
WhatsApp issued takedown against alternative clients a week before acquisition - martinml
https://raw.github.com/github/dmca/master/2014-02-12-WhatsApp.md
======
dpe82
I wouldn't read too much into this. As part of their purchase agreement
WhatsApp likely needed to say that they had been diligent in maintaining and
defending their copyrights and trademark. That's pretty standard in a
financing, so I'd imagine it's a standard part of M&A deals. It probably
turned up during due diligence that they had some "cleanup" to take care of in
order to not be lying when they made that representation.

~~~
Niten
It's pretty disgusting to dismiss this level of abuse of the DMCA (these
aren't even legitimate copyright issues!) and legal bullying under the guise
of standard operating procedure. It's over-the-top wrong.

------
yuvadam
I own one of the affected repositories, and submitted the original link to HN
the moment I got an email notification about it from Github [1]. It's a shame
we didn't get the discussion going earlier.

IANAL, but what the hell does a security POC (and an unofficial API derived
from it) have to do copyrights? On what grounds did a repo get chosen for
takedown? Is it the "whatsapp" in the name? What about a simple
"x.whatsapp.net" connection string in the code? Is that infringement?

Either way, shitty move by WhatsApp.

[1] -
[https://news.ycombinator.com/item?id=7230041](https://news.ycombinator.com/item?id=7230041)

~~~
eli
You're aware that you have rights under DMCA too? File a counter-
notification[1] explaining why you think the takedown isn't valid and Github
will likely put the repo back online. And if WhatsApp doesn't like it, they
can sue you.

[1]
[http://www.chillingeffects.org/dmca/counter512.pdf](http://www.chillingeffects.org/dmca/counter512.pdf)

~~~
tn13
With $19B in pocket they can totally ruin his life with a lawsuit.

~~~
Bluestrike2
Assuming you're filing a counter-notice in an instance where you have a good
faith belief that the original takedown notice is in error, and that you can
support that belief, it's rather unlikely that the counter-notice alone will
make the supposed copyright holder more disposed towards litigation.
Especially if they knowingly misrepresented matters in the takedown, opening
themselves up to damages and attorney's fees.

In any case, they can already sue you regardless of whether a takedown notice
is issued in the first place. :)

------
skywhopper
Interesting. Trademark law is probably pretty strong against repositories
named "WhatsApp" or something very similar. Using the logo without permission
as well.

Describing a project as "working with WhatsApp" would probably not be an
actionable trademark infringement. Code that works with the WhatsApp API is
almost certainly not "infringing", unless there's some "encryption" going on.

Unfortunately the DMCA takedown rules are such that Internet providers such as
Github have basically no direct recourse and refusing to comply is not an
option. Additionally, complainants don't have to prove much of anything to
issue a takedown notice to a service provider. This is a seriously broken part
of copyright law, IMO.

~~~
skywhopper
That said, this complaint doesn't appear to me to be explicit enough to meet
with GitHub's takedown policy ([https://help.github.com/articles/dmca-
takedown-policy](https://help.github.com/articles/dmca-takedown-policy)),
which requires "Identify the copyrighted work you believe has been infringed.
The specificity of your identification may depend on the nature of the work
you believe has been infringed, but may include things like a link to a web
page or a specific post (as opposed to a link to a general site URL)." But the
complaint itself, besides mentioning trademarks and the WhatsApp name, only
says "unauthorized use of WhatsApp APIs, software, and/or services". But the
existence of code that _can_ use the WhatsApp API is not the same as actually
using WhatsApp's services in an unauthorized manner, so I think this is ripe
for some pushback.

WhatsApp can easily enough restrict API access to its own clients if it
chooses to do so, which is a far better solution than trying to shut down
what's apparently an easy library to write.

~~~
ig1
How would you propose they do that ? - there's nothing magical they can do
that will identify official clients that third parties couldn't replicate.

~~~
imdsm
Surely that is their problem?

~~~
chc
And surely taking action against parties who exploit that fact is their
solution.

~~~
lowboy
How does an security PoC and API library fall under the DMCA? See this
comment:
[https://news.ycombinator.com/item?id=7273662](https://news.ycombinator.com/item?id=7273662)

From what I recall, the DMCA is about copyright and trademark infringement.

~~~
eli
The DMCA is also about "anti-circumvention". It makes it illegal to remove DRM
that protects copyrighted content, or to create tools that do so.

That said, this takedown looks pretty bogus to my (untrained) eye.

