I wouldn't read too much into this. As part of their purchase agreement WhatsApp likely needed to say that they had been diligent in maintaining and defending their copyrights and trademark. That's pretty standard in a financing, so I'd imagine it's a standard part of M&A deals. It probably turned up during due diligence that they had some "cleanup" to take care of in order to not be lying when they made that representation.
It's pretty disgusting to dismiss this level of abuse of the DMCA (these aren't even legitimate copyright issues!) and legal bullying under the guise of standard operating procedure. It's over-the-top wrong.
I own one of the affected repositories, and submitted the original link to HN the moment I got an email notification about it from Github [1]. It's a shame we didn't get the discussion going earlier.
IANAL, but what the hell does a security POC (and an unofficial API derived from it) have to do copyrights? On what grounds did a repo get chosen for takedown? Is it the "whatsapp" in the name? What about a simple "x.whatsapp.net" connection string in the code? Is that infringement?
You're aware that you have rights under DMCA too? File a counter-notification[1] explaining why you think the takedown isn't valid and Github will likely put the repo back online. And if WhatsApp doesn't like it, they can sue you.
Assuming you're filing a counter-notice in an instance where you have a good faith belief that the original takedown notice is in error, and that you can support that belief, it's rather unlikely that the counter-notice alone will make the supposed copyright holder more disposed towards litigation. Especially if they knowingly misrepresented matters in the takedown, opening themselves up to damages and attorney's fees.
In any case, they can already sue you regardless of whether a takedown notice is issued in the first place. :)
large money crush imagination and suck all the life out of creativity, of all people zuck should've entertained huge ecosystem of various clients that suit other people's needs...
Interesting. Trademark law is probably pretty strong against repositories named "WhatsApp" or something very similar. Using the logo without permission as well.
Describing a project as "working with WhatsApp" would probably not be an actionable trademark infringement. Code that works with the WhatsApp API is almost certainly not "infringing", unless there's some "encryption" going on.
Unfortunately the DMCA takedown rules are such that Internet providers such as Github have basically no direct recourse and refusing to comply is not an option. Additionally, complainants don't have to prove much of anything to issue a takedown notice to a service provider. This is a seriously broken part of copyright law, IMO.
That said, this complaint doesn't appear to me to be explicit enough to meet with GitHub's takedown policy (https://help.github.com/articles/dmca-takedown-policy), which requires "Identify the copyrighted work you believe has been infringed. The specificity of your identification may depend on the nature of the work you believe has been infringed, but may include things like a link to a web page or a specific post (as opposed to a link to a general site URL)." But the complaint itself, besides mentioning trademarks and the WhatsApp name, only says "unauthorized use of WhatsApp APIs, software, and/or services". But the existence of code that can use the WhatsApp API is not the same as actually using WhatsApp's services in an unauthorized manner, so I think this is ripe for some pushback.
WhatsApp can easily enough restrict API access to its own clients if it chooses to do so, which is a far better solution than trying to shut down what's apparently an easy library to write.
> Interesting. Trademark law is probably pretty strong against repositories named "WhatsApp" or something very similar. Using the logo without permission as well.
They probably fall under nominative use, which is an affirmative fair use defense. Describing an API or implementation of XYZ as a "Webclient for XYZ" should be fine.
Agreed. It's not as if there aren't a zillion other Github repositories using trademarks in their names. Consumers of open source will generally understand the distinction between official libraries and third-party-developed libraries, and if trademark law is reasonable (IANAL), it should accept even "whatsapp" repos as fair use since no "reasonable person" would be confused. But it requires someone willing to fight Facebook, I guess.
Wireshark dissector plugin? taken down? I haven't really followed wireshark goings-on in a while, but wow... just wow... I don't think i've seen this before:
My apologies for the bile, but I can't help but call out my reactions to this news...
1. facebook (you: I expected this from, you we're already #1 on this s#17list)
2. whatsapp (sell-out!)
3. github (highly disappointed watching you just lay down and immediately comply shutting down these repositories)
I'm considering moving all my code off of github over this...
With the poor, let's say terrible, security posture WhatsApp always had, this is really not the way to communicate the message that they care and want their software to be scrutinized. Open implementations are a great help to any reverse engineer trying to figure out the mess that is their protocol.
"isn't the case for most proprietary software - even for the most security-concerned closed-source companies"
Frequently, and it is an attitude I really dislike.
A serious dedicated attacker can replicate the reversing work quite fast, but this kind of things make it really hard to dedicate a couple of hors to assessing the quality of a protocol.
Moreover, they demonstrated not to be security-concerned, so this comes to me as covering tracks, even if it isn't.
You know what was pathetic? With all its security and authentication loopholes people still used it. I gave it up for time but friends still won't listen and then I had to come back. Now, Facebook is sth I can't tolerate. At least earlier I didn't run the visible risk of my very intimate messages falling into advertisers' hands.
