Hacker News new | past | comments | ask | show | jobs | submit login
Otonomo, with nearly $55M in funding, is cloning our product (smartcar.com)
2292 points by sahaskatta on April 22, 2019 | hide | past | favorite | 603 comments



That is pretty egregious, and its also par for the course.

And that is why startup companies go through all the hoops of being "stealth" and having NDAs and what not. There was a German VC firm that was, as I recall, very upfront about this. Clone a successful US company before it got to the European market.

On the one hand it is great to have validation of the idea, on the other its a pain to have someone with more money in the bank able to spend it on marketing and spinning the narrative in their favor.

Since the ability to get a foreign company (in this case Israeli) to do anything is limited, your best bet is to out execute them. Also, love them or hate them, having patents helps in situations like these.

The reality is that if an idea is really good, the people who came up with it know it better than anyone and that gives them a tremendous advantage in terms of knowing what is important and what isn't. Companies have been known to talk about expensive and complicated features or options in order to get people trying to copy their success to waste time and money on something for which there is no actual demand. It is no doubt worth investing in understanding how one's enemies are getting their information and shutting that off if possible.


>The reality is that if an idea is really good, the people who came up with it know it better than anyone and that gives them a tremendous advantage in terms of knowing what is important and what isn't.

I have to disagree with you emphasizing this point. If someone/entity manages to get your idea or code, they may be able to sell the solution at a fraction of the cost since their R&D was lower than yours. When the entity is 10x+ your size, they can also afford to gather the resources that increase their odds of success (e.g. marketing specialists, engineers,etc) at a rate which you can't compete. By then, you may have spent 2-3 years creating a business that is destroyed by an external entity acting in bad faith.

These things happen quite often.


I tend to agree with the original comment, particularly for products that are still evolving.

We have a competitor who copies our features, but they don't know why we built the feature. The result is they end up copying the wrong stuff or tweaking the feature in a way that completely misses the point.

But, I agree with you in that creating a feature isn't an advantage in and of itself. Rather, it is the domain expertise that led to the creation of the feature that is the true advantage.


Try adding some random stuff that you get for basically free with your choice of backend / implementation.

This will waste their time if its a harder problem with their backend / implementation.

Another fun thing you can do is using something that looks like a 3rd-party service/API, but is really just another domain controlled by your company. Make it something specific to your business, so they'll be tempted to use it.

IF they use it, the least you can do is terminate their access at an inconvenient time. This will frustrate their customers as they scramble to do their own implementation.

Final thing you can do is not doing incremental updates, but instead doing big rollouts with many features at once.

That way they'll always be weeks to months behind you.

Basically, when someone is following you, mine the path to the point that it's cheaper and more effective for them to find their own.

Edit: Bonus round is talking about some near-useless feature on your dev blog that would be hilariously expensive and complicated to build, without actually building it. Hope they waste time on it.


>Final thing you can do is not doing incremental updates, but instead doing big rollouts with many features at once. > >That way they'll always be weeks to months behind you.

This reminds me of the old days when Adobe Illustrator and Macromedia Freehand. I learned both apps, as each release from one would leap frog the other in features. I actually learned from a roommate that was taking college courses, and I would do his homework assignments. Not do them for him, but on my own just to learn the software. Saved me from needing to take the course!


Agree with generally not worrying about the competition — we were a little worried since a valley startup of ex-Big4 people cloned us 3 years ago, but they haven‘t managed to come far, despite a whopping 8MM seed round (we were bootstrapped).

This example however seems to play in a different league, the extent of ripoff here is absolutely staggering.

If I were OP, I‘d immediately call Daimler‘s PR department. After the whole dieselgate shitshow, none of the German automakers are out for the slightest bit of negative PR...

https://www.globenewswire.com/news-release/2019/01/10/168588...


Apple is the perfect counter example here.

Apple wasn't the first company to make an MP3 player, but the generic term is basically 'iPod'.

Apple wasn't the first company to make a smartphones or touchscreens, but the generic term for a touchscreen smartphone is basically 'iPhone'.

Apple wasn't the first company to make a tablet, but the generic term is basically 'iPad'.

Apple didn't invent high resolution displays for personal devices, but the generic term is basically 'Retina display'.

We can go back in time, too. Apple didn't invent the mouse or a GUI, but lots of people pointed to the Macintosh as inventing them.


This has to be a regional thing, similar to how in some areas of the American south, "Coke" is a generic term for all sodas. But at least in my area (Portland, OR), what you're saying is definitely not true.

I've never heard someone use Apple trademarks as generic terms. The generic term people use for a touchscreen smartphone is...a smartphone. Likewise, a generic term for a tablet is "tablet". I've never heard someone use "iPhone" to refer to all smartphones or "iPad" to refer to all tablets.

Though as a kid, I know my parents would say to "put away the Nintendo" when it was the PlayStation stuff that was all spread out on the floor.


It doesn't really matter if it is a regional thing. The point is not that the name takes over. That's just a side effect that sometimes happens. The point is that the product that came second and copied the first now dominates the market.

How about the IBM PC? Plenty of home computers existed prior to the PC, but today 8086 code dominates at all levels of computing.

How about Google's search, or Google Maps? AltaVista and MapQuest came first.

You mention Nintendo and PlayStation, but Atari was before both of those!

How about Facebook instead of MySpace?

The point is that saying that the person who comes along and copies you will do it worse because they don't understand it is often wrong.


Where I grew up (borderline Midwest, generally associated with the South), it is common to ask “What kind of Coke would you like?” And an acceptable answer to said question could be “Mountain Dew”, “Dr Pepper”, or any competing soda brand. After I moved away from my hometown (though still in the general midwestern region) I found it fascinating how hyper local the nomenclature for soda can be (or rather “pop” or “coke” depending on where you live).


>rather “pop” or “coke” depending on where you live

I think "pop" is a hold over from the older English fizzy pop


We may be from the same place.


I feel like some of these examples could be US-centric phenomena. We in the US tend to confuse brand names with product categories, and in other markets the Apple brand doesn't have the same dominance in most of these.


I was going to make this point. While having a huge market share, Apple doesn't dominate in the EU, so generic terms are more common.

Here in the UK people just have "Smartphones" and "tablets" (tho I do hear people calling generic tablets "iPad" sometimes).


I wonder if in the UK the BBC's anti-branding guidelines make a difference; they will almost never refer to a phone as an iPhone unless it's specifically relevant.


I’d say this is by design. A major goal / win in marketing is when your market confuses your brand name with a product category.

The USA, love it or hate it, is the most dominant marketing force on planet earth.


The example may be US-centric, but that really doesn't invalidate the point of the argument: that late comers may come to dominate the market by copying others. I really don't need a global example or eurocentric example to make the point, but if you don't want Apple, take Google's Android, IBM'S PC, etc.

Edit: How about Google? They copied Yahoo and AltaVista, and their search engine has become so ubiquitous with searching that it's a word in the dictionary now.


At least the iPod/Pad/Phone stuff isn't US-centric - these are colloquially used to refer players/tablets/smartphones in many different languages.


I can hardly remember someone using an Apple(or any brand really) product name for the whole product category, it's rare in my experience. Sometimes there's a (grand)parent calling every game console "nintendo", but that's about it.


How about Q-tip? Band-aid? Adrenaline? Kleenex? There's quite a lot of them floating around.

https://en.wikipedia.org/wiki/List_of_generic_and_genericize...


Seems to be much more of a US thing. As a European I'd use the category name for most of those.

