Nicholai/beeble-forensic-analysis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
beeble-forensic-analysis/docs/LICENSE_ANALYSIS.md
Nicholai 86accadc28 docs: add competitive landscape and deep dive findings 
Version evolution (SL 1.0→2.0→3.0), team background, no
patents, NVIDIA DiffusionRenderer as open-source competitor,
dataset landscape (POLAR, SynthLight, etc.), botocore/AWS SDK
in privacy app, MetaHuman EULA fix, user data controversy,
and DiffusionRenderer ComfyUI integration across all docs.
2026-01-26 12:41:01 -07:00

10 KiB
Raw Permalink Blame History

License Compliance Analysis

This document examines the license requirements of each open-source component identified in Beeble Studio and assesses whether those requirements appear to be met in the distributed application.

This is not a legal opinion. It is a factual comparison of what the licenses require and what the application provides.

Summary

Nine open-source components with distinct roles were identified in Beeble Studio's pipeline. Each has a permissive license that allows commercial use. However, all licenses require attribution--a notice in the distributed software acknowledging the original authors and reproducing the license text. No such attribution was found for any component.

Component License Requires Attribution Attribution Found
transparent-background (InSPyReNet) MIT Yes No
segmentation_models_pytorch MIT Yes No
Depth Anything V2 (via Kornia) Apache 2.0 Yes No
DINOv2 (via timm) Apache 2.0 Yes No
PP-HGNet (via timm) Apache 2.0 Yes No
RT-DETR (via Kornia) Apache 2.0 Yes No
BoxMOT MIT Yes No
DexiNed (via Kornia) Apache 2.0 Yes No
RRDB-Net / ESRGAN (via Kornia) Apache 2.0 Yes No

Beyond the core pipeline components, the application bundles approximately 48 Python packages in its lib/ directory. Of these, only 6 include LICENSE files: cryptography, gdown, MarkupSafe, numpy, openexr, and triton. The remaining 42 packages--including PyTorch (BSD 3-Clause), Kornia (Apache 2.0), Pillow (MIT-CMU), timm (Apache 2.0), and many others--are distributed without their license files. While some of these licenses (like BSD) only require attribution when source code is redistributed, others (MIT, Apache 2.0) require attribution in binary distributions as well.

MIT License requirements

Applies to: transparent-background, segmentation_models_pytorch

The MIT License is one of the most permissive open-source licenses. It permits commercial use, modification, and redistribution with a single condition:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

This means any application that includes MIT-licensed code must include the original copyright notice and the MIT License text somewhere accessible to end users--typically in an "About" dialog, a LICENSES file, or accompanying documentation.

What Beeble provides: No copyright notice or license text for transparent-background or segmentation_models_pytorch was found in the application's user-facing materials, documentation, or binary strings. The libraries themselves are embedded in the application binary, and their license files do not appear to be distributed alongside the application.

Apache License 2.0 requirements

Applies to: Kornia (through which Depth Anything V2 is accessed), timm (through which DINOv2 is accessed)

The Apache 2.0 License is also permissive but has somewhat more specific requirements than MIT. Section 4 ("Redistribution") states:

You must give any other recipients of the Work or Derivative Works a copy of this License; and

You must cause any modified files to carry prominent notices stating that You changed the files; and

You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work [...]

Additionally, if a NOTICE file is included with the original work, its contents must be included in the redistribution.

What Beeble provides: No Apache 2.0 license text, NOTICE file contents, or copyright notices for Kornia, timm, or their associated models were found in the application.

On encrypting open-source models

Beeble encrypts its model files (stored as .enc files with AES encryption). A reasonable question is whether encrypting open-source models violates their licenses.

The answer is nuanced. Neither the MIT License nor the Apache 2.0 License prohibits encryption of the licensed software. Encryption is a form of packaging, and permissive licenses generally do not restrict how software is packaged or distributed, as long as the license terms are met.

