Is it allowed for competing extensions copy my source code?

[Michael Flores]

I recently successfully filed a DCMA complaint against an extension which copied elements of my design and code. A week later, it popped up under a different Google account with a new design (congrats) and still using copied code. I figured since programs are covered under copyright protections, particularly if they are line for line copies, I could file a claim against a portion of the program which was most obviously copied. However when I pointed out the exact files, their location in the infringer's source, and their identical locations in my source code, I never got a response that indicated they thought this was infringing. First they said they couldn't find the content that I was claiming at the URL provided, and after sending screenshots they just said that they had decided not to take action but wouldn't state whether the issue was that: 

1. they didn't consider the code to be authored by me

2.  they didn't consider the code to be a copy

3. code will never be considered infringing 

So I'm wondering, is it allowed for other extensions to copy my source code? 

P.S. proving the copying is rather besides the point of whether it was copied, I know for a fact that it was because the publisher previously had repo access for them to develop on the backend of the app, which is why most of the rest of the app also has clearly copied files.

[Robbi]

Avoiding is almost impossible, discouraging is the strategy.
1. move you extension to mozilla addon store.
   Mozilla permits to upload obfuscated addon
   as long as it is also uploaded an clear version with the exact instructions to build the obfuscated one.
   Of course, if review process will succed, only obfuiscated version will be pubblished.
   (Maybe the MS-Edge store does the same too - I have not verified)
2. Let the extension communicates with your own server just with simple post message(s) which permits server to acknowledge the original extension
    and ban the "competing" extensions.
    Better if in that message you include a field with a kind of apikey that your users will only get after a sign-in phase.
    At this point if you notice fraudolent network traffic (i.e several network request from same apikey with many different ip address in a predefined time frame)
    you can ban that apikey.

Mine are just tips, now it's up to you to decide how much time and\or money to invest to make your extension (or your business) safer

[Michael Flores]

The fact that step 1 is to just not release it as a Chrome extension makes me feel like there's a policy failure here somewhere...

[Cuyler Stuwe]

The best solution if you want to protect your IP is to make as much of the logic happen on the backend as possible. That’s the only relatively-foolproof method.

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/1ecdaf78-cf22-41d6-b3f8-57c158a2c41an%40chromium.org.

[Alex Shoykhet]

Alternative to API key, your backend can just check origin which will be chrome-extension://your-extension-id (not sure what it is for Mozilla).

Might make development kind of hard if your don't have a staging environment.

But yeah if your extension doesn't have a backend, not too much else you can do besides obfuscate and keep reporting.

It would be great if there was more attention on the Chrome Web store from a content review point of view. Google Play for example will kick copycat apps out if they infringe on a copyright/trademark.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/CA%2BYuxdcSaC_R3k5GJryTg-obMOh5W5ionNAz4LyOA9ZR_90_NQ%40mail.gmail.com.

[PABLO REYES]

I didn't know other developers can access my whole source code. That is crazy!

Anyway a solution can be move it to open source. 

[Cuyler Stuwe]

It’s frontend web code; Devs can always access frontend web code. Never expect frontend web code to be able to contain secrets.

[Michael Flores]

I feel like moving it to open source would actually remove what little copyright protection is embodied by default in the expression of particular computer programs. Developers should be free from worry when releasing their programs that clear copies of significant portions of code will not be allowed.