
Otonomo, with nearly $55M in funding, is cloning our product - sahaskatta
https://smartcar.com/blog/how-otonomo-is-cloning-our-product/
======
ChuckMcM
That is pretty egregious, and its also par for the course.

And that is why startup companies go through all the hoops of being "stealth"
and having NDAs and what not. There was a German VC firm that was, as I
recall, very upfront about this. Clone a successful US company before it got
to the European market.

On the one hand it is great to have validation of the idea, on the other its a
pain to have someone with more money in the bank able to spend it on marketing
and spinning the narrative in their favor.

Since the ability to get a foreign company (in this case Israeli) to do
anything is limited, your best bet is to out execute them. Also, love them or
hate them, having patents helps in situations like these.

The reality is that if an idea is really good, the people who came up with it
know it better than anyone and that gives them a tremendous advantage in terms
of knowing what is important and what isn't. Companies have been known to talk
about expensive and complicated features or options in order to get people
trying to copy their success to waste time and money on something for which
there is no actual demand. It is no doubt worth investing in understanding how
one's enemies are getting their information and shutting that off if possible.

~~~
joeax
This is pretty egregious, but in reality the only thing that was copied was
the docs for the API, not the API itself. The other company still has the
write all the backend code, and given their track record of just ripping stuff
off, may not have the engineering chops to pull it off. In addition, as
Smartcar continuously improves their product and API, the other company can
only react to these changes.

If I was the OP, my reaction would be shock and horror too. But then I'd
realize the old axiom of imitation is the best form of flattery.

~~~
inlined
> but in reality the only thing that was copied was the docs for the API, not
> the API itself

You never know. When someone ripped off Parse we were able to deduce which
version of our JS SDK was ripped off by which bugs weren’t fixed. We had a
weird moral dilemma: we were upset at the copycat yet concerned that their
users had security vulnerabilities unpatched.

[Edit: added quote to clarify to what I was responding]

~~~
mirimir
If they didn't catch bugs, maybe they also wouldn't catch booby-traps. Are
there examples where developers have done that?

~~~
ChickeNES
FTDI modified the driver for their USB<->RS232 chips so that it would brick
counterfeits: [https://arstechnica.com/information-
technology/2014/10/ftdis...](https://arstechnica.com/information-
technology/2014/10/ftdis-anti-counterfeiting-efforts-sit-between-a-rock-and-a-
hard-place/)

~~~
mirimir
So not one that worked out well.

The article discusses Microsoft's anti-piracy measures. And it brings back
horrible memories. So I had this server, running Windows Server 2000. And
there was a nearby lightning strike, which bricked the motherboard.

But hey, service contract. Except that the company had gone through
reorganization. So they sent me a motherboard that was comparable and
compatible with the box. But it had a different seller code, so my copy of
Windows Server 2000 wouldn't install.

Microsoft couldn't/wouldn't fix that. So I had to return the replacement
motherboard, wait for another replacement, and install it. But hey, it all
worked out in the end.

------
gepoch
I haven't seen this mentioned anywhere so I thought I'd post it to see what
you all think... IANAL, IMHO, etc.

I searched for one of the unique tokens in the docs:
[https://www.google.com/search?q=0facda3319](https://www.google.com/search?q=0facda3319)

That pulls up their SDK github repo: [https://github.com/smartcar/node-
sdk/blob/master/doc/readme....](https://github.com/smartcar/node-
sdk/blob/master/doc/readme.md)

Which is published with a standard MIT license:
[https://github.com/smartcar/node-
sdk/blob/master/LICENSE.md](https://github.com/smartcar/node-
sdk/blob/master/LICENSE.md)

Which says (among other things): "Permission is hereby granted, free of
charge, to any person obtaining a copy of this software and associated
documentation files (the "Software"), to deal in the Software without
restriction, including without limitation the rights to use, copy, modify,
merge, publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so, subject to
the following conditions: The above copyright notice and this permission
notice shall be included in all copies or substantial portions of the
Software."

Which may have significantly complicated their copyright claim if Otonomo
includes the MIT license and attribution to smartcar.. At the same time, I
can't find Otonomo's docs anywhere.

Something to think about when setting up your GitHub license!

~~~
woah
What a plot twist. How embarrassing for Smartcar to have written this whole
blog post and tried to sue them.

~~~
mrgordon
Meh not really.

The API client is MIT licensed but that doesn't mean the API itself is MIT
licensed. Smartcar obviously would not release their server code as it is
proprietary so the question becomes whether it is unethical or illegal to copy
the design of it without seeing the code. Most people would also say it is
unethical to copy your competitor's docs down to the examples and randomly
generated tokens.

Note that the docs in the blog post are not the same as the markdown document
in the repo that appears to be MIT licensed.

Since they copied the docs verbatim, I suspect they will change the docs very
soon. I'd be quite ashamed if I were Otonomo. Whether they have to pay
financial penalties or admit guilt in court, we'll see.

~~~
itake
This situation makes me think of the video game industry and people recreating
self hosted World of Warcraft servers by reversing the client code.

Blizzard was able to shut down the private servers.

[https://github.com/mangoszero/server](https://github.com/mangoszero/server)

[https://www.google.com/amp/s/arstechnica.com/gaming/2017/07/...](https://www.google.com/amp/s/arstechnica.com/gaming/2017/07/blizzard-
shuts-down-legacy-wow-fan-server-hours-after-it-goes-up/%3famp=1)

~~~
taneq
There are still plenty of active private servers running.

------
joshfraser
Several years ago, I hired a boutique Silicon Valley law firm to create some
terms of service and privacy documents for my company. As part of their long
list of questions about how we would use our customers data, they asked for a
list of similar companies and competitors.

I'd already reviewed all of our competitor's terms to get a sense of what
other people were doing. So, when I reviewed the final documents that they
wanted $5,000 for, they looked oddly familiar. A quick diff verified my
suspicions. They had copy-pasted from one of our competitors and then search-
replaced the company name.

When I called them out on it, they said it was common practice and not to
worry. I found a new law firm and they never bothered to try and collect on
that invoice.

~~~
iandanforth
Sadly this is exactly what should be done in most contracts. (In a
hypothetical alternate world where law worked more like OSS).

Of course it was unethical for them to do it without telling you and trying to
charge you $5k for it, but law would be a heck of a lot cheaper if openness
and code re-use were the default.

~~~
Max_aaa
It would be nice to git clone a contract.

------
keithwhor
Smartcar has raised $12M in financing from A16Z and NEA. The difference
between $12M and $55M is a single financing stage.

What likely happened here is a remote team was paid to generate docs with a
directive like, “Smartcar has a good API,” and stole them directly. Then the
management team didn’t bother checking.

This is great PR for Smartcar all things considered, and I actually think has
a fantastic silver lining:

The value of a good API isn’t the API itself. It’s the expertise of designing
them. APIs are difficult, the majority of the industry sucks at designing and
delivering them. Otonomo can always copy you, but if you have the actual
expertise to continually deliver a fantastic API experience you will win in
the long-term. Stripe and Twilio are your proof points. Go get ‘em, team.

Bessemer invested in Twilio and they know this, and the Otonomo team just
showed them that they’re incompetent in the API space. So — I think you’ve got
a bigger leg up than you think.

~~~
whoisjuan
> What likely happened here is a remote team was paid to generate docs with a
> directive like, “Smartcar has a good API,” and stole them directly.

