nips
nips copied to clipboard
nostr-protocol
NIP-110: license tag
This NIP defines how to add an MIT license to Nostr events in order to protect relays and clients from potential legal responsibilities for distributing the copyright-protected content.
Currently implemented at DegenRocket and SimplifiedPrivacy.
EDIT: it's better to use the CC0 license instead of MIT for general text as mentioned by @vitorpamplona.
Once AWS gets sued for distributing copyright-protected content from blogs hosted on S3 we should do this.
Wait, the text of this issue itself is not MIT licensed, and GitHub is distributing it, also I'm liable for having it in my computer's memory.
Having a tag for a license is fine and probably recommended for Long-form content, NIP-94, and the results of DVMs. But its main use will be to declare licenses that are not MIT, such as CC BY-NC for instance. Which is also fine. Clients can work to best show the usage limitations people might have.
I don't know what the other spasm fields are doing.
Having a tag for a license is fine and probably recommended for Long-form content, NIP-94, and the results of DVMs.
Exactly, the issue of licenses becomes more important when dealing with long posts, articles, white papers (cough wright cough), etc.
You're right, there were some discussions around using a license with file metadata (NIP-94), but I'm not sure how would that work since anybody can sign an event with a license and file metadata of a media file that they didn't create. Although, the same is true for a text event since anybody can copy-paste your text and attach any license to it by signing a new event, and it will be challenging to prove which event was submitted first since Nostr doesn't use any blockchain and timestamps can be manipulated. More feedback is definitely needed.
A few alternative solutions were proposed to this problem. I think, @rabble was suggesting to add a license on an account level (kind 0?) to save space in each event, but I don't remember the details and it's not clear how to handle a situation in which a user will want to use different licenses for different content.
But its main use will be to declare licenses that are not MIT, such as CC BY-NC for instance. Which is also fine. Clients can work to best show the usage limitations people might have.
Yeah, some devs were suggesting the same. We can rename this NIP from MIT license to license tag, but I would strongly recommend to add an MIT license to each event as a default one.
I don't know what the other spasm fields are doing.
You can ignore spasm fields, because it's just an example of how the MIT license tag is currently implemented in DegenRocket. The nostr-tools npm library doesn't allow signing of arbitrary messages like web3.js or ethers.js do, so spasm fields are used in order to "hack" the library and make Nostr events compatible with DMP, the original protocol used by DegenRocket. We can, obviously, use another example if this NIP will eventually be merged.
Once AWS gets sued for distributing copyright-protected content from blogs hosted on S3 we should do this.
@fiatjaf, I'd assume that it's sarcasm so moving to the next one.
Wait, the text of this issue itself is not MIT licensed, and GitHub is distributing it
Users agree to terms of service when using Github and other centralized platforms, so legal stuff is covered. Decentralized social media platforms can't use the same model because a message can be submitted via a client without any terms of service, so we have to come up with a better solution, e.g. adding a license to each event or adding some form of short terms of service to the account-level metadata event (kind 0?).
also I'm liable for having it in my computer's memory.
You can be held liable for copyright infringement for storing copyright-protected content on your computer in hostile jurisdictions if you obtained it without permission. However, nobody cares if you store that content on your computer, especially outside of western countries, but operators of Nostr relays don't just store the content on their computers, they actively distribute that content and some relays even monetize their services, which makes them vulnerable to legal persecution once adversaries decide to crack down on Nostr.
I would strongly recommend to add an MIT license to each event as a default one.
MIT doesn't work for general text. It's only made for software. Creative Commons is more appropriate for text.
But we should not have any default license. Clients can add defaults but it doesn't make much sense for a protocol to go either way. Let's not forget there is also public domain.
You can ignore spasm fields
Then just remove them
Once AWS gets sued for distributing copyright-protected content from blogs hosted on S3 we should do this.
This would happen if the data stored by AWS was copied to Azure and published. However, there is a type of Nostr relay that automatically distributes to other relays. Or when a user broadcasts.
Users agree to terms of service when using Github and other centralized platforms, so legal stuff is covered.
This is a little off topic, but Github's terms of service allow you to copy and display only features on Github, such as forking, but do not give you permission to modify other people's copyrighted works. No one will sue you, and I don't know if the text of this NIPs is copyrighted, but I think it's better to add a license to this repository.
MIT doesn't work for general text. It's only made for software. Creative Commons is more appropriate for text.
Great point, changed MIT to CC0 for this NIP and gonna do the same for DMP/SPASM.
Then just remove them
OK, removed all spasm fields.
Also renamed this NIP from MIT license to license tag.
I don't know if the text of this NIPs is copyrighted, but I think it's better to add a license to this repository.
The license section of the README file of this repo says that "All NIPs are public domain." Would that be enough?
The license section of the README file of this repo says that "All NIPs are public domain." Would that be enough?
