> The team that made dataroom has stated that they did not use any of papermark’s code and that dataroom was made from scratch with inspiration from existing document sharing softwares, and that this post’s allegations of us stealing code are false. [...]
The screenshots clearly show they copied whole pages verbatim, both design and texts. The founder, Nico Laqua, basically responding with "we didn't copy _code_" and not taking any responsibility says a lot about his and his company's moral code. It might not be enough to get sued. That doesn't make it right.
I wouldn't be that surprised if Nico genuinely thinks "we didn't copy the code" is a reasonable defense. It would be a clear cut rule, and extreme "shape rotator" types often have trouble with the fuzziness of things like law. In reality, copyright infringement is often more like the porn test, you know it when you see it.
It had to look that slang up: https://roonscape.ai/p/a-song-of-shapes-and-words.
> ...often have trouble with the fuzziness of things like law. In reality, copyright infringement is often more like the porn test, you know it when you see it.
I'd say it's more like the fuzziness defeats most of the software-style "exploits" those types gravitate towards. The edges of the laws aren't impossibly sharp and executed by dumb machines, so you can't sneak though "gaps" that would be there if those things were true.
For instance: you can crash a machine by DoSing it, but you can't crash a court case the same way: the judge will look at you and your truckload of motions and hold you in contempt.
https://en.wikipedia.org/wiki/Sovereign_citizen_movement
> Another common belief among sovereign citizens is that they can opt out of the purported contract, making themselves immune from the laws they do not wish to follow, by declining to "consent": when confronted by police officers or other officials, sovereign citizens typically attempt to negate their authority by saying, "I do not consent"
Like, why would this be true, and if it was, why would law enforcement and courts go along with it? I find it very odd.
Calling yourself a sovereign citizen will get you nowhere. Saying "I don't consent to this search" will not prevent a search. But it will allow you to get anything found suppressed, unless a judge decides there was probably cause or the body cam happens to fail and so there is no record of your refusal.
They don't want to deal with it. If someone has one of those SovCit license plates, you know pulling them over is guaranteed to result in frustrating verbal sparring match, which may result in the cop giving up (which is then shared as evidence for the SovCit movement's effectiveness!), or may escalate to a physical altercation.
Whether or not the SovCit practitioners understand that's what's happening is anyone's guess.
Probably more of them don't understand. I am very unfortunate to have one in my extended family, and they have fully lost their grip on reality and basic cause-and-effect. They skate by most of the time, which reinforces their beliefs, and then once the pile gets large enough, the whole thing collapses on them, and then cycle starts over.
Steel-manning the sovereign citizens movement (which I don't believe in): they believe authority comes from the consent of the populace, which is a true statement and in many countries founding documents, they mistakenly think that means the law doesn't apply to them when they as an individual do not consent.
They basically don't get that democracy is the tyranny of the many.
I mean, not to nitpick, but isn’t endlessly filling motions a often-used method to deny justice and avoid consequences, especially in the US?
If AI can’t make them recognize a work life balance has value then it’s easy to see they don’t believe the “force multiplier” BS they are peddling
Silicon Valley is just so disconnected from reality.
Normally getting insurance from a startup like Corgi would be a very bad idea because what’s to say they’ll be able to pay out claims? I assume other YC startups are happy because a) they can’t get insurance anywhere with good underwriting b) they figure YC will bail Corgi out when it goes wrong because seemingly every YC startup depends on them.
https://en.wikipedia.org/wiki/Risk_retention_group
“Policyholders should be aware that certain Specialty Insurance Carriers may not be admitted insurers in the state in which the insured risk is located. Policies issued by non-admitted insurers, risk retention groups, captive insurers, and certain other Specialty Insurance Carriers may not be subject to all of the insurance laws and regulations of your state. State insurance insolvency guaranty funds may not be available for policies issued by non-admitted insurers, risk retention groups, captive insurance companies, offshore insurers, or other non-admitted Specialty Insurance Carriers. In the event of the insolvency of such a carrier, policyholders may not have access to state guaranty fund protection and may bear the risk of the carrier's inability to pay claims.”
