
“I'm wiping this repository away” - vishaltelangre
https://github.com/venomous0x/WhatsAPI
======
jimrandomh
Sending legal threats to individual contributors to open source projects is
extremely poor form, and reflects badly on both the company that sent them,
and the lawyers or law firms who helped them do so. From the perspective of
the open-source software development community, this will be perceived as both
an attack and a breach of ethics, and the reputation cost is likely to affect
WhatsApp's ability to hire and retain developers in the future.

Just saying.

~~~
panarky
> the reputation cost is likely to affect WhatsApp's ability to hire and
> retain developers in the future

Have Oracle's attacks on open source software [1] affected their ability to
hire and retain talent?

Is there any example where bad behavior by a large organization [2, 3]
meaningfully affected its ability to buy the talent it needs?

[1] [http://www.wired.com/2010/08/oracle-attacks-
opensource/](http://www.wired.com/2010/08/oracle-attacks-opensource/)

[2]
[https://www.nsa.gov/careers/FAQs/index.shtml#isNSA_5](https://www.nsa.gov/careers/FAQs/index.shtml#isNSA_5)

[3]
[http://en.wikipedia.org/wiki/Smartphone_patent_wars](http://en.wikipedia.org/wiki/Smartphone_patent_wars)

~~~
rbanffy
Oracle can hire the best developers money can buy. Others, with a better
reputation will hire the best developers money can't buy.

That makes a huge difference.

~~~
rhizome
I was recently looking at finance job ads for programmers and the one thing
that set the ads apart from 100% of the ads from the companies we all read
about here was that they didn't say "competitive salary." They said,
"extremely high salary."

~~~
rbanffy
I noticed that too. I won't say I'm oblivious to the possibility of a much
earlier retirement, but leaving my current job, one I really love, will take
more than just that.

~~~
rhizome
Sure, but you could do finance for a short time and then go back to riskier
startups, which is the thing I was trying to illustrate with my comment:
finance companies appear to be much, much more confident in their viability,
or at least are willing to demonstrate their confidence in having a future.

------
me_bx
Interesting observation: out of the 105 comments in this HN thread, none
mention the company that owns whatsapp: facebook. Is whatsapp still a separate
entity? Aren't whatsapp laywers facebook lawyers? just asking as I'm curious
to know.

In related news: "Facebook drops hint about MAJOR changes to WhatsApp – and
you are NOT going to like it" [1]

[1]: [http://www.express.co.uk/life-style/science-
technology/57826...](http://www.express.co.uk/life-style/science-
technology/578264/Facebook-Revenue-WhatsApp-Money-Subscription-Business-
Company-Messages)

~~~
Veratyr
From what (admittedly little) I know, WhatsApp still operates as an autonomous
entity beside Facebook. Kinda similar to Oculus and Facebook or YouTube and
Google.

~~~
_mgr
Facebook spent billions buying WhatsApp. There is no way they are operating
autonomously. Same goes for Oculus, and the same most definitely goes for
YouTube.

------
roflc0ptic
I'm curious about the legality of this. Someone wrote that it was an
"unauthorized" PHP API which was a client to the Whatsapp service. You don't
need authorization to write a client to someone else's API, do you? They own
neither the API, nor the right to build clients to it, right?

A second question is: so you have the right to build a client. Do you actually
have the right to run that client against their service? Is that "unauthorized
access"? It makes sense that you can control who accesses your computer
system; controlling how they do it seems murkier to me.

~~~
josefdlange
I think you and many people are overcomplicating this subtopic into the legal
context of receiving C&D, etc letters.

Their service is their software. They have control over it. If they wish to
impose technical limitations to how it may be accessed and by whom, that is
entirely their prerogative. Nothing in the law can tell a company or a user
otherwise, short of subpoenas for customer data or some such like that.

I think the larger legal issues come from the fact that circumventing these
technical limitations can lead to to degradation of value and security for a
company's customers due to derivative products created via this unauthorized
client -- much like what has happened with SnapChat and third-party services
retaining snaps. If systematic unauthorized access to a system could serve to
diminish the value and trustworthiness of a company and its brand, you're damn
right they will legally pursue those enabling it.

~~~
ziahamza
Sure, they have complete right to safe guard customer data with authentication
checks.

But the situation here is that the customer is offering its consent to use
their data on another platform or application.

The same holds for rooting android/iphones and making them do what you want.
Not getting into legal details, you should _own_ your data across services and
your hardware that you buy.

Adding technical barriers is one thing, suing and interdependent group of
people trying to learn the API and building tools on top is completely unfair.

------
Lawtonfogle
Another case where I wish the answer was for the court to tell the company:

"This is venomous0x's and other contributors information. They developed it on
their own and have no contract with you, and as such are free to do with this
information as they see fit. Your lawyers, who are under contract with a local
Bar Association may be in violation of their contract if they continue to make
some outlandish claims concerning the law. We shall not be hearing from you
again in this matter."