Some of the category names don't even match up - adhesive tape is definitely not what comes to mind for Durex for me.


The specific brands are usually country- or region-specific. It's just that you often don't notice the ones that have been genericized in your culture.

Consider: thermos, escalator, linoleum, trampoline, zipper, scotch (as in tape), jeep, xerox, jacuzzi, dictaphone...


>The specific brands are usually country- or region-specific. It's just that you often don't notice the ones that have been genericized in your culture

I think branding to generic really depends on linguistics of target market, brand writers and brand saturation in target market.

A brand name that is hard to pronounce is less likely to be used and how often do you think about the Slovakian pronunciation of your brand?

The US being a large linguistically similar market would be more susceptible to this.


I don't think any of those exist in my country. We do have some older people that call every PND a 'TomTom'.


Of those, the only one I would say that's actually fairly generic is ipod, but that's also the one that's been relegated largely useless as it's an "also" feature of everything else. I don't event here people refer to their non-iphone as an iphone, or their tablet as an ipad. People have have one of those might refer to theirs, and the class in general this way, but given they are actually in the minority of owners for those devices usually, I definitely don't hear it all that often as the generic term.


It all depends on the countries. FWIW, in my experience outside of US and other First World countries, "iPad" for "tablet" is by far the most common, and "iPhone" for "smartphone" is also pretty common. This is more typical of the older (roughly 50+) generation though.


Apple dominates a lot more in many desirable foreign markets.


> The generic term is basically iThing.

Are you from the US? Because here in .eu "iThing" is definitely not the generic term for pretty much anything.


Not the parent, but I am from the US. I don't know anyone who uses i{whatever} as a generic term. When they say iPhone, they mean a smartphone manufactured by Apple. When they say iPad, they mean a tablet computer manufactured by Apple, and so on.


I am also from the US, and I frequently hear (in decreasing order of dominance):

“Apple Pay” being used as a generic for “phone-based contactless payment system”, “iPad” as generic for “tablet”, and “iPhone” as generic for “smartphone”.


Mu kids called all tablets iPads at some point, so I had to teach them the difference between iOS and Android.


I'm a long-time Apple user fully baked into the Apple ecosystem and have friends and acquaintances in the same position, and I'm not sure I agree with most of those. Maybe "Retina display," only because Apple arguably was the first company to give that a specific branding term. I don't even think iPod was ever a generic for "MP3 player"; it was far and away the most popular MP3 player, and I'm sure the dozens of people who bought Zunes were tired of people saying "I've never seen an iPod that looks like that before," but that's not the same thing as being a generic term.

Beyond that, though, your other examples just seem weird, because I don't ever hear anyone use iPad or iPhone as a generic term. "I have an Android iPhone." "Hey, that's a cool Microsoft iPad." Nope. And the Mac was the first computer anyone outside of nerdspace ever heard of using a GUI and mouse, and I'm sure that's led to some pop culture confusion, but that doesn't strike me as comparable to the other examples anyway. "GUI" and "mouse" are generic terms.


> I don't even think iPod was ever a generic for "MP3 player"

It was generic enough to form part of the word "podcast", which has stuck around.


in your opinion though.

i've never heard anyone use iphone as a generic term. phone, mobile, cell, cellphone. these are the only terms i've heard.

and while i'm add it, mp3 player is what i've heard EVEN it is in reference to an ipod.

ipad? nah, generally i've heard tablet.

and finally, i've heard no one say retina, i have heard HD, HiDPI or 4k (even if it's not).


What I find a bit crazy is why don't large corporations do this more often? I literally told my manager when I worked at Corel that we should do this: Find a promising looking startup, clone their offering and blow them out of the water by virtue of the fact that we have 500 sales and marketing people with 20 years of experience (not to mention by being second to the market we can learn how to avoid all the legacy problems the startup endured). We were in a "new ventures" team and I figured instead of going along with cockamamie schemes dreamed up by our PGMs that had virtually no hope of success, we should enter markets that had at least some advance proven success. Nope. Not going to happen. We needed to build something that nobody had ever thought of before. While I can understand the idea, I still think its a massive mistake for an established company. Why enter markets where you can't play to your strengths (muscle)? I never could figure it out...


My theory on this is that small dev teams are an order of magnitude more productive than large ones, and most large companies cannot help themselves when it comes time to assign team sizes.

You can definitely win a war with superior marketing, but it's not a sure thing if your product is inferior.


Some SLC companies did pull this off well. I'm working with some Russians now that have teams that replicate US services for Russia, China, India and Brazil, simply with the idea of flipping them post-launch and pre-growth. They are getting rich, so it appears to be working.


Then can't you too find other investor for yourself ? You have the advantage being the one that come out with the idea to sell it to the investor.

Or heck pitch it to the same investor too.


No investor will get involved with a company that is presently undergoing major intellectual property litigation. IP lawsuits are the kiss of death for VCs.


Do you mean kiss of death for both Otonomo and smartcar ?


They should definitely reach out to the investor. But not before getting proper legal advice on the matter.


eyeroll

Investor: "Oh I wonder what other IP we can steal from them under the guise of due diligence"


At $55M in funding they won’t be undercutting anything - quite the opposite, they’ll need to turn a healthy profit or die.


At $55M in funding, they can undercut for years, since they won't need to turn a healthy profit for quite some time.

For example, Uber and Lyft. (Point being: survival is not just about the long run, but also the short run.)


Further to that point about undercutting for years, it's not going to be just $55m.

If Otonomo have raised ~$55m, it means they have very powerful, very rich backers (Bessemer, NTT, SK, Aptiv). They might realistically have another $100m over the coming years instead, if they continue making progress.


OTOH, if a company can only sustain its business model because it has the advantage of state protection, it necessarily means naturally defensible business products get less investment and artificially defensible business products get a bump. Which is better, is hard to say.

It should be clear however that patent and patent giving has massive costs on the state and a great boon to lawyers.

And at the same time, its still not enough, as you still need to do counter-espionage at companies anyway.


And this is exactly why software patents are not as evil as most people think.

They are being abused, but if you can close that loophole (prevent non practicing entities from enforcing patents), then software patents are critical to protect innovation.


Only if the software patent is really an innovation, not just restating something already known in a different way.

Patents need fixing from both ends - the enforcement end for non-practicing entities, as well as the assignment end, where patents are examined under harsher conditions.


> German VC firm that was, as I recall, very upfront about this

https://en.wikipedia.org/wiki/Rocket_Internet


Ah good old Rocket Internet. Used to deal quite a lot with them back in the days.

For all the ethically ambiguous things they do, I still remember fondly their creative ways of using AdTech.


Missing morals seems like a critical enabling technology of creative AdTech.


There is nothing wrong with competition. Read Smith.


Depends on what you classify as "competition".

Theft, sabotage, ad hominem attacks, even murder, could all be considered "competition" if your ethics and morals are on a different plane.

So saying there is nothing wrong with competition as a blanket dismissal is a bit myopic.


Are you accusing Rocket of any of those? They're famous for cloning business plans, but I wasn't aware they went beyond that.


IIRC Agriya was much popular compared to Rocket Internet in this business


That depends on the circumstances:

Their salaries, too, put [competitors] in the same state with a merchant who attempts to trade without a bounty in competition with those who trade with a considerable one. If he sells his goods at nearly the same price, he cannot have the same profit, and at least, if not bankruptcy and ruin, will infallibly be his lot. If he attempts to sell them much dearer, he is likely to have so few customers that his circumstances will not be much mended.