Actually normally it’s fine because it’s rarely the startup selling insurance who’s doing the underwriting.
Corgi is more worrying because they’re (apparently) underwriting too.
A rare but sensible insurance tech startup would use external underwriters and reinsurance and provide insolvency protection.
Corgi doesn’t have any external underwriters, doesn’t have any insolvency protection, doesn’t have any reinsurance.
I think they’re bad on all 3 points, not just the underwriting?
It's all virtual valuations. The stock market is poison but most people on here won't admit to that because they have their own interests in it. What a joke our species is lmao. We're still grabbing big sticks to hit each other with and worrying about our neighbors coming to take our rocks because we're all just monkeys still, even though we pretend we're not.
Not after all the SpaceX "settling": https://www.forbes.com/sites/mattdurot/2026/06/24/elon-musk-...
[1]: https://www.ycombinator.com/companies/corgi-insurance/jobs/X...
[2]: https://www.ycombinator.com/companies/corgi-insurance/jobs/Y...
Mostly because open source projects rarely sue. If you did this to a more litigious company there's a decent chance they would sue, and I'd give them about a 50/50 chance of winning.
Hard to say whether this would be ruled as copying the creative and artistic elements, or just the methods of operation. Copying features is fine, wholesale copying UX quickly becomes copyright infringement
Perhaps that’s enough for them. Legal gray area worked for Uber, AirBnB and many more.
As a consumer in not happy though, I don’t like incentivizing companies with such creative approach to law.
That would be my cynical response.
Parts of pages. Look at the screenshots. The wording is different between the pages.
I don't know whether that's what happened here or claim to know exactly what the constraints of IP law for this specific instance are, but "some stuff was changed" does not necessarily seem sufficient as a defense in general. Depending on the exact type of IP law that covers this there are questions like whether the changes were substantial enough to make it an original work or whether the way that the old stuff was used constitutes fair use.
Which goes to show there was never any original work to fallback to.
"See, if I remove the detailed descriptions - and the LLM regurgitated the rest - nothing will have been copied."
Some people really want to defend "build me a copy of thing because I don't like the license" to be acceptable behavior.
The design is shadcn – which is an MIT license - very very popular design system. The text is pretty standard to what I'd expect with any DD solution.
The comment clearly says “Mirror’s the reference design’s”
I don’t know how they could try to spin that as anything other than having an LLM launder someone’s code as a “reference design”
Even if they try to argue that the “reference design” was Figma, the identical copy means they had to have copied Papermark into the reference design.
The fact that they’re refusing to back down and admit they made a mistake is not a good sign for the company. I would not want to be one of their clients when it came to trying to dispute something.
I wish this were true, but the current political and corporate climate is that nearly anything is justifiable as long as you win, where winning is money or power. Fraud, corruption, extortion, etc.
> I would not want to be one of their clients when it came to trying to dispute something.
I find most b2b transactions are hostile, and the purpose of sales or customer success is to smooth over the hostility. Tremendously more true in the B2C space, and only accelerated by the aforementioned political and corporate climate.
In other words, as long as their staff is charismatic / crafty enough, this “scandal” will slough right off.
If they refuse to back down and won't admit errors on something this obvious, I would not want to be dealing with them on an insurance claim.
The Discoverable Evidence of AI-Assisted Software Porting
https://williamcotton.com/articles/the-discoverable-evidence...
You’re sharing your entire code base with a 3rd party you have to trust not to train on it.
If they do your competitor’s just to ask it to produce something using your business as a reference.
Good luck taking that one to court considering what happened to the publishing industry.
As an aside thought not related to the thread: Is it my perception or people are getting more used to not only vibe code things from existing solutions/projects but also "steal" open source code and do whatever the heck they want without complying morally/ethically/legally to the whole premise of open source?