~~~
MCRed
Binding Arbitration is a solution to this- companies don't sue each other so
much these days because they just get it resolved by hiring a mutually agreed
arbitrator from one of the Binding Arbitration organizations.

The number of cases handled by this method now, today, in the USA is far
larger than the number handled by courts.

The government run the courts in a very inefficient way that makes the costs
of lawsuits very high, and take forever and less reliable than arbitration.

Worse, courts interpret the laws often in a way that favors the government.
EG: Courts are not actually neutral in the way that arbiters are. (Remember
many judges are hired via election, many more are appointed by elected
politicians and these politicians re-electability depends on who they
appoint... at the federal level the judgeships are highly political.)

A lot of big problems, like copyright and patent disputes, could be resolved
more quickly via an arbitration method (where the possibility of getting an
arbiter who actually understands the technology issues at hand is a
possibility.)

~~~
olefoo
Mandating Binding Arbitration as condition of service or sale can be
problematic. A contract of adhesion may effectively be used to deny people
their rights in law; throwing in a biased arbitration process just adds insult
to injury.

And the arbitration process will inherently be biased. Which party picks the
arbitrator? Pays them and has a long-term relationship with them? Not the
customer.

~~~
vitd
There are a few ways to decide who picks the arbitrator. Depending on how the
agreement was written, one party may get to pick, or both parties may need to
come to a mutual agreement. I recently saw one where each party picks an
arbitrator, and those 2 arbitrators then decide on a 3rd party to be the final
arbitrator.

So yes, the customer may have a long-term relationship with the arbitrator and
may even pay them. It depends entirely on the situation. (For example, I know
an arbitrator that I have used in the past and would be willing to use again.)

------
mratzloff
WhatsApp complained about users of the API spamming the service; instead of
taking the necessary steps to secure their service, they sent lawyers. So
they've been dealing with legal threats for a long time.

[https://github.com/venomous0x/WhatsAPI/issues/83](https://github.com/venomous0x/WhatsAPI/issues/83)

------
mahouse
It is not like there are no forks
[https://github.com/venomous0x/WhatsAPI/network/members](https://github.com/venomous0x/WhatsAPI/network/members)

~~~
SuperKlaus
This seems to be one of the most recent repo clones:

[https://github.com/rtoIedo/WhatsAPI](https://github.com/rtoIedo/WhatsAPI)

~~~
devy
That fork only has a PHP implementation. The other fork I found, for instance,
has Python implementation:
[https://github.com/abdosumsam/WhatsAPI](https://github.com/abdosumsam/WhatsAPI)

~~~
dribnet
That one dates from 4/2013.

This one found via a recent merge-request is current to 9/2014.

[https://github.com/Sydcul/WhatsAPI/](https://github.com/Sydcul/WhatsAPI/)

------
pavlov
If WhatsApp wants to get rid of the project, shouldn't they send a DMCA
request to GitHub rather than individual users? That way they could wipe out
the clones/forks too.

(I'm not saying I want them to do that -- just curious why the lawyers aren't
using that technique.)

~~~
schoen
The DMCA takedown procedure is only applicable if your complaint is about
copyright infringement.

If WhatsApp is invoking other, non-copyright theories, a DMCA takedown related
to those theories would be invalid.

~~~
nordic_nomad
Looks like you may be right:
[http://www.lexology.com/library/detail.aspx?g=13f9814f-b56e-...](http://www.lexology.com/library/detail.aspx?g=13f9814f-b56e-4314-8e1b-95215ce60a6d)

Still, most platforms have somekind of program like eBay's Vero service that
is used to report and enforce violations of its terms of service that
trademarks and copyrights not be used without permission. Which would have
been the better way to go in this case.

------
andreyf
Missing the context... What code was there before? Was it a reverse
engineering of the API whatsapp binaries use? Is there any legal basis for
demanding someone remove that?

~~~
dsl
Yes, WhatsAPI was a reverse engineer and implementation of the WhatsApp
protocol.

It was mostly used by websites offering a web based chat interface for
WhatsApp and by spammers.

~~~
aryamaan
Pardon my ignorance, but is it using the same api which inherently whatsApp
client uses? Or is it just a open sourced version of whatsApp?

~~~
bdisraeli
Yes it's a client for the WhatsApp API, presumably reverse engineered from the
what the official app does.

------
throwaway125
I think a renamed fork is (maintained) here [https://github.com/mgp25/Chat-
API](https://github.com/mgp25/Chat-API) (it was linked in
[https://github.com/venomous0x/WhatsAPI/issues/1140](https://github.com/venomous0x/WhatsAPI/issues/1140))

------
Canada
I'm trying my best to avoid using such closed services in favor of
alternatives that have open clients and servers.

~~~
m_mueller
Is there something that

1) can do Chat+Voice securely, 2) works on Windows, Mac, iOS and Android?

