

    I can't think of any benefit to not rehosting the image. If you're breaking copyright laws by having the image on your site, you're doing it either way.

    If we had edit history viewing not-disabled, the complaint about the original URL being hidden would be void as well.

    I think there's a moral argument in favour of at least making it possible to find out what the original image URL is; that what people are seeing is a cached version and that the canonical source is elsewhere. I also think that we should be exposing the edit history, and that edits by bots should be clearly indicated as such, in a way that normal users can't duplicate.

    And finally, I think that some users round here will attempt to emulate the bots for fun anyway. Because. 😉



  • @codinghorror @sam how hard would it be to have the original URL for an automatically downloaded image set as the title when the image gets lightboxed or whatever?


  • :belt_onion:

    I think showing the original URL is a good idea, if only to cover your ass. Plus, sometimes I am interested by the image and would like to go to the site from which it came!



  • Images and law.

    Filed Under: Placing ice pick into eyeball.



  • @Matches said:

    I'm not sure the security argument is really relevant here, because you can just as easily point it at an image with embedded code, and I suspect that there's at least one exploit that would allow arbitrary embedded js code in a remote image to execute upon import. The difference is people haven't bothered to explore this option in relation to discourse.

    So because there is another, related security hole, we're not going to bother fixing this one? This is just WTF.



  • @Planar said:

    Anyway, fuck the law: keeping the hotlink would be a security problem...
    TL; DR: you shouldn't flame Discourse for the one thing it does (mostly) right.

    "Fuck the law" might turn out to be a rather expensive attitude, especially in the US.

    Framing the picture might indeed pose a security risk, but that is a separate topic.

    What I was saying is that Discourse, by making a copy of the linked-to image, altering that copy and distributing that altered copy, might be infringing on copyright law.

    And Discourse can't shift the blame onto the user making the link, because the user provides a link and nothing else.

    This is where Facebook and Twitter are on the safe side: the user has to upload an image, i.e. the user distributes the image without holding the necessary rights to do so. Facebook and Twitter might be served an DCMA take-down notice, but any claims for damages will have to be made against the user uploading the picture.

    Discourse on the other hand takes a link and then copies the image and distributes the local image on its own discretion.

    There would be an easy way to avoid that, of course: either don't give the user the ability to link to images, or keep that link as is, i.e. a link.

    There will probably be a reason behind Facebook and Twitter doing things differently in that regard.



  • How about just a button "Cache this image locally" that the uploader can click. Would that fix the legal issue?



  • @ben_lubar said:

    1. ..
    2. Rehosted images don't disappear if the original site vanishes from the internet.
    3. The owner of the site that rehosts the image can be sure the image will not change arbitrarily.

    Is that not the content owner's prerogative/right to be able to withdraw/modify their property as and when they see fit?

    Side note - wtf is with numbering? I quoted 2&3, and attempted to reinstate correct numbering per the original post, but I ended up with a preview that doesn't match the numbers in the text box.



  • @cartman82 said:

    How about just a button "Cache this image locally" that the uploader can click. Would that fix the legal issue?

    Couldn't really say. It would mean the user is telling Discourse to make that copy for him/her, but since Discourse is providing the button, it could also mean that Dsicourse is actively aiding the user making that copyright infringement. I think Napster was sued for exactly that, so no, I wouldn't think such a button would be a solution.


  • Winner of the 2016 Presidential Election

    Couldn't really say. It would mean the user is telling Discourse to make that copy for him/her, but since Discourse is providing the button, it could also mean that Dsicourse is actively aiding the user making that copyright infringement. I think Napster was sued for exactly that, so no, I wouldn't think such a button would be a solution.

    IANAL, but I think it would be legal if you tell the user that he needs to hold the right to upload the image (footnote, link to FAQ, etc.). That way, it becomes the user's responsibility to check whether the upload infringes someone else's copyright.



  • @ben_lubar said:

    I can't think of any benefit to not rehosting the image

    I can, and it doesn't even touch on copyright.

    Let's suppose I hotlink an asset which is illegal in some locality. The most obvious would be paedophile materials, but there are a lot of other things that one could imagine. Given Discourse's "immediate, automated rehosting" policy, the web host is not linking to illegal materials, he is actually guilty of hosting and distributing those materials, which is (at least in the case of paedophile imagery) a serious offence liable to result in jail time. Rinse nd repeat for "violent sexual imagery", "forgery", "mail fraud", "industrial espionage", "espionage", etc.



