
Ask HN: Take down my reverse-engineered Snapchat lib because they asked? - tlack
A few months ago, I spent a couple days reverse engineering the Snapchat protocol and wrote a quick and dirty library to use it in your own PHP apps:<p>https:&#x2F;&#x2F;github.com&#x2F;tlack&#x2F;snaphax<p>Today Snapchat has written me requesting that I take it offline:<p><pre><code>    Hi Thomas,
    I&#x27;m writing to ask that you remove Snaphax from github
    and no longer publish or distribute it. Snapchat does
    not permit third party software to access our API and
    we consider Snaphax to be an unlawful circumvention 
    device under 17 U.S.C. § 1201(a)(1).

    Please confirm that it has been removed by end of day
    Monday, July 22nd.

    Thank you,

    Micah Schaffer
    Snapchat, Inc.
</code></pre>
I haven&#x27;t had much time to really finish Snaphax (and I doubt I ever will) but I strongly support the idea that third party software should be able to interact with the services I use every day.<p>I am under the impression that reverse engineering is still protected under fair use doctrines. Is this the case? How should I respond, if at all?
======
peterkelly
One important distinction that I see missed here is that of an API vs. a
service.

Snapchat provide a service, which I mentioned in another comment here that
they have every right to enforce terms of service on, and restrict or allow
usage as they see fit.

Snapchat also provide an API (which, in this scenario can also be considered a
network protocol). This API can be used to access this service.

Now that I've had a look at the code, I've noticed that it includes the API
keys which grant programs using this library the appropriate access
permissions for the service. I think this is wrong, and that these keys should
not be included in an open source library. The rest of the code however, is
fine, as it simply implements a protocol.

If I were to develop something like this, I would leave out the API keys and
have the user of the library fill them in. In principle, and as someone else
has mentioned here, it would be possible to develop and operate your own
service which uses this protocol/API. And I see nothing wrong with that.

Well, except of course that the whole notion of an app which presents
information for a set period of time after which the user can no longer view
it is inherently flawed, since eventually someone's going to figure out how to
not erase/hide the information.

------
peterkelly
I've just forked it on Github, as have 25 others (as I write this).

As with file formats, the notion that network protocols & APIs should ever be
granted any type of protection and that no-one other than the creators should
be able to write software that conforms to these protocols is ridiculous.

Snapchat, in my view, have every right to restrict who _uses_ their service
and in what manner - via standard mechanisms like API keys and login
credentials. But preventing third-party implementations of protocols or APIs
is so 90s. Oracle had a bit of trouble with this recently.

One problem I'm personally trying to remedy is the proliferation of various
APIs and protocols for accessing various online storage services (Dropbox,
Google Drive, Box etc) by developing an SDK that supports all of them. We need
more of this kind of these kinds of projects, not less.

Micah Schaffer, if you're reading this, you're welcome to send me a takedown
request and discuss the issue with me. My email address is in my profile.

EDIT: It's at 62 now. I wouldn't be surprised if even Barbra Streisand has
forked it.

~~~
peterkelly
I've actually amended my fork now to remove the API keys, adding the following
instructions:

    
    
      /* Instructions for usage:
         1. Replace YOUR_SECRET_KEY and YOUR_STATIC_TOKEN in the code below with
            the values you have to access the service.
         2. Fill in SERVICE_URL with the appropriate endpoint. */
    

Not that it's going to stop anyone from going to any of the other forks or
retrieving the previous revision of the file, but at least I've now only got
up what I believe to be genuinely acceptable.

~~~
TeMPOraL
Forked from you. 162+.

------
untog
Ignore 99% of the responses in this thread, particularly any that say "I
think...", "It seems fair...", and so on. You're in a legal situation here, if
you are worried, contact a lawyer.

~~~
guelo
Bunk. He spent 2 days on a hobby project with no hopes of ever making any
money off of it. It makes no sense to spend time and money consulting a lawyer
over this.

~~~
untog
Then it also makes no sense to not comply with the request. "It was just a
weekend project" is not a legal defense.

~~~
smartwater
If I complied with every request like this, I wouldn't have made a single
successful website. You shouldn't be so afraid to stand up for yourself.
Entrepreneurs need to have thick skin and not buckle under every little bit of
pressure.