They didn't steal the docs (not only the docs). They stole the whole public
facing architecture as evidenced by the fact that they are using in some
instances the exact same API resources names and method names.

~~~
reredacted
But we don't know that, do we? They only showed some auth code. The OP does
_not_ show that Otonomo has duplicated any business APIs, and Otonomo took
their docs down. Unless someone has proof Otonomo copied more than just the
examples documented in the OP, this is just pure PR fluff.

~~~
samsudden
Yes, unless the business API was duplicated as well (and as noted above, there
is no indication that they were), it just points to someone being lazy in
writing up auth documentation.

Duplicated parameter names would be expected in this case, and preferred
actually, so that they conform to the OAuth spec :-) The descriptive text is
not an exact copy as well. From what we know, the only damning bit is that
parameter values were exactly the same as in smartcar's documentation, which
while not condonable, is not as egregious as it would be, had Otonomo cloned
the business API as well.

~~~
chii
> business API was duplicated

I would like to believe that interoperability trumps copyright in this case -
a competitor copying an API/protocol and making a compatible, competing
service is good for the consumer.

------
lifeisstillgood
This may be a silver lining - a competitor has shown that the work you have
done, _exactly the work you have done_ is worth 55 million in VC funding.

There are enough people on here who can point you in the right direction, or
arrange introductions.

Spend at least one of those millions on PR and lawyers to ensure it's clear
who has the moral high ground, and who should be hired if a company has to
choose between you - I mean if they are prepared to breach copyright so
blatantly here, who knows what other problems they have in their repos -
enterprises can be _very_ conservatice on unknown legal risks like that

Summary: They are vulnerable - Get 'em

~~~
mkolodny
> Summary: They are vulnerable - Get 'em

Or, go get $55 Million in VC funding from someone else.

You have a major head start. Your company is theoretically worth at least as
much as theirs.

Complaining about competitors copying you might slow them down a bit. But it
will probably slow you down a lot more. On the other hand, using their
valuation to raise $55M+ would be a huge boost for you.

~~~
brk
"Your company is theoretically worth at least as much as theirs."

Maybe.

Having worked in the auto industry (albeit well over a decade ago), it is one
of those industries where connections, and knowing how to navigate the
relationships, goes a long way. I don't know much about either of these
companies, or their founders, but in B2B scenarios like this, the value is
often related to much more than just the underlying technology.

If I were Smartcar, I would look closely at relationships, physical and
virtual proximity to major automotive players, and how their suppliers prefer
to do business. And, perhaps they already have...

~~~
taurath
The fact that in-car tech is so bad in general is a good indicator that the
auto industry is a relationship industry. Its a golf course based business,
and building the tech is the "easy" part. See also: the payments and
especially credit card space - if you don't start up with the backing of a
major player your entire business hinges on bus-dev and exec relationships to
convince the incumbents to let you play in the space.

------
bob33212
I expected this to be a " I had the idea first" post. But it is actually a
copyright infringement post AND makes the offending company look like a bunch
of hacks.

If they don't have the engineering chops to build an API how are going to
handle the ops of it.

~~~
dep_b
Some people built the world's most popular operating system doing just that -
copying Java's API.

~~~
earenndil
But not their API documentation. They even copied the exact example UDID.

~~~
dep_b
...and of course Java was somewhat open to begin with, which isn't the case
for the technology the company that got copied in story. There's always the
next level in douchebaggery, if Google was really wrong copying those headers
to begin with.

------
KorematsuFred
I built a technology to make digital books from old copyright expired printed
books in various less popular languages. After I put a lot of content online
and getting decent traffic from google search I started receiving DMCA take
down notices from an American company that had simply copied all my data to
their website and claimed to google that it is their copyright. (Imagine the
audacity to call Bible translation from 1800s their own copyright).

When I tried to file an appeal with Google I had to agree to abide by
California jurisdiction and American laws. I am not even American. Why should
I ?

I am happy if Google blocks my site in American owing to DMCA because US
traffic for me is next to zero. But I am not sure why DMCA should apply to
India.

~~~
kobiguru
DOn't take this lightly if you are serious about the website. DMCA takedown is
worldwide and with European copyright laws in place you have more reasons to
worry. Talk to a good copyright attorney. There are many, seek the help of
NGOs in this area. Do NOT sit back.

~~~
KorematsuFred
I have blocked my site for Europe any ways. I will not comply with European
laws of any kind as the site is fully hosted and run from India.

I would rather focus my energy on getting Indian government pass laws that
will protect us rather than pay an attorney for my non profitable website.

~~~
ItsJason
Very good prioritization. Focus on providing value rather than deal with
trolls in countries outside your target market!

------
yingw787
Holy crap. The only way forward for Bessemer et al. VCs is to immediately
withdraw their funding for this “company” and cut all ties in order to prove
that they had no forewarning that this is how their money was being used.
There are so few actors this visibly bad that if they didn’t do anything they
would become “that guy” everybody avoids, in both the deals and funding space,
when orgs do their due diligence.

So they could choose to not do anything, which means the only companies
approaching them in the future are the desperate ones, and they lose the
capital anyways to the markets due to a shoddy portfolio.

Don’t knife your intangibles.

~~~
jacquesm
Bessemer & Co. would not spend this kind of money without doing DD to the
point where their competitive review would have snagged the OP's efforts. So
most likely they know.

~~~
gnicholas
Sounds like VCs need a plagiarism detector for websites (think TurnItIn) to
make sure their portfolio companies aren't blatant ripoffs.

~~~
huffmsa
TurnItIn resells all of the data you submit to them. Any paper a student is
required to sent to the service (it's not optional at schools where it's in
place) is added to the dataset which they ultimately profit from, with nothing
paid back to the students who own the original IP.

It'd be like YouTube using your videos for ContentId, but not having any
avenue for you to profit from said videos. Oh and uploading to Youtube would
be mandatory.

There was a lawsuit about this, decided on TurnItIn's side, but I still
disagree.

~~~
gnicholas
I wasn't suggesting they copy the business model, just the functionality. If
it's all websites, there'd be no need to have a separate database.

~~~
huffmsa
And I didn't think you were. My point is aside from the actual topic at hand.

------
Stratoscope
Wayback Machine:

[https://web.archive.org/web/20190422150111/https://smartcar....](https://web.archive.org/web/20190422150111/https://smartcar.com/blog/how-
otonomo-is-cloning-our-product/)

(And a reminder to donate to archive.org if you can!)

~~~
ignoranceprior
Archive.fo:

[https://archive.fo/4l7Wl](https://archive.fo/4l7Wl)

------
iamleppert
Forgive me, but all I really see that’s ripped of are...some API docs?

You can tell they copied them but this is likely the work of a single lazy
employee rather than indicative of an entire company.

Consider that the value of a company is more than API documentation. It’s the
customers, the business relationships, and the employees. The actual tech is
last in the things that are valuable.

If you want to survive in this industry you need to understand that eventually
someone is going to copy your product. They might even do it better than you.
Unless you can prove fraud, there’s nothing you can do. There’s no crime in
copying someone's public API and offering an identical service; people do it
all the time.

Instead of worrying about your competitor and some lazy employee they hired
there, worry about your own product, customers, business. Start planning your
next feature or next way you’re going to WOW your customers. That’s your real
job.