~~~
Canada
Nothing suitable for regular users yet. We don't have a true open alternative
to Skype yet, but we will. There's more effort in the area over the last
couple of years.

------
spystath
I may be slightly OT but to me it's kinda sad that the internet is
increasingly being built around closed platforms instead of open
APIs/protocols. Especially in the IM scene there must be a ton of services
incompatible with each other. You need to have a dozen or so of IM programs
installed (skype, viber, whatsapp, you name it). Too bad XMPP will probably
never see any mainstream adoption. I know it had its share of problems but I
believe that it was a step towards the right direction. My hope is with
decentralized protocols but still if there isn't some form of standard you
will still need a different client for each service. Admittedly opener (anyone
can implement a client) but not quite there.

Now I'm only waiting for Google to completely kill XMPP access to
Talk/Hangouts. That will be... frustrating.

------
dwg
The authors intention of wiping the repository is in direct conflict with one
of the demands (the last bullet):

    
    
      "Immediately take steps to preserve all documents,
      tangible things and electronically-stored information
      potentially relevant to the issues addressed in this letter."
    

I'm not a lawyer and don't know how enforceable it is, and I doubt that
WhatsApp would take any action once the repository is no longer a concern, but
I'm curious if there are any comments about this.

~~~
sgtpepper
Presumably the person did preserve all those things... just not on GitHub.

~~~
dwg
Perhaps.

However, even if they did keep the source code, there are issues and other
information on github that would not be preserved. I think it's safe to assume
this information is very relevant to litigation involving a scenario such as
this one.

Even if that wasn't a factor, the court may get the idea that the repository
was wiped in order to destroy evidence. Convincing them otherwise may be
technically challenging.

------
Cacti
Not sure I get it. Are the individuals/firms sending these letters to the repo
maintainer actually connected to WhatsApp in any way?

~~~
jjcm
Yes. WhatsApp has been pretty aggressive with hunting down and stopping any
third party implementations out there. They're also issuing temporary bans for
anyone caught using third party clients:

[http://mashable.com/2015/01/22/whatsapp-third-party-
apps/](http://mashable.com/2015/01/22/whatsapp-third-party-apps/)

~~~
_delirium
Reminds me a bit of the old dispute between AOL and GAIM, which was later
renamed to Pidgin in part to appease AOL. WhatsApp seem to be acting in an
even more aggressive way than AOL was, though. AOL limited themselves mainly
to: 1) complaining about the name; and 2) playing occasional games with the
protocol to break third-party clients. Afaik they didn't sue anyone claiming
that simply distributing a third-party client was illegal.

~~~
kuschku
There was recently an article from a person working at Microsoft who
implemented AIM support in MSN Messenger back in the day who had similar
experiences.

~~~
tacticus
Which was a really entertaining article when microsoft were also doing it to
block trillian and other third party clients.

------
dfabulich
FYI, this repo used to be an unauthorized PHP API to WhatsApp Messenger.
[https://github.com/mgp25/Chat-API](https://github.com/mgp25/Chat-API)

------
jimrandomh
"Couldn't load network graph. Too many forks to display."

(Finding forks of this is really easy; for example, you could go to the Pull
Requests tab, and check some of the authors there.)

~~~
tokenizerrr
Here is a list:
[https://github.com/venomous0x/WhatsAPI/network/members](https://github.com/venomous0x/WhatsAPI/network/members)

------
adam12
I probably would have never heard of this if someone wasn't trying to kill it.
Now I am interested and have been looking through the source of the clone.

------
Kenji
What are they gonna do if you use TOR to set up a public repo of this code?
It's not like they can send their petty legal letters anywhere. If github is
forced to take it down, we need some kind of a distributed github.

~~~
ludamad
Git _is_ distributed. If it is taken down it will immediately be uploaded
somewhere else.

EDIT: Immediately in people-time, not some git mechanism :-)

~~~
Kenji
No, the origin is one central server. Or am I missing something? If I work on
a piece of open-source code with a github repository, if github is down,
nobody else will be able to access my code unless I upload it somewhere else
(which doesn't happen automatically).

~~~
granos
With git there doesn't need to be a central server. Many people/orgs use one
(e.g. github) because that pattern is very well understood and most developers
are used to it. There is no reason that you can't push branches/commits
between individual clones (in this context called remotes). Origin is one
remote, but you can set up any other clone to be a remote as well.

~~~
schoen
Or even exchange pull requests via e-mail, like git was originally designed
for.

------
emsy
Fuck Whatsapp in particular.

------
josegonzalez
Shouldn't those letters have been sent to Github and taken down that way?

