November 14, 2019

How to deal with stolen code.


So, I recently discovered that my indie extension has been cloned. To add insult to injury, actual code I've written is present in the stolen clone -- sure, lightly "edited" -- the names and such, but its clearly a paste.

Now, the extensions all live on webstores of the browser we submitted to. What are usual recourses here? Are there any? What are community thoughts on the topic? Is this fair game for any low hanging fruit?

Thanks all!

  1. 1

    I would jump on it as quick as possible. Report them to the respective extension collectives, and perhaps even send them a 'cease and desist' letter. Be polite but firm.

    You can probably start this off without the expense of hiring a lawyer, but if you don't get positive results initially, then you may have to go legal on them.

    I assume you have Git logs etc. that can prove that the code is all derived from scratch by yourselves if it came to a court case? I am curious as to how they got your code? Was it accidentally uploaded to a public repo, or did a coder working on the project steal the source or something?

    1. 1

      Yeah keen to know how they got it, and equally keen to know how you got theirs?

      1. 3

        All browser extension code lives on your hard drive when installed. You can usually find all your installed extensions and their source code in the folder where your browser keeps its settings.

        Essentially, browser vendors don't allow you to obfuscate your code. Even for minified libraries that you may be using, you will need to provide the human-readable version (unless it's a common library like jQuery).

        Keeping your code safe for browser extensions works only though a license, C&D letters, and DCMA-related actions.

        1. 1

          Interesting. Seems like that's a problem for someone to solve. Thanks.

        2. 1

          That is entirely correct. Depending on the browser, extensions and their code are hosted on the machine of the user thereby allowing us to look into the code of each others work. Not ideal, but there is no middle ground here -- generally, one tries to move meat and potatoes into server side.

  2. 1

    I'd report the extension if possible and point out the publish date of yours vs theirs. It's definitely not fair game to copy someone else's extension source code.