Now get to it!

~~~
martinhath
It is curious that while HN as a whole seems to be on the same side regarding
the Google vs. Oracle case, they also are quick to jump on this bandwagon, but
in the other direction.

Is it lame to blatantly copy someones API docs? Sure. But even looking at the
screenshots in their blog post, which I presume is meant to highlight this
issue, it's clear that there are changes as well, so it looks more like
derivative work than just blind copying (I'm not sure if there's a meaningful
legal distinction here, but it feels more ethical).

~~~
dmitryminkovsky
Same thought here but fwiw to me it seems that there are plenty of people on
this thread who are on the Google side of this discussion.

------
seibelj
So they built a new product to a competitor's API spec? There is nothing wrong
with that, the API itself is a plug - you need to implement the backend to
compete.

It is super lame and dumb to have ripped off their doc, but the API format
itself is not an issue to me. If I were going to implement a competitor to
Google Maps, it would make sense to copy the Maps API so people can migrate
seamlessly. That is the nature of SaaS.

The core value proposition is not in API design, it's in the implementation.

~~~
phkahler
I agree with you completely, but Oracle vs Google is still going through the
courts on this exact issue - copyright on APIs. I've seen product roll-outs
delayed because that case isn't settled yet. For VCs to jump in knowing that's
what this was seems risky, but maybe they factored that in.

~~~
ddebernardy
This isn't (only) about copyright on APIs; it's also about copyright on the
API docs.

~~~
chii
The docs definitely is a violation, but that's a foregone conclusion when even
the examples are exactly the same.

The copyright of the structure of the API, however, is still something to be
debated about.

------
hummel
I have solid evidence that some EV startups that raised billions like Faraday
Future are built on our EV-technology and self-driving stack that we built
during 2007-2012.

Our project died in 2014 due to lack of support and funding on Europe, while
our "Chinese partners" started raising mega large rounds literally copying
everything from us, from business plan to technology.

You can also see an overnight quality jump on engineering and powertrain from
the Chinese EVs (pre-2014) to 2015+, based on our previous work.

~~~
rhegart
In a previous thread about China ripping of IP and blatantly sabotaging others
illegally, many commentators supported them saying it’s better for the world.
The fact that people are this naive scares me. I’m so sorry this happened, I
am glad more light is being shined in unfair practices like this.

~~~
hummel
It really breaks my heart every time I read this kind of thread in HN, the
terrible personal experience of seeing how others build empires with your
corpse is the least terrible for me. China thinks like civilization and as
long as the rest of us keep thinking that this is a global world, where we are
all good, kind and we do yoga while we walk our dogs, we will keep having
problems with the Chinese.

~~~
xvector
I have also seen calls for caution and warning dismissed as racism. I agree -
this is an extremely sad situation.

------
phamilton
> 0facda3319

That's bad for sure.

However, most "Oauth2 flow" documentation pages look like that. They all have
a table that's basically copied out of the Oauth2 spec. They all have very
similar language.

This is a good thing. Oauth2 is a well defined spec, and there just isn't a
lot of ambiguity there.

If it weren't for the copied random state, I'd shrug this off.

------
exabrial
I don't have a problem with copying another API for compatibility; Think of
the Oracle/Google lawsuit, and the fact that reverse engineering for
compatibility is already a protected right.

I _do_ have major issues with verbatim copying of documents and websites,
there's an obvious copyright violation there.

------
mnort9
This is obviously frustrating, but do not focus on it. They were wrong and
lazy to blatantly copy, but would it really make a difference if they spent an
extra couple hours with a few copy/css changes to make it look more unique?

Unfortunately, the market does not care about who had what first. This is a
validation for you. Frustrating validation. You likely do not have the
resources to fight them for anything meaningful. Stay focused on your
customers.

------
huhtenberg
> _We created a standard API for cars._

What do they mean by "standard" here if they object to this API being copied?

The very goal of API standardization is to have a common interface for TWO
parts to talk to each other in a consistent manner. An API that through
whatever means allows for only one specific backend doesn't really qualify for
being a "standard".

> _How Otonomo is illegally cloning our product_

So am I to understand that the API spec _is_ their product?

Or is their API not as standard as they claim?

Can't have your cake and eat it too.

~~~
PunchTornado
Exactly, I don't understand what is their objection.

Since when copying some API docs is illegal? We don't even know yet if API are
copyrightable, right?

Ever since Facebook copied snapchat's features like it was nothing it became
clear for everyone that the best clone will win. You have a product? Expect a
clone of it.

To me this post is just "they stole my idea" whining.

~~~
ceejayoz
Facebook's cloning of Snapchat's features is legal.

If they'd copied Snapchat's "how to use <feature>" documentation verbatim,
typos and all, that'd have been a copyright violation.

~~~
joemi
Did you look at the linked article? It's not verbatim. It's clear that it was
heavily based on Smartcar's docs, but it's most certainly not verbatim.

~~~
ceejayoz
Did you? There's no way they got the same random state and client UUID via
chance. That's a direct copy/paste. So are various tables they provided
screenshots of.

~~~
joemi
I'm not saying they didn't copy small portions of the original, such the
highlighted UUIDs. But they most certainly did not copy the entire
documentation (or even large portions) _verbatim_. They _paraphrased_ large
portions of the documentation. "Verbatim" ("in exactly the same words as were
used originally") has a purposefully different meaning than "paraphrase"
("express the meaning of (the writer or speaker or something written or
spoken) using different words").

------
jkaykin
I feel like this happens often in tech but most offenders do a better job
covering it up. This is pretty blatant.

------
ezekg
It's interesting — I have a couple competitors who have done the exact same
thing to my API product ([https://keygen.sh](https://keygen.sh)). Total copy
of a feature subset, down to the API payloads, and verbatim copying my
painstakingly written documentation. It bothered me (immensely) at first, but
then I stopped thinking about it and instead turned my focus back onto my
business. If they want to copy me, so be it. I'll still have the edge because
I'm the leader, in a sense.

------
jandrewrogers
This is surprisingly and unfortunately common. I do technical DD for big tech
companies and VCs in my areas of expertise -- databases, geospatial, and
sensor analytics. Plagiarism, particularly of white papers and documentation,
is ubiquitous. I've personally been plagiarized by famous unicorn startups
that are now post-IPO. I never call any of these companies out but it is a
poor startup strategy for two reasons:

First, someone like me flagging this has killed or crippled potential
acquisitions by big tech companies. In most cases, the startup has no idea
that the plagiarism was discovered but it follows their reputation. It is a
giant red flag since it raises questions about the provenance of the rest of
the IP. Plagiarism reduces your probability of a successful exit.

Second, in some cases, it puts you in the position of tacitly trying to
execute someone else's technical vision that you may be lack the expertise to
replicate. I've also seen this failure mode multiple times. Plagiarized
documentation makes a promise that will be difficult or impossible for the
startup to deliver on because they lack specialized expertise that the company
they copied it from has. This is a form of self-sabotage since it puts the
startup in the position of executing from a position of weakness in order to
match the content they ripped off from some other startup, which leads to poor
product and poor customer experience.

Copying abstract ideas is fine, there are many possible implementation
variations, but blatantly ripping off other startups is a very low ROI
strategy for startup success.

------
relaunched
This is a great opportunity for Bessemer, and the other investors, to
demonstrate that it isn't returns above all.

Updated to include my tweet:
[https://twitter.com/MattHurewitz/status/1120356791932604421?...](https://twitter.com/MattHurewitz/status/1120356791932604421?s=09)

~~~
azinman2
What else is it for a VC? Isn’t that literally their purpose?

~~~
relaunched
Every business has an obligation to make money. However, the VC game has been
filled with a win at all cost mentality that has led to the downfall of many
companies - as well as evidence that the companies themselves are not prepare
to become public (they aren't worthy of the public trust).

One could argue that the market is okay with these types of things. But, we
talk about doing the right thing. And if it's not just lip service, this could
be a great opportunity to prove it.

------
noonespecial
You may not hear anything right away, but someone who works for (or was
outsourced by) Otonomo is currently having a Very Bad Day.