------
void-star
Wireshark dissector plugin? taken down? I haven't really followed wireshark
goings-on in a while, but wow... just wow... I don't think i've seen this
before:

[https://github.com/davidgfnet/wireshark-
whatsapp](https://github.com/davidgfnet/wireshark-whatsapp)

My apologies for the bile, but I can't help but call out my reactions to this
news...

1\. facebook (you: I expected this from, you we're already #1 on this
s#17list) 2\. whatsapp (sell-out!) 3\. github (highly disappointed watching
you just lay down and immediately comply shutting down these repositories)

I'm considering moving all my code off of github over this...

------
FiloSottile
With the poor, let's say terrible, security posture WhatsApp always had, this
is really not the way to communicate the message that they care and want their
software to be scrutinized. Open implementations are a great help to any
reverse engineer trying to figure out the mess that is their protocol.

This is exactly what triggers full disclosure.

~~~
dotBen
_" this is really not the way to communicate the message that they ... want
their software to be scrutinized"_

To be fair, isn't the case for most proprietary software - even for the most
security-concerned closed-source companies?

No one at WhatsApp has ever warrented that their software is open source, that
they want to produce open source or that they share open source values.

~~~
FiloSottile
_" isn't the case for most proprietary software - even for the most security-
concerned closed-source companies"_

Frequently, and it is an attitude I really dislike.

A serious dedicated attacker can replicate the reversing work quite fast, but
this kind of things make it really hard to dedicate a couple of hors to
assessing the quality of a protocol.

Moreover, they demonstrated not to be security-concerned, so this comes to me
as covering tracks, even if it isn't.

------
tgalal
I own 3 of the affected repos:

Yowsup [https://github.com/tgalal/yowsup](https://github.com/tgalal/yowsup)
MIT License

It is a library that implements WhatsApp's protocol. It is built on community
effort of reverse engineering WhatsApp's protocol. I created this in first
place to bring WhatsApp on an unsupported platform (Nokia N9/ meego platform)

Wazapp [https://github.com/tgalal/wazapp](https://github.com/tgalal/wazapp)
GPLv2 License

This is a UI frontend to Yowsup for Nokia N9. Nokia N9 is the only smartphone
produced by Nokia which never got WhatsApp support. I created this client
because I wanted to use WhatsApp on my Nokia N9. The code is totally decoupled
from Yowsup, and does not use WhatsApp in its name. You can see its icon here
[http://everythingn9.com/wp-
content/uploads/2012/05/wazapp.pn...](http://everythingn9.com/wp-
content/uploads/2012/05/wazapp.png) which for me looks different enough from
official client's icon.

OpenWA
[https://github.com/tgalal/OpenWhatsappBB10](https://github.com/tgalal/OpenWhatsappBB10)
GPLv3 License

This is also a frontend to Yowsup, but for Blackberry 10. It is a little bit
similar case as Wazapp. I created this for BB10 when WhatsApp initially said
they're not supporting that platform. Again, this is decoupled from Yowsup,
has same icon as Wazapp. Its name though on Github is OpenWhatsappB10, as a
project name. However, the real app name is OpenWA. Perhaps a rename of the
repository would be sufficient ?

~~~
DjangoReinhardt
I was toying around with your (quite excellent) Yowsup library a little while
ago and the one question I always had was this: Since WhatsApp doesn't have an
official library, wasn't Yowsup always in the cross-hairs?

I mean, it was only a matter of time before they clamped down and claimed that
you were violating section 3.A.iii of the ToS by reverse-engineering the
WhatsApp protocol, right?

Don't get me wrong, I would have loved it if Yowsup was allowed as an
(unofficial) API - or something like that. However, as a newbie to the world
of programming & software development in general, I am trying to understand
what was wrong about the DMCA notice. What, in your opinion, should they have
done instead?

------
tsaoutourpants
That is _not_ a DMCA takedown request. It is merely a takedown request. The
person to whom it was sent has no obligation to comply.

~~~
comex
The copyright part is.

Also, I wouldn't describe the DMCA safe harbor as an obligation to comply.
More of a benefit to complying that doesn't apply to trademark (with the
default in both cases being susceptibility to hypothetical lawsuits).

------
1337biz
Interesting to see how the priorities beginning to shift once somebody gets
ready to make a deal with the devil.

------
goatforce5
> This continues to cause significant harm to WhatsApp.

$16bn says otherwise.

~~~
cbhl
Maybe libraries/clients would impact WhatsApp's ability to rework their
backend to use FB infra now that they've been acquired?