I have the feeling that more than ever open source violations are flourishing everywhere without any major legal consequences.
yes. it's way easier to do now. edit -- plus a lot of new ai-only entrant devs don't understand/care that foss is about freedoms rather than free as in beer.
i work on a GPL3 library that parses a hardware audio sampler's binary data files. someone built an app so people can do "stuff" on top of my library, following GPL3 license.
someone recently posted an entirely vibe-coded clone of that app, full website with purchase links for $60 odd. completely obvious clone too; the UI was exactly the same minus the different colour scheme. no GPL3 conditions adhered to at all. mods delisted the thread. banned the clone's dev. forum community expressed their support for the original app dev. dmca takedowns were sent out. clone's website went down a few days later.
the original app dev was lucky there's only one main forum where people post things for this manufacturer, and the mods hate ai stuff too, which is kind of ironic cos the original app dev vibe codes all his stuff lol. without that forum and those mods, the original app dev would have been fucked tbh (and so would i as the GPL3 library maintainer).
centralization has benefits... without that, the only alternative i see is a mass movement where everyone goes closed source to force a conversation about respecting the work of others. we've been running on an honour/community backlash system until now.
Identify a one-feature app that (supposedly) makes money and vibe it up. Done is your "I vibe coded a 10M MAU app in 40 minutes" vid.
From crypto to NFT to vibez. Rotten to the core, the difference is that this time around LLM are actually useful in some areas.
>the people who made fortunes during a gold rush weren't the miners, but the ones selling the shovels
Move fast and break things have changed to be about technology and it is now about the law. Uber popularized the trend, now everybody does the same. AI breaking copyright law is just part of that trend.
With the new "laws are for losers" mentality we are in for a hard time.
Add to that the fact that anyone can simply do what they want with the bits on their computer, and sharing anything over the internet means giving them a copy of those bits, the technical barriers are gone too.
This isn't a value judgement just an observation.
Papermark is an open source alternative to DocSend. Papermark is very popular, as it is a much more cost effective alternative to DocSend — self-host or hosted.
Corgi is a YC backed insurance startup that sells insurance to other YC startups. Nico is a founder. Recently they raised $100m at a ~$3bn valuation. They’re one of the darlings of YC right now, endless fawning over them.
Since insurance underwriting involves lots of documents, Corgi were paying Dropbox thousands of dollars per month for DocSend. For some reason, Corgi ostensibly formed a team of 12 to build their own DocSend alternative, called Dataroom. And Corgi decided to make it into a SaaS product, pitched as a cheaper DocSend from just $10/month, in an already crowded space.
Papermark noticed immediately that Corgi’s Dataroom used a lot of identical language and structure that Papermark’s open source product does. Papermark assumed that Corgi had taken Papermark’s work without attribution. Corgi have denied it, claiming it is just a coincidence that there are word for word matches between the products.
Another YC startup, Delve, got caught doing what Corgi are accused of (and much more) which led to their removal from YC.
I'm not up to date on Corgi, but from what I was reading about Delve, it was the "much more" (fabricating SOC 2 and ISO 27001 compliance) that caused them to get into trouble.
That's like, nothing, for a company in the insurance business valued at 3b
A startup raises ~$100m at a ~$3bn valuation and forms a team of 12 employees including their Head of Operations to build a clone of a product they pay less than $1,000/month for while they have more than 50 open roles they are hiring for.
Hmmm, yes, a very good use of available resources.
https://xcancel.com/SergioGarc20223/status/20702512486962956...
Delve’s first drama was around copying from other startups, it was later that their betrayal came out. Corgi is currently at the copying from other startups stage… one might choose to believe there is a path they’re following rather than this being a one off.
For example, I outlined in another comment how their product is not what it seems, it is not traditional insurance, it takes advantage of an esoteric piece of insurance regulation. They’re doing very aggressive underwriting without any of the traditional insurance regulatory protections applying to them.
https://news.ycombinator.com/item?id=48672328
Someone might believe that their conduct + very high risk product + exposure to a large number of YC companies means they’re very similar to Delve.