~~~
jacquesm
Otonomo management will have an even worse day when they realize that they are
not indemnified just because someone works for them. They will likely have to
kiss a substantial portion of that money goodbye as compensation in whatever
settlement will be reached. Their lawyers will not be able to win this one
from what I've read and seen so far so the best they will be able to achieve
is to settle before it gets to court, fighting this will only make it much
more expensive.

OP should figure out if the public stuff is all that was ripped or if it went
further, it would not be the first time that an ex employee made off with a
copy of the company crown jewels.

~~~
gota
It would be (morbidly? Sadochistically? I lack the term) interesting to watch
how many people jump ship in a situation like this.

~~~
jacquesm
Once upon a time a group called 'CitizenX' copied the Camarades.com website
and software and gave us the proverbial finger because 'they were in the US
and we were in Europe and what were we going to do about it?'.

Turns out not everybody working there agreed with the tactic and the day they
raised money I got a very nicely worded anonymous email with the name of the
investor. The ink on the press release was still wet when I mailed the VC for
their legal contact because we were still well within the statue of
limitations and now they could actually pay up.

The only message I got back was 'we will not be investing'.

~~~
CamelCaseName
That is truly poetic.

------
ForHackernews
I thought we all decided APIs shouldn't/couldn't be copyrighted because that
was evil when Oracle and Microsoft tried to do it?

I guess literally copy-pasting the docs is a flagrant violation, but it seems
like that's the least of their problems. Presumably BigCorp will now get a
cleanroom team to re-document the re-implemented API.

~~~
didibus
Ya, I find it even more interesting that they copied the Smartcars API.

In theory, if you copy an API, you also copy its semantics. The docs for it
are supposed to be interchangeable. Its touchy. For example, wouldn't most
people rely and use the Java doc even for Android?

Now obviously, redistributing a copyrighted doc on their own website without
permission is something else. Cause I'm guessing docs are copyrightable, but
not APIs. The whole thing is getting more interesting to be honest.

~~~
brootstrap
Good opinions here. I worked at very early stage startup, and our huge
competitors with 1 billion worth of funding were stealing our shit from day 1.
Thankfully, we didnt spec out a nice API and all that shit because we were in
startup mode. That makes it a bit harder to copy things our stuff because it
was a huge pile of undocumented software and data.

I think that is just life in tech now. You put out a 'feature' in your app
that is new and cool. Two weeks later the same feature shows up in your
competitors app.

In our case, always better to be ahead of the curve. You've got a small team
with 20 folks who are putting pressure on the 100 person teams at these giant
companies.

------
legitster
I hope the VC notices this. At best they invested in a lazy company. At worst,
fraudsters.

If they actually believe the idea has merit, they should do right by Otonomo.

~~~
dragonwriter
A lazy company—one that gets the job done expending the least unnecessary
resources—is what investors _want_.

Playing fast and loose with the law—whether it's competitors legal interests
or regulatory conpliance—is often part of the economy of disruption.

------
option_greek
I don't have any data to back it up but majority of Israeli startups have one
goal: to be acquired (and are extremely good at marketing them to acquiring
companies and investors). So continue your product and in a couple of years
time, they would have been acquired and the product put on back burner by the
acquiring company.

~~~
gyaniv
> I don't have any data to back it up but majority of Israeli startups have
> one goal: to be acquired...

As someone that worked for one, and knows enough people that work in other
Israeli startups, I can tell you it isn't true.

True, some startups get acquired, but no more then any other place (the only
difference I see is that in some tech areas Israeli talent is considered very
good, so when looking for an acquisition, big corps are probably more likely
to go for the Israeli options)

~~~
xenospn
As someone who worked for one and is originally from Israel, I can tell you it
is, absolutely, 100% true. No one in Israel is interested in managing or
building a large company and they all want to exit as soon as possible.

------
jrochkind1
In some ways it reminds one of the Google/Oracle API thing -- most of us
didn't _want_ the API itself (the method signatures or 'shapes') to be
copyrightable or otherwise protectable as IP (as the law seemed to say it
_wasn't_ until the Google/Oracle case).

However, copying the _docs_ like that is a clear copyright violation, always
has been, still is, not really a legal gray area, I don't know what the heck
Otonomo was thinking, and I hope they get their hat handed to them.

------
dillonmckay
Can you not use a DMCA and contact their hosting provider?

One per offense.

Also, if the docs are registered copyright, willfull infringement per offense
is over $100k per instance.

$50mil/$140k = 357.14

Thoughts?

~~~
rum3
A bit naive. I am sure the DMCA can be used to put some fire on their ass to
rewrite the documentation though but not much more than that.

~~~
dragonwriter
The DMCA can be used to put a fire under them to file a DMCA counternotice, at
which point the whole issue with their hosting provider is done and you are
down to the basic question of are you going to file, litigate, and win an
actual copyright lawsuit on a timeline and at a cost that leaves you with a
viable startup.

------
Gibbon1
Someone I know worked for a company making ultra sound machines. A US company
bought one of their machines and exported it to Japan where it was reverse
engineered. And they found out about it. The upshot was both the US company
and the Japanese company were enjoined from developing, manufacturing or
selling ultra sound equipment for 20 years.

Federal three letter agency's were heavily involved in wielding the stick side
of things.

That is the angle OP should pursue.

------
IvanK_net
I don't understand what is the problem. If you made your API public, you want
people to use it. If another company decides to use the same API, it is only
good, in my opinion.

It is very similar to an issue with phone chargers. There were times, where
each phone manufacturer had a different charger, and if a new company decided
to use a charger desing from Nokia, they would probably sue them. I am so glad
those times are over and we use USB everywhere. Arent you glad, that your API
could be used everyhwere?

Or another example, imagine if every web browser had a different "web
language" like Javascript, and developers would have to make several versions
of their website for each browser. And if a new browser wanted to display
webpages ment for Firefox, Firefox would sue them.

------
bdz
According to their repo the API is under MIT license? So what's the problem?

[https://github.com/smartcar/node-sdk](https://github.com/smartcar/node-sdk)

------
whamlastxmas
To say they're illegally cloning your product is probably misleading. They're
potentially infringing your copyright on your documentation but there's
nothing illegal about their general product offering. I think you are hurting
your case with hyperbole.

------
gyaniv
I sort of feel that if the worst thing you can find is that someone stole your
registration or OAuth documentation, you're a bit over-exaggerating.

And to say that someone is cloning your startup when they only (supposedly)
stole the documentation is extreme in any case, especially when they're not
really a very new startup, so it's not like you can claim everything they did
was just copy from you.

~~~
CSMR
"I cloned a sheep" does not imply "I am a clone of a sheep" or "The only thing
I have ever done is clone sheep".

------
save_ferris
There are zero material consequences for a well-funded startup to pull
shenanigans like this. Why should we be surprised this is happening?

