

Ask HN: Should I ignore a cease and desist letter from our competition? - cullenking

Our main competitor, mapmyride, sent us a cease and desist letter a while back demanding we remove our account importation feature.  The feature downloaded all (or select) mapped routes from the users mapmyride account, and imported them into ours.  It was done tastefully, with adequate time outs between requests and all that.  Their objection was in our supposed violation of their TOS.  Of course that's a load of bull, since I never agreed to their TOS.  However, we pulled the feature as we were afraid of their legal budget.<p>Now that we have many more users (but still legal budget), I am less afraid of the consequences.  However, I won't re-implement the functionality if it has a reasonable chance of tying me up in court, or otherwise wasting time/money.  Does anyone have any experience with this?  I understand most of you aren't lawyers and your advice isn't a substitute for adequate legal council, yadayadayada, but your input is definitely appreciated.<p>One last note: they can easily ban our servers IP and keep us from doing this.  However, we are considering reimplementing the feature as a desktop application and making it generic enough to just archive a users content from a variety of these sites.  No IP bans, and each user is violating their TOS.  Our users are clamoring for this functionality, as many have 200+ mapped routes tied up on the site.
======
ScottWhigham
OP - couple of things:

1) I know now who mapmyride is but who are you? What is your company? You
don't mention it which, IMO, is a mistake. I've typed mapmyride now 4-5 times
yet don't know your company's name at all.

2) No, I think you were right to pay attention to the C&D. Are you in a high
margin business and you are the key player? For example, you are one of four
companies worldwide making a product that people "have to have" and you can
charge 1000% of your cost? Those are the types of businesses that can easily
afford to ignore C&Ds. In businesses where there are a small set of customers
and you have to fight, fight, fight to get every single customer, your time is
better spent in customer acquisition, marketing, and feature dev than in the
attorney's office or the courtroom.

You can listen to all the folks who suggest dodgy tactics but how will you
feel if you accept such advice and later get sued? It won't matter that it was
the customers' IP addresses that accessed the server, will it? You'll be the
one not focusing on customer acquisition, etc b/c you'll be in court. Where
will the marketing budget go? To the attorney. Doesn't matter if you were
right/wrong, does it?

And what if mapmyride (there, I said it again - I'm going to go to that site
now!) decides to send C&D letters to your customers? Or to sue your customers?

~~~
cullenking
Thanks for pointing out my lack of reference to our site.
<http://ridewithgps.com>

mapmyride is the key player in the market, in terms of userbase and, recently,
a $5 million A round. I am more wary now they have VC's, who may be more
aggressive than mmr ever would have been in other circumstances. At least,
that's my assumption.

I can't imagine MMR would sue their own customers over it, that would be
downright suicidal as far as public opinion goes. However, that is duly noted.

I wonder if I can convince a particularly feisty/intrepid user to maintain
this piece of software, pulling the risk away from us primarily ;) Hmmm.
Thanks for the advice, definitely something to think about.

~~~
MortenK
This has "don't do it" written all over. If i were mapmyride, i'd find your
screenscraping to be dodgy and opportunistic. If i found this thread and saw
you contemplating how to avoid their cease and desist and not get caught, i
would be royally pissed off.

When you piss on business people, especially the ones with 5 mill in the bank,
dont be surprised when they come after you on grounds of principles.

------
cperciva
If you access their servers without their permission and without accepting
their terms of service, you put yourself at risk of a lawsuit or possibly even
criminal charges depending on how zealous your local prosecutors are (so far
the question of whether TOS violations can constitute criminal unauthorized
access to computer systems is an open question legally). This is particularly
true if they take technical measures, such as banning IP addresses, in an
attempt to keep you out and you circumvent those measures -- to make an
offline analogy, it's much easier to prove a case of trespassing if said
trespass involved climbing over a 15' fence.

If you merely provide a tool which your customers use, things are much less
problematic. The only way I could see this causing difficulties would be if
they claimed that they owned the copyright on their users' data, but it seems
to me that it would be very difficult to make such an argument stand up.