~~~
stingraycharles
Every website you made received requests like these? If you don't mind me
asking, what kind of websites do you make? I've never received requests like
these myself.

~~~
smartwater
I have been asked to remove profiles, data, images, features, the entire
website, the domain, links, the list goes on. Sometimes just a few, sometimes
an amount that would cripple the business. Most of the claims are overreaching
bullying or ignorance. Sometimes they are just completely out of their mind
nut jobs that don't understand how stuff works.

------
DannyBee
Can't give you legal advice, since you aren't my client and i can't ethically
represent you.

In general, though, not taking it down will be a tough path for you.

If you really want to go down that path, get a lawyer (i'm happy to make
recommendations for you), say nothing else here (or anywhere) about your
motivations/goals/whatever, and go that way.

If you don't want to spend the time or the money, take it down .

------
angersock
I considered forking this, but how about doing the bastards one better?

You've already got a client library written--why not go ahead and post up a
conforming backend as well? If you want, shoot me an email with your doc'ed
API, and I'll shoot you back (gimme a week--things on fire right now) a simple
Sinatra mockup.

Clean room all the things!

EDIT:

For an idea of a quick hack of this variety, see my work from last week --
[https://news.ycombinator.com/item?id=6065652](https://news.ycombinator.com/item?id=6065652)

------
cjbprime
There's no "fair use" defense because they aren't asserting a plain copyright
violation -- they're asserting that using their API is a _DMCA_ violation. I'm
not a lawyer, but this seems laugh-out-loud crazy of them, and I'm not aware
of anyone trying that claim before.

So if you want to resist, you could start there: by finding out (possibly by
asking a lawyer to talk to them) how they think your tool is acting to
"descramble a scrambled work, decrypt an encrypted work, (or equivalent
actions)". If you want to do this, you might consider reaching out to the EFF
for help.

Morally, I think you're in the clear for the reason you already gave.

~~~
Plutor
It may be dumb, but it's not laugh-out-loud crazy. In fact, it's specifically
one of the things that the DMCA does. Here's a whole ton of information about
the law:
[http://chillingeffects.org/reverse/faq.cgi](http://chillingeffects.org/reverse/faq.cgi)

And here's an article from the EFF with a few citations of cases where DMCA
article 1201 has been used: [https://www.eff.org/es/wp/unintended-
consequences-under-dmca](https://www.eff.org/es/wp/unintended-consequences-
under-dmca)

~~~
cjbprime
> In fact, it's specifically one of the things that the DMCA does.

Well, the specific thing the DMCA does is to stop circumvention of an
"effective technological protection measure". The crazy thing here is that
there is no such measure: no use of encryption or scrambling -- or even
passwords! -- that I can see, just simply using a network service's exposed
command set. That makes it different to most (if not all) of the case law your
link mentions.

~~~
eli
A private (that is, not published) API Key sure sounds like a protection
measure to me.

~~~
kenbellows
It doesn't sound like the published API key is the problem here. They can
revoke the key, and other users of Snaphax can put their own in the code. I
think the larger issue is the reverse engineering of their protocol.

------
venomsnake
You have created a good Streisand effect here. I approve :) Even if a lawyer
advises you to take it down it will be cloned more than enough times for the
IP to be preserved.

------
tptacek
I would take it down, not because of ethics or legalisms, but because you'll
lose technically. They're making it clear that they don't want interoperable
implementations. All you're doing is poking them in the eye with a stick. You
probably don't have the resources (especially given your lack of interest) to
keep your implementation working; they certainly have the resources to break
your implementation. Why bother?

~~~
evv
Snapchat probably does not want to break all of their deployed-and-delivered
apps.

If they shipped the app/service without a "force the user to update" feature,
they would risk leaving thousands of users in the dark.

And if they did modify their protocol, it would probably get reverse-
engineered again, either by the OP or somebody else.

------
late2part
A lot of times when you use a product, you're required to agree to an EULA
wherein you promise/commit to not reverse engineer a product or its protocols.
If you did use snapchat as a registered user, this issue could affect you
negatively.

Another alternative is to mail them back and ask them for clarification. Why
do they consider it an infringement?

