I wouldn't read too much into this. As part of their purchase agreement WhatsApp likely needed to say that they had been diligent in maintaining and defending their copyrights and trademark. That's pretty standard in a financing, so I'd imagine it's a standard part of M&A deals. It probably turned up during due diligence that they had some "cleanup" to take care of in order to not be lying when they made that representation.
It's pretty disgusting to dismiss this level of abuse of the DMCA (these aren't even legitimate copyright issues!) and legal bullying under the guise of standard operating procedure. It's over-the-top wrong.
I own one of the affected repositories, and submitted the original link to HN the moment I got an email notification about it from Github [1]. It's a shame we didn't get the discussion going earlier.
IANAL, but what the hell does a security POC (and an unofficial API derived from it) have to do copyrights? On what grounds did a repo get chosen for takedown? Is it the "whatsapp" in the name? What about a simple "x.whatsapp.net" connection string in the code? Is that infringement?
You're aware that you have rights under DMCA too? File a counter-notification[1] explaining why you think the takedown isn't valid and Github will likely put the repo back online. And if WhatsApp doesn't like it, they can sue you.
large money crush imagination and suck all the life out of creativity, of all people zuck should've entertained huge ecosystem of various clients that suit other people's needs...
Interesting. Trademark law is probably pretty strong against repositories named "WhatsApp" or something very similar. Using the logo without permission as well.
Describing a project as "working with WhatsApp" would probably not be an actionable trademark infringement. Code that works with the WhatsApp API is almost certainly not "infringing", unless there's some "encryption" going on.
Unfortunately the DMCA takedown rules are such that Internet providers such as Github have basically no direct recourse and refusing to comply is not an option. Additionally, complainants don't have to prove much of anything to issue a takedown notice to a service provider. This is a seriously broken part of copyright law, IMO.
That said, this complaint doesn't appear to me to be explicit enough to meet with GitHub's takedown policy (https://help.github.com/articles/dmca-takedown-policy), which requires "Identify the copyrighted work you believe has been infringed. The specificity of your identification may depend on the nature of the work you believe has been infringed, but may include things like a link to a web page or a specific post (as opposed to a link to a general site URL)." But the complaint itself, besides mentioning trademarks and the WhatsApp name, only says "unauthorized use of WhatsApp APIs, software, and/or services". But the existence of code that can use the WhatsApp API is not the same as actually using WhatsApp's services in an unauthorized manner, so I think this is ripe for some pushback.
WhatsApp can easily enough restrict API access to its own clients if it chooses to do so, which is a far better solution than trying to shut down what's apparently an easy library to write.
> Interesting. Trademark law is probably pretty strong against repositories named "WhatsApp" or something very similar. Using the logo without permission as well.
They probably fall under nominative use, which is an affirmative fair use defense. Describing an API or implementation of XYZ as a "Webclient for XYZ" should be fine.
Wireshark dissector plugin? taken down? I haven't really followed wireshark goings-on in a while, but wow... just wow... I don't think i've seen this before:
My apologies for the bile, but I can't help but call out my reactions to this news...
1. facebook (you: I expected this from, you we're already #1 on this s#17list)
2. whatsapp (sell-out!)
3. github (highly disappointed watching you just lay down and immediately comply shutting down these repositories)
I'm considering moving all my code off of github over this...
With the poor, let's say terrible, security posture WhatsApp always had, this is really not the way to communicate the message that they care and want their software to be scrutinized. Open implementations are a great help to any reverse engineer trying to figure out the mess that is their protocol.
You know what was pathetic? With all its security and authentication loopholes people still used it. I gave it up for time but friends still won't listen and then I had to come back. Now, Facebook is sth I can't tolerate. At least earlier I didn't run the visible risk of my very intimate messages falling into advertisers' hands.
