Why don't you offer your services to the startup as a consultant?
Edit: Thanks for the downmod. Let's be clear, this is a legal situation that is ambiguous at best. If the startup has preserved the attribution (which seems to be the case or he wouldn't have been contacted) then it's entirely likely that they have not done anything wrong. These guys just got a bunch of money to work with this software; clearly having the person who wrote it would be a big help to their team. I'm not even suggesting joining said startup, presumably the author has other means of income. Consulting seems like the way to make the best of this situation, assuming that you can get over the idea that someone has "stolen" your code. I readily admit the notion that I could be mistaken; if you feel that I am, please comment instead of downmodding.
My biggest fear at the moment is that they will turn around in the future and try to take action against me. If they are telling others that they wrote the code, and if someone tells them about my code, i wouldn't want to face a legal battle. Maybe it's unfounded, but I'm still a bit emotional.
That's probably a healthy approach, especially if you're feeling emotional about the situation right now. There's definitely not a big rush.
Keep in mind that it is very unlikely they'll try to litigate against you——they're the ones who have the most to lose. Not only could they potentially have violated your copyright, but they also risk significant perceived damage (many VCs won't touch a startup in litigation with a 10 foot pole).
If they were just using the software and telling investors that they were using it under the Apache license, there would be no problem. The investor said that the startup is claiming they actually wrote the code.
If the group retains the attribution notices in the source code, hopefully this will be found when the VC does due diligence and then it's up to the VC what to do. If the group removed the attribution notices and you can somehow gather evidence of this, then they violated the Apache License and you should be able to sue. Whether or not this would be fruitful is up to whichever lawyer you contact.
Honest question: does throwawayvictim have an obligation to take part in that due diligence process by reaching out to the investors? Regardless of his own attachments to the code, and his emotional response to its false attribution - a response I think most of us would have, by the way - the investors "don't know what they don't know", and I think any good samaritan would consider it his duty to inform someone who is at a possible informational disadvantage, especially when that information could prevent the investors from dealing with a loss or a future liability. It also reflects the character of the startup using the code, an additional and relevant piece of information that the investor is disadvantaged not knowing.
Think if it in alternate terms. And, yeah, it's going to be highly contrived, but I'm trying to avoid overreaching the bounds of this metaphor. :)
Someone at a party you're hosting (we'll call him Stuart Upton) stole a car that you recently offered to loan to anyone who wants it, because - hey! - free car! You have an OBD key installed that lets you track it. You're not certain if they're intoxicated, or if they're intending to commit a crime, and there's a risk they could cause harm to person or property. You believe you know their destination, because they discussed going there to "have a chat" with someone named Victor Curtis (we'll call him "VC" for short) about some money they believe they're owed earlier in the evening.
Is it your duty to call up VC to warn him about his unexpected caller? That the caller has expressed a monetary motivation for his visit, and that he has taken advantage of your good will and stolen a car you were willing to loan freely to anyone who respectfully asked to borrow it?
> does throwawayvictim have an obligation to take part in that due diligence process by reaching out to the investors?
No, in fact he should not. The DD is the investors problem, not the OPs, if they do lousy DD, do not spot the anomaly and invest anyway at least he'll have a fat target assuming there is a case here.
> Regardless of his own attachments to the code, and his emotional response to its false attribution
False attribution by hearsay at this point in time, that's not actionable.
> a response I think most of us would have, by the way - the investors "don't know what they don't know", and I think any good samaritan would consider it his duty to inform someone who is at a possible informational disadvantage, especially when that information could prevent the investors from dealing with a loss or a future liability. It also reflects the character of the startup using the code, an additional and relevant piece of information that the investor is disadvantaged not knowing.
That might get you into a lot of trouble.
Your analogy doesn't hold water on several fronts, for one nothing got stolen.
> Is it your duty to call up VC to warn him about his unexpected caller?
No, in fact that might be construed as interference.
> That the caller has expressed a monetary motivation for his visit, and that he has taken advantage of your good will and stolen a car you were willing to loan freely to anyone who respectfully asked to borrow it?
This could be but the OP is not a disinterested and objective party. So he should contact his own lawyer and discuss his options rather than to take advice from strangers on the net with extremely limited data.
I have never in my life seen a VC look at source code. Even the more technical ones that might be interested in the technical details limit themselves to the overall architecture (and even that mostly out of curiosity). Is anyone else's experience different?
I had potential acquirers hire consultants (on their dime) to audit my code and commit logs. Their questions were brief yet very specific. I felt that this would be standard practice for any good VC / acquiring business.
Yes, it's different for me. I do DD many times per year and I always look at the code if the company is claiming IP rights. And depending on what they're doing this can be a half hour browsing session or a deep dive lasting a couple of days.
How much do you care? According the Apache license they must keep original copyright attribution in all source files that include them. If they're stripping get litigious.
Go for a consultation. Decide if its viable to go after them. If it isn't, those investors should know that they're investing in dishonest crooks who probably don't have any qualms with misdirection of funds.
I wonder if this is a situation where investors don't clue other investors in.
Ultimately investors are all competing with each other for good deals and if some investor doesn't find this is a bad deal in their due diligence, how much would the smarter investor be willing to let their competitors tie up their money in the bad investment? They have no ethical obligation to share this information...
I personally recommend George Grellas (grellas on HN), with whom I have worked on a professional basis and whose services I value greatly. He is someone whose advice I would pay for and trust. His firm's website is http://www.grellas.com/ . (I receive no compensation for making recommendations.)
I am not saying this is a case that he would want to take on (only he could say that, and without knowing more details, it sounds to me [a non-lawyer] as though the entrepreneurs are deceiving the investors while obeying the terms of your license).