~~~
jeffbush
Individual developers are easier to intimidate. I suspect they don't have a
strong legal argument. It's relatively cheap to have your lawyer draft a
letter.

------
chdir
I see a lot of interest in saving the repo/forks as archive, perhaps to revive
it to some extent in the future. Wouldn't it be more constructive to build an
open client that can compete with WhatsApp instead? Granted that it's hard,
but definitely more fun than fighting legal notices and guessing hidden
features that break the code occasionally.

~~~
zamalek
I believe that the Telegram (telegram.org) server is open source. There is
also a publicly documented API.

Correction: the clients are open source.

~~~
chdir
Thanks for reminding. I read about telegram a while back but forgot to try it
out. Doing it now, hoping it'll have more friends over time.

------
worklogin
52 minutes, 74 upvotes, and no context or discussion?

Any context would be appreciated.

------
Gonzih
Another reason to use Telegram I guess.

~~~
hoverbear
I am not a cryptographer but I'm not sure Telegram is "better"

[http://security.stackexchange.com/questions/49782/is-
telegra...](http://security.stackexchange.com/questions/49782/is-telegram-
secure)

~~~
Gonzih
at least they have 3rd party clients and apis.

------
616c
I wonder if he is here, but I was under the impression this dude was/is
Bahraini or Emirati. I wonder what kind of legal pressure they could seriously
impose, seeing as few in the GCC would care (locals routinley do not even show
up for criminal legal proceedings, so I am skeptical).

Now, could there be side channels they would use to pressure and bully him
into giving up? Sure. But I would love to hear more from this venomous
developer.

------
gshakir
I would like to dump WhatsApp, any alternatives? I almost switched to Telegram
once.

No matter how bigger WhatsApp gets, I am glad there are some alternatives.

~~~
logicchains
What made you decide Telegram was a worse choice than Whatsapp? At least
Telegram doesn't send nasty letters to people developing unofficial clients.

~~~
hjst
Telegram bills itself as secure, which comes with a rather large burden of
proof if anyone is to take you seriously.

As the saying goes: "don't roll your own crypto, unless you're a professional
cryptographer, and even then…". Telegram are not cryptographers but decided to
roll their own anyway and have come in for not a little flack as a result.

Search for "telegram app crypto criticism" and you'll find plenty of examples
of this.

Is Telegram secure? I'm not qualified to answer that, but I understand enough
to be sceptical.

~~~
logicchains
Is Whatsapp secure? If not, and they're both insecure, then I think Telegram
makes a better choice, if for nothing else than its better multi-platform
support.

------
shardulsoild
Facebook use to be open company, opening up platforms for letting other
developer write amazing application on top of it. But with WhatsApp- approach
has been very close than open. In India where whatsapp is so popular,
companies and startup are trying to get hands on any form of access to build a
solutions around it.

------
kwhitefoot
Presumably everyone here will boycott Whatsapp.

And tell their friends to do the same.

It's easy for me because I don't use it but I suspect that for some it will be
difficult, imagine telling your girl friend that you are deleting Whatsapp and
that she can't contact you that way any more.

------
johnx123-up
Anyone knows what happened to Whoya app?
[https://play.google.com/store/apps/details?id=com.ego.whoya](https://play.google.com/store/apps/details?id=com.ego.whoya)
Same DCMA issue?

------
kitanata
I suggest everyone here fork the repository in one of it's older forms and
contact support@whatsapp.com to tell them how you feel about them attacking
one of our own.

------
davesque
Seems fair. After all, it must have been such an investment for WhatsApp to
come up with their innovative product.</sarcasm>

------
hackaflocka
"What's" is a common English word. "API" is a common term in English.

Combining them together should not be a copyright infringement of "WhatsApp."

~~~
pbhjpbhj
You mean trademark infringement.

"Whats" isn't a generic term in the computing field. "WhatsAPI" isn't a
dictionary word, it's a colocation of Whats and API, the first element being
chosen specifically to render association with WhatsApp. The use of WhatsAPI
differs in only one letter from the trademark.

IMO provided they headline the fact they're not associated nor extraordinarily
authorised by WhatsApp then there would be no actual trademark issue; the law
I suspect will see it quite differently.

------
marvel_boy
According to the company:

“WhatsApp Messenger is a cross-platform mobile messenger that replaces SMS and
works through the existing internet data plan of your device. WhatsApp is
available for iPhone, BlackBerry, Android, Windows Phone, Nokia Symbian60 &
S40 phones. Because WhatsApp Messenger uses the same internet data plan that
you use for email and web browsing, there is no cost to message and stay in
touch with your friends.”

~~~
madez
Actually, their service does cost money. They are lying.