Apologies - I don’t reed that sections of NIPs
Why would a tag in the event saying MIT be valid for legal purposes? Because it's written in this NIP?
What if instead of that we just write in the NIP that all content is published under the MIT license unless specified otherwise?
Why would a tag in the event saying MIT be valid for legal purposes? Because it's written in this NIP?
The NIP must have a list of licenses and their code names to be used. In that way, if an author uses "MIT" it refers to the MIT text in this repo. It's not super enforceable, but the author is making a reasonable effort to specify which license his/her content is been assigned to, and that "reasonable" disclaimer is what most legal systems need to make things minimally enforceable.
If we want to make this more interesting, we can point the license tag to a license event that includes the full text. Then, we could do this:
MIT License event:
{
event_id: "<hash>"
kind: 3235, // new license kind
created_at: Math.floor(Date.now() / 1000),
tags: []
content: "THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT W...",
pubkey: "<whoever wants to sign for this>",
}
Kind 1:
{
kind: 1,
created_at: Math.floor(Date.now() / 1000),
tags: [
[
"license",
"<event_id>"
]
],
content: "not your keys, not your words",
pubkey: "b0635d6a9851d3aed0cd6c495b282167acf761729078d975fc341b22650b07b9",
}
Including a full license in each event is quite enforceable everywhere.
At the moment of writing, a user who signs a Nostr event doesn't give an explicit permission for his content to be distributed without any restriction.
Actually, I believe you do. If you sign the event and publish it to public relays, you have already accepted that this information can, and will, be distributed to anyone at any time. If you want to post proprietary content, put it behind a paywall or post it to a private nostr relay.
Having a tag for a license is fine and probably recommended for Long-form content, NIP-94, and the results of DVMs.
Exactly, the issue of licenses becomes more important when dealing with long posts, articles, white papers (cough wright cough), etc.
A "free to take and relicense with whatever you want" style license like MIT might not be what you really want. Bitcoin was released under MIT and that didn't make Wright's case a non-starter.
If you want to ensure the content (and derivatives) is always "legal" to be used by anyone, and that no one can leverage the State's guns to prevent anyone else from using derivatives, then you should use a share-alike style license.
Once AWS gets sued for distributing copyright-protected content from blogs hosted on S3 we should do this.
@fiatjaf, I'd assume that it's sarcasm so moving to the next one.
I didn't read that as sarcasm but a valid point. Specific examples illustrating the threats people are concerned about would be useful in judging the effectiveness of the proposed solution.
Just to throw my oar in here, I believe the default for intellectual property is "all rights reserved", regardless of what the protocol you publish it to says. A license tag would be fine to communicate that certain content is licensed for re-use, but doesn't make sense for most things (e.g. it makes no sense for a tweet to be MIT). Also, if a license is included in a signed event, it's impossible to re-license. I would rather handle this with kind0 attributes (for example profile.nipxx_license: MIT), or NIP 32 labels.
The best way to deal with nonsense laws is to ignore them. And it is probably safe to ignore them if the entire internet has been ignoring them since forever. Like what if someone writes a comment on my 2005 blog post and decides to sue me for displaying his comment there? Wordpress should have a checkbox allowing commenters to license their comments as MIT and otherwise the comments are not listed? This is completely absurd to me and I think Nostr shouldn't promote absurdities.
Also, this comment is MIT-licensed. You may cite it, but you must give attribution and include a copy of the license.
Copyright 2023 fiatjaf
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without limitation in the rights to use, copy, modify, merge, publish, and/ or distribute copies of the Software in an educational or personal context, subject to the following conditions:
- The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Permission is granted to sell and/ or distribute copies of the Software in a commercial context, subject to the following conditions:
- Substantial changes: adding, removing, or modifying large parts, shall be developed in the Software. Reorganizing logic in the software does not warrant a substantial change.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
In order to have uniform names for the licenses, I would perhaps add a reference to https://spdx.org/licenses/.
Why would a tag in the event saying MIT be valid for legal purposes? Because it's written in this NIP? What if instead of that we just write in the NIP that all content is published under the MIT license unless specified otherwise?
I would rather handle this with kind0 attributes (for example profile.nipxx_license: MIT), or NIP 32 labels.
@fiatjaf @staab I envision social media to be protocol-agnostic in the future, so I'd recommend adding a legal protection in a form of a license to each signed event. However, if you prefer to focus on one protocol like Nostr, then there might be other solutions. We can definitely add to this NIP or to another NIP that all content is published under the CC0 (CC0-1.0, MIT, MIT-0, public domain) license unless specified otherwise, and we can even add more legal protections for relays, clients, and developers to the NIP. We can also hash the NIP or sign it as a Nostr event.