The law clearly states the following:

    
    
      (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
      (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
      (B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
      (C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
    

The way I interpret this is that if one is overcoming some encryption or
authentication scheme, it may be disallowed under the law. If one is simply
observing a protocol online, then one may be doing something bad as this says.

~~~
PeterisP
It depends on your location - in sane jurisdictions, EULAs aren't worth the
paper they're not written on. But it looks like that USA is not one of them.

At least for me any EULAs that aren't signed before purchase (i.e., all
shrinkwrap or clickthrough "agreements") aren't binding unless I choose to -
B2B sales with explicit signed contracts would be binding; or if I want to do
something that by law requires permission (i.e., redistribution instead of
just using the software) then I might accept an 'EULA' such as GPL.

~~~
belorn
Law always depend on the local jurisdiction. You are spot on that observation.

EULA is regarded as a contract in "most" (or all?) jurisdictions, and as such,
depend on contract law to define what is allow and what isn't. EULA's is also
regulated under consumer protection laws. Since each state in the USA have
slightly different kind of consumer protection and contract law, one would
really need to dig down into the law books to decide if the EULA is at all
legally binding in a specific state.

But I have one correction to mention. Copyright licenses are not viewed as
contract in the USA. Copyright licenses like GPL are granted permissions,
waiving the right to sue distributors under specific situation. If the
distributor get sued for distributing GPL software, then it is she who must
raise the license as protection. "I got right to distribute this copyrighted
work, because I received this license who says I can". The license "terms"
only specifies under what situation permission have been given.

In EU however, licenses are contract and under contract law. As such, the
permission to distribute can be revoked if contract law has been violated.

------
milesokeefe
A few weeks ago I was halfway through the process of reverse engineering the
Snapchat API myself, when I found your library. I just wanted to say thanks
for saving me so much trouble.

------
dragonwriter
> I am under the impression that reverse engineering is still protected under
> fair use doctrines. Is this the case?

Not insofar as the reverse engineering is used to produce an anti-
circumvention device under the DMCA (that is, the reverse engineering _itself_
is still just as protected as it used to be, but that protection does not
extend to making the anti-circumvention device available.)

Note that there is still the issue of whether what you've actually is an anti-
circumvention device.

> How should I respond, if at all?

If the project is worth the cost of consulting a lawyer, you very likely
should do that so you understand better what your exposure here is and can
make a more informed decision than you would be able to make based on lay
advice you might get from HN. If its not, you should probably take it down.

------
simonster
At this point, I would just remove it. Since this is on the front page of HN,
there's no way Snapchat can make the code disappear anyway.

If you need legal advice, I recommend seeing if SFLC
([http://www.softwarefreedom.org/](http://www.softwarefreedom.org/)) will help
you. In the past, I worked on a free software project where we willfully
ignored a cease and desist notice and got sued by a large multinational
corporation, and they were awesome.

------
venomsnake
I hate to play devil's advocate here (especially since I already have a post
here) but I had a thought. For Snapchat some of the biggest selling points are
the self destruct abilities of the media sent. So an unauthorized client puts
a stake trough the heart of that claim (and the company). I see why they may
be worried, but I think that they should have communicated their concerns more
clearly and pleading, and not intimidating.

~~~
tlrobinson
Exactly. "Self destructing" messages are an illusion. Publicizing this fact
may be bad for Snapchat's business, but it's good for their users who have a
false sense of security.

~~~
jtome
When I heard of snapchat I spent two seconds figuring out that turning off
your data connection after receiving the photo allows you take as many
screenshots/view the picture as many times as you want (I have no idea if this
still works).

------
jwcrux
Like many others have said, it would be best to consult an attorney if you're
concerned.

However, while you may not be able to distribute software which uses the API,
I think many people would enjoy/benefit from a post describing how you
reversed it and what steps you took to create the library.

------
ams6110
"Written" as in sent you a registered letter? Or was this an email?

I don't know anything about the Snapchat API but if it's simply undocumented I
don't see how that would be a "technological measure" of "effective control."

If you had to sniff or crack an API key of some sort, maybe that does.

In any event, it seems like a friendly enough request, maybe take it down as a
courtesy pending their clarifying exactly what "technological measure" of
"effective control" they think it "circumvents." Depending on their response
and how much you think you want to push it, you can then decide what to do.

------
stevekemp
I'd consider it good-faith reverse engineering for the purposes of
interoperability.

