Sent C&D on MIT Licensed Code

I was sent a C&D by comma.ai for “Trademark Infringement” on an open sourced repo.

“My firm is outside legal counsel for comma.ai (“Comma”). We are writing on behalf of Comma
to request that you immediately cease and desist from engaging in certain activities as further
described below.
In particular, we understand you are a user of Comma’s openpilot software (“openpilot”). We
further understand you have modified the software and are “spoofing” the speed of your vehicle
in order to manipulate the steering, while also discussing your modifications with other members
of the public and potentially offering to sell related services. (See attached Exhibit 1 and the
video at https://streamable.com/wz17vr.)
Representatives of Comma have previously explained to you, and the public, that your activities
in this regard are unsafe, dangerous, unauthorized, not recommended, and specifically
discouraged. (See https://medium.com/@comma_ai/safer-control-of-steering-362f3526c9ab) In addition, Comma’s Terms of Service specifically provide,
among other things, the following:
• “Access to and use of openpilot is at your own risk and responsibility, and openpilot
should be accessed and/or used only when you can do so safely.”
• “To the maximum extent allowable by law, you agree to defend, indemnify and hold
harmless comma, and its employees, partners, suppliers, contractors, investors, agents,
officers, directors, and affiliates, from and against any and all claims, damages, causes
of action, penalties, interest, demands, obligations, losses, liabilities, costs or debt,
additional taxes, and expenses (including but not limited to attorneys’ fees), resulting
from or arising out of (i) your use and access of, or inability to use or access, openpilot,
(ii) your breach of these Terms, (iii) the inaccuracy of any information, representation or
warranty made by you, (iv) activities of anyone other than you in connection with
openpilot conducted through your comma device or account, (v) any other of your
activities under or in connection with these Terms or openpilot.”
• “To the extent permitted by law, comma does not warrant the operation, performance, or
availability of openpilot under all conditions.”
• “By providing openpilot, comma does not transfer or license its intellectual property or
grant rights in its brand names . . .”
• “In no event shall comma, nor its directors, employees, partners, agents, suppliers, or
affiliates, be liable if you choose to modify the software.”
Comma recommends and requests in the strongest possible terms that you stop using openpilot
in the unsafe manner described above, and also stop sharing and otherwise promoting your
unsafe practices. Should any harm come to anyone or anything on account of your actions,
Comma will pursue all available remedies against you. Furthermore, you have no right to use
Comma’s name, or the name of its products or services, in connection with your unauthorized
activities, including your promotion of any products, services, or unauthorized uses of openpilot,
and Comma demands that you cease and desist from doing so. Comma and openpilot are
trademarked and you do not have Comma’s permission to use those terms.”

I removed the offending trademarks from my repo.

I love how its a thinly veiled threat to stop using their code. The only thing they can do is trademark infringement, which has already been rectified.

github is roxasthenobody98/phoenixpilot

First of all, I want to point out:
If a company tells you, that what you are doing is “unsafe, dangerous, unauthorized, not recommended” then you must be doing something right!

This is a joke, right? They are making themselves absolutely laughable. Please send this whole situation to the open source interested media!! Send this to the FSF, EFF, etc!! This is a great joke, which everyone should know about. Everyone has to know what BULLSHIT some companies try to spin off!

Precisely, this is what I would’ve told you to do, if you wouldn’t have already done it. Just remove all “Comma” references, that’s it. Other than that, you are free to do whatever you do!

Thanks so much for this post!

Disclaimer: I am not a legal expert, therefore all my law related advice is automatically a layman’s advice.

I opened a discussion about this topic on comma’s openpilot forum. I made clear from the start, that if they delete this thread, I will spread the message everywhere, regarding what they did.

The whole day nothing happened, as long as I stayed vague. However, as soon as I put in some evidence which clearly shows, that comma.ai indeed bullshitted you, immediately some comma.ai Stasi guy arrived in the thread, said that you should 1. follow the request you received 2. contribute to vanilla openpilot, instead of making your own fork.
This was, as was fully expected, the last comment, before the thread was deleted.

