What To Do When AllThis Steals Your Photo & Bio

There’s a terrible new web site out there engaging in, at best, copyright infringement, and at worse, fraud. It’s called AllThis.

If AllThis targets you, they will:

  • steal your photo & bio off Twitter
  • slap it on an AllThis page, to make it look as if you endorse their system
  • put up a big yellow “BUY” button on it
  • and a teensy weensy greyed out notice, for the eagle-eyed, which admits (indirectly) that you’re not actually endorsing it… YET
  • tweet about you with @allthisfeed, claiming your time is for sale
  • argue with you when you tell them to stop stealing people’s stuff

They will remove you from their site if you threaten them. But no matter how many people do that, they continue to pretend to not “understand” why you are “upset”. And they keep on thieving from other people.

Clearly individual complaints are falling on deaf ears. They are not interested in coming up with a way to grow their business without misrepresentation and theft.

So, the best way to stop this is to enforce our copyrights. If they steal from you, don’t bother telling them to remove the profile.

Send a takedown notice to their DNS service and web host

Here’s who to write:

Web Host: GoGrid. Their email is [email protected].

DNS Service: Dyn.com. Their email is [email protected].

NEW: Asset Host: Amazon Cloudfront. Their email is [email protected].

Here’s what you can send:

SUBJECT: Abuse Report – Copyright Infringement

I am the copyright owner of the photograph being infringed at: (insert URL here)

A screenshot of my image being infringed is included to assist with its removal from the infringing Web sites.

Moreover, this web site claims to represent me, has a prominent “BUY” button displayed next to my (stolen) photograph and bio, and is tweeting that people can “buy time” to talk with me on their site. I never signed up for an account, gave them my email address, or anything that would constitute permission or endorsement of this service. As far as I’m concerned, this comes close to fraud.

This letter is official notification under the provisions of Section 512(c) of the Digital Millennium Copyright Act (“DMCA”) to effect removal of the above-reported infringements. I request that you immediately issue a cancellation message as specified in RFC 1036 for the specified postings and prevent the infringer, who is identified by its Web address, from posting the infringing photographs to your servers in the future. Please be advised that law requires you, as a service provider, to “expeditiously remove or disable access to” the infringing photographs upon receiving this notice. Noncompliance may result in a loss of immunity for liability under the DMCA.

I have a good faith belief that use of the material in the manner complained of here is not authorized by me, the copyright holder, or the law. The information provided here is accurate to the best of my knowledge. I swear under penalty of perjury that I am the copyright holder.

Please send me at the address noted below a prompt response indicating the actions you have taken to resolve this matter.


Your Name

Is this justified?

Yes, it is.

I and several others have tweeted with the @AllThis account to try to get them to change their ways, but they don’t “understand” that what they are doing is wrong. Nor will they stop doing it to other people.

More importantly, copyright infringement (and borderline fraudulent representation) like this is certainly against the acceptable use policies for both GoGrid and Dyn.com.

So, this is our last and best resort.

Get my next bootstrappy gettin-shit-done essay delivered straight to your inbox. (And be first in line for tickets & discounts.) Drop your name in the box!


    • Amy

      There IS such a thing as negative attention ;) Like the kind that gets people writing emails to shut down their web site.

  1. @tmarthal

    Have you reported their site to Twitter? They are just using the Twitter API to get your information. If you read the Twitter TOS https://twitter.com/tos you will see that they have the ability to sell your profile picture+profile information, and that you no longer own copyright on it when you upload it (IANAL, but thats how I understand it).

    • Amy

      Twitter says we still own our profile information and tweets.

      If you look at the guidelines for API use, it’s pretty clear that AllThis violates it from the get-go:


      So your idea of reporting them to Twitter is a GOOD one. I’m seeing what I can do. (But having reported things to Twitter in the past… not holding my breath, haha.)

      Beyond the copyright infringement, the whole reason this is obnoxious and cannot be allowed to continue is that AllThis is misrepresenting that people belong to their service, actually sells their time (even if the person in question never signs up), misappropriating, misleading, and essentially defrauding anyone who makes the mistake of “buying” time.

      • ThomasT

        140 chars at a shot not enough for this interesting conversation. What part of the Twitter API terms do you think they’re violating? There are some general principles that might apply, like “Don’t surprise users,” and “respect user content — Tweets may be used in advertisements, not as advertisements,” but I’m hard pressed to find a more specific term that they’re violating.

        And in any case, I still think that DMCA was the wrong way to go – you licensed the content to Twitter, including giving them the ability to sublicense it (note that this is NOT giving up your copyright, just giving huge rights to it away to Twitter.) If AllThis was violating the terms of their sublicense, then that’s between Twitter and AllThis – you’re not in a position to enforce the copyright claim, under my informed layperson’s understanding of IP law.

        I understand your frustration, and why you did this. But one of the main criticisms of DMCA is that it allows legal laypeople to levy claims against other legal laypeople, and those people then take action against the accused infringer without any judicial or other legal review, placing the burden on the accused infringer, who may have done nothing wrong. See this oldie-but-goodie list of examples where claims that are, IMO, similarly well-based in the law, have caused major problems for innocent parties: https://www.eff.org/wp/unsafe-harbors-abusive-dmca-subpoenas-and-takedown-demands

  2. Eithrael

    What a bunch of losers! I’ve reported both @allthisfeed and @allthis as spam accounts. I’ve also RTed your tweet.