I'd ignore it. If they want to go hard-ball they'll threaten to sue/actually
sue. Until then keep silent.

------
kposehn
Morally, I would take it down.

It is all well and good to write these sorts of things as a demo, but
distribution is something where I would defer to the actual owner of the API
in question.

After all, how many of us would want someone creating an unauthorized library
to a private API that we don't wish to have public?

~~~
peterkelly
As was ruled in the recent Oracle vs. Google case, APIs are _not_ subject to
copyright protection:

[https://www.eff.org/deeplinks/2012/05/no-copyrights-apis-
jud...](https://www.eff.org/deeplinks/2012/05/no-copyrights-apis-judge-
defends-interoperability-and-innovation)

~~~
patrickmay
You're responding to a moral argument with a legal argument.

Snapchat developed the service and the API. They don't want alternative
implementations of the API to access their service. Morally, publishing such
an alternative implementation is questionable. At best, it is discourteous in
the extreme.

If someone asks you not to copy the product of their creative work, what moral
justification do you have for doing so?

~~~
peterkelly
I see this case as being different to copying someone's work. I do admit it's
a bit morally questionable, in the sense that it's something that Snapchat
doesn't want people doing. However, my view of the relationship between
Internet services and client software which accesses those services is such
that alternative implementations of both should be considered legitimate.

You have raised a very good point though, and it's certainly made me revisit
my take on this. I've personally been the victim of others taking copies of my
app and selling it under different names (which I obviously _do_ have a
problem with). However I've also seen other people implement similar features
and a similar UI to my own app, and I _don 't_ have a problem with that - we
only got to where we are today because of the spread of ideas through these
means (see: Xerox PARC and all the companies that have used their work).

In this particular case there was no IP violation. It was simply an
alternative implementation of a network protocol - and in fact it was just a
library, not an application in and of itself. The only thing I think the
author did wrong was to include the API keys.

------
mattmaroon
Here's what I'd do if I were you.

First, I'd ask myself how much I care about this. Do I care enough to pay
legal fees to defend myself if Snapchat decides to come after me? If yes,
consult an attorney and find out what you're looking at. Ignore any legal
advice you get here. Unless it's from an actual attorney on your payroll (and
attorneys you aren't paying won't give you much beyond an initial
consultation)

If no, you've got an easy choice: take it down.

------
willaaye
Book a session for today with Lior on LiveNinja. He specializes in this kind
of stuff and can help you out for sure:
[https://www.liveninja.com/liorleser/](https://www.liveninja.com/liorleser/)

------
Shank
If they really had any standing, wouldn't they have sent the DMCA takedown
request to github instead? Or are they just afraid it would be negative on
their part to be permanently in
[https://github.com/github/dmca](https://github.com/github/dmca)?

------
jrochkind1
If you want to keep it up, you should contact a lawyer.

It _may_ indeed be illegal under the DMCA to distribute. Or it may be legal,
as there are some exceptions for reverse engineering etc.

Nobody here knows. Heck, even a lawyer might not know, but a laywer will know
your level of legal risk and possible expense.

------
Splendor
Whatever you decide to do, don't make posts like this that could potentially
be used against you.

~~~
K0nserv
Just how can this post be used against him?

~~~
ams6110
Anything you say can be used against you by a creative lawyer. Hence Miranda
for criminal suspects. In civil cases you don't get that warning, but it's
generally best to keep your mouth shut except when talking to your own
attorney.

------
kevincrane
This is completely off-topic, but I'm curious. How does one go about "reverse
engineering" a protocol like what Snapchat uses? Do you just listen in on the
bits that the phone sends (say, with Wireshark) and kind of guess and poke at
it to see what each part does?

Edit: after some research (like reading TFRepo), I found some links mentioned
that give some info in case anyone else is curious too.

[http://adamcaudill.com/2012/06/16/snapchat-api-and-
security/](http://adamcaudill.com/2012/06/16/snapchat-api-and-security/)

[https://github.com/tlack/snaphax#motivation-and-
development-...](https://github.com/tlack/snaphax#motivation-and-development-
process)

~~~
bsilvereagle
I suspect packet sniffing to see what is being sent and when.

------
osth
Schaffer: "... we consider Snaphax to be unlawful circumvention device under
..."