Of course, part of my preparation wasn’t only the warning about what would happen on thread deletion, but also that I have all e-mails regarding this topic still saved. So I have the evidence to prove, that they deleted the topic and are afraid of bad press. I also created a lot of screenshots of the thread and its comments. No way for denying that.

They want bullshit – we will give them bullshit.

P.S.: I think @Andy2 can write whole book about being silenced in a closed community, which is afraid of criticism against their leadership.

Contribute to vanilla openpilot. Wow, that’s a good one.

Can’t really do that when my control method is “egregiously unsafe”.

I’m supporting Fords. They don’t support ford. They never will. The only way to do so is to EPS Spoof and use parking mode. I’m not trying to make code that is unsafe. I do everything in my power to make it as safe as I can make it.

Considering companies like Dataspeed, Argo and Nvidia use this method, I’m fairly confident what I’m doing can be made safe.

These are even more reasons for having a separate fork! Their behaviour is truly ridiculous. How do they expect to have a successful and good project, which helps a lot of people, if their behaviour is unacceptable in the way described?

I deeply wish you and your project the best. May you and your project thrive, as much as possible!

I also wanted to add the following:
I do not understand why they think you are “promoting” anything, when your repository does not even have a README file or openable issues. To me this is a clear sign of “use at your own risk” and of no promotion at all. That’s why I find it even more ridiculous, that they display your work as if you are purposefully trying to harm as much people as possible. Now how would that be possible without any explanation to people not knowing the project…

I’m not trying to make code that is unsafe. I do everything in my power to make it as safe as I can make it.

My guess is they are upset when you make statements like this, but you explicitly disabled the safety checks in the component of the system that is supposed to enforce safety

I presume this was necessary for the new implementation to work. Otherwise, there would be no reason for a developer to waste their time on removing something that is not worth being touched.

However, I am sure @roxasthenobody98 has a definite explanation for that.

All the panda file does is check if the message being sent is the correct message ID.

Currently, the angle limits and ROC are in selfdrive/car/ford/carcontroller.py

Yes, as listed in my projects, getting the angle limits, message checks and everything else in panda is a point im working on.

That’s the only reason panda is set to always transmit the message. For devel.

All the panda file does is check if the message being sent is the correct message ID.

My understanding is those safety checks you disabled are at a minimum the emergency stop switch (bug in your code? press the brake and it stops controlling your car immediately)

So all I am saying is I can see why they seem to think you are kind of disregarding safety when you disable things like this (and want as much distance from you as possible if an accident happens) when you make statements like this:

I’m not trying to make code that is unsafe. I do everything in my power to make it as safe as I can make it.

I am admittedly skeptical in the first place, though, of letting a cellphone drive someone’s car at highway speed, so eliminating whatever basic safety they do have in the device that is suppose to enforce safety (outside of the cellphone) is scary to me.

Well, even if we hypothetically assume, that it is unsafe in the ways you describe and ignore the fact that this is mainly set for development purposes, then there is still the following issue:
@roxasthenobody98 rightfully forked an MIT licensed software’s source code.
He can do whatever he wants with it.
Same goes for potential users.
If a grown up decides, that they want to use this software, which is supposedly unsafe in the ways described, then its their decision to use it at their own risk.

The ultimate point is: comma.ai has no business in telling anyone what they should do with the code or not, as long as it complies with the MIT license, which it absolutely does.

If they don’t like people forking and contributing, then they should change the license. Simple as that.

The disengage on brake is enforced inside the os.

Panda only enforces if the message is able to be sent. Other things can be put there too.

Want to chime in here because I know a lot about this situation!