Plus the founders are at the top of another funnel… Forbes 30 under 30. 30u30 is practically a kiss of death.
elsewhere; "Laqua, whose father is a lawyer for an insurance company"
lol
The decline in the quality of YC's founder pool and founder reputation is tarnishing its brand, but I doubt anyone there realizes it, or is willing to publicly admit it.
It’s egregious that a portfolio company passed off clear AGPL code as its own and doubled down on defending their actions when there was clear evidence showing that they had indeed copied the code. Any well-meaning person should call this out, including anyone who cares deeply about YC and its reputation.
If a founder is willing to lie about something like this, imagine the other things he would lie about?
Posted 7:52 am
https://x.com/i/status/2070158170937581951
Ahhh, that explains now why working 7 days a week is necessary for this Manhattan-project-level startup, he's not ‘Grindmaxxing’ by waking up with the 5 AM club every day!
(Context for folks not terminally online: https://x.com/i/status/2061139112426623054)
1. no code was manually copied by a developer, and
2. all software in the same space copies off of each other
But the big giveaway here is the exact same layout/copywriting on both products. Telling an LLM "write this product and build a 1:1 clone" is still copying by all sensible definitions. The fact that he argues nothing was copied is ridiculous.
ShadCN is the most popular design system that AI automatically reaches for 90%+ times on its own. It's also the default most platforms like lovable, etc.
You would be very wrong in this argument. It's extremely well-established that corporate verbiage and UI are subject to copyright.
They want the tweet alleging copy to be deleted.
I guess when you're working 7 days a week you've gotta find something to fill the time with.
You have to share the source code even when the user interacts over the network with the software.
The project which uses that code, must also be AGPL,
There are ways to separate it and go around it, for example, using an AGPL auth server shouldn't affect the code where your business logic lives
I am sure they could have found a way to design their product to be compliant, especially following past drama.
This is assuming the code is indeed copied, since we don't know that for sure, it does look very similar but I am not sure how that is enforced
Their defence seems to be "well we asked an LLM to reproduce your work, so 'WE' never copied your code". Smells bad to me.
everyone steals, you are a loser if you do it slow. just open the front door and take their tv.
> This action cannot be undone
> Freezing is reversible from this page
I assume being irreversible is an essential part of the freezing feature.
> Hey Nico,
> It looks like you didn't vibe code your data room but stole it from Papermark's open source and enterprise-licensed code.
> We demand you take this copyright and license infringing product down immediately.
> It's not moving fast and breaking things, it's fraud.
> It makes the rest of your business questionable and the YC community look terrible.
Not getting your magic text generator to reword the copy for you is just sloppy.
Clearly, "the community" is not all on X. If it were, why would we be having conversations here on Hacker News?
Anyways, the real answer you'll still see some X links here is that
1. A not insignificant amount of people in our industry are aligned with the X CEO and the positions he expresses through his accounts, Grok, etc., and
2. Pornography
I wouldn't bet on small scale software defensibility in the future. Just being practical...
“Team effort”
“:praying-hands (x2)”
And so on… The audacity and complete shamelessness…
I wonder what narrative they tell themselves.
Surely UI enough isn't enough to prove that source code was plagiarised?
In the event Papermark chooses to sue how will the defendant defend themselves short of presenting their own (possibly) closed source?
I am curious if/how YC will handle this to get ahead of earning a reputation of being a den of scammers - a few months after the Delve scandal
flock is a YC company, so it's pretty clear that YC does not care about a negative reputation. as long as it makes money, nothing else matters.
Perhaps not what the general public thinks, but I assume YC cares a lot about its reputation among VC firms that fund its companies, because VCs don't like being scammed (directly, or indirectly through unknowingly funding scams)
For example only yesterday I got spam from an YC company, Polymath, and I replied back asking where they got my details from - no response yet. Once I get something I'll make a GDPR subject access request, then a deletion request. I hope the overhead of that causes them to rethink their spamming campaign.