~~~
devoply
Yes except if you are a well funded startup and look like amateurs that copy
things verbatim that does not bode well for your reputation going forward.
Someone needs to get fired for copying shit verbatim.

~~~
kirillzubovsky
Unfortunately for the little guy it's the winner take all market. If the well-
funded company wins at the end, no one would even remember the other one
existed. Is it ethical? Depends on your ethical stands. Happens all the time.

------
Alexmv
Does this mean that smartcar.com is cloning the many year old API for
authenticating with Google backends for limited-input devices?

[https://developers.google.com/identity/protocols/OAuth2ForDe...](https://developers.google.com/identity/protocols/OAuth2ForDevices)

Because these APIs all look very similar to me.

------
rum3
I am sorry to hear that but it is does not really surprise me. I bet they will
just rewrite their docs a little bit and then go on with their business.

Amazing that they have 55M$ in funding and still hire a bunch of amateurs. I
bet the design for their docs is based on some free online template too
because it looks very cheap.

I wish you all luck!

------
anon4242
While the posted stuff does look very similar, with identical random numbers
etc, the APIs in question looks like pretty standard off-the-shelf OAUTH...
Unless other APIs are very similar as well, it seems that Otonomo just took a
shortcut in documenting their OAUTH by copying Smartcars documentation.

------
ankit219
_Initial disclaimer that I might be wrong about this and the space in general_

Have they cloned the API docs or the entire product? Copying API docs is
stupid but I can see how that would have been done in a hurry.

However, if I were building a Saas product with an API and a competitor to a
popular tool who has it, I will deliberately keep the basic functions as
similar to ensure seamless transition. Its not about uniqueness but moving
fast. Companies which might want to switch will have it easier given they wont
have to change their code much, and by extension can be deployed faster, and I
will try to sell them on the features we offer extra over the competitors.

I am not sure about copyright/patent infringement so cant comment about that.
Part of what I wrote above might not be allowed, but maybe mentioning
explicitly might be ok .

------
mtnGoat
i think this is a perfect example of:

ideas mean nothing, execution means everything.

you had the idea, but they had the connections(VC, industry, etc) and knowhow
to execute on it faster and bring it to market faster.

Sad, but this is the market we have created! The rich can steal ideas, or do
whatever they want, with impunity because they can defend their questionable
actions in court. This is what AirBNB and Uber were built on.

~~~
mruts
Maybe they're just better? I'm sure A16Z was aware of both and decided to fund
only one. Money (especially smart money like A16Z) goes where it's treated
best, and apparently some smart people think smartcar isn't going to treat
their money as well.

Copying and pasting the docs seems a little egregious, but that's a pretty
small issue that could be changed in a day.

------
caseysoftware
Cloning someone's documentation is _not_ "cloning our product"

Using the Wayback machine, I looked at both company's docs and the navigation
isn't the same -
[https://twitter.com/CaseySoftware/status/1120521768723255297](https://twitter.com/CaseySoftware/status/1120521768723255297)
\- so even the copy/paste job looks like a single page.

Yes, it's absolutely poor form and _may_ be a copyright violation but the
screencaps cover OAuth 2.0, therefore everything - yes, including the
parameter names - _MUST_ be the same, according to the spec.

Without more evidence, this is a nothing burger.

------
mrfusion
Wait, I can make an app that unlocks my car??

~~~
sahaskatta
Yep! Just check out our docs:
[https://smartcar.com/docs/](https://smartcar.com/docs/)

Would love any feedback you may have!

~~~
tijs
The documentation only has a screenshot of the brands supported. Would be nice
to just be able to lookup my car brand and make support in the docs instead of
having to make an Auth flow first...

~~~
dawnerd
Yeah... I went to their homepage and still had no idea what cars they
supported, what features the car needed, etc.

From my understanding though they're just a wrapper API around the car
manufactures existing apis?

~~~
nickspacek
Found this eventually: [https://support.smartcar.com/faqs/which-car-brands-
does-smar...](https://support.smartcar.com/faqs/which-car-brands-does-
smartcar-support)

------
jmtame
Looks like par for the course. This happens all the time and it’s just part of
the game you have to play when entering the markets. A judge or jury will have
to figure out the rest of it, if you have the resources to go that route.
Ultimately you’d be better off viewing this as a distraction. Every hour you
spend on this is an hour you don’t spend on your own customers or hiring your
team to do what matters: execute. And others will pop up just like this, with
more funding and more powerful lawyers.

------
dcolkitt
A lot of good advice on here. Let me add another point, maybe just consider
negotiating an acquisition.

Yes, it does kind of suck they stole your idea. But the fact that they have
$55 million in funding, probably means they're willing to buy you out for a
couple million. One, just to avoid any legal issues. Two, because you've
already done a lot of work on the problem.

Maybe it's worth fighting. But maybe it's also worth considering getting a
multi-million dollar payday, and moving on to something else.

~~~
otoburb
If they go down this route, SmartCar should ask for at least their post-money
valuation based on their last $10M raise back in March 2018[1], not just a
"couple of million".

[1] [https://www.crunchbase.com/organization/smartcar#section-
ove...](https://www.crunchbase.com/organization/smartcar#section-overview)

~~~
stale2002
No judge would agree to that as damages.

The smart car documentation is worth some amount of money. But there is no way
in hell that it is worth 10 million dollars.

In law, there is this concept of "damages". Smartcar did not get lose 10
million dollars because a company stole their docs.

~~~
otoburb
Unless I misunderstood, the parent comment referred to a buy-out/acquisition
route, which is where SmartCar should ask for at least a post-money ballpark
figure -- no judge involved in an acquisition process.

If SmartCar goes for damages, then that's an entirely different ball of wax.

------
itsbilal
Wow, this is as blatant as it gets.

~~~
jbverschoor
Rocket does the exact same thing. Almost pixel perfect clones

~~~
javiermares
Who is Rocket? Could you give us a link, please?

~~~
jacquesm
[https://en.wikipedia.org/wiki/Rocket_Internet](https://en.wikipedia.org/wiki/Rocket_Internet)

[https://www.rocket-internet.com/](https://www.rocket-internet.com/)

------
propman
Would it be beneficial for you to make this a big deal from a political or
media perspective? You seem to have an excellent case, and I would reach out
to major news publications like Bloomberg or the NYTimes now while it’s at the
top of HN. Maybe make a medium article or something for extra exposure as
well?

Are there entities that protect American IP from other countries? Maybe the US
chamber of commerce, or maybe reach out to the government itself.

------
philjackson
You can't copyright an API, right? What are you asking them to stop doing in
the c&d? Copying the website and documentation?

~~~
gnicholas
See Oracle vs Google.[1] It's not as simple a question as it might seem.
Google is currently appealing to the Supreme Court.

1:
[https://en.m.wikipedia.org/wiki/Oracle_America,_Inc._v._Goog...](https://en.m.wikipedia.org/wiki/Oracle_America,_Inc._v._Google,_Inc).

------
kumarski
Reddit faked comments in the early days.

Youtube & Vkontakte hosted pirated content knowingly.

In the early days, iOS apps juiced their valuations with vanity invite metrics
that entailed invite-walls that juiced downloads to access full functionality
of apps. (invite 50 people to use full app features). Some of these were
acquired for 8 figures plus.

Paypal created a bot that bought goods on eBay and then, insisted on paying
for it using PayPal.

Rentoid bought and rented the items themselves.

Dating networks seed enough fake accounts on both sides to start the demand.

AirBnB allegedly created a bot & fake email addresses that would automatically
respond to posts on Craigslist.

Marc Benioff of SalesForce hired fake protesters to disrupt his biggest
rival’s conference and commandeered all the taxis at the event to deliver a
45-minute pitch about his own product. In another instance, he cancelled his
keynote at the Oracle Conference and drew crowds to his own speech at a nearby
restaurant.

Otonomo cloned some code, nothing that was impossible to deduce as well.