~~~
erichurkman
But they are third party libraries; WhatsApp has no obligation for backwards
compatibility.

~~~
Jtsummers
Yes, but... With a sufficiently widespread third party library they risk a
backlash with their userbase. Social networks depend so much on the network
effect to bring in users that cutting out a large chunk of users all at once
because the protocol changed could cause more users to drop out.

Thinking about it, I wonder how much AIM and MSN Messenger's fights against
third party clients messed up their user bases.

~~~
gamblor956
Their userbase uses the Whatsapp app that comes bundled with their phones on
many intl carriers. I don't think they care about the 0.0001% of their
userbase that uses third party clients.

~~~
Jtsummers
Presently, correct. But that's the risk of allowing third-party clients with
an unpublished protocol spec. _Right now_ they can break anything they want.
If they don't limit third-party clients, their hands could become tied by too
many people using it.

EDIT: Note: I'm not a fan of proprietary protocols. I'm just describing what I
see as the position of a company that wants to monetize a network like this.
If the network and client is the revenue source, then third party clients work
against you. Allowing the third party clients to gain too large a share of
your user base means that breaking compatibility could have significant
network effects _against_ you as those users move to another platform and
bring their friends and family along.

~~~
erichurkman
MSN made a ton of protocol changes even after there were a lot of third party
clients. Trillian, for example, was very popular. Trillian had updates out for
MSN changes typically within a day or two.

~~~
Jtsummers
Thus my question:

I wonder how much AIM and MSN Messenger's fights against third party clients
messed up their user bases.

------
comex
IANAL, but these claims can't last. To the extent those projects are using
WhatsApp's trademarks or copyrighted logos, they can stop infringing by
renaming and removing the logos. There might be a "hacking" claim against
users who use that software to access WhatsApp's servers, but not copyright
(assuming WhatsApp doesn't claim copyright over messages sent through the
aervice), of unknown validity, and probably not enforceable against a site
which merely hosts code to do so. I think.

------
WizzleKake
It looks like Github has pulled a bunch of the repos, including the ones that
don't even have "WhatsApp" in their names.

Is this because they had something like "compatible with WhatsApp" in their
descriptions?

If I were repository owners and/or paying customer of Github, I would not be
OK with this.

~~~
instakill
I have a repo called whatsapp analyzer. Guess it was looked over.

------
wreegab
People really liked this one: [https://github.com/davidgfnet/whatsapp-
purple](https://github.com/davidgfnet/whatsapp-purple)

Starred 419 times.

------
viraptor
> unauthorized use of WhatsApp APIs

Does that actually have anything to do with copyright or trademark, or are
they just very takedown-happy lawyers?

~~~
icebraining
I don't think that has been decided yet. It was the main issue during the
_Oracle v. Google_ trial, but if I remember correctly, the judge declined to
rule on whether APIs could be copyrighted or not.

------
TallGuyShort
I've enjoyed looking through that Github repository. Lots of snarky comments
in the commit log about requests from Sony.

------
chenster
This is the HTML version:
[https://github.com/github/dmca/blob/master/2014-02-12-WhatsA...](https://github.com/github/dmca/blob/master/2014-02-12-WhatsApp.md)

------
chid
Interesting, so what would happen if I were to upload a copy of these repos
under a new name? (not that I was going to)

------
bachback
666 github stars for the repo :)

------
snkcld
wtf. i had no idea this could be done to open source code.

~~~
jotato
From what I understand, companies _have_ to do stuff like this. By not
protecting a copyright or trademark you are, in effect, giving it up.

Calling your API "node.whatsapp" _is_ using their trademark, and they do have
the right and responsibility to protect it.

It doesn't make them wrong; just a jerk :)

~~~
skywhopper
They have to do it to protect trademark, but not copyright. I'm not sure
there's any real copyright claim to be made here. The DMCA does have
provisions against reverse engineering etc. It's not clear to me from this
notice exactly what's believed to be infringing other than the Trademark
claim, which is pretty straightforward (and easily gotten around).

~~~
captainmuon
I always wondered, if a company doesn't really want to protect their trademark
(too much hassle), but has to, can't they just grant people a (temporary,
revokable) right to use the trademark pro forma?

I remember seeing a company (something Linux-related) that had a very strict
trademark policy, and they did sue people who used their logo or their name,
or event something different but similar. But their web site had a form where
you could just enter your email address and name, and it would say oki-doki,
you may now use our trademark as you like, until we say otherwise.

~~~
chc
You could do that, but probably not in WhatsApp's case, assuming that
aggressive trademark protection was a condition of the acquisition deal.

------
etanazir
all you message are belong to us