-- Adam Smith, Wealth of Nations, Book V, Chapter 1.

https://en.wikisource.org/wiki/The_Wealth_of_Nations/Book_V/...


I heard the model was to actually sell the European copy to the original US startup as it got bigger. It was never in their interest to end up operating an actual company. This backfired on them for one of their "investments" (I think an Airbnb clone?) when the US counterpart decided to go head and head against the Rocket's copy in Europe instead of simply acquiring.


I believe this was Wimdu. Seems like they finally ended up shutting down last year.

https://techcrunch.com/2018/09/27/wimdu-rocket-internets-air...


Also, while I appreciate this is a name and shame, it might help to put your company's name in the title and not give Otonomo the free exposure for anyone who's not going to dig into the article.


There was a German VC firm that was, as I recall, very upfront about this. Clone a successful US company before it got to the European market.

The Chinese also do this. (As in, the government seems to encourage it outright.) The culture and language barrier do make for an effective moat. It usually takes significant effort and even some cultural change for a company to get its legs for international operation.


But when "the Chinese" do the same thing, the reactions always seem to include something about "cheating", "stealing", and "copying" being "ingrained to their 'culture'", complete with some irrelevant anecdotes about some bad experience with Chinese tourists/coworkers/schoolmates or some geopolitical event being shared in the thread as if people are submitting their victim impact statements.

This phenomenon appears to be unique to situations where the accused party is Chinese. No other nationality/ethnicity seem to suffer the same treatment on HN and elsewhere on the Internet.


This phenomenon appears to be unique to situations where the accused party is Chinese. No other nationality/ethnicity seem to suffer the same treatment on HN and elsewhere on the Internet.

Actually, it gets applied to all Asians. I know this firsthand as an Asian. It used to be applied to the Japanese with just as much fervor, especially in the 80's. (I lived through this.) I should think it was applied to the Americans in the early days of the US. I suspect it was applied to Germans and Russians when they were consolidating and industrializing those nation states.

Here's where bigotry comes in, in the 2019 style: When white people do it, it's "appropriation." When Asian people do it, it's because they have no creativity and can only imitate. In truth, it's all cultural appropriation, and cultural appropriation is actually an engine of human progress and creativity.

The charge of copying gets levied as a protectionist tactic by those already of generally higher status. The charge of appropriation gets gets levied as an aggressive tactic by those who desire that status for themselves. Either way, it's a waste of time better spent learning, growing, and changing.

Appropriation is good. It's how progress is made!


As a USian, when I lived in Japan (working in semiconductor) from the mid-80s to the mid 90s, people always seemed to make this copying claim.

My response was- 1) Copying an ISA is not copying architecture 2) JP was innovating in manufacturing, not ISAs, which is why they got 95% yield, not 65. 3) Yes - they weren't great systems software guys, and 4) Have you seen Nintendo's games? Clearly they can create and innovate and program.

The trope irritated me, but it seems to be a psychological defense move whenever an emerging contender challenges an incumbent (got to get the base features first == copying)


[flagged]


No he means "The Chinese". Not the people, the government. He was quite clear about that in the full quote.

> The Chinese also do this. (As in, the government seems to encourage it outright.)

Way to be outraged through your own selective reading.


Okay, to be fair, I wrote the comment, then immediately thought, okay that could be misinterpreted, then added the parenthetical right afterwards. I didn't do an "(EDIT:)" because I thought no one would have come in so soon. The poor sap might have fallen prey to my foolish decision to use an optimistic concurrency protocol.


I commend you for your honesty. Also, I don't think that he was totally wrong in calling it out, but the phrasing he used was very unnecessary. It would be better phrased as a question, like: "Don't you think it's racist to refer to them as "The Chinese"?" or something less dumb than accusing you of racism.

I understand HN is a tech place, but since race can play a factor in practically all subjects, it can be a healthy discussion if spoken about maturely.


it can be a healthy discussion if spoken about maturely

Knee jerk rapid reactions aren't an example of "spoken about maturely." The normalization and acceptance of such reactions is what leads to toxic community atmospheres and the "social epistemological catastrophe" of a witch-hunt mentality.

In other words, "shoot first, ask questions later" is against the stated policy around these parts of the Principle of Charity. Just look around the Internet, and tell me what you see in this regard.

I'm obliged to link this again, for the good of all:

https://www.youtube.com/watch?v=rE3j_RHkqJc


> Knee jerk rapid reactions aren't an example of "spoken about maturely."

I literally said his response was dumb so I'm not really sure what your point is by claiming I am considering his reaction mature.

I understand if you misread my comment, but I'm baffled otherwise. Thankfully, this is the internet and we can talk it through if we want.

(edit: typo)


I'm not really sure what your point is by claiming I am considering his reaction mature.

Actually, your comment could indeed be read that way. Therefore I'm obliged to push back against such a position, even if you didn't mean it precisely that way. I'm generally having a conversation for the sake of the 3rd party. The lurkers are the majority of this site's users.

Thankfully, this is the internet and we can talk it through if we want.

My un-provable suspicion is that civil discourse itself is being targeted by nefarious forces. It's either that, or the emergent incentive structures of social media as currently constructed are having the same effect. Or both. It's bad either way.


> My un-provable suspicion is that civil discourse itself is being targeted by nefarious forces.

I don't know if it's a collective of forces, but I have to agree with the opinion that civil discourse is being targeted.

There's been enormous political polarization in the past decade or less, and there is a growing list of topics or social movements that if I even LIST as debatable or in need of further discussion, would put myself in great danger of being targeted, defamed or worse.

And the worst part is, once you have been attacked and mobbed by this new public shaming tactic, very very rarely is being defensive or opening a dialogue something people want, they just want vengeance, and submissiveness.


And the worst part is, once you have been attacked and mobbed by this new public shaming tactic, very very rarely is being defensive or opening a dialogue something people want, they just want vengeance, and submissiveness.

That's a brilliant and concise way of putting it. I have a mind to steal it!


I'm Chinese and I didn't think it was racist. I interpreted the assertion as a description of the Chinese government, not Chinese people.


For the record, I'm Asian and my wife was born in Fujian province, China.


Is it also racist to say, "The Americans"?


Its easier to be faux-outraged.

Now its the Chinese that encourage ignoring copyright/patent/trademark/trade secret laws. It helps them get their country ramped up with regards to industrialization.

Japan did so before that, in the 60s and 70s.

The USA also did so when we broke off from England. And later, Hollywood was made to get away from Edison's and others patents.

But complaining that "The Chinese" is derogatory is petty posturing and fake outrage.


China is a nation, not a race.

Race itself is a social construct.

Nice try though!


"Race itself is a social construct."

What do people mean by this exactly? I've heard some people make the case that the exact boundaries between ethnic groups can be socially constructed, which makes sense to me (like how one draws a hard line between two groups which have some admixture).

But the idea that ethnicities have nothing to do with biology and is a purely social phenomenon sounds like a lay-person's misunderstanding of the above claim. For example, it should be obvious that using a sperm/egg donor can lead to a child of a different ethnicity even if the socialization is kept the same (which you can't necessarily do perfectly in reality, but still).


>What do people mean by this exactly?

Historically, “race” was a term invented to group/categorize people by language. From there it evolved into a reference of nationality. Most recently it has become a word to define an attempt to group people by physical characteristics.

So for example you associate race with ethnicity...the question is why? Ethnicity after all is a word to group people through nationality and culture, having nothing to do with physical characteristics...for example Irish is an ethnicity (in addition to just a nationality), but there are both black and white irish.


