I recently stumbled upon Github's dmca repo, where they document all the dmca (copyright infringement) notices received by them.
According to the README, the reason why they're doing this is:
A noble effort. I decided to have a look at some of the dmca notices sent to Github. And to my surprise, I found that a few Indian tech companies were a regular feature on this repo. Of course, on a related note, we had the whole Humans Of Bombay copyright case very recently.
But what was even more confounding was finding out that the company that has sent by far the most takedown notices on Github is – Nykaa. They've sent more than 130 in the last two years (including 51 of them this August itself).
For those who don't know, Nykaa is an e-commerce company that sells beauty and wellness products.
So why is Nykaa, of all places, sending so many takedown notices on Github?
Thanks to Github making the content of dmca notices public, I scrolled through some of the repos that received notices from Nykaa. Many of them have been taken down by Github, but a few still exist.
For example, this is one of the dmca notices that Nykaa sent to Github:
And this is the repo that received this notice:
Umm, this looks like an innocuous frontend assignment project for a hackathon or an online course. Why is Nykaa sending a dmca notice for this?
I went through a few more repos in Nykaa’s dmca hit list and found that most of them were frontend clones of Nykaa’s website.
On digging deeper, I found that as part of a coding assignment for an online fullstack development course offered by a Bangalore based ed-tech firm, students have to build a clone of Nykaa frontend and push the code to Github. Dozens of students build and publish these assignments regularly on Github. Some have even blogged about it:
Nykaa, for reasons only they can explain, deem these demo projects to be dmca-takedown-notice-worthy. So every month Nykaa sends dozens of takedown notices to every student-made assignment of Nykaa's frontend on Github.
I am scratching my head! Why Nykaa? Why are you so insecure? And isn't this a blatant abuse of a dmca takedown notice?
Github has a well-documented dmca policy page with guidelines on fair use considerations for dmca notices. Going as far as asking to state in the notice if Fair use has been taken into consideration.
Surely all these repos fall under fair use protection? I don’t understand the small-mindedness of Nykaa in sending notices for such trivial things.
And Nykaa is not the only Indian company doing this. Amongst others, Paytm is not too far behind with 60+ dmca requests and Meesho with 40+ for very similar takedown reasons.
As per the dmca data on Github, the same third-party agency, a UK based company called iZOOlogic, handles all the dmca notices for these 3 companies (plus a few more Indian companies)
In some dmca notices, they claim that these repos could potentially be used to launch phishing attacks. If it is really so, sending takedown notices to Github to remove frontend copies of their website is such a low-hanging fruit. Surely no serious and self-respecting online fraudster would use a public repo on Github to run their phishing website operations?
It is very common to make clones of well-known websites for frontend development courses and job interviews. Search Github for "instagram clone" or "youtube clone".
On Github’s part, they should outright reject such abuse of dmca notices. They’ve removed too many repos by bowing down to unreasonable dmca requests. For some repos, they’ve added this alert at the top instead of taking them down:
As for Nykaa – please please have some chill and stop being so petty.
P.S. With the title of this post and by publishing a copy of this post on Github under a repo named "NYKAA CLONE", I hope I can bring their attention to this post by triggering some dmca alarm somewhere in their system.
To the person drafting dmca takedown notices for Nykaa, if you're reading this:
STOP SENDING STUPID DMCA NOTICES!!!
In case you missed it, in the last post, I wrote about the little Indian internet corner of personal data sellers.
You're missing the real incentives for why this happens.
A (Nykaa/PayTM/..) hires B (iZOOlogic) to protect their brand. There's not much work B does, except for running off-the-shelf software, and filing complaints on behalf of A. This would include legitimate takedowns (say phishing websites to fool A customers), domain-impersonations, or a lot of fair-use stuff that the companies might not want (Domain registrations for A.sucks).
Every quarter, B has to go and charge A for an invoice, and the invoice has to _show some numbers_. The contract goes away unless they actually do some "brand protection". Filing silly DMCA notices is the easiest way to pad these numbers, so that's what B ends up doing.
This is the kind of internet that I fell in love with in my teenage. Thanks for these posts man. Just binged all your articles.