  • @tufty said:

    Given Discourse's "immediate, automated rehosting" policy, the web host is not linking to illegal materials, he is actually guilty of hosting and distributing those materials, which is (at least in the case of paedophile imagery) a serious offence liable to result in jail time.

    I'm now seriously considering signing up for those hosted Discourse installs...



  • @tufty said:

    Given Discourse's "immediate, automated rehosting" policy, the web host is not linking to illegal materials, he is actually guilty of hosting and distributing those materials, which is (at least in the case of paedophile imagery) a serious offence liable to result in jail time.

    Isn't there a risk on any forum that someone could upload illegal material using a throwaway identity? It might be slightly easier to do on Discourse, but I don't see that there's much difference otherwise.



  • I actually am a lawyer

    Then you're either acting outside your area of expertise, or you haven't done your research, because WaPo got slapped down for exactly this (rehosting rather than hotlinking): see http://www.buzzfeed.com/jwherrman/want-to-publish-a-twitter-image-legally-just-embe

    A U.S. District Judge has ruled that the AFP and Washington Post infringed on copyright by posting photographer Daniel Morel’s photos of earthquake damage in Haiti.The photos were posted to Twitter, from which the AFP submitted them to Getty. WaPo found the images on Getty and posted them on its website. The ruling explains, over the course of about 60 pages, that just because the images were posted to Twitter doesn’t mean they were fair game for reposting elsewhere.

    ... and ...

    (Twitter user tone_def points to a past case in which Google successfully defended itself against infringement claims on the basis that it was re-displaying images from other sites by embedding them with HTML, or “hotlinking,” rather than rehosting them itself.)



  • @DaveK said:

    Then you're either acting outside your area of expertise, or you haven't done your research

    @apapadimoulis said:

    and this is why computers are illegal in Germany.


    Filed under: pacman sez jokes are hard



  • @Keith said:

    Isn't there a risk on any forum that someone could upload illegal material using a throwaway identity?

    If someone uploads illegal material to a forum that is one thing. In the case stated by tuffty however the forum software itself would download illegal material on to its own server.



  • @faoileag said:

    If someone uploads illegal material to a forum that is one thing. In the case stated by tuffty however the forum software itself would download illegal material on to its own server.

    Does that really make any difference? The server is still "hosting and distributing" the materials illegally.

    I'm not saying that it doesn't make a difference; I'm just intrigued as to whether laws tend to draw a distinction. Certainly YouTube got into trouble for people uploading copyrighted material to its site.



  • @apapadimoulis said:

    I actually am a lawyer, and this is why computers are illegal in Germany. I hope you're not using one in that jurisdiction



  • @Keith said:

    Does that really make any difference? The server is still "hosting and distributing" the materials illegally.

    I think it might indeed - because in the case of automatic download, the server is not only "hosting and distributing", it has also initiated the necessary steps to "get into possession" of the incriminating files in the first place.



  • @faoileag said:

    it has also initiated the necessary steps to "get into possession" of the incriminating files in the first place

    Gosh darn, it's tricky.


  • ♿ (Parody)

    @faoileag said:

    incriminating files

    Worth noting that we're talking about civil liability here, not criminal. That means someone needs to be willing to spend money to sue, and I think there are far more profitable lawsuits to be had than against pseudo-anonymous internet people. More likely than not, a copyright holder would send a DMCA takedown notice, and we'd do just that.

    There probably is some obscure criminal liability that some federal prosecutor could contort to 30 years in PMITA prison, but we're already committing three felonies a day... so just don't piss off the DA. Or make sure to have enough money to bribe him.



  • HI ALEX!  



  • @Keith said:

    HI ALEX!  

    Hi Keith!



  • @Nagesh said:

    Hi Keith!

    HI NAGESH!



  • @Keith said:

    HI NAGESH!

    Hello, world!



  • @Maciejasjmj said:

    @apapadimoulis said:
    and this is why computers are illegal in Germany.


    Filed under: pacman sez jokes are hard

    That could so easily be a real lawyers' in-joke. Clueless legislators frequently propose or even pass laws attempting to regulate some supposed bad-stuff-on-the-internets that when read closely by people with actual legal expertise turn out to have rather severe unintended consequences. See for example the recent poorly-worded bill in Florida that, in attempting to ban on-line gambling machines, could be read as banning all networked computing devices (although in fact the courts would undoubtedly apply common sense interpretation if anyone had tried to push it that way.)