Before I start, I want to say shortly what openpilot is before going in. To sum it up openpilot is a MIT licensed open-source level 2 driver-less software that runs on Leeco Le Pro 3 smartphones, and OnePlus 3T’s. It was made by George Hotz, and is listed on GitHub. Now onto roxasthenobody98’s situation. I will try my best to make a TL;DR so this story isn’t too long

Comma.Ai get’s a 2018 Ford Fusion, and attempts to create a port of this car to work on openpilot
Comma.Ai realize Ford’s have something called a “lockout”, locking openpilot out from working after 10 seconds
Comma.Ai are too lazy to look further into way’s to solve it. Sell there Ford Fusion and give up on Ford vehicles
Roxasthenobody98 creates a fork of openpilot for his Ford truck, and he too is experiencing this 10 second lockout, stopping openpilot for working more then 10 seconds on Ford vehicles
Roxasthenobody98 for months on end tirelessly works on a way around this to help the people who have Fords, and want to use openpilot on it.
He find’s a way around it about a month ago. YAY!
It is done by sending a spoofed message to the EPAS on Ford vehicles.
The EPAS is responsible for a lot of things on your vehicle. Self parking, electric power steering, lane keep, and so on. His message specifically focus’s on the self parking portion on Ford vehicles.
When Ford’s are self-parking they have no lockout! But self parking on Ford’s only work under 7 MPH.
So for example: roxasthenobody98 trick’s the EPAS by sending a signal to it, making it think it’s going 7MPH when it’s actually going 75MPH down the highway.
Roughly 3/4 of self-driving companies out there use Ford Fusion’s, and some of them use this spoofing method, (like Nvidia’s self driving platform).
George Hotz (GeoHot) find’s out Roxasthenobody98 is performing this spoof hack on the EPAS.
George Hotz argument is by spoofing the EPAS self-parking, the vehicle can encounter a MPC glitch, and apply too much torque on highway speed, which can cause the vehicle to crash or flip by making a sharp turn.
roxasthenobody98 tries to explain to GeoHot he has a safety protocol in place to prevent this from happening. And has made sure it does not have access to this much torque, and has a shut-off function built in.
Instead of George Hotz listening to roxasthenobody98, George insults him, bans him from a Discord server centralized around the development of openpilot, and blacklist his fork.
Furthermore George Hotz contact’s his lawyer, gives roxasthenobody98’s personal info out that was collected from using there services, and send’s him a cease and desist.

Why if Comma.Ai are so worried, not develop a safer way? Why would a company send a cease and desist for something listed on GitHub that’s subject to the MIT license?

In my opinion this is a attack on opensource software, a attack on the opensource community, and a total disregard for the MIT license. Most of the community is upset with George Hotz but to scared to stand up to him. (PS. Sorry for grammar mistakes, English is not my main language)

@OpenSource

Thank you so much for this great explanation!

@roxasthenobody98 can you agree with it?

This is precisely how I see it. Thank you for the great explanation and summary of the situation!

Look, we are getting off topic here, but the safety check was also in this “Panda” before you disabled it, and my guess is you will be adding it back.

You can’t say “I do everything in my power to make it as safe as I can make it.” but then disable safety code, and this makes it clear some of the safety is coming last (since you already have it working?) doing everything you can to make it safe would be doing the safety first, right?

I agree they can’t tell you what to do with the code, I am just pointing this out because SOMEONE will and it only hurts your case!

I couldn’t do panda safety until i got it working.

Now that it’s working, I can do things to further increase safety.

You are killing your credibility here. The brake check you disabled, for example, is a simple/standalone check - a message indicating brakes active = disable sending messages and control.

Same thing I said before, statements like this are only hurting you! I bet money they will attack your credibility! I’m just playing devils advocate, don’t let them pivot this into “crazy guy thinks what he is doing is safe even though he unnecessarily disabled critical safety checks” when we all know that you have every right to do whatever you want with the code and that should be the focus.

Thank you for trying to help us understand. I think, there should be a simple solution to all of these issues:
This Ford-compatible fork is currently Work In Progress and in alpha version. Some safety measures are not fully implemented yet, therefore it is discouraged to use this software in its early stage. When the project has matured and all necessary safety measures are implemented, then it is as safe as the original openpilot software.