Lackner: Mr. Schaffer, are you a lawyer? Please elaborate on why you consider
Snaphax to be unlawful circumvention. I will assess the merits of your
argument and then make a decision.

While people in this thread all give the customary knee-jerk "get a lawyer"
response, consider that:

1\. The request did not come from Snapchat's lawyers, if they have any
retained for the purpose of DMCA claims. Surely they must, right?

2\. It does not state what happens if Lackner does not comply. There's no
threat of legal action. It just asks Lackner to remove the code from Github.

As such, there's no reason not to ask Schaffer to clarify why he thinks there
is a problem.

If lawyers are not involved yet, then asking questions is free.

If this was a clear DMCA violation, then why didn't Schaffer send this to
Snapchat's lawyers to handle?

Maybe because he might not get the answer he wanted: that it's a clear DMCA
violation and an easy win for Snapchat.

Any lawyer can be asked to send a threatening DMCA violation letter. They will
almost always say, "Yes, we can do that for you."

But sending a threatening letter does not mean it's a slam dunk win if the
recipient does not comply with the demands in the letter. Sometimes threats
are hollow. The sender may have no intention of pursuing litigation any
further than sending demand letters. It simply might not be worth the money to
pursue litigation over something like Snaphax. If this bit of PHP was that big
of a deal to Snapchat, why didn't the request to remove it from Github come
from Snapchat's lawyers? Where's the line about purusing all legal remedies?

Not to mention that by sending a threatening letter with no details on why the
sender thinks the code at issue is a DMCA violation, there's a risk that the
recipient might post a link to the code on HN and set off a "Github fork
bomb". Ouch.

~~~
jessaustin
Yes, you've got it exactly. I speculate that the reason lawyers aren't
involved is lawyers cost money, and the Snapchat board has already decided
that Schaffer flies off the handle at innocuous bullshit too often. That's why
he's allowed to send out this special form letter, and not allowed to approve
legal invoices.

------
dumbfounder
I don't see your moral high ground here. Snapchat never opened their service
and then closed it on you leaving you stranded. They have a service that you
reverse engineered knowing it was a closed service and they sent you a pretty
nice letter asking you to stop. Should they have made their service more
secure? Yes. Does that give you the moral high ground? Hell no.

But, I personally wouldn't worry about it. If they really felt strongly they
would send something to GitHub asking to have your project removed. If GitHub
takes it down that means they are either being douchey and covering their
butts, or they believe the request has legal merit.

------
rhizome
17 U.S.C. § 1201(a)(1) claim is BS. Terms of Service and/or "Company Policy"
is not a copyright protection mechanism.

------
antitrust
[http://www.law.cornell.edu/uscode/text/17/1201](http://www.law.cornell.edu/uscode/text/17/1201)

There's the statute, for you armchair quarterback-lawyers out there.

------
jgv
Sounds like the streisand effect for these guys
[http://en.wikipedia.org/wiki/Streisand_effect](http://en.wikipedia.org/wiki/Streisand_effect)

------
josephlord
Not a lawyer or in US.

If you reverse engineered rather than copied from Docs or header files I don't
believe it should be copyright infringement. Note that the Google Oracle case
currently being appealed seems wrong to me as I think copyright on complicated
API's are reasonable (many disagree with me) although fair use and antitrust
arguments should in many cases allow reimplementation. Anyway in statutory
terms I don't see a problem. However...

It is likely that you agreed to Snapchat's terms of service at some point and
it is also likely (I haven't read them) that they contain clauses forbidding
permission to reverse engineer and/or access the service without using
official clients. This opens up possibilities for breach of contract legal
action and more worryingly computer crimes prosecution for unauthorized
access. This conversion of minor contract breaches into computer hacking
crimes is horrible law but it seems to be current reality. Be careful.

I don't know if you are in a better or worse position if you use the software
without agreeing to the terms and conditions.

------
orcasauce
While this does technically violate 17 U.S.C. section 1201 (a)(1) according to
other case law, I feel the responsibility is upon Snapchat, Inc. to make
sufficient attempts to prevent such subversion. RE is always a sticky area,
and because it appears you needed to pull some form of cryptographic keys out
of that process, you are likely in an unenforceable region of a DMCA
violation.