  • I was pointing out potential actual criminal liability, actually. The sort of actual criminal liability that might put you on the "to be shanked" list when you end up inside. Or, indeed, on the outside. Because, although courts might make a common sense interpretation of a purely technical and civil case, they have not shown any tendency to do that when it comes to sex crimes.

    Filed under: A place on the sex offenders register is for life, not just for Christmas



  • @apapadimoulis said:

    I actually am a lawyer

    What kind of law? Because lawyers tend to focus on a particular area of law and don't tend to know the other areas very well. I know several people in intellectual property (IP) law, and even then each of them is only aware of how IP law applies in certain areas. For example. my brother-in-law works in IP law for a pharmaceutical company, and I doubt he would have a clue about this. I know someone else who is a named partner in a multi-state IP law firm, and he deals mainly with copyright infringement (he has underlings to deal with other stuff). Anyway, from conversations with them, there is a very real chance that the way Discourse handles images could be a liability.

    To take your example:

    @apapadimoulis said:

    whenever you visited a web page, your computer makes multiple copies of copyrighted bytes and then transforms those bytes without explicit permission into photons without any reference whatsoever to the original source of the copyrighted bytes.

    Wrong, in two ways. First, the part about "without explicit permission". The web page was put out there for public consumption, so the assumption is that these client copies will be made (Okay, maybe not "explicit", permission, but implicit permission is just as good). This is the way the web works. Second, the reference to the original source of the copyright is the damn web page address you are visiting.

    As for the way Discourse works, taking a copyrighted image, copying it to your local source, and then publicly distributing it with no recognition of the copyright holder, without prior consent, is a violation of IP law. It's not so much the local copy in this case that's the problem. Serving it up again for public consumption is.



  • @apapadimoulis said:

    I actually am a lawyer, and this is why computers are illegal in Germany.

    Maybe this has already been said, but people still seem to be missing the fact that THIS IS A JOKE



  • Great job guys, I had to like @ben_lubar 's post because he's apparently the only voice of reason here. DO YOU SEE WHAT YOU'VE DONE?!


    Filed under: cats and dogs living together, mass hysteria



  • You didn't have to. I'm ignoring it.



  • @ben_lubar said:

    Maybe this has already been said, but people still seem to be missing the fact that THIS IS A JOKE

    I readily got the joke

    what happened to spoiler plugin?



  • Let's see: [spoiler] @Nagesh was not doing it wrong.[/spoiler]

    Edit: Nope. Discourse broke spoilers. But they're still working in the FAQ.

    Edit: Spoilers are working again!


  • ♿ (Parody)

    @abarker said:

    What kind of law?

    I practice multiple kinds actually (I have a lawmed degree), but I do specialize in internal law and international medicine.

    @abarker said:

    As for the way Discourse works, taking a copyrighted image, copying it to your local source, and then publicly distributing it with no recognition of the copyright holder, without prior consent, is a violation of IP law. It's not so much the local copy in this case that's the problem. Serving it up again for public consumption is.

    I still don't agree, b/c I see it as a form of caching and fair use. Either way, a jury could see it differently... but don't think anyone is going to sue over this. I feel there's a lot more potential liability with other aspects of the site.



  • I really, really hope that someone from the NHL doesn't come here.



  • @apapadimoulis said:

    I still don't agree, b/c I see it as a form of caching and fair use. Either way, a jury could see it differently.

    But it isn't caching, partly because all reference to the original source is eliminated. Without that source information, how do you plan on claiming caching?

    @apapadimoulis said:

    but don't think anyone is going to sue over this. I feel there's a lot more potential liability with other aspects of the site.

    Yeah, and I thought I was safe a few years ago when I bought a few legal copies of Photoshop, kept one, and sold the rest on eBay. Apparently, Adobe thought that me selling two copies of Photoshop on eBay was enough to come after me for copyright infringement. Fortunately, I know a big name in IP law, and he let me use his firm's name free of charge when responding to the initial complaint. Never heard back from Adobe's lawyers after that letter.

    Anyway, my point is, you're taking a calculated risk using Discourse. By coding this behavior with no option to turn it off, @sam and @codinghorror are pushing that risk to everyone who chooses to use Discourse (I bet most people who deploy Discourse have no idea of this risk). And I bet that no one in this whole mess has once you have not consulted an IP lawyer about the legality and/or potential liability of such behavior.

    Edit: Updated based on PM with @sam


Log in to reply