> >What do people mean by this exactly?

> Historically, “race” was a term invented to group/categorize people by language. From there it evolved into a reference of nationality. Most recently it has become a word to define an attempt to group people by physical characteristics.

Do you have more information about this? It has been my understanding that throughout history, some languages became the "lingua Franca" so to speak while not introducing race conflict. So I'm curious to hear more about the origins of race as a social construct, specifically its roots in language.


I'm still figuring this out myself, but I think that people are talking about race in at least two different ways:

1) Race from a biological/chemical perspective. Stuff like 'DNA determines race' goes here.

2) Race from the perspective of all the things that happens to a person because they belong to a particular race (as defined in 1). Apparently, being black and driving in America means it's more likely that you'll be pulled over by the cops, more likely that they'll assume you're a drug dealer, etc, etc. I wouldn't know because I'm not black, and every time I was pulled over by the cops I was clearly at fault. Differences like these are discussed under the umbrella of 'race'.

The key is that in the second case there's nothing from biology / chemistry / science that says that black people should get pulled over more. That's just how things are in America now - it's a "social construct".

Again, I'm not an expert, but I think that's what people mean by 'race is a social construct'


Or people trying to be too inclusive and forward thinking without thinking about the implications of what is being said. Race and ethnicity are so closely tied, that from a biological standpoint, it's almost pointless to try to separate them.

I made a comment about this previously in reply:

>This isn't really a good argument. Western people use lactose in a variety of ways such as a drink additive (tea), for cooking (cheese, cream-based sauces), and even consuming by the glass (good ol' fashion milk). However, there's a high prevalence of lactose intolerance in Asian countries. There are just some sensitivities, diseases, and reactions that are more prevalent in some ethnicities than others including lactose intolerance, sickle-cell anemia, and Tay-Sachs disease.[0]

[0]: https://news.ycombinator.com/item?id=19420642


The idea that ethnicity means anything beyond appearance and a few specific genetic proclivities is the social construct.

That, and the idea that "races" can be clearly distinguished and defined, as you said.


> What do people mean by this exactly? I've heard some people make the case that the exact boundaries between ethnic groups can be socially constructed, which makes sense to me (like how one draws a hard line between two groups which have some admixture).

Pretty spot on.


You’re conflating race with ethnicity. They are not the same. For example, in America the ethnicities of Irish and Italian were not always considered to be part of the race of white.


> What do people mean by this exactly?

Related:

https://slatestarcodex.com/2017/06/21/against-murderism/


Race is too important in medicine to merely be a social construct.

Different races have significantly different disease rates (incidence rates), such that you cannot erase them even if you control for environment (born in the same city, at the same time, went to the same school, etc).

If you were to open a large hospital in town X, you would very much want to know X's demographic structure to make informed decisions on how many highly specialized professionals and equipment you would need to effectively treat the population.

Making design mistakes at this stage would literally cost lives.


In addition to being unwelcome in its own right, this sort of comment is against Hacker News guidelines.

Please don’t do this here.


Why is it against HN guidelines? If something's actually racist, it should definitely be called out.

Not saying the original comment was racist, but in general I don't think we should be promoting racism.


Exercising the principle of charity != Promoting [X]

If we all started calling out everything that might possibly be [X] without being absolute certain, then this stance to accept false positives would result in far too much noise in the form of one of the harshest accusations in 2019.

This sort of stance, where the Presumption of Innocence is sacrificed, to prioritize catching all the guilty, the innocents be damned, is also the stance that leads to the witchhunt mentality. It's a social epistemological catastrophe, where everyone suspects everyone and accusations for ulterior motives cannot be detected.

In 2019, it seems as if this stance is designed to and deployed to cause a social epistemological catastrophe over social media. I suspect this is actually being done!

https://www.youtube.com/watch?v=rE3j_RHkqJc

This is precisely why Blackstone's formulation came to be, and why it's necessary to avoid toxic and tyrannical societies.

https://en.wikipedia.org/wiki/Blackstone%27s_ratio


[flagged]


If you do anything like this on HN again we will ban you.


"Clone a successful US company before it got to the European market."

This is really a different case though.

The German VC is saying: "Food delivery is working in the US, they've validated the model + EU VC's will now get behind that, so 'do that like they are'.

They are more or less competing, not exactly cloning.

Copying API's is a whole other level.

Literally copying docs etc. is another level.

The thing is - the small company may have some power here. The bigger company does not want an ugly, permanent lawsuit hanging over them. With the screen-scraping and blatant copying, it's going to make it seem, at least popularly bad, and possibly add emotive impetus to a judge. The copier cannot say with a straight face that they were not copying to a judge.


NO! Rocket Internet is known and have been busted for straight up copying even website source code, layout, everything. As in the source of the HTML is identical, just the color scheme changed. They are criminals make no mistake, learn how they got their riches, by scamming teenagers with ringtones.


Yes, Rocket copies very specifically, but that does not invalidate my point.

Germany VC's will still very rationally imply what I wrote above.

If Rocket is behind this, well, they might have laid a bridge too far.


This is pretty egregious, but in reality the only thing that was copied was the docs for the API, not the API itself. The other company still has the write all the backend code, and given their track record of just ripping stuff off, may not have the engineering chops to pull it off. In addition, as Smartcar continuously improves their product and API, the other company can only react to these changes.

If I was the OP, my reaction would be shock and horror too. But then I'd realize the old axiom of imitation is the best form of flattery.


> but in reality the only thing that was copied was the docs for the API, not the API itself

You never know. When someone ripped off Parse we were able to deduce which version of our JS SDK was ripped off by which bugs weren’t fixed. We had a weird moral dilemma: we were upset at the copycat yet concerned that their users had security vulnerabilities unpatched.

[Edit: added quote to clarify to what I was responding]


In the mid-nineties a company named Avanti stole code from Cadence Design Systems (where I worked at the time, though I had no involvement in the case). This was first discovered by an engineer noticing that error messages in the two systems were similar in ways that made no intuitive sense. Case was unusual in that several Avanti executives actually wound up going to jail for the theft.

https://en.wikipedia.org/wiki/Cadence_Design_Systems,_Inc._v...


If they didn't catch bugs, maybe they also wouldn't catch booby-traps. Are there examples where developers have done that?


FTDI modified the driver for their USB<->RS232 chips so that it would brick counterfeits: https://arstechnica.com/information-technology/2014/10/ftdis...


So not one that worked out well.

The article discusses Microsoft's anti-piracy measures. And it brings back horrible memories. So I had this server, running Windows Server 2000. And there was a nearby lightning strike, which bricked the motherboard.

But hey, service contract. Except that the company had gone through reorganization. So they sent me a motherboard that was comparable and compatible with the box. But it had a different seller code, so my copy of Windows Server 2000 wouldn't install.

Microsoft couldn't/wouldn't fix that. So I had to return the replacement motherboard, wait for another replacement, and install it. But hey, it all worked out in the end.


Yeah, that's DRM by another name. I'd be worried about doing it wrong and affecting customers.


The actual saying is "imitation is the sincerest form of flattery". Sorry, but it's a pet peeve of mine when people replace "sincerest" with "best", because it changes the point of the adage.


Because sincerity implies the flattery is entirely genuine, rather than best suggesting it is heaping praise upon you? Hadn't thought of that; it's a good distinction to make.


The docs for the API, especially for a company whose primary users are software developers, is a core part of the product offering. Just look at the investments that AWS, Twilio, and Stripe make in their docs. This stuff matters.