But I'm not going to complain to YC about it.
My comment was not about doing a generic bad thing - it was about scammy behavior in particular (which ties to the Delve incident). YC depends on the VC ecosystem to fund its companies, and no VC wants to be scammed. If a reputation of cultivating/condoning/obliviousness scammers takes root, that would be bad for business.
> But I'm not going to complain to YC about it.
I am not complaining, or even expecting a moral decision. I'm legitimately curious how this will shake out, for purely capitalistic, reputation-management reasons.
Now, INAL of course, but I would think this sort of mechanism would be quite gameable from both sides ( i) a wealthy competitor legally forcing a promising upstart to reveal source ii) a copycat working out some kind of arrangement where the code itself is licensed to them via shell company based overseas.)
If someone is trying to dig into their competitor's trade secrets via discovery, the court offers multiple ways to safeguard against that. The defendant can identify information as a trade secret and ask that it be protected in some way - for example, the documents may be restricted to "Attorneys' Eyes Only", so while the plaintiff's attorneys can review the material, the plaintiffs themselves are barred from reviewing it. Or the judge themselves may get involved in an in-camera session.
If I were them, I'd have changed copy and probably done some internal testing to smooth rough edges/improve where needed but sounds like they're moving as quickly as possible.
If they did just copy paste code, straight to jail...
once the money dries up, these people will be on the next 'wave' without retrospective of what led to failures before. the past gets buried like it never existed.
"This ain't what a C&D looks like. Implies you don't actually have a leg to stand on. Upload a copy of your official legal demand (from a lawyer) or I'll forever see your company as one who attempts to bully the competition in public"
-- https://xcancel.com/jacobhartmannx/status/207012600834729596...
Is this just trolling?!
Besides - who is this guy, and why does he think he's owed sight of any legal paperwork?
> THIS GUY ONLY WANTS 7 DAYS IN OFFICE.
> At @IronGorillaAI, we run on the French Republican Calendar.
> That’s 10 days a week.
> We mandate all 10 in the office.
> No hybrid. No remote. No negotiations.
> If that sentence triggers you, you were never built for this anyway.
The lack of understanding of copyright on HN does astound me, however.
This isn't a case of convergent design (OpenOffice vs. Microsoft Word), this is identical word-for-word with a simple s/room/dataroom:
> When enabled, folders uploaded to Rooms will be mirrored into 'All Documents' with the same structure. When disabled, all documents will be placed in a single folder named after the Room in 'All Documents!
> This action cannot be undone. - All documents and folders will be permanently removed - All links and viewer access will be revoked - All analytics, audit logs, and Q&A data will be lost - Group permissions and branding will be deleted
Those are clear copyright violations.
Similarly, trade dress and trademarks are related but different, and in USA most Trademarks™ are not Registered® (although to get ® you generally use ™ along the way), and most trade dress is not either.
See also:
- clean room design: https://en.wikipedia.org/wiki/Clean-room_design
- trade dress: https://en.wikipedia.org/wiki/Trade_dress
Amusingly, the packaging of a dress is trade dress, but the dress design itself isn't protected.
The meme keeps on memeing.
Just ban users who comment without reading, I think that would go further to keep the quality of discussion high.
The number of bots/trolls responding to the title without reading the content and missing the point entirely is astounding, honestly, and I don't think any of those posts are contributing to high quality discussion. We could do without those users.
"but but but I can't/won't open twitter links" - then don't flap your yak-hole. Ignoring for a moment that the content has been reproduced in full in this thread, and another user has provided an alternative xcancel link.
An honest title would be “Corgi didn’t vibe code it, they stole Papermark’s AGPL code”.
Sure, people should read links, but when a writer posts ragebait for engagement, there’s plenty of blame to go around.
I was mostly fighting the title character limit
The paraphrase is doing a lot of heavy lifting to convert it to ragebait. Had the OP gone with something like "you didn't vibe code it, you plagiarized Papermark's open source project" (may need some editing to fit under the character limit) it would have at least been more true to the original tweet.