It is a library that implements WhatsApp's protocol. It is built on community effort of reverse engineering WhatsApp's protocol. I created this in first place to bring WhatsApp on an unsupported platform (Nokia N9/ meego platform)
This is a UI frontend to Yowsup for Nokia N9. Nokia N9 is the only smartphone produced by Nokia which never got WhatsApp support. I created this client because I wanted to use WhatsApp on my Nokia N9. The code is totally decoupled from Yowsup, and does not use WhatsApp in its name. You can see its icon here http://everythingn9.com/wp-content/uploads/2012/05/wazapp.pn... which for me looks different enough from official client's icon.
This is also a frontend to Yowsup, but for Blackberry 10. It is a little bit similar case as Wazapp. I created this for BB10 when WhatsApp initially said they're not supporting that platform. Again, this is decoupled from Yowsup, has same icon as Wazapp. Its name though on Github is OpenWhatsappB10, as a project name. However, the real app name is OpenWA. Perhaps a rename of the repository would be sufficient ?
I was toying around with your (quite excellent) Yowsup library a little while ago and the one question I always had was this: Since WhatsApp doesn't have an official library, wasn't Yowsup always in the cross-hairs?
I mean, it was only a matter of time before they clamped down and claimed that you were violating section 3.A.iii of the ToS by reverse-engineering the WhatsApp protocol, right?
Don't get me wrong, I would have loved it if Yowsup was allowed as an (unofficial) API - or something like that. However, as a newbie to the world of programming & software development in general, I am trying to understand what was wrong about the DMCA notice. What, in your opinion, should they have done instead?
Also, I wouldn't describe the DMCA safe harbor as an obligation to comply. More of a benefit to complying that doesn't apply to trademark (with the default in both cases being susceptibility to hypothetical lawsuits).
IANAL, but these claims can't last. To the extent those projects are using WhatsApp's trademarks or copyrighted logos, they can stop infringing by renaming and removing the logos. There might be a "hacking" claim against users who use that software to access WhatsApp's servers, but not copyright (assuming WhatsApp doesn't claim copyright over messages sent through the aervice), of unknown validity, and probably not enforceable against a site which merely hosts code to do so. I think.
I don't think that has been decided yet. It was the main issue during the Oracle v. Google trial, but if I remember correctly, the judge declined to rule on whether APIs could be copyrighted or not.
I'm not going to comment on the validity of this specific case, but "open source" doesn't automatically mean "protected from copyright law infringement".
[+] [-] dpe82|12 years ago|reply
[+] [-] Niten|12 years ago|reply
[+] [-] yuvadam|12 years ago|reply
IANAL, but what the hell does a security POC (and an unofficial API derived from it) have to do copyrights? On what grounds did a repo get chosen for takedown? Is it the "whatsapp" in the name? What about a simple "x.whatsapp.net" connection string in the code? Is that infringement?
Either way, shitty move by WhatsApp.
[1] - https://news.ycombinator.com/item?id=7230041
[+] [-] eli|12 years ago|reply
[1] http://www.chillingeffects.org/dmca/counter512.pdf
[+] [-] perlpimp|12 years ago|reply
[+] [-] skywhopper|12 years ago|reply
Describing a project as "working with WhatsApp" would probably not be an actionable trademark infringement. Code that works with the WhatsApp API is almost certainly not "infringing", unless there's some "encryption" going on.
Unfortunately the DMCA takedown rules are such that Internet providers such as Github have basically no direct recourse and refusing to comply is not an option. Additionally, complainants don't have to prove much of anything to issue a takedown notice to a service provider. This is a seriously broken part of copyright law, IMO.
[+] [-] skywhopper|12 years ago|reply
WhatsApp can easily enough restrict API access to its own clients if it chooses to do so, which is a far better solution than trying to shut down what's apparently an easy library to write.
[+] [-] aroch|12 years ago|reply
They probably fall under nominative use, which is an affirmative fair use defense. Describing an API or implementation of XYZ as a "Webclient for XYZ" should be fine.
[+] [-] void-star|12 years ago|reply
https://github.com/davidgfnet/wireshark-whatsapp
My apologies for the bile, but I can't help but call out my reactions to this news...
