←back to thread

32 points ICodeSometimes | 7 comments | | HN request time: 0.201s | source | bottom
Show context
ICodeSometimes ◴[] No.42152434[source]
Happy to answer any questions!
replies(1): >>42152497 #
Kesseki ◴[] No.42152497[source]
What are you doing to prevent phishing scammers from using your service to create fake login pages en masse? This has plagued similar services to yours.

How can brand owners opt out of your service's infringing their intellectual property rights in their logos?

replies(1): >>42153676 #
ICodeSometimes ◴[] No.42153676[source]
> What are you doing to prevent phishing scammers from using your service to create fake login pages en masse? This has plagued similar services to yours.

I check what websites are fetching the logos constantly and block any that seem malicious including canceling their api keys.

> How can brand owners opt out of your service's infringing their intellectual property rights in their logos?

I fetch publicly available assets for any brand, i'm not passing them off as my own. Let me know what gave you that impression please :)

replies(1): >>42155633 #
saaaaaam ◴[] No.42155633[source]
By monetising the assets via a paid API you are infringing intellectual property rights and could be sued. If either you or the owner of the copyright protected assets is based in the US you could be liable for statutory damages.

Just because something is publicly available doesn’t mean it is public domain. Many brands allow their logos to be used but only in certain circumstances (even down to how the logo appears, eg what background colors, how much space around it, etc) which they will publish as part of their brand guidelines, and they will normally make it clear that any use beyond the narrow parameters they publish must be negotiated directly.

That said, your service looks both slick and useful, so my criticism is abstract rather than direct. But it’s still a risk.

replies(1): >>42156645 #
1. llamaimperative ◴[] No.42156645[source]
I would think this is mostly an issue for the consumer of this API, no?
replies(1): >>42156938 #
2. saaaaaam ◴[] No.42156938[source]
The primary risk is not for the provider of the API, not the consumer. There may be some risk for the consumer on the copyright side but not necessarily, but there may also be a contractual risk (see below).

In US law, there are fair use exceptions that may allow use of a copyright protected logo (or any other copyright protected material) without causing infringement - but those are relatively narrow. It may also be that a brand whose logo is generally available is OK for that logo to be used, without it taking action for infringement - but that doesn't necessarily remove their right to ask for uses that they are not happy with to be stopped.

So simply using a logo may not be copyright infringement - and, for example, the use cases presented by the service here - company logos in transaction statements, etc - may be allowed by a brand, but if they were unhappy with how someone was using their logo they would be within their rights, under copyright, to ask for that use to be stopped, or ask the person or organisation using the logo to enter into a licensing agreement.

As soon as you start charging money for someone else's copyright protected works without a licence that allows you to do that, it is almost certainly copyright infringement. So by making a copyright protected logo available via a paid API without the copyright owners permission, you're very likely immediately opening yourself up to being sued, and in the US you could probably be sued for statutory damages for each time you've infringed. Which would mean that if a logo has been served through a paid API to 10 different customers, suddenly you could have a potential liability of $1.5 million.

So there may be a issue for the consumer of the API depending on what they are doing with the logo, but it's unlikely that they would be pursued for damages. But it is 100% an issue for an organisation providing an API that explicitly makes money off someone else'e copyright. And that means that if the terms and condition of the API say "we have the rights from the copyright owners to provide the logo to you" then they are also in breach of contract with the API consumer. If they don't include wording to that effect in their terms of use, then use of the service would not pass due diligence by anyone serious. So if you're a financial services application and you want to display logos in your application, you'd want to be certain that your use of those logos is legally permitted, and you'd look for that assurance from the API provider. If you don't, then there's a potential liability, which is what I meant about a contractual risk. If you, as the application provider, are making an onward warranty that your application is fully licensed (for example, as a white label version to an enterprise customer) then that could present a risk for you as the application service provider, because of the API's non-compliance. But that's an adjacent thing, really.

Copyright gives a couple of fundamental rights: first of all to allow you to control how your work is copied, and by whom; second, to allow you to choose who you allow to copy your work, and on what terms. The second means that you can grant someone a licence you copy your work in exchange for money.

If someone else starts copying your work and charging money for it, they are very clearly in breach of the protections copyright gives.

So in this case the service is explicitly creating copies of something protected by copyright for money. There's presumably a copy being made at the point it is scraped - which could be covered by fair use - but certainly at the point that the logo is being served to a paying API consumer a copy is being created and the API being charged for that copy, and that would almost certainly negate any fair use argument.

Unfortunately, the only real way to offer a service like this as a paid API is to go and get agreement from every brand whose logo you want to use. Now, it may well be that they would be happy to do that, if you can also offer them a brand protection element to the service - e.g. something like "the only way you can use our logo online is via this API, either as a dynamically served logo (which can be revoked at any time) or as a watermarked logo, tied back to the API consumer (who assumes liability for infringement)". Add in search and enforcement for infringing uses of the logo (and other brand assets) and brands may happily licence the logo to the API provider for free, as part of a wider service.

There's a whole other - potentially bigger - issue to do with trademarks. That's harder for brands, because if you don't enforce infringement of your trademark then you may lose the rights in the trademark. However, that'a a much more complex area and varies a lot from territory to territory.

replies(3): >>42157026 #>>42157522 #>>42161905 #
3. llamaimperative ◴[] No.42157026[source]
This is super informative, thank you for taking the time to write it up!
replies(1): >>42157163 #
4. saaaaaam ◴[] No.42157163{3}[source]
You're very welcome.

There's a lot of misunderstanding about how copyright works, and unless it's something you work with regularly it's basically just a load of abstract handwaving!

5. ICodeSometimes ◴[] No.42157522[source]
This is absolutely fascinating, thank you for elaborating! I'll need to dig into this much deeper it seems.

My train of thought was that i was basically offering a hyper-opinionated scraping service since all im doing is scraping publicly available data and packaging it for a particular usecase (similar to say, zoominfo which also provides logos for example).

I will dive into this.

Out of curiosity, what's your background to have all this info? Are you a lawyer of some sort? It was a great writeup.

replies(1): >>42157612 #
6. Xelynega ◴[] No.42157612{3}[source]
Not them, but copyright law is something everyone trying to distribute content should be aware of(especially if you want to redistribute content that you didn't generate).

I'm not a lawyer, but from my understanding as long as you're not actually sending the logo image data through your paid API(e.x. if you just link to the logo file on the MasterCard/airbnb/etc. server instead of hosting it on your own) you should be ok.

7. uh_uh ◴[] No.42161905[source]
Interesting write-up. Does this mean that all of OP's competitors are facing the same legal issues? I wonder what (if anything) they do about this.