So my non-lawyerly input is that if you should definitely not access their
servers directly, but providing code to allow your customers to access their
own data is probably fine.

~~~
cullenking
That was my assumption. They never took any technical measures to prevent us
from doing it, they just sent us a letter. Calling it a cease and desist is a
bit generous, as it wasn't crafted very well, or by a lawyer.

I am not worried about arguing over copyright, considering that ultimately, if
the user created the map using Google's maps, then Google trumps all. If it
was created by uploading a log file, then it's more gray, but, the user
provided a file created by hardware they own, and MMR is merely representing
it on a map. I can't imagine they can successfully pursue a copyright case.

Thanks for the input!

------
what
Their robots.txt allows all bots access to all pages and the ToS says that
users retain "full ownership of any and all of his or her User Content and any
intellectual property rights or other proprietary rights associated with said
User Content." Doesn't that mean that you can scrape the content for the user?

~~~
carbocation
No, it means that the user retains rights to their own data. It says nothing
about a competitor's right to access their servers _ad lib_.

------
oldgregg
Congrats on taking on mapmyride -- I used mapmywalk recently and their "new"
UI is quite rubbish -- I use GMaps now but it certainly lacks some features.

The desktop concept seems like a lovely idea-- but just be careful about
getting too caught up in it. Desktop software (cross-platform?) can be a
serious time sink. Make a better product and you won't need to import their
data. For the users who are begging for it maybe try to hack together some
desktop software with a scripting language -- don't worry about making it too
polished, just make it work with as minimal as work as possible. Stay focused
on the core user experience and you'll find plenty of users regardless.

BTW, you can take some pleasure in knowing they wouldn't be calling in the
lawyers if they really had confidence in their product.

~~~
lelele
He doesn't need a desktop app. A Javascript app (thus client-side) would
suffice.

~~~
semanticist
Same origin policy would stop it from scraping MMR's site unless it was hosted
there.

~~~
lelele
Can you enforce this? Here in Italy some websites forbid crawlers. I guess an
user can always run a software over a website, especially on data entered by
herself, can't she?

Isn't a browser a scraper, too? Just make the user load a page and then
harvest data from the DOM.

~~~
semanticist
The browser enforces it, not the website. You can't use in-browser JavaScript
to load a page from a site other than the one you downloaded the JavaScript
from.

Otherwise any site you visited could load gmail in the background and read all
your email.

It's inconvenient when you're making client-side applications, but for the web
to have any kind of security it's absolutely essential.

~~~
lelele
Thank you for your explanation. I've tried it.

I'm a system programmer, not a web developer, and it shows ;-)

------
stoney
Maybe make the desktop application open source? That may remove a lot of the
headache for you if you can find a keen customer to develop/support it.

Good luck taking on mapmyride. Mapmyrun (the runner's equivalent) has got
worse and worse over the years, I'm sure you can do better!

~~~
cullenking
This is a consideration. I just would need a willing, competent and feisty
user to take on the project! I'll have to consider it.

~~~
stoney
Or maybe the Google cache can give you what you want...

<http://www.mapmyride.com/view_route?r=488106908>

Becomes:

[http://webcache.googleusercontent.com/search?q=cache:_kV756J...](http://webcache.googleusercontent.com/search?q=cache:_kV756JjADsJ:www.mapmyride.com/view_route%3Fr%3D488106908+site:mapmyride.com&cd=95&hl=en&ct=clnk&gl=au)

------
CatalystFactory
(1) You should never "ignore" a cease and desist letter. I would have it
reviewed by an experienced lawyer in the field perhaps over lunch (to save on
legal costs) and get their input on the risk and likelihood of getting sued.
Then I'd go back and make a business decision on whether that risk makes sense
vs. giving your users what they want.

(2) If they can ban you via IP, they should be doing that already. I wonder
why they aren't.

(Disclaimer: None of the above is legal advice or forms an attorney client
relationship. The statements above are only for informational purposes and
should be used at your own risk.)

------
markbernard
No matter what you do, if they want to pursue it you will end up in court.
Even if their claims are baseless you still have to show up in front of a
judge. The judge will then decide if it goes to trial or not. So you will be
paying legal fees if you want to re-implement the feature as is.

Also, violating a site's terms of service is not illegal. It will just get you
banned. Facebook tried to bring someone to court over terms of service(and
other items) and the terms of service part was dropped by the court.