1. facebook (you: I expected this from, you we're already #1 on this s#17list) 2. whatsapp (sell-out!) 3. github (highly disappointed watching you just lay down and immediately comply shutting down these repositories)
I'm considering moving all my code off of github over this...
[+] [-] FiloSottile|12 years ago|reply
This is exactly what triggers full disclosure.
[+] [-] dotBen|12 years ago|reply
To be fair, isn't the case for most proprietary software - even for the most security-concerned closed-source companies?
No one at WhatsApp has ever warrented that their software is open source, that they want to produce open source or that they share open source values.
[+] [-] balladeer|12 years ago|reply
[+] [-] tgalal|12 years ago|reply
Yowsup https://github.com/tgalal/yowsup MIT License
It is a library that implements WhatsApp's protocol. It is built on community effort of reverse engineering WhatsApp's protocol. I created this in first place to bring WhatsApp on an unsupported platform (Nokia N9/ meego platform)
Wazapp https://github.com/tgalal/wazapp GPLv2 License
This is a UI frontend to Yowsup for Nokia N9. Nokia N9 is the only smartphone produced by Nokia which never got WhatsApp support. I created this client because I wanted to use WhatsApp on my Nokia N9. The code is totally decoupled from Yowsup, and does not use WhatsApp in its name. You can see its icon here http://everythingn9.com/wp-content/uploads/2012/05/wazapp.pn... which for me looks different enough from official client's icon.
OpenWA https://github.com/tgalal/OpenWhatsappBB10 GPLv3 License
This is also a frontend to Yowsup, but for Blackberry 10. It is a little bit similar case as Wazapp. I created this for BB10 when WhatsApp initially said they're not supporting that platform. Again, this is decoupled from Yowsup, has same icon as Wazapp. Its name though on Github is OpenWhatsappB10, as a project name. However, the real app name is OpenWA. Perhaps a rename of the repository would be sufficient ?
[+] [-] DjangoReinhardt|12 years ago|reply
I mean, it was only a matter of time before they clamped down and claimed that you were violating section 3.A.iii of the ToS by reverse-engineering the WhatsApp protocol, right?
Don't get me wrong, I would have loved it if Yowsup was allowed as an (unofficial) API - or something like that. However, as a newbie to the world of programming & software development in general, I am trying to understand what was wrong about the DMCA notice. What, in your opinion, should they have done instead?
[+] [-] tsaoutourpants|12 years ago|reply
[+] [-] comex|12 years ago|reply
Also, I wouldn't describe the DMCA safe harbor as an obligation to comply. More of a benefit to complying that doesn't apply to trademark (with the default in both cases being susceptibility to hypothetical lawsuits).
[+] [-] tapsboy|12 years ago|reply
https://github.com/github/dmca/blob/master/README.markdown
[+] [-] drakethes|12 years ago|reply
[+] [-] 1337biz|12 years ago|reply
[+] [-] goatforce5|12 years ago|reply
$16bn says otherwise.
[+] [-] cbhl|12 years ago|reply
[+] [-] eli|12 years ago|reply
[+] [-] comex|12 years ago|reply
[+] [-] WizzleKake|12 years ago|reply
Is this because they had something like "compatible with WhatsApp" in their descriptions?
If I were repository owners and/or paying customer of Github, I would not be OK with this.
[+] [-] instakill|12 years ago|reply
[+] [-] wreegab|12 years ago|reply
Starred 419 times.
[+] [-] viraptor|12 years ago|reply
Does that actually have anything to do with copyright or trademark, or are they just very takedown-happy lawyers?
[+] [-] icebraining|12 years ago|reply
[+] [-] TallGuyShort|12 years ago|reply
[+] [-] chenster|12 years ago|reply
[+] [-] chid|12 years ago|reply
[+] [-] bachback|12 years ago|reply
[+] [-] snkcld|12 years ago|reply
[+] [-] sbarre|12 years ago|reply
[+] [-] jotato|12 years ago|reply
Calling your API "node.whatsapp" is using their trademark, and they do have the right and responsibility to protect it.
It doesn't make them wrong; just a jerk :)
[+] [-] etanazir|12 years ago|reply