~~~
nathanvanfleet
I am not really sure if this is very insightful. Other people having done
something doesn't make it suddenly ethical. The documentary (and book) about
Theranos goes over the "fake it until you make it mentality of Silicon Valley.
It's only a useful tool if you can actually eventually pull it off. Of course
if you can fake it in a way that's not a felony that can help too.

------
hharnisch
I was expecting another company copying the core business logic based off the
title, but it looks like things related to redirect and auth are very (very)
similar.

Nearly every API is going to need solutions for these, and they all look very
similar. I'd be surprised if the redirect and auth parts weren't at least in
some way inspired by other APIs.

~~~
avip
It "looks" like they verbatim copy-pasted the documentation (and the api).

------
nwsm
Am I missing something or did they only copy the OAuth flow? Yes it's
unethical and seemingly illegal, but it's not like this is getting them
anywhere close to a working product. None of the content in the article is
related to any API that actually does something... It's just authorization.

------
daanlo
I am not from the automotive industry, but if they are selling predominantly
to automotive OEMs then I suppose Otonomo can be in serious trouble. Even a
pending IP infringement case could potentially stop OEMs from working with
them. Plus OEMs don't typically like companies that infringe IP, afaik.

------
nige123
A way to avoid this problem is to use a combined copyright + trademark
licence.

"smartcar" feels like a weak trademark and is likely not registrable.
"Otonomo" is inherently more distinctive - making it a stronger mark.

To avoid this problem - "smartcar" needed a stronger trade mark in the first
place. Secondly the API copyright licence needs to work in combination with
the improved "smartcar" trademark.

The Artistic Licence 2.0 for Perl 6 is an example of a copyright licence that
works in combination with a trade mark.

Copyright licences are incredibly flexible - it's possible to restrict server-
side implementations for example. Depending on the business objectives it
should be possible to strike the right balance - binding the API to your
trademark via the copyright licence - could be a good move if your API is a
market-maker.

------
gwbas1c
This just looks like an OAuth flow, which is rather standard.

It's not a good example to use of someone stealing an API.

~~~
omgitstom
Being in the authentication/authorization space for a while, this couldn't be
truer. If OAuth 2.0 was a compelling differentiator from your API standpoint,
they are doing it wrong.

------
joetribiani
Just read through the blog post. it's absolutely nuts.

~~~
joetribiani
I found more pages on their website
[https://imgur.com/a/35wax6T](https://imgur.com/a/35wax6T)

Also their stats dashboard isn't secured:
[https://dashboard.otonomo.io/dashboard](https://dashboard.otonomo.io/dashboard)

you can see public data here

~~~
kthejoker2
Given the title of the Dashboard page is "CES Showcase" I'm confident that's
just an HTML mockup.

------
stonogo
Are they complaining about someone else implementing the same API? Since the
entire point of an API is interoperability, what could the problem possibly
be? Are Smartcar claiming their product is a series of URLs? And that sounds
sane enough to defend?

Or are they complaining this other company is copying their documentation,
which is evidently released with a permissive license? Is Smartcar's product
the API documentation?

Either way, this is far removed from my understanding of how computers work.
Copyright exemptions for compatibility work have a long precedent. If
Otonomo's business model is to build Smartcar-compatible products, and
Smartcar does not like this, it seems like they should have more carefully
considered what their product is, and how to protect it.

------
injidup
When Google clones the java API's the tone here is that API's are not
protected and Oracle are evil gold diggers. Now an Israeli startup copies
API's from another startup and the tone here is completely the opposite.
What's up?

~~~
phkahler
The tone of the post is that way. The comments here suggest quite the
opposite.

------
localhostdotdev
not sure how to formulate it but wouldn't a great execution be very hard to
reproduce? looks like it's copying the external API.

also looking at the other company documentation, it's different from the
screenshots: [https://docs.otonomo.io/docs/getting-
started](https://docs.otonomo.io/docs/getting-started) (archive.org history is
quite limited so may have been scrubbed)

edit: yes those "screenshots" are very disingenuous:
[https://smartcar.com/docs/api#introduction](https://smartcar.com/docs/api#introduction)

~~~
ignoranceprior
Actually, many of the otonomo docs were saved to web.archive.org, last week:

[https://web.archive.org/web/*/https://docs.otonomo.io/docs/*](https://web.archive.org/web/*/https://docs.otonomo.io/docs/*)

And many were saved to archive.fo today:

[https://archive.fo/docs.otonomo.io](https://archive.fo/docs.otonomo.io)

The screenshots look accurate to me, what discrepancies do you see?

~~~
localhostdotdev
yes I meant I didn't see anything very old.

I meant that it's just copying the API format (e.g. probably to make migrating
from the other service easy) which isn't uncommon (e.g. most of AWS services
copied APIs)

------
drinane
Sell your rights to sue them to those Texas class action lawyers and call it a
day.

------
ruchitmatalia
Besides the blatant copy.

I think Otonomo needs to decide whether they using oauth v1 or v2.

Point being, the quality of work is speaking for itself.

JSON FROM OTONOMO \-------------------
[https://consent.otonomo.io/oauth/v1/authorize?response_type=...](https://consent.otonomo.io/oauth/v1/authorize?response_type=code)

curl
[https://consent.otonomo.io/oauth/v1/token](https://consent.otonomo.io/oauth/v1/token)
\

Documents Shows \------------------- response_type

This value must be set to code. OAuth2 outlines multiple authorization types.

~~~
schwap
It looks to me like they only use OAuth2 (based on the authorize/token
endpoints), they just oddly decided to version their OAuth2 api.

~~~
ruchitmatalia
Yeah. I completely missed to see that.

------
adi18g
It's obvious that someone read the SmartCar docs, and copied the oAuth2 flow.
But it's not like SmartCar's API is unique. It's pretty standard flow. Correct
me if I am wrong. Check this, [https://www.oauth.com/](https://www.oauth.com/)
On custom schemes, check [https://www.oauth.com/oauth2-servers/redirect-
uris/redirect-...](https://www.oauth.com/oauth2-servers/redirect-
uris/redirect-uris-native-apps/)

------
trevor-e
Am I one of the few failing to see what is so egregious here? Looking at the
screenshots, the documentation text differs quite a lot. The API structure is
very similar and many of the parameters have the same names, but I thought the
HN crowd generally agrees that API's should not be copyrightable?

To me this looks like a smart business strategy: Otonomo can migrate SmartCar
customers to their platform with very few code changes. With that said,
copying the identifier from the SmartCar's documentation could be seen as lazy
or clever.

------
cromulent
I can't find the Otonomo API docs online. Have they been taken down?

~~~
bytecut
[https://docs.otonomo.io/docs/obtain-consent-from-a-
driver](https://docs.otonomo.io/docs/obtain-consent-from-a-driver)

~~~
prostanac
it seems like they took it down.

~~~
ignoranceprior
Yes, that appears to be the case. (Which in itself is a bit suspicious. Why
would they remove it if they thought they had nothing to hide?)

