dmca/2022/01/2022-01-12-hush.md

Before disabling any content in relation to this takedown notice, GitHub

• contacted the owners of some or all of the affected repositories to give them an opportunity to make changes.
• provided information on how to submit a DMCA Counter Notice.

To learn about when and why GitHub may process some notices this way, please visit our README.

---

Are you the copyright holder or authorized to act on the copyright owner's behalf?

Yes, I am the copyright holder.

Are you submitting a revised DMCA notice after GitHub Trust & Safety requested you make changes to your original notice?

No

Does your claim involve content on GitHub or npm.js?

GitHub

Please describe the nature of your copyright ownership or authorization to act on the owner's behalf.

I am one of the "[private]" as per [private] and either originally [private] the code which is infringed upon, modified the infringed code in the course of development or currently maintain it.

Please provide a detailed description of the original copyrighted work that has allegedly been infringed. If possible, include a URL to where it is posted online.

The hush full node software has been infringed upon, which has a Github mirror at https://github.com/hushmirror/hush3 and the official repo lives at [private]

What files should be taken down? Please provide URLs for each file, or if the entire repository, the repository’s URL.

All files in this directory: https://github.com/PirateNetwork/pirate/tree/master/src/tls

and these additional files:

https://github.com/PirateNetwork/pirate/blob/master/src/wallet/rpcwallet.cpp

https://github.com/PirateNetwork/pirate/blob/master/src/rpc/net.cpp

https://github.com/PirateNetwork/pirate/blob/master/src/rpc/misc.cpp

https://github.com/PirateNetwork/pirate/blob/master/src/init.cpp

Do you claim to have any technological measures in place to control access to your copyrighted content? Please see our Complaints about Anti-Circumvention Technology if you are unsure.

No

Have you searched for any forks of the allegedly infringing files or repositories? Each fork is a distinct repository and must be identified separately if you believe it is infringing and wish to have it taken down.

I have searched for forks and did not find any.

Is the work licensed under an open source license?

Yes

Which license?

GPL version 3

How do you believe the license is being violated?

I have read and understand GitHub's Guide to Filing a DMCA Notice. I believe the license is being violated because our GPLv3 code is being used in a MIT licensed codebase.

z_getbalances RPC

Hush wrote a new RPC which does not exist in any other cryptocoin called z_getbalances first created on April 13th 2021 in commit

52e14828c8 then less than a month later the same exact RPC name, with same functionality was added

in Pirate commit be114569ec . It adds a new optional argument and is a derived work:

https://github.com/hushmirror/hush3/blob/dev/src/wallet/rpcwallet.cpp#L3646

https://github.com/PirateNetwork/pirate/blob/master/src/wallet/rpcwallet.cpp#L4157

hush-cli was renamed pirate-cli

Very interestingly, in 412f5a2961 it can be seen

that the hush-cli script was renamed pirate-cli, and the Hush copyright line was removed and replaced with a Pirate copyright

that says "no rights reserved" :

[private]

-# Copyright (c) 2019 Hush developers

+# Copyright (c) 2019 PirateChain - no rights reserved

set working directory to the location of this script

[private]

[private]

[private]

[private]

[private]

[private]

This file no longer exists in their master branch, but is a good example of Pirate blatantly infringing on Hush code copyright.

TLS Code

Pirate seems to have copied huge sections of the TLS code from Hush, including entire files

and detailed code comments in certain functions, while also not adding our Copyright disclaimer

to their files. Since Pirate is MIT and Hush is GPLv3, mixing this code is incompatible.

For instance: https://github.com/hushmirror/hush3/blob/dev/src/hush/tlsenums.h was created in

commit a21bf40510

on Oct 31st 2021 but https://github.com/hushmirror/hush3/blob/dev/src/hush/tlsenums.h was

created on Sep 29th 2020 in commit 62f67821ec

The files are almost exactly the same, except Hush Copyright lines have been removed, the namespace

"hush" was changed to "tls" and whitespace has been added. The exact ordering of elements and exact

names of variables is exactly the same.

Another fact is that all the filenames in https://github.com/PirateNetwork/pirate/tree/master/src/tls

are exactly the same as the filenames in https://github.com/hushmirror/hush3/tree/dev/src/hush yet

the Hush files were created over a year prior.

Additionally the function threadSocketHandler at https://github.com/PirateNetwork/pirate/blob/master/src/tls/tlsmanager.cpp#L347

is almost exactly the same. The differences are because Hush uses WolfSSL where Pirate uses OpenSSL and

logging to a different log category ("net" vs "tls") .

The -tls CLI option and -tls=only argument was added in commit 62f67821ec on Sep 29th 2020

and then appears over a year later in Pirate source code in commit a21bf40510

Additionally, Hush added the field tls_connections to two RPCs: getinfo and getnetworkinfo and Pirate took this code,

and turned the oneliner to a for loop to make it look different, yet it is still a derived work:

[private]

[private]

[private]

[private]

[private]

[private]

[private]

[private]

[private]

[private]

[private]

[private]

You can also notice they exactly copied the documentation of each RPC, with no changes.

In the file src/net.h you can see that Pirate copied the exact variable names of the TLS context objects:

[private]

[private]

[private]

[private]

[private]

[private]

Additionally, these two objects were added at exactly the same place in the file, between the strSubVersion and LocalServiceInfo struct.

https://github.com/PirateNetwork/pirate/blob/master/src/net.h#L226

https://github.com/hushmirror/hush3/blob/dev/src/net.h#L196

What changes can be made to bring the project into compliance with the license? For example, adding attribution, adding a license, making the repository private.

The project can be brought into compliance by changing to the GPLv3 license or removing all infringing code, as well as including correct copyright disclaimers for "The Hush Developers"

What would be the best solution for the alleged infringement?

Reported content must be removed

Do you have the alleged infringer’s contact information? If so, please provide it.

Most infringing code is from [private], who is the main developer of the infringing code repo.

I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.

I have taken fair use into consideration.

I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.

I have read and understand GitHub's Guide to Submitting a DMCA Takedown Notice.

So that we can get back to you, please provide either your telephone number or physical address.

[private]

Please type your full legal name below to sign this request.

[private]