  3. Sakya

    This is stealing, looks like some shady startup, no contact address at all just emails. Thx to Amy for detailed instructions.

  4. John

    Totally agree with the sentiment, but, uh, RFC 1036? They’re posting this crap to USENET too, and you want the ISP to forge a cancel?

  5. Mike

    I thought part of a DMCA request was that you had tried to have the publisher (AllThis) remove the material voluntarily. If they fail, the hosts will then take action.

    I understand they are repeatedly offending, but for each instance would the copyright owner not first have to contact AllThis directly?

    Pretty crazy that they aren’t picking up the hints.

  6. Kendall

    @Mike & @John: You can use the ISP as the first contact as they’re required to forward the DMCA infringement notice to their subscriber. This is the most common way of going about DMCA infringement cases due to a relative lack of good contact information. In addition, the ISP can provide additional confirmation and/or evidence in the form of IP address tracking in some infringement cases.

  7. Fred

    What a terrible idea. As if you need to go through some crazy sketchy 3rd party service to get someone on the internet’s attention. Try emailing them and/or offering to buy them a beer.

    • Mitchell

      Seriously. My first response to this was that verified Twitter feeds, contact emails listed on official websites, and Facebook fan pages were probably really good first routes. I’ve talked with lots of important and famous people online, and never had to go submit a request or “buy” any of their time.

      Also, I wouldn’t want ANYONE buying my time; I give it away freely to those who request it politely. It’s just how I do business. The idea that these people could imply I handle things any other way is an affront to my business practices, brand image, and ethics.

  8. Mason

    I’m small potatoes, but how can I tell if Allthis have stolen my info for their site? I hear that you need to sign up for a login to see fake accounts, but I don’t really want to do that.

  9. Dan DeFelippi

    While AllThis seems to be breaking Twitter’s API rules, have misleading info on their site, and handled your request for removal poorly I think you’re over reacting Amy.

    Attempting to get their service providers to shut down the site is going too far. Had they refused to remove you from their site that may have been the next step. But they didn’t, they removed you. Just because you disagree with how they used your data that you make publicly available on Twitter and their API doesn’t give you justification for doing this. Complain to Twitter, not GoGrid, Dyn, or Amazon.

    • Amy

      Of course they give ample justification for doing this. It’s not about “using data,” it’s about out and out fraud. Their site lets you “buy time” for someone who hasn’t even signed up.

      Copyright is the handiest tool available to protect us in this instance. Fraud etc. is also against the acceptable use policies of all the hosts, and included in my email template. So who knows which part they listened to? Either way, it doesn’t matter.

      Their fraudulent listing of me with a buy button wasn’t a mistake. That was their whole plan. They kept doing it to other people. Search “allthis” on twitter and you’ll see nothing but a stream of confused, angry, and outraged people… not just people whose profile information was misappropriated, with a buy button slapped up next to them, but also people who thought they could “buy time” from those people.

      That’s why I wrote this post — to help those other people figure out what was going on, and to protect themselves.

      Allthis knew exactly what they were doing. They thought they would be rewarded with the gamble. They were wrong.

  10. Marcos El Malo

    Hey Amy!

    Just visiting via Joel Housman via Paris Lemon . . .

    I gotta say, I fully back you on your strategy. These are fraudulent weasels (not borderline as you say, but if you’re avoiding heated rhetoric, so be it) and they’re playing games. The only way to deal with fraudulent weasels and stop their game playing is to show them you’ve got a decent sized hammer. DMCA is a good one.

    The ROP that Jason mentions might be good later on if you want to actually take anyone to court. Hopefully that won’t be necessary (and I highly doubt these jokers have any real assets as yet).

  11. Adam Justice

    This type of case IS NOT what the DMCA was made for, and you are basically abusing it and taking away it’s power to work in legitimate content theft. This is basically my only legitimate objection here.

    …… but I have a strong dislike for these type of witch hunt blog posts, ones about Klout too. From the looks of your short bio I would think that generally I would like your blog and you as a person for that matter.

  12. Matt Mitchell

    Looks like they’ve taken it on-board according to their FAQ:


    See: “Our response to the recent controversy”

    Having read that, it sounds like the site’s concept isn’t pure evil, but certainly marketed and represented a bit poorly.

    I mean consider if they were valuing someone like the president – clearly they aren’t actually on the site, but if the money got high enough maybe they would have that chat and give the money to charity.

    They should however have a better “opt-out” mechanism if you are the owner of a profile (i.e. to indicate you have no option ever of taking part).

  13. Adam

    I really don’t want to have to go and make all of my profile information private on LinkedIn, Facebook and the like, but I feel as though having some third-party that is unknown to me offering to sell my attention gives me little other chance.

    This seems a like a permutation of the Tragedy of the Commons. In this case, there isn’t a limited resource that is going to be used up; rather, an infinite resource that has been shared in good faith is abused by some villain intent of committing Acts of High Baggery to further their own ends. If such happens often enough, eventually folks decide to stop willing sharing the information, and no one can use it anymore.

    They should be punished with our displeasure.

  14. Ryu

    If google does this then it becomes SEO and professional but when some other site gets into this type of business, it becomes privacy leak? I don’t like the idea of allthis but I don’t like the way google sells our privacy to adwords user as well.


Leave a Reply

You can use Markdown in this comment box.