Licence for the data collected, submitted and obtained

What’s the license on the data submitted and obtained ?

Congrats on a great approach to defensive security :+1:

1 Like

Hello Arthur,

Thanks for your question !

To start at the begning, let’s define “the data you send” as : offending source ip / scenario name & version / timestamp.

The idea is that this data is kept and processed to generate a “consensus” that is redistributed amongst all the users. So it means your data might or might not be redistributed to other peers.

When it comes to the data you receive (the “consensus” redistributed amongst peers), it is free of usage. While we need to draw a clear line with lawyers and such of what can or cannot be done, it should be amongst the lines of https://creativecommons.org/licenses/by-nc-nd/4.0/

Thanks for your answer. It would be a good thing if this license would be clarified. It will probably influence the adoption of crowdsec.

CC-BY-ND is unfortunately not a libre/free licence, so you might have less adoption and less emulation to participate there… (and I have no plans to build economic activity around this data, but other might see this option as an incentive to integrate crowdsec and encourage it’s use).

In any case, this is very cool. Keep on the good work !

Thanks for the feedback,

Yes I do understand that some people might have an issue with data usage. The good news is that you can opt-out of sending and receiving data, turning crowdsec into an advanced fail2ban, but losing the crowd approach. Everything comes at a price I guess :wink:

I’m happy to pay this “price” as long as it’s clear in the initial deal… I think this equation could probably be a bit clearer on the landing page (open source client, proprietary server processing, data “non commercial free to use”).

I think there are similarities with https://www.thespaghettidetective.com/ by the way…

Yes you are right, re-reading the page/github, it’s not that obvious :sweat_smile: We’re going to fix this soon so that it’s clear !