Given the current ruling in Oracle v. Google, though, I'd imagine Smartcar would have grounds for a legal case. If Oracle is awarded damages from Google for "copying" the Java API specification in Android, even with a different underlying implementation, then I'd imagine Smartcar can highlight the similarities to their own dispute with Otonomo. The tricky thing is it looks like Otonomo is an Israeli company so I'm not familiar with how US court rulings apply across international boundaries -- perhaps at the very least Smartcar can attain an injunction against Otonomo within the US.


"Given the current ruling in Oracle v. Google, though, I'd imagine Smartcar would have grounds for a legal case."

Which might be the best news Otonomo gets all day. In addition to outfunding them, now their competitor is going to focus their time and cycles not on the competition for this market space, but in expensive legal actions with a dubious chance of success.

If I were smartcar I would ignore Otonomo (or at least their shameless ripoffs of your public facing code bits) and double down on the business of beating them with your product.


Otonomo apparently has an office in the U.S., so presumably they'd fall under U.S. jurisdiction:

https://otonomo.io/about-us (see bottom of page)


I'd take money over flattery any day though.


Money is flattering.


And yet, flattery is not money.



Fiattery :-)


Looks to me like they are copying the entire concept, not just the docs. Seems like very little intellectual creativity went into the creation of their API.


An API usually embeds significant design decisions that are hard work to come up with. That said, there is some precedent for companies reimplementing competitors' API verbatim in order to get customers to port their applications more easily...


If it wasn’t already, the docs and the code should be copyrighted. It costs nothing and should be relatively easy to litigate in the case of copy pastage lol


It IS copyrighted.

To lose copyright, the author has to explicitly volunteer to sell the rights or give them away. A work has copyright protections the moment it is created.


Correct. Though they now need to register their copyrights (proving original art) in order to move to the lawsuit phase.


So they're making a compatible API. I would consider this a good thing.


But the design choices wrt the public interface is not nothing either!


Agreed. It sounds like a case of "this looks good, let's follow their format" and revising words/paragraphs just enough so you won't be blamed for plagiarism. The API parameters are very generic so it shouldn't be considered cloning.


It seems like you haven't seen the exact same copied parameter examples? I don't really see how this can be defended as not cloning - it's one thing to use others as "inspiration" and take in some general good ideas, but copy someone else's work in such a blatant manner is disgusting. If I were amongst their investors, I'd be pissed.


Oh I have seen it, and I'm not suggesting they haven't copied that. I'm saying that most client SDK documentation looks alike at least for authentication etc. and when you look at the examples given for Otonomo, most of it is boilerplate information.


This is commonly called the second mover advantage. If they do not have some special sauce that prevents an easy copy of their idea then it was going to happen sooner or later.



That German VC company contacted us to talk about partnering, learnt as much as they could from us and then (not to my surprise) launched their clone of our company with $42m backing.


> Also, love them or hate them, having patents helps in situations like these.

Does it though? There is no global patent authority. If the ripoff is not for the US market, only a patent for their market will help. Which might be impossible to get in the first place.


Addressing this case, for an Israeli company, infringing a US patent implies death. First, there's no "Israel market", US is the market. Second, there goes any chance of future funding. Last, a company s.a otonomo has one way out - acquisition. Say goodbye to that too.


That German company was Rocket Internet. They IPO'd Jumia last week on US markets.

Love them, hate them, never underestimate them.

Whether you are creating, disrupting, stealing, copying or cheating... just be the best at it. There is reward for that.


They and their founding brothers are fricking leeches and deserve prison for life!


Rocket Internet: they copied Airbnb with Wimdu and wasted 90 M in the process.


>Companies have been known to talk about expensive and complicated features or options in order to get people trying to copy their success to waste time and money on something for which there is no actual demand.

Anyone know of a specific documented example of this? I'm not really doubting, just interested.


I think their first startup was an eBay clone called alando.de which was later sold to eBay when they entered the German market (https://de.m.wikipedia.org/wiki/Samwer-Brüder#Alando in German)


Thanks, but I think you're supporting a different claim by OP. I'm asking about the spread of disinformation to derail the development efforts of clones, not the creation of clones.


>There was a German VC firm that was, as I recall, very upfront about this. Clone a successful US company before it got to the European market.

Rocket internet, clone then sell to the U.S. company when they expand.

That's not the same as copying their manuals,code or other copyright though.

It's more akin to lyft to uber.


Copying as a business model is pretty shitty as is copying legitimate IP. But if Company B can execute a similar concept faster and better than Company A, that's ultimately better for society.

This situation looks very egregious though.


> But if Company B can execute a similar concept faster and better than Company A, that's ultimately better for society.

Only in the short term. In the longer term, it may no longer be worth the risk for any Company A to begin in the first place.


Will they be able to maintain and improve the code the way the people who wrote it will? The risk is that Company B may be selling something they don't fully understand.


> Since the ability to get a foreign company (in this case Israeli) to do anything is limited

Doesn’t hurt to have a court order in place. Chances are they’ll settle for a material fraction of the cash you know they have.


The German VC firm you refer to is Rocket Internet aka the Samyer Brothers. They cloned every startup they could find for a while.

https://thehustle.co/rocket-internet-oliver-samwer


> its also par for the course

No, it is not. The world would be a much better place if we all started doing what is right. This isn't difficult: stealing and copying API design and API documentation is wrong.

Make a note of the company, people who work there, and VCs who invested. Computers are good at quickly finding information: one day you might want to do business with one of those people or VCs and digging up this information might change your mind.


> This isn't difficult: stealing and copying API design and API documentation is wrong.

Copying APIs is fine, as far as I'm concerned.

The world is as better place if hardware and software is compatible with each other, and common interfaces enable that.


Right or wrong is relative. If to me this is not wrong then what are you gonna do about it.


I don't particularly agree with you; I've often thought that amounts to trying to win the debate by nuking the entire playing field. Even if you win, have you?

But I can spot you that anyhow, because there's a perfectly reasonable fallback position: This is illegal. It's a copyright infringement at the very least, and possibly other things as well. And being "illegal", the "what are you gonna do about it" actually has clear, well defined answers. Smartcar.com is doing them a favor by serving a cease & desist, as there is nothing preventing them from moving straight to legal action.


Copying a design is not illegal. Unless the design is patented (which it doesn't seem to be or the OP would likely have said so in the article), everyone is free to copy any design they want.

That you wish something was true doesn't make it so, unfortunately.

What is not OK is copying the documentation verbatim, that is copyrighted. However, that is, frankly, the least of the problems (and easiest to rectify) when someone is taking your product idea wholesale.



Those patents are directed towards "method[s] for processing requests for vehicular data", which at first glance appear unrelated to the descriptions of web APIs authenticated by OAuth that Smartcar is complaining about.


>everyone is free to copy any design they want

Copying text or pictures would be copyright infringement.


So, I'm wrong about this act being illegal, because it's not illegal, except for the parts where it is illegal?


even if its illegal, its nothing unless you win it in court.


I think I mentioned that when I said "moving straight to legal action".


Why is it wrong?


Copyright infringement? Plagiarism?

I hope most here can agree that taking a web page, doing command-C, command-V, changing a few words in a small amount and passing it off as your own work is wrong.

This is not even about cloning an API.


Because people and companies who do this add no value to society. They are parasites.


What if they provide the product at a lower price?


For how long? Until the VC money runs out and they either jack up the price or go bust?