~~~
rhizome
Which cases have found support here?

~~~
morganw
Chamberlain v. Skylink
[http://en.wikipedia.org/wiki/The_Chamberlain_Group,_Inc._v._...](http://en.wikipedia.org/wiki/The_Chamberlain_Group,_Inc._v._Skylink_Technologies,_Inc).

actually went the other way, but Chamberlain's argument was an interesting
one: the copyright-able "work" was the code that ran in the garage door opener
that actually opened the door. That code was protected against running (access
in 1201 a) by the remote's code system.

The judge got access to the code v. access to the customer's garage mixed up
and ruled against Chamberlain because it seemed silly. The DMCA _is_ that
silly, though and extreme unintended effects cases like this are the way to
get support to re-write digital-age copyright.

Here, there are two access controls (control over access to running
(accessing) copyrighted code on Snapchat's server) in question: the API key
and use of that key. Is supplying one part of a circumvention device (the
library) without the other (the API key) still a 1201 a violation? Patent law
has provisions against "independent" manufacturers supplying parts that
together violate a patent, but alone do not. MGM v. Grokster already tried to
bring some of that reasoning into copyright (case) law.
[http://en.wikipedia.org/wiki/Inducement_rule](http://en.wikipedia.org/wiki/Inducement_rule)

The less interesting, but more dangerous to the O.P. question is the T.O.S.
violation. Pure reverse engineering is done without access to documentation
about the thing reversed. Purest has two teams: one to analyze and write an
expression-independent specification and another to implement that spec.

~~~
rhizome
So, no caselaw actually touches 1201(a)(1) in this way, contrary to GP's
assertion?

------
dmuth
One thing I'd like to note is this line from Snapchat's email:

> Please confirm that it has been removed by end of day Monday, July 22nd.

Essentially, they're giving the poster less than a full day to act on this.
That strikes me as a high pressure tactic on Snapchat's part designed to get
the poster into pulling that library before taking the time to consult with an
attorney.

130 forks and counting.

------
zacman85
I highly doubt this has anything to do with stifling innovation. Given
Snapchat's popularity, it would make a lot more sense that they are trying to
restrict 3rd party access to cut down on spam. Nothing will be more
destructive to their service than bots churning out huge amounts of spam,
undermining the trust they have built with their users.

~~~
orcasauce
The issue with their claim, I believe, is that the software isn't really
circumventing any protections in place. It is simply using the existing
publicly facing API. If the software made clear attempts to prevent this API
from detecting or locking it out, then that would be an absolute violation,
but I don't believe pulling crypto keys and reimplementing the API after REing
it is necessarily a DMCA violation. Certainly it violates some other things,
considering it is difficult to prove a clean-room situation when it was all
done by one person. Seriously though, Snapchat should be focusing on hardening
their API rather than trying to shut down imposter APIs.

~~~
zacman85
Agreed. They should definitely lock it down for their internal use (and
eventually provide a public API). I would imagine that in a young company that
is moving fast, there is a high potential to overreact or to appear to because
of canned responses.

------
mikhailt
They give you less than 12 hours to respond? Really?

I would seek a lawyer if you can afford one and if not, then you can't afford
a lawsuit either, so in this case, pull it offline. If you do the latter, you
should post the results of your research somewhere, this can't be taken down
as it is sharing information and not an API tool.

------
dspillett
It very much depends where you are and what you can afford in legal fees.

When you signed up you will have agreed not to do this sort of thing in the
terms and conditions - whether that is legally enforceable or not could be
expensive to prove either way. Though the worst they can do you for here is
breach of contract.

With regard to "copyright circumvention": un-rot13 has been classed as an
encryption circumvention device before now, so don't bank on the law having
any common sense here.

My advice:

1\. If it is just a weekend project it isn't worth the hassle, drop it as
requested.

2\. If you really care about it, lawyer up and prepare to fight.

In either case post to HN and as many other places as you can that are
relevant to make sure their status as litigious wankers is recorded as far and
wide as possible ;-)

~~~
lucb1e
un-rot13 is encryption circumvention? Source?

~~~
poizan42
He was probably refering to this:
[http://en.wikipedia.org/wiki/United_States_v._ElcomSoft_and_...](http://en.wikipedia.org/wiki/United_States_v._ElcomSoft_and_Sklyarov)

------
tesla22
I used Snaphax to make a website of mine,SnapSave.me! You did a great job.
Please don't take Snaphax offline. There's no other library on the internet
like it. I don't know what the legal ramifications are but your work is making
a difference.