You are technology-aware somehow. Billions of people are not. Us, the IT bunch, must understand this. People buy apps that make fart sounds or only show a damn GIF of a naked someone. People send emails (yes, they somehow manage to do so), and call you after to notify you. Wake up.
It is a library that implements WhatsApp's protocol. It is built on community effort of reverse engineering WhatsApp's protocol. I created this in first place to bring WhatsApp on an unsupported platform (Nokia N9/ meego platform)
This is a UI frontend to Yowsup for Nokia N9. Nokia N9 is the only smartphone produced by Nokia which never got WhatsApp support. I created this client because I wanted to use WhatsApp on my Nokia N9. The code is totally decoupled from Yowsup, and does not use WhatsApp in its name. You can see its icon here http://everythingn9.com/wp-content/uploads/2012/05/wazapp.pn... which for me looks different enough from official client's icon.
This is also a frontend to Yowsup, but for Blackberry 10. It is a little bit similar case as Wazapp. I created this for BB10 when WhatsApp initially said they're not supporting that platform. Again, this is decoupled from Yowsup, has same icon as Wazapp. Its name though on Github is OpenWhatsappB10, as a project name. However, the real app name is OpenWA. Perhaps a rename of the repository would be sufficient ?
I was toying around with your (quite excellent) Yowsup library a little while ago and the one question I always had was this: Since WhatsApp doesn't have an official library, wasn't Yowsup always in the cross-hairs?
I mean, it was only a matter of time before they clamped down and claimed that you were violating section 3.A.iii of the ToS by reverse-engineering the WhatsApp protocol, right?
Don't get me wrong, I would have loved it if Yowsup was allowed as an (unofficial) API - or something like that. However, as a newbie to the world of programming & software development in general, I am trying to understand what was wrong about the DMCA notice. What, in your opinion, should they have done instead?
Also, I wouldn't describe the DMCA safe harbor as an obligation to comply. More of a benefit to complying that doesn't apply to trademark (with the default in both cases being susceptibility to hypothetical lawsuits).
Yes, but... With a sufficiently widespread third party library they risk a backlash with their userbase. Social networks depend so much on the network effect to bring in users that cutting out a large chunk of users all at once because the protocol changed could cause more users to drop out.
Thinking about it, I wonder how much AIM and MSN Messenger's fights against third party clients messed up their user bases.
Their userbase uses the Whatsapp app that comes bundled with their phones on many intl carriers. I don't think they care about the 0.0001% of their userbase that uses third party clients.
Presently, correct. But that's the risk of allowing third-party clients with an unpublished protocol spec. Right now they can break anything they want. If they don't limit third-party clients, their hands could become tied by too many people using it.
EDIT: Note: I'm not a fan of proprietary protocols. I'm just describing what I see as the position of a company that wants to monetize a network like this. If the network and client is the revenue source, then third party clients work against you. Allowing the third party clients to gain too large a share of your user base means that breaking compatibility could have significant network effects against you as those users move to another platform and bring their friends and family along.
I don't think there ever was a serious risk for that for WhatsApp: multi-device support isn't just missing, they are actively making it a pain. There's no way to obtain your password, the password changes regularily, logging in with a second client kicks the old connection, etc.
So people would be forced to make a choice: use it on your phone, or on your computer. Aside from the group of people who don't have a smartphone, most people would chose phone.
MSN made a ton of protocol changes even after there were a lot of third party clients. Trillian, for example, was very popular. Trillian had updates out for MSN changes typically within a day or two.
IANAL, but these claims can't last. To the extent those projects are using WhatsApp's trademarks or copyrighted logos, they can stop infringing by renaming and removing the logos. There might be a "hacking" claim against users who use that software to access WhatsApp's servers, but not copyright (assuming WhatsApp doesn't claim copyright over messages sent through the aervice), of unknown validity, and probably not enforceable against a site which merely hosts code to do so. I think.
I don't think that has been decided yet. It was the main issue during the Oracle v. Google trial, but if I remember correctly, the judge declined to rule on whether APIs could be copyrighted or not.
I'm not going to comment on the validity of this specific case, but "open source" doesn't automatically mean "protected from copyright law infringement".
They have to do it to protect trademark, but not copyright. I'm not sure there's any real copyright claim to be made here. The DMCA does have provisions against reverse engineering etc. It's not clear to me from this notice exactly what's believed to be infringing other than the Trademark claim, which is pretty straightforward (and easily gotten around).
> The DMCA does have provisions against reverse engineering
Here in the EU reverse engineering is allowed and even if you sign a contract saying you won't reverse engineer something you've still got the right to do it.
How would the DMCA comply with this, would anyone be able to shut down legally reverse engineered code on GitHub?
I always wondered, if a company doesn't really want to protect their trademark (too much hassle), but has to, can't they just grant people a (temporary, revokable) right to use the trademark pro forma?
I remember seeing a company (something Linux-related) that had a very strict trademark policy, and they did sue people who used their logo or their name, or event something different but similar. But their web site had a form where you could just enter your email address and name, and it would say oki-doki, you may now use our trademark as you like, until we say otherwise.