Stealing from Peter and donating some of the gains to Paul is not ethical.


Even then, they are still parasites with no ethics.


If you won't throw your ethics into the pit for power, someone else will. And them everybody will be forced to throw the shared ethics or be outcompeted. And collectively, everyone will be poorer as a result.

https://slatestarcodex.com/2014/07/30/meditations-on-moloch/


I'll take the high road, thank you. I'm perfectly fine taking satisfaction in being morally and ethically superior for not stealing someone else's hard work.


I leave it to that someone else to have to resolve the cognitive dissonance. One concrete benefit might be not doing in my 50ies due to stress-related health issues.

And I would happily live in a poorer society with better ethics any day (given some minimum threshold of live quality).


I think you draw the wrong conclusion, even from your link. Your link as I read it is basically saying we are all collectively responsible for good and evil, and that there are supposedly unpopular evils which we ourselves create and implicitly endorse, often counterintuitively.

That doesn't mean we ought to just give up and worship whatever worst thing capitalism produces. If you look at Ginsberg's long history of political activism as an example it's certainly not what he and those around him lived.

At a separate scale from that discussion we need to "play our side" of the game, and that will necessarily involve your personal interpretation of ethics. I believe it is a kind of laziness to dismiss that.


Everyone getting into business knows that competitors want to copy them. Not only that, there are only so many ways to do things, so it's usually a question of how much you're copying.

So inferior goods (using the economic term) can add low-cost options for consumers and are thus a social benefit.

While copying itself isn't bad, in practice those companies often releasing products that are unfit for sale or engage in deceptive advertising.


You're thinking of the Samwer brothers, w/ successful explicit clones of extant businesses.


I haven't seen this mentioned anywhere so I thought I'd post it to see what you all think... IANAL, IMHO, etc.

I searched for one of the unique tokens in the docs: https://www.google.com/search?q=0facda3319

That pulls up their SDK github repo: https://github.com/smartcar/node-sdk/blob/master/doc/readme....

Which is published with a standard MIT license: https://github.com/smartcar/node-sdk/blob/master/LICENSE.md

Which says (among other things): "Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software."

Which may have significantly complicated their copyright claim if Otonomo includes the MIT license and attribution to smartcar.. At the same time, I can't find Otonomo's docs anywhere.

Something to think about when setting up your GitHub license!


In Github terms of service, if you make a repo public, others are free to view and fork it, apparently even if you place a commercial license on it, or no license. The lawyers will have to figure out if that means copy, use or whatever.

https://help.github.com/en/articles/licensing-a-repository


I believe this is a big problem with git or any of the current repo gui providers. A repository should not be able to be forked if it doesn't have a SPDIX license. Or at the very least users should be able to turn off forking ability in the repo settings.

It's usually not an issue but I have run into some small repositories that had no license, meaning I could -not- fork and modify for myself or a PR, legally. But this is not obvious at all unless you look for the license file or a manifest file.


Neither git nor github can automatically discern how the law applies in context in 195 nations without consulting a lawyer and honestly neither can you.

Unless you want to pay thousands of dollars per repo presumably everyone is going to continue not giving a damn.

If you don't want people to clone a repo don't upload it to a public github repo. If you are thinking of cloning realize that the ability to clone it gives you zero legal rights.

Anyway you cannot fix legal complexities with technology in this instance.


This could be a problem for ricardian contracts and/or smart contracts


Those don't solve anything, because the core problem is a human one. It needs to be legal in all the countries that they might apply to, and that still requires a lot of expertise. The person you are responding to says "this is a problem technology can't fix", I assume this is the reason.


> Or at the very least users should be able to turn off forking ability in the repo settings.

This is absurd. You don't have to use the "fork" button to copy a repository. It's as simple as cloning it and pushing it. Such a restriction servers no purpose at all.


There _is_ a difference between forking and cloning. Forking is always allowed by the github license:

> other GitHub users have the right to view and fork your repository _within the GitHub site_

^^ That's from the github website. Note that they only have permission to fork from within the website.

So such a restriction serves as a legal barrier - it leaves no legal way to copy the code.


GitHub doesn't have the ability to choose what is legal. Or a better way to put it, the law does not follow GitHub's Terms of Use. You can violate them all day long and have no legal repercussions. The most important thing about people putting software in open report is that demonstrates their intention to make their software available to the public, which makes a big difference in a court of law.


The github license is irrelevant here because they don't own the code. So there's no point in even mentioning that.


Obviously such an implementation would disable cloning as well.


Then make a private repo. Hosting a public repo that a company would have to pay a mechanical turk to scrape every single file from manually by viewing the RAW data is just obtuse.

If you want it open source, understand what that means before complaining about it. Otherwise don't release your software on an open source platform.


Why bother putting it on GitHub then? I expect to be able to git clone anything I find on GitHub. It's on you to determine how you can legally use the code.


GitHub would obviously also have to make the repo private as well, and then get into the business of interpreting and potentially defending the compatibility of their service against various licenses before making it public. That's unsustainable.


The onus is on the end user to make it private.


Just thinking aloud, but GitHub could warn, when setting up new projects that don't have an OSS license, that the user may wish to make the repo private.


I have a small iOS app, not too big, a few thousand lines.

My idea was to use Github, but then I didn't want to go through the cost/effort, and I am using my own version system, AWAY from everyone. The only way for someone to get my code is: a) laptop gets hacked b) laptop gets stolen (disk is encrypted), c) backup gets stolen (carbonite is encrypted) d) Apple gets hacked.

Git should not bother people with a bunch of different alerts (imho). A COMPANY (apologies for the caps) that has been working on code for "a few years" and doesn't do the MINIMUM to protect their Intellectual Property (IP)... well that is suicide.

Don't they pay someone with GRC/Audit/Security skills to put some sense into them????


Uh, if you don't wan't to fork, don't make it public in the first place? Code escrow is another thing, but that does not mean everyone needs access...


The two aren't necessarily mutually exclusive, although yes I would agree with you. -In the case- of a repository being public without a license however, forking and related things should still be disabled to prevent licensing headaches.


This shows a fundamental misunderstanding of how git works.

The main point of putting something on GitHub is to allow people to git clone it. Every git clone is a fork of the project.

If you don't want something forked, don't put it on GitHub.


I understand how git works. I'm discussing the edge case scenario where someone uploads something but doesn't add a license. In that case, forking and cloning should be disabled, at the least.


There's nothing stopping you from entering anything in the LICENSE file, including an open source license, a copyright notice, or something completely unrelated to the license of the project.

With that in mind, to enforce your argument, they would need to create a list of licenses that are okay to fork/clone. Why should they create a finite list of that?

I'm willingly using WTFPL[0] that can be summarized as "as long as you change the name, do whatever the fuck you want to". I know it's not a serious license (I only use it for non-important collaborative Markdown documents I've started), but thanks to its use of the word "fuck", I'm having hard time believing that it would find its way into any whitelist. FSF mentions it on their website, but GitHub doesn't list it as an option on choosealicense.com.

[0] http://www.wtfpl.net/


Does your computer's shell disable `cp -r` for directories that don't contain a license?

The point of uploading to a public Github repo is to let others clone it. Pure tech tools like that shouldn't implement features that require searching a repo for a file that could be a license and then determining whether the file gives others the right to do that clone. After all, letting others clone is the entire point of the tool. If it's not allowed, don't use the tool.


Github is a publishing platform. Publishing is the act of releasing something for distribution. Cloning or forking a repo is the standard method of distributing something using Git. All Github's terms of service do is ensure it's clear that if something is published to their platform, they will distribute it in those ways.