That said, we still need some form of a verifiable agreement to such a NIP (an analogy of terms of service) from each user either through a metadata event (kind 0) or a special event that needs to be submitted one time before starting using Nostr. Keep in mind, though, that such a solution would add an extra step to the onboarding process and it will require relays to check whether the 'terms or service' event has been signed, published and is stored in the database.
I feel like such a solution will need to have its own NIP called Nostr terms of service, because the license tag (NIP-110) can be added anyways since some users will want to publish the content under a different license than CC0, MIT, or public domain as mentioned by vitorpamplona and a few other devs. Besides long posts, articles, and white papers, the license tag can be useful for the Nostr-based code sharing platform.
@vitorpamplona that's a great idea. I'd still add a license identifier to each license tag (CC0, CC0-1.0, MIT, MIT-0, etc.), especially since some users will want to slightly change the text of the license in order to specify different copyright names the same as different FOSS projects have MIT licenses with different names and dates.
{
kind: 1,
created_at: Math.floor(Date.now() / 1000),
tags: [
[
"license",
"<license_identifier>",
"<event_id_of_license>"
]
],
content: "not your keys, not your words",
pubkey: "b0635d6a9851d3aed0cd6c495b282167acf761729078d975fc341b22650b07b9",
}
In order to have uniform names for the licenses, I would perhaps add a reference to https://spdx.org/licenses/.
Another solution proposed by @marek22k is to somehow referrer to the SPDX license list, but without relying on a web2 infrastructure (URLs). May be even mentioning the SPDX list will be enough (we need to consult lawyers for that).
{
kind: 1,
created_at: Math.floor(Date.now() / 1000),
tags: [
[
"license",
"SPDX-License-Identifier: CC0-1.0"
]
],
content: "not your keys, not your words",
pubkey: "b0635d6a9851d3aed0cd6c495b282167acf761729078d975fc341b22650b07b9",
}
Actually, I believe you do. If you sign the event and publish it to public relays, you have already accepted that this information can, and will, be distributed to anyone at any time. If you want to post proprietary content, put it behind a paywall or post it to a private nostr relay.
@0xtrr I don't think that that will fly in the court, but we should consult lawyers since none of us have enough background in the copyright laws.
And how can you prove that a user has submitted an event to a public relay by himself? For example, Grace can sign an event and keep it locally or submit it to a private relay, but then Mallory can obtain a copy of that signed event without Grace's permission and submit it to different public relays. Grace then can go around suing relays and even winning some cases by default when operators of such relays will decide not to show up in the court. Grace and Mallory can even secretly collude so Grace will have a legal reason to go after Nostr relays.
In the future, some relays might even choose a business model of collecting events from other relays and reliably distributing them at a very high speed for a fee, which will make them vulnerably to legal attacks unless we implement legal protections.
A "free to take and relicense with whatever you want" style license like MIT might not be what you really want. Bitcoin was released under MIT and that didn't make Wright's case a non-starter. If you want to ensure the content (and derivatives) is always "legal" to be used by anyone, and that no one can leverage the State's guns to prevent anyone else from using derivatives, then you should use a share-alike style license.
@gazhayes yeah, I thought about that case a lot. Would you recommend any specific license? The 'public domain' license used by this repo seems like a good option, but the concept of 'public domain' varies from jurisdiction to jurisdiction.
The best way to deal with nonsense laws is to ignore them. This is completely absurd to me and I think Nostr shouldn't promote absurdities.
@fiatjaf we're going a bit offtopic here, but sure. You've raised an important issue that using any licenses legitimizes all the nonsense copyright laws, which themselves are completely illegitimate since they try to derive its legitimacy from illegitimate genesis social agreements (usually called constitutions), which were not unilaterally agreed on, but were rather forced onto people by either the minority (an autocratic model) or the majority (a democratic model). And I'm not even talking about how certain adversaries love to exercise the extraterritorial jurisdiction and enforce their laws in other jurisdictions. That said, developing clients for iOS also legitimizes the Apple ecosystem, and yet the Nostr community promotes iOS Nostr clients.
The beauty of the Nostr protocol is that people can still communicate with each other using the same protocol despite strong ideological/political differences as long as all new features are backwards compatible, which is not the case with e.g. blockchains where we sometimes have to achieve consensus on breaking changes (hard forks) in order to solve the double spend problem. Eventually, some Nostr clients will add the license tag even if we don't officially include this NIP into the NIPs repo, the same as I've added spasm fields to Nostr events without anyone's permission. Some network participants will choose to resist illegitimate laws, while others will choose compliance and will try to legally protect themselves as much as possible, especially as they grow into serious businesses.
And it is probably safe to ignore them if the entire internet has been ignoring them forever. Like what if someone writes a comment on my 2005 blog post and decides to sue me for displaying his comment there? Wordpress should have a checkbox allowing commenters to license their comments as MIT and otherwise the comments are not listed?