I would append a disclaimer of such type (of course, details should be changed, if necessary) to the project. Then it would be clear to everyone, that of course this is still WIP, so one cannot assure that all safety checks work perfectly, as in the original openpilot.
(Though, I think this is self-explanatory, anyway, to anyone who would try to use this software. Any sane person would, if they really want to use it right now, at least ask the author, if the software is completely ready to go…)

That said, this whole safety checks thing does not change anything about what comma.ai is trying to do here. They are accusing this developer of purposefully trying to harm random people. This is an insane accusation, as the developer tries to create an openpilot-based solution for Ford, which is not an easy task. So of course, during development, some past code changes may be (temporarily) reverted, to allow the development of Ford support. Therefore, I think there are good reasons for disabling things, as long as you are figuring out how to make this software work the best way possible. That’s a plain normal development process, nothing unusual about that. (It also does not make sense at all, to build in all security in any software, before you can get it even starting or to work… What should the security protect, when there is no software behind the protection…)

To me, this whole time, reading what comma.ai has written and said, it is clear to me that they are actually not interested in safety but a single thing only, as every company: money.

They say “if you promote your ‘unsafe’ fork, then people will blame us”.
Now, when their company is blamed for unsafety and its consequences, they obviously will have reduced sale numbers.
So, all they care about is MONEY. (Just as every other generic bullshit company like comma.ai…)

This means, if they cherry pick the stuff you rightfully mentioned, then we still have enough argumentative ammunition against them, as they are clearly just out for the bucks and hiding this desire to by pretending it’s about tHe sAfEtY Of oUr cUsToMeRs.
I’ve heard that phrase every single time there was a political debate about the right to repair. All those Apples, John Deeres and other shit asshole companies try to justifiy their inacceptable SOB behaviour with sAfEtY, bla bla. Even though, there is nothing safer, than an independent repair shop, like the one Louis Rossmann is running.

As far as I understand the history of openpilot, Comma started this project as a commercial closed source application running on a specialized device with the aim to provide better and updateble driving assistance than what might be built into cars by manufacturers. Due to legal problems, they open sourced it in 2016.

This, of course, makes @roxasthenobody98’s hacks/improvements completely legal, though not the use on public roads. Comma has definitely no interest in the open source project in itself, besides from harvesting contributed code for their new projects. The MIT license explicitly allows the reuse of user contributed code for commercial closed source products. The cease and desist order is obviously complete bullshit, as under this license everybody is free to modify the code as she sees fit.

However, as @freeman wisely pointed out, it can be understood that the company has a certain interest in managing the project. Despite being open sourced, it is still somehow associated with Comma and every accident which involves a vehicle steered by a device with openpilot software would probably negatively impact their reputation.

Ford, on the other hand, follows a similar approach. With their blocking of third party applications interfering with the vehicles’ steering at velocities above 10kph, on one hand they reduce the chances of one of their cars getting involved in fatal accidents with all the possible negative publicity effects whilst on the other they keep the business of selling advanced driving assistance systems for their cars all to themselves .

Now, to the project and the hack itself: Cars are very powerful and dangerous objects. Thousands of people are killed every year by people handling them - far more than by devices intended to do people harm (guns). Car electronics’ safety measures have to be highly redundant. What can happen if redundancy of inputs and security layers are reduced in favour of offering additional features became very clear with the catastrophical disaster of Boeing’s 737MAX in aviation.

I personally wouldn’t trust a device that also runs other applications with the steering of the vehicle. Whilst a mobile phone might be used as the platform for driving assistance software, as long as it also does other things, like receiving messages or playing music, I would never allow it to interfere with the car’s driving assistance systems, at least not at speeds superior to a pedestrian. Doing otherwise, I’d consider playing Russian Roulette.

On the other hand, I was surprised to see Python code meddling with the car’s internal electronics. Whilst the use of Python might be appropriate for the AI’s learning components, I consider this to be a very bad choice for actually implementing assisted driving. In order to ensure proper real time responsiveness and controlled multithreading, I believe that such implementations should be done in C/C++ or possibly in Rust or Go.

Just my 2¢

Interesting insight. This also explains their anti-open source behaviour.

I think this summarizes the mindset of comma.ai, Ford, etc. perfectly and fully enough.

That’s also a point I have mentioned: every person allowed to drive a car alone is in all countries I know already legally considered a fully responsible person. If you decide to use the software or not, is entirely up to you.

Rust only!!

It’s the safest and in my opinion best one of those mentioned.