If you come to book club without reading the book, and you derail the conversation into something completely irrelevant, you're not getting invited back.
Naturally LLM technology has moved on since then. I don't remember any recent word for word reproductions of a copyright license.
There are a lot of people lauding the technology though because it occasionally one-shots a wildly impressive example of something which...already exists.
FOSS licenses were obviously written in the spirit of sharing with humans. Some later licenses made the license less amenable for sharing with corporations because some authors didn't feel like they were being treated fairly. Some authors today have similar feelings about their code being used by Gen AI. It is perfectly fine for authors to want to place restrictions on how they want others to use their work.
> Step out of the FOSS swamp, step in to human dignity.
What is that even supposed to mean?
In fact I seem to recall FOSS advocates denouncing licenses that put limits on who could use the software or for what purpose. This “it was always only for humans” take is new to me.
Surely it's always been obvious that the person doing the sharing is the one to decide on the terms of the sharing? Maybe I want to share my cake with you but not with someone I don't like? How is that not my decision to make?
I'm absolutely fine with people having different sharing philosophies. Different licenses with different nuances are a thing. But I don't like this take that everything that was shared is automatically retconned to be included in AI training data. That's not the spirit in which I shared my stuff. Maybe that's the spirit in which you shared yours, and I respect that.
That may be true, but I don't think it's obvious. What don't I know about the history of OSS?
Not humans who are using AI tools?
Software developers should charge a fair price for their products from their users. That's dignified and beneficial for everybody involved. And it doesn't invite "code stealers" or anybody who wants to reap what they didn't sow.
Just like any type of work. Fair compensation is the key. Not working for free for people who don't care about you and then complain that they didn't give you anything.
The 'spirit of free software' is bullshit. It's software authoritarianism disguised as a noble cause.
Or... Be nice and ask. People tell u what to do. Don't be rude here.
I remember this Video editor software which didn't comply properly with OSS licence of FFMPEG(?). And people told author what to do. It's always cheap to be kind. Or win dumb prizes.
FOSS != public domain.
Yeah, that's nonsense - licenses exist precisely to solve this problem. Read up on it - do everyone a favor.
Thing is, everything AI produces is derivative; it cannot make anything truly original. Therefore widespread AI adoption will inevitably lead to scientific and cultural stagnation.
So we'll have our magic box that can perform our every wish. And we'll all be worse off for it.
Then it shouldn't reference AI or Vibe coding.
https://www.gnu.org/software/bison/manual/html_node/Conditio...
The most widely used definitions of “open source” do not allow such a prohibition.
> 6. No Discrimination Against Fields of Endeavor
> The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
I did choose the wrong word, though. Comply, not copy.
their comment still says "copy". the comment you are replying to clarifies that they meant to type "comply", not copy.
since the wrong word is still there, 'by definition' they have not edited it.
Though it looks like in this case they didn't do either.
A cursory look reveals they aren't complying. So, as you say, they are stealing. What's the point of this comment?
Competition would be if these people created their own software, possibly innovating and improving it in the process. That would encourage Papermark to improve their own offering, and would create an environment where these businesses are economically incentivized to improve the product or service.
Nobody is incentivized to improve the software in question here. If copyright law doesn't protect anything, then improving your product is helping the competition and potentially hurting your business. Same is true if you're the people who did the infringement.
What do you do for a living? For most of us in the tech industry, information being worth something (because it takes creative and intellectual labor to produce) puts food on our tables.
I have saved up a buffer in funds and bonds because it's going to be over at some point when the company moves from explore to exploit.
This would fall under patents (design patent at the very least), not copyright.
Furthermore, the English verbiage between the two are literally exactly the same. That's a clear copyright violation.
Both products are so incredibly derivative and boring that I find it very, very hard to care about this "case".
Clearly it should be an issue for the investors anyway as it “looks” like a copy in the tweet alone, it might mean this code will eventually become available from download to comply with agpl, which in turn wipes out any moat.