------
equity
I would seriously question whether 17 U.S.C. § 1201(a)(1) is relevant at all.
This law is specifically for "Circumvention of copyright protection systems".
Does Snapchat own the copyright of pictures distributed using its software? or
rather do the users own the copyright? I suspect the answer to this is the
latter -- that users own the copyright to the works distributed, and this
would render the law irrelevant. Moreover, I would argue that the software
protections put in place by Snapchat are for reasons of privacy not for
reasons to enforce copyright.

------
scotty79
Why creative people don't leave US? There's a whole world out there where you
could respond to such message with simple obscenity and never think of it
again.

------
bholzer
I spent the last couple of hours making a ruby clone if anyone is interested
in taking a look or wants to help. For some reason, The decryption has stopped
working in the past half hour. They couldn't have changed they key or
anything, so I'm not sure what went wrong.

[https://github.com/bholzer/RubySnap/blob/master/rubysnap.rb](https://github.com/bholzer/RubySnap/blob/master/rubysnap.rb)

------
drdaeman
IMNAL, but if they aren't filing off a DMCA notice (but asserting it's a DMCA
violation), why care?

I persume they can't file a lawsuit without filing DMCA takedown notice first?

If so, when they'll file the notice, GitHub'll take it down (as they usually
do). Then you may consider filing counter-notice (if you can afford legal
action) or, I guess (IMNAL!) ignore the whole affair.

Anyway, you'd better consult a lawyer.

~~~
dragonwriter
> IMNAL, but if they aren't filing off a DMCA notice (but asserting it's a
> DMCA violation), why care?

DMCA notices -- by which, presumably, you mean takedown notices -- are only
required to a third-party that is otherwise within the DMCA safe harbor
protecting hosts of allegedly-copyright-infringing user-submitted content to
choose either to take the content down or forfeit the protection of the safe
harbor. They have nothing to do with actions against direct violators of
either the main body of copyright law or the anti-circumvention provisions of
the DMCA.

> I persume they can't file a lawsuit without filing DMCA takedown notice
> first?

You presume incorrectly; even if the alleged violation was of the type to
which a DMCA takedown was relevant, they can sue the offending party (though
not a third-party host within the safe harbor) without a takedown notice.

------
frasierman
Just spitballing here, but couldn't you just remove the hardcoded URLs and let
users paste in the Snapchat URL so they'd be breaking the TOS, not you?

Technically, it wouldn't be utilizing their API, it would just be a PHP
library for accessing APIs that happen to use their exact API call structure.

I know it's a long shot, and it may not hold up, but I think it's better than
just taking it down.

------
CoryG89
And...... cloned. Sure go ahead and take it down XD.

------
ada1981
It looks like the law is written to prevent people from writing code to
decrypt or descrambler signals (like cable TV or payperview). But I'm not a
lawyer. Is there a place someone could post the code anonymously? My guess is
this is a threat which wouldn't hold up / but they also have cash and lawyers,
which is most of the legal game anyway. Good luck.

------
ed56
I wouldn't recommend going toe to toe with a technology company when there is
nothing worthwhile to gain (If there is something worthwhile, then see a
lawyer). Morally I think the project should be able to stay up. However, I
would avoid the legal system at all costs. The stress isn't worth it.

------
MorningInfidel
...aaaaand cloned :)

------
pyalot2
Streisand effect

------
jbrooksuk
I've duplicated it into a private repository. Reference, if you will.

------
lewisflude
I'd take it down if I were you. It's not worth it. If you do feel really
strongly about keeping it up for moral reasons, then contact a lawyer.

------
aetch
Quick, everyone fork.

------
jessaustin
Where's Snapchat? Don't they read HN? What do they have to say for themselves?
Have they finally spoken with an attorney?

------
mmgutz
Forked and I don't even like PHP :) United we stand.

------
cliveowen
The request might be unfair, but I wouldn't risk it.

------
macinjosh
fork snapchat, I'm forking this repo.

------
wilfra
I got the 100th fork!

------
fascinated
The outcry! The injustice! Sigh

