Merge pull request #20499 from github/updates

Added 2026/05/2026-05-07-kasada.md

Author: dmca-sync-bot

2026/05/2026-05-07-kasada.md

@@ -0,0 +1,113 @@
+Before disabling any content in relation to this takedown notice, GitHub
+- contacted the owners of some or all of the affected repositories to give them an opportunity to [make changes](https://docs.github.com/en/github/site-policy/dmca-takedown-policy#a-how-does-this-actually-work).
+- provided information on how to [submit a DMCA Counter Notice](https://docs.github.com/en/articles/guide-to-submitting-a-dmca-counter-notice).
+
+To learn about when and why GitHub may process some notices this way, please visit our [README](https://github.com/github/dmca/blob/master/README.md#anatomy-of-a-takedown-notice).
+
+---
+
+While GitHub did not find sufficient information to determine a valid anti-circumvention claim, we determined that this takedown notice contains other valid copyright claim(s).
+
+---
+
+**Are you the copyright holder or authorized to act on the copyright owner's behalf? If you are submitting this notice on behalf of a company, please be sure to use an email address on the company's domain. If you use a personal email address for a notice submitted on behalf of a company, we may not be able to process it.**
+
+Yes, I am authorized to act on the copyright owner's behalf.
+
+**Are you submitting a revised DMCA notice after GitHub Trust & Safety requested you make changes to your original notice?**
+
+No
+
+**Does your claim involve content on GitHub or npm.js?**
+
+GitHub
+
+**Please describe the nature of your copyright ownership or authorization to act on the owner's behalf.**
+
+I am the [private] at Kasada, Inc - who is the copyright owner. I am authorized to act on the copyright's owner behalf.
+
+**Please provide a detailed description of the original copyrighted work that has allegedly been infringed.**
+
+I have read and understand GitHub's Guide to Filing a DMCA Notice.
+
+The original copyrighted work is a javascript file named "ip.js". The file is proprietary and confidential to Kasada. The file names is also referenced as main.js within the repository.  
+It contains original copyrighted Kasada source code used in Kasada's client-side security implementation, including integrity-checking code designed to detect tampering and resist unauthorized bypass of Kasada's protections. The repository reproduces and deobfuscates that protected work without authorization. As evidence of its bypass-related purpose, in main.js, lines 241–244 show the code being set up to bypass security protections used against a Kasada customer.
+
+The README clearly states they are doing an "Analysis of JavaScript-based fingerprinting and obfuscation techniques" for "Exploring potential security weaknesses in anti-bot defenses". The repository includes photos that show it actively being used.
+Other examples of approved takedowns for the same code and works can be seen here: [private]
+
+**If the original work referenced above is available online, please provide a URL.**
+
+https://github.com/wwang129/Kasada-Solver  
+https://github.com/gmh5225/Kasada-Solver  
+https://github.com/mariustoporascu/Kasada-Solver
+
+**We ask that a DMCA takedown notice list every specific file in the repository that is infringing, unless the entire contents of the repository are infringing on your copyright. Please clearly state that the entire repository is infringing, OR provide the specific files within the repository you would like removed.**
+
+**Based on the above, I confirm that:**
+
+Specific files within the repository are infringing
+
+**Identify only the specific file URLs within the repository that is infringing:**
+
+https://github.com/wwang129/Kasada-Solver/blob/main/main.js   
+https://github.com/wwang129/Kasada-Solver/blob/main/fingerprint/keys.json   
+https://github.com/wwang129/Kasada-Solver/blob/main/ciphers/build.js   
+https://github.com/wwang129/Kasada-Solver/blob/main/ciphers/encrypt.js   
+https://github.com/gmh5225/Kasada-Solver/blob/main/main.js   
+https://github.com/gmh5225/Kasada-Solver/blob/main/fingerprint/keys.json   
+https://github.com/gmh5225/Kasada-Solver/blob/main/ciphers/build.js   
+https://github.com/gmh5225/Kasada-Solver/blob/main/ciphers/encrypt.js   
+https://github.com/mariustoporascu/Kasada-Solver/blob/main/main.js   
+https://github.com/mariustoporascu/Kasada-Solver/blob/main/fingerprint/keys.json   
+https://github.com/mariustoporascu/Kasada-Solver/blob/main/ciphers/build.js   
+https://github.com/mariustoporascu/Kasada-Solver/blob/main/ciphers/encrypt.js   
+
+**Do you claim to have any technological measures in place to control access to your copyrighted content? Please see our <a href="https://docs.github.com/articles/guide-to-submitting-a-dmca-takedown-notice#complaints-about-anti-circumvention-technology">Complaints about Anti-Circumvention Technology</a> if you are unsure.**
+
+Yes
+
+**What technological measures do you have in place and how do they effectively control access to your copyrighted material?**
+
+Technical measures: Kasada protects its client-side code using a proprietary or highly obfuscated JavaScript virtual machine, obfuscated client-side scripts, hidden sensors, tamper checks, and integrity checks. Kasada publicly states that its detection logic is executed within a highly obfuscated virtual machine and is constantly changing.  
+How they control access: These measures control access by preventing the protected code from being exposed in ordinary readable form and requiring execution inside Kasada's intended runtime, including its VM and validation checks, to access the implementation in usable form.
+
+**How is the accused project designed to circumvent your technological protection measures?**
+
+How the repo circumvents them: The repository circumvents Kasada's protections by providing deobfuscated integrity-check code and tooling intended to help reverse that protection. This bypasses or impairs Kasada's obfuscated VM-based and integrity-based controls and exposes protected client-side logic outside its intended runtime.
+
+**If you are reporting an allegedly infringing fork, please note that each fork is a distinct repository and <i>must be identified separately</i>. Please read more about <a href="https://docs.github.com/articles/dmca-takedown-policy#b-what-about-forks-or-whats-a-fork">forks.</a> As forks may often contain different material than in the parent repository, if you believe any of the repositories or files in the forks are infringing, please list each fork URL below:**
+
+https://github.com/wwang129/Kasada-Solver  
+https://github.com/gmh5225/Kasada-Solver  
+https://github.com/mariustoporascu/Kasada-Solver
+
+**Based on the representative number of forks I have reviewed, I believe that all or most of the forks are infringing to the same extent as the parent repository.**
+
+**Is the work licensed under an open source license?**
+
+No
+
+**What would be the best solution for the alleged infringement?**
+
+Reported content must be removed
+
+**Do you have the alleged infringer’s contact information? If so, please provide it.**
+
+The only available contact information we have is their GitHub account.
+
+**I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.**
+
+**I have taken <a href="https://www.lumendatabase.org/topics/22">fair use</a> into consideration.**
+
+**I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.**
+
+**I have read and understand GitHub's <a href="https://docs.github.com/articles/guide-to-submitting-a-dmca-takedown-notice/">Guide to Submitting a DMCA Takedown Notice</a>.**
+
+**So that we can get back to you, please provide either your telephone number or physical address.**
+
+[private]
+
+**Please type your full name for your signature.**
+
+[private]