Anyway, it was archived:

[https://web.archive.org/web/20190416030526/https://docs.oton...](https://web.archive.org/web/20190416030526/https://docs.otonomo.io/docs/obtain-
consent-from-a-driver)

[https://archive.fo/QiMY9](https://archive.fo/QiMY9)

The full list of archived otonomo doc pages:

[https://web.archive.org/web/*/https://docs.otonomo.io/docs/*](https://web.archive.org/web/*/https://docs.otonomo.io/docs/*)

[https://archive.fo/docs.otonomo.io](https://archive.fo/docs.otonomo.io)

------
tcgv
> Otonomo’s docs are a systematically written rip-off of ours

> Did none of the over 100 Otonomo employees (according to LinkedIn) think
> that what they were doing was wrong?

> Today we are taking legal action. We have sent Otonomo a cease and desist,
> demanding that they immediately stop ripping off our hard work.

Is publicly available documentation protected by intellectual property rights?

Since I'm not familiar with the subject I'm trying to understand the grounds
for taking the legal action in this situation.

~~~
DavidAdams
> Is publicly available documentation protected by intellectual property
> rights?

Yes, by copyright. Copyright is one of the most straightforward and easiest to
enforce IP rights.

------
Animats
In general, you can't copyright a "working part". That's why there are 3rd
party auto parts. That's pretty much true in the software area too, although
Google and Oracle are over- litigating that issue.

The idea here probably isn't patentable. "Locate and unlock a car's doors
remotely" is not exactly original.

Just rewording the docs is cheezy. The other party should have done a full
rewrite.

~~~
tjungblut
> The idea here probably isn't patentable. "Locate and unlock a car's doors
> remotely" is not exactly original.

I don't want to be disrespectful and also don't want to condone somebody
ripping off API docs. But if the whole product is nine pretty simple and
straightforward RESTful API endpoints with OAuth2 integration(eg. [1]), then I
have a hard time to understand why there are not hundreds of other companies
doing the same thing. Where is the value here, is it the integration with car
manufacturers?

[1] [https://smartcar.com/docs/api#get-basic-vehicle-
info](https://smartcar.com/docs/api#get-basic-vehicle-info)

~~~
Animats
From a quick search, at least four apps for remote car unlocking are
available. Not clear what makes this new one special.

------
hbglih
Somebody at Otonomo used the Smarcar OAuth 2.0 documentation as a reference
for their own documentation because it is pretty much the same (as it is for
anyone who runs an OAuth 2.0 server).

To conclude from this that Otonomo is "illegally cloning [their] product" is
misleading at best. The Smartcar CEO is obviously pissed that they have a
direct competitor with more funding so he tries to smear them over some
trivialities.

------
foobiekr
Every single instance of professional plagiarism that I’ve encountered in my
working career has been techpubs/documentation. And that has been
exponentially more common for outsourced documentation.

Even solid companies like Arista got bitten by their doc writers cloning Cisco
documentation.

So while this sucks, the most likely explanation for the evidence presented is
at that layer.

------
agotterer
Just because they copied your idea doesn't mean they've won. Executing on that
idea better than your competitors is how you ultimately win. It seems like you
have a bit of a head start, so find a way to take advantage of that. Just
don't forget that many companies with even deeper pockets have tried to knock
off ideas before and have failed. Go execute better than them.

------
thesausageking
Playing the "our small team" card is a stretch for a startup that's raised
$12m from two >$5B funds (a16z, NEA).

It's also a stretch to say their product was cloned. It looks like what was
copied was just a pretty standard OAuth setup, which most developers cut-and-
paste anyway. There's nothing core to the product or even having to do with
cars here.

------
runako
This is obviously terrible, inexcusable behavior...

However, I expected to see that SmartCar (which somehow is not a trademark
violation against the BMW marque?) was a scrappy indie startup being violated
by a company backed by serious institutional money.

TL;DR; Smartcar is backed by NEA and A16Z. (Crunchbase says they have raised
$12mm, which would likely put them comfortably in the top 1% of companies by
capital raised.) This is a spat between two well-funded and well-backed
companies.

None of this is to excuse the behavior of the Israeli company, just
recognizing that the violated company probably has access to more levers than
most to fix this.

------
otakucode
Looks like someone is looking to pull a Peter Thiel. He stole Palantirs
primary product from a developer in Florida. The developer sued and won
completely, with the court openly declaring that Palantir had stolen his
technology lock, stock, and barrel. But... they had enough money that it
didn't matter.

------
foota
It doesn't look like they're complaining about copying the API itself, but
rather the docs specifically.

------
mro_master
Contact Delphi.

------
NicoJuicy
Look who the investors are, go to person's similar in the same niche.

Go for funding, your idea is already validates.

------
ohaideredevs
This almost scares me away from even trying to start a business - I have no
idea how to compete if someone with more money tries to steal it. It seems the
solutions are: 1\. Do some accelerator to get connections and money. 2\. Just
do it and hope you don't get stomped.

~~~
no1youknowz
I used to have these feelings as well.

I'm soon to be jumping into a crowded market as well. Many of my competitors
have had VC funding and do billions per year.

It doesn't bother me in the slightest. I can be far more nimble than they can.
Doesn't matter if they try and stomp me. A bigger company will always do
something in their own interests and piss off a segment of their customer base
which means they will move eventually.

Not only that, because I don't have VC funding. I can always have lower prices
CapEx and move it OpEx instead. As long as I am much lower costs compared to
being with the incumbents then it's a better prospect cost wise to my
customers.

Finally, better customer service, features, ease of use, pricing and roi to
the customer is what matters at the end of the day. If you simply have a much
better product and able to generate and retain trust in your user base. You'll
be alright.

My advice. Just start the business today. Whether or not you get stomped on is
neither here or there. What matters most is the experience you'll get vs in 5
years time when you wish you had started and still scared!

------
singlewind
I read the post, from the documentation I can tell it is a very standard
oauth2 API will look like. Standard like OpenID connect has very specific on
message and query format as well. Do you have more details about API which
related to your product and they copied?

------
vprasanth
This is pretty weird, some of the things, like the fields related to auth, are
just standard oauth data... Granted they providing a very similar service.
Similar products, using similar technologies... I mean yeah, things are going
to look similar.

------
bbulkow
Interesting legal point. Whether an api falls under copywrite is still under
adjudication between oracle and google. Generally apis are fair game, although
that might change.

Otherwise, if you published and they cloned, that's the way the game is
played.

------
modzu
it seems that both companies started up at the same time both have raised tens
of millions. the only direct copypasta i'm seeing is some oauth references
(lame yes, but big deal without the backend code)

why does this post read like david vs goliath? i hate to be such a cynic but
given those two facts this reads to me like a marketing piece

[0] [https://venturebeat.com/2018/03/01/smartcar-
raises-10-millio...](https://venturebeat.com/2018/03/01/smartcar-
raises-10-million-from-nea-and-andreessen-horowitz-for-developers-to-build-
apps-for-connected-cars)

------
TheRealPomax
Can someone explain where the "illegal" part comes in? Copyright would
probably cover the exact text, but it looks like they massaged it enough to
not run afoul of copyright laws, so... which laws were broken?

------
novaleaf
What kind of tools are used to create API Docs like this?

