IANAL, but what the hell does a security POC (and an unofficial API derived from it) have to do copyrights? On what grounds did a repo get chosen for takedown? Is it the "whatsapp" in the name? What about a simple "x.whatsapp.net" connection string in the code? Is that infringement?
Either way, shitty move by WhatsApp.
 - https://news.ycombinator.com/item?id=7230041
In any case, they can already sue you regardless of whether a takedown notice is issued in the first place. :)
Describing a project as "working with WhatsApp" would probably not be an actionable trademark infringement. Code that works with the WhatsApp API is almost certainly not "infringing", unless there's some "encryption" going on.
Unfortunately the DMCA takedown rules are such that Internet providers such as Github have basically no direct recourse and refusing to comply is not an option. Additionally, complainants don't have to prove much of anything to issue a takedown notice to a service provider. This is a seriously broken part of copyright law, IMO.
WhatsApp can easily enough restrict API access to its own clients if it chooses to do so, which is a far better solution than trying to shut down what's apparently an easy library to write.
From what I recall, the DMCA is about copyright and trademark infringement.
That said, this takedown looks pretty bogus to my (untrained) eye.
They probably fall under nominative use, which is an affirmative fair use defense. Describing an API or implementation of XYZ as a "Webclient for XYZ" should be fine.
My apologies for the bile, but I can't help but call out my reactions to this news...
1. facebook (you: I expected this from, you we're already #1 on this s#17list)
2. whatsapp (sell-out!)
3. github (highly disappointed watching you just lay down and immediately comply shutting down these repositories)
I'm considering moving all my code off of github over this...
This is exactly what triggers full disclosure.
To be fair, isn't the case for most proprietary software - even for the most security-concerned closed-source companies?
No one at WhatsApp has ever warrented that their software is open source, that they want to produce open source or that they share open source values.
Frequently, and it is an attitude I really dislike.
A serious dedicated attacker can replicate the reversing work quite fast, but this kind of things make it really hard to dedicate a couple of hors to assessing the quality of a protocol.
Moreover, they demonstrated not to be security-concerned, so this comes to me as covering tracks, even if it isn't.
It is a library that implements WhatsApp's protocol. It is built on community effort of reverse engineering WhatsApp's protocol. I created this in first place to bring WhatsApp on an unsupported platform (Nokia N9/ meego platform)
This is a UI frontend to Yowsup for Nokia N9. Nokia N9 is the only smartphone produced by Nokia which never got WhatsApp support. I created this client because I wanted to use WhatsApp on my Nokia N9. The code is totally decoupled from Yowsup, and does not use WhatsApp in its name. You can see its icon here http://everythingn9.com/wp-content/uploads/2012/05/wazapp.pn... which for me looks different enough from official client's icon.
This is also a frontend to Yowsup, but for Blackberry 10. It is a little bit similar case as Wazapp. I created this for BB10 when WhatsApp initially said they're not supporting that platform. Again, this is decoupled from Yowsup, has same icon as Wazapp. Its name though on Github is OpenWhatsappB10, as a project name. However, the real app name is OpenWA. Perhaps a rename of the repository would be sufficient ?
I mean, it was only a matter of time before they clamped down and claimed that you were violating section 3.A.iii of the ToS by reverse-engineering the WhatsApp protocol, right?
Don't get me wrong, I would have loved it if Yowsup was allowed as an (unofficial) API - or something like that. However, as a newbie to the world of programming & software development in general, I am trying to understand what was wrong about the DMCA notice. What, in your opinion, should they have done instead?
Also, I wouldn't describe the DMCA safe harbor as an obligation to comply. More of a benefit to complying that doesn't apply to trademark (with the default in both cases being susceptibility to hypothetical lawsuits).
$16bn says otherwise.
Thinking about it, I wonder how much AIM and MSN Messenger's fights against third party clients messed up their user bases.
EDIT: Note: I'm not a fan of proprietary protocols. I'm just describing what I see as the position of a company that wants to monetize a network like this. If the network and client is the revenue source, then third party clients work against you. Allowing the third party clients to gain too large a share of your user base means that breaking compatibility could have significant network effects against you as those users move to another platform and bring their friends and family along.
So people would be forced to make a choice: use it on your phone, or on your computer. Aside from the group of people who don't have a smartphone, most people would chose phone.
I wonder how much AIM and MSN Messenger's fights against third party clients messed up their user bases.
I know that you can't used the outdated version on Android for much longer without being cut off access.
Is this because they had something like "compatible with WhatsApp" in their descriptions?
If I were repository owners and/or paying customer of Github, I would not be OK with this.
Starred 419 times.
Does that actually have anything to do with copyright or trademark, or are they just very takedown-happy lawyers?
Calling your API "node.whatsapp" is using their trademark, and they do have the right and responsibility to protect it.
It doesn't make them wrong; just a jerk :)
Here in the EU reverse engineering is allowed and even if you sign a contract saying you won't reverse engineer something you've still got the right to do it.
How would the DMCA comply with this, would anyone be able to shut down legally reverse engineered code on GitHub?
I remember seeing a company (something Linux-related) that had a very strict trademark policy, and they did sue people who used their logo or their name, or event something different but similar. But their web site had a form where you could just enter your email address and name, and it would say oki-doki, you may now use our trademark as you like, until we say otherwise.