IIUC, you are suggesting that GitHub make new repos private by default, unless a permissive license is set.

This seems a reasonable balance.


It's antithetical to their business strategy. They charge for premium accounts to give access to private repos. Nothing wrong with that, but OP should probably try out Gitlab if he wants an enterprise-level solution for free.


I'm not OP, I'm GP. Second, I fully understand git, github, gitlab, etc.

I'm specifically discussing a situation wherein someone has uploaded non-licensed code to github. I am not advocating for this. I am discussing what should be the default behavior for a repo if unlicensed. Another alternative is not having the repo be usable at all (so not private) if one attempts to bring it public without a license.


Get over yourself. I was referring to OP of this particular sub-thread, meaning you.

And you are continuing to misunderstand how this works. If you can view it, you can copy it. Nothing prevents someone from viewing a public repo. So nothing prevents someone from copying it. Therefore any attempt to make it difficult is just a PITA.

That's why Github has a default license for all non-licensed public repos. Because it's a public repo. If it wasn't supposed to be available to copy, the source code shouldn't have been made a public repository.

So again. If what you're looking for is a private repo solution, Gitlab offers this enterprise-level solution for free. You are barking up the wrong tree.


Angry, but correct.


Laws are different in different countries, e.g. it is not against the law to consume pirated content in Switzerland, but is illegal to share it further. So, if I have a pet project for my personal use then I can pretty much use anything I can find on the internet.


By hosting on github aren't you sharing it further?


GitHub require you license public repos to allow others to fork it. Whether they can use it for a specific purpose is still questionable - but clicking the fork button on github is allowed. They agreed when they uploaded the code.

Note that this is governed by GitHub’s TOS and supersedes anything in the License file.


> If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking)

So I can "perform" and "reproduce" content through forking, solely on Github. But I couldn't clone it, nor make modifications to my fork, if I read that correctly.

It makes little sense and could be avoided altogether by disabling forking for un-licensed repositories. Or by simply giving all new projects a default (with an opt-out option for no license or alternate licenses).


It makes more sense if you understand the license is about protecting GitHub and not you.

A disabled fork button unless the repo did a positive action would dilute the whole concept. The fork feature is key to the whole thing and is what made them different.


The MIT license appears to be on their client-side SDK. They are accusing Otonomo of cloning their API, not their SDK.


I was going to say the same, but it looks like the documentation mentioned is for the client indeed. If the client is MIT licensed, are you infringing on anything by writing a compatible API?


That question is the essence of the ongoing Oracle v. Google case:

https://en.wikipedia.org/wiki/Oracle_America,_Inc._v._Google....


The difference is that even though the Java API was licensed under the GPL, Google did not accept the GPL license. They implemented the API without a license. Were they willing to implement their code under the GPL there would have been nothing that Oracle could have done.

I'm with others who say that an API should not be copyright-able, however it appears that in this case it doesn't matter. They may have a license! I haven't looked into it at all, but if it's true that Smartcar have implemented this API and distributed it under an MIT license, I think it will be really hard slogging to say, "We only meant to license some of the IP. We just gave a license and decided we'd wait until after the fact to tell people what it covered".

I am a huge advocate of free software, but it really bothers me when people license something without having any clue what it actually means. I can't tell you the number of projects I've encountered who say things like, "I put it under the GPL, but you can't sell it", or "I put it under an open source license, but you can't use any of the code; just look at it", or "I put this game under a free software license, but you can't use any of the story for the game because software licenses only cover code", or "I put my code in the public domain, but that doesn't mean you can make a few changes and claim that it's yours", etc, etc. If you want a "I'll tell you if it's ok after you've done it" license, don't grant a general license! Reserve all your rights and handle licencing on a case by case basis.


It wasn't Google who did it, but Apache: https://en.wikipedia.org/wiki/Apache_Harmony


Google had the choice to deal with Sun, but they though given Sun's account state they would get away with it, to the point that buying Sun to own Java wasn't even considered.


The question regarding Apache is interesting though -- how is what they did legally different from what GNU/Linux did to commercial Unix?


The APIs discussed in that case are only "classical" APIs, i.e. code APIs, not "web APIs", which are really protocols. Despite the fact that recently people have started calling protocols APIs, the two have huge differences from a copyright perspective[1], so that extrapolating from the former to the latter is tenuous, regardless of the ultimate outcome of that case.

Moreover, the court ruling makes it seem that if the intent is interoperability, fair use may apply (only the court rules Google's intent was not interoperability, as their implementation was intentionally incompatible).

Although in this particular case, it appears they can claim copyright violation on the documentation.

[1]: Most notably, in order to be copyrightable, a work has to be "fixed in a tangible medium of expression" (https://www.law.cornell.edu/uscode/text/17/102), i.e. you need to have a specific text (or image) that you can say, this is the work (although then even derivatives are protected). This is true for APIs, but not for protocols (or REST "APIs"). Whether this distinction makes sense to programmers or not is irrelevant. The same distinction holds for programs vs. algorithms: programs are "fixed in a tangible medium", and are subject to copyright, but algorithms are not, and not subject to copyright (but can be protected by patents).


The docs are also MIT licensed, aren't they?


I don't know, but the MIT license is given under conditions that can be violated.


I thought most people (including myself) on HN were in favor of Google in that case, that APIs shouldn't be copyrightable.

What exactly is Smartcar's product? Is it just the API design?

If so, I personally think this is in the same boat as that case, and I don't really see having the same API as copying either.


Not everyone, I am in favour of Java developers not having to write two versions of libraries thanks to Google's J++.


I agree that copyrighting and endpoint just because the request and response have the same structure is insane.

The docs would be something different thou, but again, I don't know how the docs were licensed.


Nokia, Cisco and others in the telecomunication industry usually patent network endpoints.


Compatible APIs happen all the time with SaaS. Look at all the S3 clones out there. Look at SignalWire, which cloned Twilio. It is very, very common.


Come on, this piece is written by someone who obviously doesn't know what he his talking about..

The entirety of his examples are focused on the Oauth API, which is a standard, and all the concepts and var names he shows as a steal of API are present in each and all Oauth authentication servers.

I mean, we have in our own api about 90% of the same verbiage for our own authentication doc, this is bog standard Auth code..


The same verbiage, as in large chunks of text are word-for-word identical? Because that’s what’s being alleged here; it doesn’t happen by accident (the chances of two people independently writing identical text are astronomically low for any significant amount of text), and it certainly constitutes copyright infringement unless it turns out that Smartcar put the documentation under an open source license somewhere. If, on the other hand, you just mean that your docs have a similar overall structure, because they’re documenting a similar API, that’s something completely different.


The API the guy is talking about is a freaking RFC!

The wording of this is found everywhere on the internet. Just search for one of the phrases you find and you'll have plenty of matches: https://www.google.com/search?q=%22The+number+of+seconds+the...

I understand the frustration of the guy, but this is not like they copied the business API, this is just the standard Oauth.

Anyways.. I'm starting to sound like an Otonomo PR guys.. I'm not, it's just that reading this article, I found myself pondering whether my current employer could be sued for this kind of trickery. I wrote the Oauth2 code in our product, and found myself writing the exact same doc (probably with different words).


How did Ottonomo end up with identical random identifiers? Are those from the RFC as well?


Even the design is the exact same, though. Did you accidentally rip off Oath's design as well?


What a plot twist. How embarrassing for Smartcar to have written this whole blog post and tried to sue them.