I made a dev-focused SaaS and struggle to find a good way to document API's
directly via the codebase, so that code changes can be reflected automatically
in the docs.

~~~
asmithmd1
I think the de facto standard for creating API docs based on code is to use
[https://swagger.io/](https://swagger.io/)

------
jacquesm
This is bad, but not quite as bad as it could be: they have tons of money and
are ripe for the plucking due to their incredible stupidity at ripping you off
in this blatant manner.

Lawyer up and take them to the cleaners.

------
_1tan
Another company with a similar idea (although I am not aware of any API
similarities): [https://high-mobility.com/](https://high-mobility.com/).

------
WhyKill
Welcome to the world of startups: I hope you developed some secret sauce!

------
thedogeye
The good news is your domain name is sooo much better than theirs

------
FailMore
What would be a smart move for Otonomo now? Complicated perhaps... we are at
Peak HN now, so there is a feeling to calm the storm immediately, but maybe
there is an argument that things will die down and they have not broken the
law (depending on the technicalities re gepoch’s comment), so doing nothing is
prudent, though mean. My gut feeling is to put it right today though, maybe 1)
give $1MM to Smartcar, 2) put a link to Smartcar’s site while the current
document structure exists 3) redo the docs and try to make them better then
Smartcar’s.

------
connorcodes
Man, plagerism is too bad. That's all I can say.

------
isuckatcoding
Slight tangent but can you “copyright” a REST API or UI? Sure, the endpoints
and look can be copied but the secret is the implementation, no?

------
AtomicOrbital
Is there a name and shame site ... other than HN ?

------
sjroot
Looks like the link is down. Is there a mirror?

~~~
mi100hael
[https://web.archive.org/web/20190422133544/https://smartcar....](https://web.archive.org/web/20190422133544/https://smartcar.com/blog/how-
otonomo-is-cloning-our-product/)

------
theaccordance
I would have found the article more damning had the author cited examples
beyond standards-based protocols like OAuth

------
djabatt
In this case hate the game and the players.

------
dragos9191
Serious question here: how does this compare to what Google did in the Oracle
vs Google java api copyright case?

~~~
bob33212
Google was openly copying an API for compatibility. Similar to how a toaster
company may make their toaster support bread exactly the same size as a
competitor does. The toaster company would advertise the compatibility, not
hide it.

In this case this company is being accused or taking the API design as well as
the supporting documentation. Not for compatibility reasons but to represent
the design as their own.

------
z0mbie42
Some may call it 'outsourcing'.

------
foobar1962
Inn't this the Java API Oracle/Sun/Google/Android case, only cast with
different players?

------
agotterer
Serious question: Is it actually illegal to knock off documentation? Is
documentation protected by copyright?

------
dhanvantharim1
Isn't it mostly standard OAuth workflow, Is there something proprietary in the
docs themselves.

------
kristopolous
Same thing has happened to us more than once. I blame the founders for not
seeing the scalable parts and running with them.

I'm tired of building things, getting knocked off and then having to say "welp
didn't see that coming" because I totally did from miles away.

It takes good engineers and good founders. If one group are bozos who don't
listen it doesn't work.

------
darepublic
Even for my simple freelance projects I fork up the dough to make the repos
private.

------
dragos1984
Serious question: how does this situation compare to the google vs oracle case
?

------
jcoffland
> We created a standard API for cars.

Does that not mean anyone else can use the API?

------
znpy
Meh.

APIs are not copyright-able. See the whole Google-vs-Oracle Java debacle.

You can try and go the bad-press route but there's not really much you can do.
That's how the free market works, basically. Also, if an idea is good, it
would have attracted competition sooner or later.

------
perfunctory
"is illegally cloning our product"

isn't it for the court to establish?

~~~
frosted-flakes
No. If I photocopy the Harry Potter books, change the name on the covers, and
sell them as my own, that is obviously illegal. This is the same thing, and
nobody needs to wait for the courts to say that it is illegal.

~~~
perfunctory
I am sorry. Maybe your Harry Potter example is "obvious", but the case in the
blog post is not obvious to me at all. I don't see any verbatim copied
documentation. "overall structure"? Hey, the overall structure of almost any
api doc is pretty much the same. All I see is similar API, which is not
copyrightable, and identical randomly generated identifiers - and it's not
obvious to me that it constitutes copyright infringement.

Let's not do witch-hunting.

------
trpc
does this page ever load? I've tried like 5 or 6 times over the course of the
last 9 hours and never been able to see what the hell that is all about even
with a VPN

~~~
ignoramous
Yes, the page does load.

Try this mirror: [https://outline.com/FfSCUm](https://outline.com/FfSCUm)

~~~
trpc
Thank you, that works

------
jbverschoor
Does this mean I can sell a car and then unlock (steal) it? :)

------
peter_retief
Keep going and look for ways to turn it to your advantage

------
idlewords
I got stuck at "Developers can read our docs and use our API to locate or even
unlock a car’s doors with just a few lines of code"

~~~
tclancy
But you can understand the outrage: now two sets of developers can do this.

I'm still getting over the fact I upgraded the radio on my car back in 2010
with a USB stick and using the driver's side door to control the process. I
think a well-documented API that shows exactly how my car is vulnerable is a
step up.

------
iMuzz
I wish they identified Otonomo's IP address and served them a different
(inaccurate) version of the product to copy instead.

------
badrequest
That's capitalism, baby.

------
nicodjimenez
Suck it up and stop whining.

------
prototyperaptor
Could there possibly be reasonable explanation for this? With big name
investors involved it's likely that respectable and legitimate reporters
wouldn't be interested in digging up the truth.

~~~
mkl
That seems totally backwards to me. Did you mean "unlikely"? The higher
profile the investors, the bigger the news story if something dodgy's
happening.

In either case, how does that relate to the existence of a reasonable
explanation?

------
yayr
API usually have at least copyright protection, sometimes even license
protection.

Although I am not a huge fan of many of their business practices, Oracle has
been quite successful in defending API copyright violations.

[https://searchoracle.techtarget.com/news/2240220840/Oracle-t...](https://searchoracle.techtarget.com/news/2240220840/Oracle-
takes-on-Google-SAP-Comcast-in-copyright-protection-lawsuits)

------
alexnewman
At a certain startup i worked at, we decided to rip off some random strings
from a competitors docs, solely to make them think we ripped them off. In
truth, we started on the product at the same time of them and waited for them
to launch first to use their press and marketing against them.

------
rossenberg79
You blew it. By posting this article and getting to the top of Hackernews you
may have alerted their attention and they may rapidly change everything to not
seem like copyright infringement. Then you might have weak or no claims.

~~~
cadio
Nothing to blow. This is not illegal.

That's why they wrote it up as a blog post and are trying to garner PR from
it.

~~~
rossenberg79
So a postmortem basically.

------
arjunvpaul
"Expecting the world to be fair with us because we are fair, is like expecting
the lion not to eat us because we didn't eat him" \- Paul Graham

I am no Paul Graham, but I think you are wasting your time. Let's say you win
the case next Tuesday and the judge miraculously orders them to shut shop.
They dissapear on Thursday. Then what?

You still wake up next Friday with 99% of the problems (and opportunities) you
had, before you "came across Otonomo’s publicly available API documentation" a
few days ago.

If there's still a little voice inside your head that's sayin - Paul Graham
didn't say that, you are missing the f __*ing point. Start over.

~~~
dragonwriter
> I am no Paul Graham, but I think you are wasting your time. Let's say you
> win the case next Tuesday and the judge miraculously orders them to shut
> shop.

The judge won't order them to “shut shop”, but to pay damages. Though it will
obviously take longer than next Tuesday (but the real objective is to use the
likelihood of a verdict and the harm on both sides to secure a pretrial
settlement which either involves stopping and compensation or just more
compensation that amounts to a buyout.)

