FRESH

Hacker News

How FOSS Projects Handle Legal Takedown Requests

144 points by mkesper

by s1mplicissimus

0 subcomment

> One FOSS organization, for example, requires all legal correspondence to be submitted by postal mail in the national language and citing local law. Most complaints evaporate once asked to comply.
Pure gold.

by brian_cunnie

1 subcomments

I typically get a takedown notice a couple times a week, usually from my registrar (Namecheap) or from Netcraft, about 100 so far.
I keep a public (transparent) list of takedowns, on a public repo on GitHub. The commit messages are the logs. [0]
I have a way to dispute: raise a GitHub issue. I've only had two people dispute: one was legit, and I unblocked him, and the other ran a WordPress site which he didn't know was compromised. I did not unblock him. [1]
Please don't judge me harshly for honoring the takedowns immediately, but I do so because the remedy is simple: register your own domain, and don't rely on my nip.io / sslip.io service (which maps IP addresses to hostnames as a convenience for developers, e.g. 127.0.0.1.nip.io → 127.0.0.1).
Dealing with takedown requests is the least pleasant aspect of running FOSS project. I want to spend my free time coding, not blocking phishers, scammers, and grifters.
[0] https://github.com/cunnie/sslip.io-blocklist [1] https://github.com/cunnie/sslip.io/issues/100

by politelemon

0 subcomment

This seems like a well balanced approach. I do love the abuse mitigation measures in place to dissuade casually malicious actors. The fact that providing evidence itself is a deterrent just goes to show how ill intentioned most of them are.

by ignoramous

2 subcomments

TFA goes: A window for response (commonly 14 days) is offered, unless unfeasible due to seriousness and time restraints of the request itself. If the developer disputes the claim and provides supporting information (e.g. license, public domain status, fair use justification), the claim is reviewed.
As someone who has had multiple FOSS projects take down by companies / app stores (happens when we go viral in some country), DDoS'd by rouge actors (thanks for saving our bacon, Cloudflare!), visits from law enforcement etc; F-Droid's post on "appeals process" comes as a surprise. Here's the email I received from them:
```
  Dear The Rethink DNS Authors,

  The F-Droid platform has received an official order from Roskomnadzor (RKN), Russia's Federal Service for Supervision of Communications, IT, and Mass Media, regarding Rethink (Registry Entry #3133609-РИ) https://f-droid.org/ru/packages/com.celzero.bravedns/
  ...

  F-Droid took technical measures to block your website app page for the Russian site visitors to avoid the risk of limited access to F-Droid as a whole. For further queries or concerns, contact legal@f-droid.org.

  Thank you for your cooperation.
```
Nothing in there informs me that I had the opportunity to appeal.

by its-summertime

2 subcomments

How does it make sense to ask an app developer to appeal on behalf of a platform they have zero control over?