-
All major social media platforms have terms of service that cover legal stuff, so the internet hasn't been ignoring laws.
-
Yes, any serious platform that gets enough traffic and uses Wordpress should consider adding legal protections, e.g. in a form of terms of service, especially if their users have a tendency to express alternative opinions to the mainstream narrative on the sensitive topics.
-
The environment is rapidly changing. In the last few years we've seen a huge push to restrict the freedom of speech all across the world and it's fair to assume that adversaries will go after censorship-resistant media platforms as soon as decentralized social media platforms will become big enough to challenge compliant centralized platforms.
Also, this comment is MIT-licensed. You may cite it, but you must give attribution and include a copy of the license. Copyright 2023 fiatjaf Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without limitation in the rights to use, copy, modify, merge, publish, and/ or distribute copies of the Software in an educational or personal context, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. Permission is granted to sell and/ or distribute copies of the Software in a commercial context, subject to the following conditions: Substantial changes: adding, removing, or modifying large parts, shall be developed in the Software. Reorganizing logic in the software does not warrant a substantial change. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
We can use a license that does not require attribution or the inclusion of the license in all copies.
The bottom line is that if we want to address this issue seriously and think about the long-term future of decentralized social media platforms/protocols like Nostr, then we should consult with lawyers with a strong background in the copyright laws of at least a few hostile jurisdictions where most client developers and relay operators are based in.
A "free to take and relicense with whatever you want" style license like MIT might not be what you really want. Bitcoin was released under MIT and that didn't make Wright's case a non-starter. If you want to ensure the content (and derivatives) is always "legal" to be used by anyone, and that no one can leverage the State's guns to prevent anyone else from using derivatives, then you should use a share-alike style license.
@gazhayes yeah, I thought about that case a lot. Would you recommend any specific license? The 'public domain' license used by this repo seems like a good option, but the concept of 'public domain' varies from jurisdiction to jurisdiction.
I personally use GPL/MPL/CC licenses, these are "share alike" which means companies can't use the State against you (the creator) like they can if you don't use any license or if you use MIT/BSD.
That said, and I don't want to discourage you, but I'm increasingly bearish on licenses and don't spend much time thinking about them anymore because the State and corporates just seem to do whatever the want now anyway, regardless of what their laws say.
I personally use GPL/MPL/CC licenses, these are "share alike" which means companies can't use the State against you (the creator) like they can if you don't use any license or if you use MIT/BSD.
@gazhayes can you explain and may be give more examples besides Cobra's case how adversaries can try to persecute you for the use of permissive licenses like MIT/CC0 instead of copyleft ("share alike") licenses like GPL/MPL?
In my understanding, GPL/MPL are copyleft licenses, so they require derivative works to be licensed under the same terms. GPL/MPL also require attribution and inclusion of the license in all copies of the work. That doesn't fit the purpose since the default license of text events on the decentralized social media should allow reuse of the text without any restrictions, and should not require attribution and inclusion of the license in all copies as pointed out by fiatjaf.
Here is my criteria for the default license:
-
it should be permissive instead of copyleft,
-
it should be applicable to plain text, articles, white papers, media, and software,
-
it should not require attribution,
-
it should not require inclusion of the license in all copies of the work,
-
it should waive copyrights to protect from copyright infringement claims,
-
it should waive patent rights to protect from patent infringement claims.
I did more research and it looks like Creative Commons Zero v1.0 Universal (CC0-1.0) mentioned by vitorpamplona is indeed a good candidate for the default license to reduce attack vectors. It seems like if the white paper is published under the CC0-1.0 license, it places the work in the public domain, allowing anybody to use, modify, and distribute the whitepaper without any legal restrictions. That should potentially prevent the author of the whitepaper from suing 3rd parties for hosting this whitepaper.
That said, CC0-1.0 removes all copyright restrictions on the work, so it won't fit all use cases. There should be an advance setting (e.g., in the account settings in the UI of the preferred client) to change the default license used in text events for a particular user.
Another valid option for a default license, which fits most of the criteria above is the 'Unlicense' license. It's used by a few popular projects like youtube-dl. That said, the 'Unlicense' license is criticised for being inconsistent and not globally applicable.
Problem: patent rights waiver
However, CC0-1.0, Unlicense, and Public Domain do not explicitly waive patent rights, meaning that the original author of the code that you use in your project can later claim that your project is infringing a patent he owns regarding the code. That was the reason for Fedora to drop support for the CC0 license.
In other words, I haven't yet find a license that will fit all the criteria above, including the patent rights waiver. I wonder if we can just create a new license based on CC0-1.0, but with a patent rights waiver.
For example, the Apache License 2.0 is a permissive open-source license that includes a patent rights waiver. The clause that provides this waiver states:
Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted.