OpenAI Threatens Popular GitHub Project With Lawsuit Over API Use
GPT4Free uses other sites' connections to OpenAI.
Anyone can use ChatGPT for free, but if you want to use GPT4, the latest language model, you have to either pay for ChatGPT Plus, pay for access to OpenAI's API, or find another site that has incorporated GPT4 into its own free chatbot. There are sites that use OpenAI such as Forefront and You.com, but what if you want to make your own bot and don't want to pay for the API?
A GitHub project called GPT4free allows you to get free access to the GPT4 and GPT3.5 models by funneling those queries through sites like You.com, Quora and CoCalc and giving you back the answers. The project is GitHub's most popular new repo, getting 14,000 stars this week.
Now, according to Xtekky, the European computer science student who runs the repo, OpenAI has sent a letter demanding that he take the whole thing down within five days or face a lawsuit.
I interviewed Xtekky via Telegram, and he said he doesn't think OpenAI should be targeting him since he isn't connecting directly to the company's API, but is instead getting data from other sites that are paying for their own API licenses. If the owners of those sites have a problem with his scripts querying them, they should approach him directly, he posited.
I installed GPT4Free in WSL2 (Windows Subsystem for Linux) on my PC. It took just a few moments, which involved cloning the Github repository, installing some required libraries with pip, and running a Python script. With the script launched, I used my web browser to visit http://localhost:8501, the address it gave me, and was presented with a working chatbot that was running off of my PC.
On the backend, GPT4Free is visiting various API urls that sites like You.com, an AI-powered search engine that employs OpenAI's GPT3.5 model for its answers, use for their own queries. For example, the main GPT4Free script hits the URL https://you.com/api/streamingSearch, feeds it various parameters, and then takes the JSON it returns and formats it. The GPT4Free repo also has scripts that grab data from other sites such as Quora, Forefront, and TheB. Any enterprising developer could use these simple scripts to make their own bot.
"One could achieve the same [thing by] just opening tabs of the sites. I can open tabs of Phind, You, etc. on my browser and spam requests," Xtekky said. "My repo just does it in a simpler way."
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
All of the sites GPT4Free draws from are paying OpenAI fees in order to use its large language models. So when you use the scripts, those sites end up footing the bill for your queries, without you ever visiting them. If those sites are relying on ad revenue from their sites to offset these API costs, they are losing money because of these queries.
Xtekky said that he is more than happy to take down scripts that use individual sites' APIs upon request from the owners of those sites. He said that he has already taken down scripts that use phind.com, ora.sh and writesonic.com.
Perhaps more importantly, Xtekky noted, any of these sites could block external uses of their internal APIs with common security measures. One of many methods that sites like You.com could use is to block API traffic from any IPs that are not their own.
Xtekky said that he has advised all the sites that wrote to him that they should secure their APIs, but none of them has done so. So, even if he takes the scripts down from his repo, any other developer could do the same thing.
The developer said that he doesn't believe he's liable for what others do with his script and that OpenAI should not be targeting him for using other sites' APIs, which are available unsecured on the open web.
"OpenAI could also reach out to the sites and warn/notify them and in collaboration come to me and do a takedown, but it seems that this [legal threat] solely comes from OpenAI and they basically claim that I am directly attacking them," he said. "I do not really know, but it looks like if a site use OpenAI's API, it has OpenAI's legal protection and OpenAI is liable for the damages the site gets."
Xtekky initially told me that he hadn't decided whether to take the repo down or not. However, several hours after this story first published, we chatted again and he told me that he plans to keep the repo up and to tell OpenAI that, if they want it taken down, they should file a formal request with GitHub instead of with him.
"I believe they contacted me before to pressurize me into deleting the repo myself," he said. "But the right way should be an actual official DMCA, through GitHub."
Even if the original repo is taken down, there's a great chance that the code -- and this method of accessing GPT4 and GPT3.5 -- will be published elsewhere by members of the community. Even if GPT4Free had never existed anyone can find ways to use these sites' APIs if they continue to be unsecured.
"Users are sharing and hosting this project everywhere," he said. "Deletion of my repo will be insignificant."