The issue is not the encryption itself. The issue is that encryption makes it non-obvious to users that they are running open-source software, which compounds the problem of missing attribution. When the models are encrypted and no attribution is provided, users have no way to know that the "proprietary AI" they are paying for includes freely available open-source components.

Beeble's own statements

Beeble's FAQ acknowledges the use of open-source models:

When open-source models are included, we choose them carefully--only those with published research papers that disclose their training data and carry valid commercial-use licenses.

This statement is accurate in that the identified licenses (MIT, Apache 2.0) do permit commercial use. But having a "valid commercial-use license" is not the same as complying with that license. Both MIT and Apache 2.0 allow commercial use on the condition that attribution is provided. The licenses do not grant unconditional commercial use.

Legal precedent

The enforceability of open-source license conditions was established in Jacobsen v. Katzer (Fed. Cir. 2008). The court held that open-source license terms (including attribution requirements) are enforceable conditions on the copyright license, not merely contractual covenants. This means that failing to comply with attribution requirements is not just a breach of contract--it is copyright infringement.

This precedent applies to both the MIT and Apache 2.0 licenses used by the components identified in Beeble Studio.

What compliance would look like

For reference, meeting the attribution requirements of these licenses would involve:

  1. Including a LICENSES or THIRD_PARTY_NOTICES file with the application that lists each open-source component, its authors, and the full license text

  2. Making this file accessible to users (e.g., through an "About" dialog, a menu item, or documentation)

  3. For Apache 2.0 components, including any NOTICE files provided by the original projects

This is standard practice in commercial software. Most desktop applications, mobile apps, and web services that use open-source components include such notices.

Per-component detail

transparent-background / InSPyReNet

segmentation_models_pytorch

Kornia (access layer for multiple models)

Kornia serves as the access layer for several models in the pipeline: Depth Anything V2, RT-DETR, face detection, BoxMOT tracking, DexiNed edge detection, RRDB-Net super resolution, and the segmentation_models_pytorch wrapper.

timm / DINOv2 / PP-HGNet

DINOv2 and PP-HGNet are both accessed through timm's model registry. DINOv2 serves as a feature extractor; PP-HGNet serves as a backbone encoder for both RT-DETR detection and the PBR decomposition models. Both are covered by timm's Apache 2.0 license. The underlying DINOv2 model weights carry their own Apache 2.0 license from Meta AI.

RT-DETR (person detection)

BoxMOT (multi-object tracking)

Note: BoxMOT contains multiple tracking algorithms with different licenses. Some trackers (StrongSORT, BoTSORT) are MIT-licensed, while others may carry AGPL-3.0 restrictions. Without visibility into which tracker variant Beeble uses, the exact license obligation cannot be determined. If an AGPL-3.0 tracker is used, the license requirements would be significantly more restrictive than MIT.

If an AGPL-3.0 tracker is used, the implications would extend far beyond attribution. AGPL-3.0 requires making the complete source code of the incorporating application available to users--effectively requiring Beeble to open-source its entire application. This is among the most restrictive open-source licenses and represents a significantly different risk profile than the MIT/Apache non-compliance discussed elsewhere in this document.

DexiNed (edge detection)

  • Repository: https://github.com/xavysp/DexiNed
  • License: MIT (original); Apache 2.0 (via Kornia integration)
  • Paper: Soria et al., "Dense Extreme Inception Network for Edge Detection" (2020)
  • Accessed via: kornia.models.edge_detection.dexined
  • Attribution found in Beeble: No

RRDB-Net / ESRGAN (super resolution)

  • Repository: https://github.com/xinntao/ESRGAN
  • License: Apache 2.0 (via Kornia integration)
  • Paper: Wang et al., "ESRGAN: Enhanced Super-Resolution Generative Adversarial Networks" (2018)
  • Accessed via: kornia.models.super_resolution.rrdbnet
  • Attribution found in Beeble: No