On Sunday, Xtekky made an announcement on the project's Discord channel, saying that he's making some changes to his chatbot, which lives apart from the GitHub repo but serves as a working example of what you can do with it. We haven't linked to the chatbot because it's at an adult domain name (but has no adult content), but you can find a link to it on the GPT4Free GitHub page.
"We're stepping away from our previous method and implementing a new system that will ensure a seamless and legal processing of requests. We're also proud to announce that a rebranding is in the works along with some other general fixes that will improve your experience," he posted.
Xtekky told me that he plans to move the chatbot to a different domain and to rebrand it as g4f (short for GPT4Free) and to change the logo it uses, which looks a lot like the OpenAI logo. It's unclear whether the repo name will change.
We reached out to OpenAI's press email for comment and will update this story if and when we receive a response.
If you want to try it while it's still there, check out GPT4Free on GitHub. If you want to set up your own ChatGPT-like chatbot without potentially running afoul of OpenAI's lawyers, see our tutorial on how to run ChatGPT on a Raspberry Pi or PC
-
abufrejoval To me this looks like another Youtube Downloader case.Reply
In both cases it seems more convenient and cheaper to send a lawyer dog after a lone developer than fixing an API issue that may require some real work to do properly and might hurt already connected business partners.
Little does it matter that the developer actually isn't doing anything illegal or morally questionable.
Perhaps dumpster diving is another analogy and good fit for the morals around this.
But since OpenAI guys are feeding off human output on the Internet, IMHO they are in a far worse moral position than supermarkets that want to sell you the fresh produce instead.
They are trying to sell you what's not really theirs to begin with, so dive in and let the lawyers know, that they are first in line to get replaced by LLMs! -
Vanderlindemedia Devs could prompt in a "magic question" and by using logs, you could determine where it's coming from and take proper action(s).Reply -
A GitHub project called GPT4free(opens in new tab) allows you to get free access to the GPT4 and GPT3.5 models by funneling those queries through sites like You.com(opens in new tab), Quora(opens in new tab) and CoCalc(opens in new tab) and giving you back the answers.
Isn't that less a problem for OpenAI and more for You.com, Quora, CoCalc, etc.? After all, they're the ones that have to pay for premium access, and increased traffic means higher costs for them and more revenue for OpenAI.
Or does the premium plan not care about traffic at all? -
nerdvous This reminds me stories from the days of dial up, of hackers exploiting corporate numbers to get free unmetered access.Reply -
abufrejoval
I'd say it's a little more like the toll-free whistle where nobody got charged.nerdvous said:This reminds me stories from the days of dial up, of hackers exploiting corporate numbers to get free unmetered access.
Of course electricity ain't for free and them inference tensors are mighty thirsty, but OpenAI gets paid per contract and it's their fault freeriding is so trivial, it only takes a few lines of code.
Sending your dogs on devs that ain't trespassing plain sucks! -
pointa2b
That was certainly its goal pre-Microsoft.Dr3ams said:Silly me...I thought OpenAI was open source. -
hwertz I'm torn on this. On the one hand, the developers arguments are valid, insofar as the script accesses various sites through APIs that perhaps shouldn't be public but are, and it could be up to the sites to ask to be removed from his script. On the other hand, I see OpenAI's point too... the script is letting people set up GPT4 chat on their pages, using other companies paid-up subscriptions to get the results. This is a bit greasy for sure, and (unlike a lot of "gray area" software where it's probably used illegitimately like 99% of the time but it does have a legitimate use), I can't see a legitimate use for this. I imagine the developer could have avoided the issue (at least enough to possibly avoid a C&D) if they had provided a "proof of concept" script without sites pre-loaded into it, and the end user had to add sites to the script for it to do anything. Maybe.Reply
I do point out here, it's not like OpenAI is suing him -- a C&D would just require him to pull down the script. So I don't see OpenAI as going overboard on their response here, and I imagine those paying per request would be perfectly happy for OpenAI to try to get the software pulled so they don't have to go do it themselves. -
hwertz
Actually I did too -- turns out neither GPT-3 or GPT-4 is open source. That said, I don't think that'd matter -- even if it were fully open source, given the high operational costs they still would not want people using their service without going through the "proper channels".Dr3ams said:Silly me...I thought OpenAI was open source.