Meh not really.

The API client is MIT licensed but that doesn't mean the API itself is MIT licensed. Smartcar obviously would not release their server code as it is proprietary so the question becomes whether it is unethical or illegal to copy the design of it without seeing the code. Most people would also say it is unethical to copy your competitor's docs down to the examples and randomly generated tokens.

Note that the docs in the blog post are not the same as the markdown document in the repo that appears to be MIT licensed.

Since they copied the docs verbatim, I suspect they will change the docs very soon. I'd be quite ashamed if I were Otonomo. Whether they have to pay financial penalties or admit guilt in court, we'll see.


This situation makes me think of the video game industry and people recreating self hosted World of Warcraft servers by reversing the client code.

Blizzard was able to shut down the private servers.

https://github.com/mangoszero/server

https://www.google.com/amp/s/arstechnica.com/gaming/2017/07/...


There are still plenty of active private servers running.


> Most people would also say it is unethical to copy your competitor's docs down to the examples and randomly generated tokens.

<standard not-a-lawyer disclaimer> Would it be okay if they changed the tokens and kept everything else? Who benefits from Otonomo changing the examples?

Assuming a REST API is a non-enforceable contract for the sake of interoperability, it doesn't make sense for any party agreeing to it to "own" the contract itself, even if they were involved in writing it.


Especially when using words like "illegally", probably without consulting a lawyer. May now be open to countersuit for accusing them of illegal behavior.


> "...subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software."

Which they did not do.


Yeah, AGPL-3.0 was invented for a reason.


Several years ago, I hired a boutique Silicon Valley law firm to create some terms of service and privacy documents for my company. As part of their long list of questions about how we would use our customers data, they asked for a list of similar companies and competitors.

I'd already reviewed all of our competitor's terms to get a sense of what other people were doing. So, when I reviewed the final documents that they wanted $5,000 for, they looked oddly familiar. A quick diff verified my suspicions. They had copy-pasted from one of our competitors and then search-replaced the company name.

When I called them out on it, they said it was common practice and not to worry. I found a new law firm and they never bothered to try and collect on that invoice.


20 years ago was involved in the sale of a division to some investors. Involved in the same way a chicken is in the poultry business. The law firm didn't know to sanitize their documents. The upshot was they was billing a lot of hours at $500/hr for a clerk to do simple search and replace on previously existing contracts[1]. We'd read the contract find stuff that was utterly wrong and tell them. And the clerk would paste our edits into the document and bill us another 12 hours.

[1] The meta data was leaking the names of their other defunct dotcom clients.


In my experience, this is the bread and butter for a lot of law firms. Especially for simpler things like rental contracts and property conveyancing etc. It's got to be disrupted soon enough!


Disrupted how in this case?

Lawyers usually use forms / boilerplate because they have worked in the past. Many of these forms are the sum total of thousands of hours of time and refinement over tens of years. Nobody wants to pay a lawyer to reproduce that -- at least, nobody in retail law (big corporate settlement contracts? Those see many many hours of revision and negotion, but ultimately are still based on a core form that rarely changes).

I agree that a copy+paste job seems like you are getting cheated. But like an engineer, a lawyer isn't charging you for typing, or turning a screwdriver. They are charging for knowing what contract you need, etc.

What's honestly shocking right now are the alternatives. What LegalZoom gave my friend to start an LLC would have been malpractice had it come from an actual lawyer. (But surprise! You can't sue legal zoom as easily for that thing as you can a lawyer).

Imo what really needs to go is hourly billing. But that's another conversation, and a really hard problem.


I don't know how exactly, but perhaps we could have an open git repository-esque method for refining contracts. Right now, one law firm refines its own contracts over the lifetime of the firm. Why not democratise the entire process and make it open? Then lawyers can stop ripping people off for this sort of non-work and instead focus on actually providing legal counsel (which is what you truly should be paying a lawyer for).


  Honest legal Invoice

  Task.             By.        Rate.
  ------------------------------------
  Fix form.         Paralegal  $ 100

  Knowing what      Lawyer     $ 3,900
  form to fix.

  Accepting.        Firm       $ 1000
  liability
  ------------------------------------
We already live in a world where reuse of forms save clients money.

True disruption changes the obvious problem above: how do you replace the cost of professional judgement and trust?

If you're an engineer today, you don't get paid poorly because Mongo and Postgres already exist. You get paid well if you know whether a document store or a RDS is the best fit for the systems problem at hand based on a careers worth of experience.

As someone who has done both for a living, it's shocking how much overlap there is (overlap that I assume exists in among doctors, accountants, consultants).


> Invoice > Task. By. Rate. > -------------- > Fix form. Paralegal $ 100 > Knowing what Lawyer. $ 4,900 > form to fix.


Surely it is being disrupted by all the make-a-will websites and stuff -- LegalZoom as you say.

If a standard, simple will is entirely boilerplate with some search-and-replace, then it can be replaced with an app.

You decide whether to pay the lawyer based on your confidence that the boilerplate stuff is right for your case, and will hold up in court. Individuals are likely to take this risk, large companies are not. So the large companies will still get boilerplate search-and-replace, but with the added confidence that they have lowered their risk.


I wouldn't hold my breath on law being disrupted, they are quite happy the way they are thank you very much.


You don't need the permission of encumbants to disrupt their industry. You just take their customers.


It's like Uber, except we take on massive liability for each thing we do because by law we have to.

/s

This company is about the closest I've seen to disrupting anything so far.

https://www.legalpad.io

My experience and observable reality show that it's hard. There's a reason even the techiest of companies still pay an army of lawyers in house and still go to the best firms for major transactions and disputes:


Cept as lawyers, they are in an exceptional position to sue you, as this is their battle ground, unlike taxi drivers or renters.


The legal industry - an explicit manifestation of state power - will require a great deal of guns and soldiers to disrupt.


It’s much less the “state” as in the government than the state bar associations and such. They’re guilds, essentially, and quite protectionist ones at that.


Developer and former small business owner here.

Your attorneys may have been using the same base template that was used to create your competitor's documentation. Lawyers reduce the need to copy/pasta code, just like developers do. If an attorney's game of 20 questions leads to a bunch of templates that were drawn up before they ever knew you, values are filled in for your specific use case, you're not getting ripped off. You're (hopefully) not paying for words in a document. You're (hopefully) paying to have the contents of those documents cover your butt when shit hits the legal fan.

The trick is to know templates exist. If you hire an attorney to do a bunch of work, and you are pretty sure that all of that legal work is just going to be generated using boilerplate templates, then you can negotiate a better rate based on the fact that the attorney is doing very little custom work. The more boilerplate being generated, the more leverage you have to negotiate a better price.

Source: I learned this from a mentor to get favorable pricing on attorneys fees.


It wasn't from a template. The language was way too specific to the specific business. And the law firm didn't deny that they had copied it.


Legal contracts are copyrightable too. I've learned this when looking for a basic tenants contract trying to save on lawyer's fees which seemed too high for such a standard document. So not sure how legally safe it is to just copy such documents.


At least a decade ago since I checked but back then, “standard terms” clauses were not copyrightable, the theory being there’s an optimal way to express a legal idea and you can’t be barred from saying it that way. And a collection of such terms is basically a sampled remix.

Quoting:

“[Because] the vast majority of contracts prepared by law firms are either outright copies that aren’t entitled to copyright protection or are contracts that derive copyright protection from their status as compilations, a law firm would likely have a hard time demonstrating breach of copyright.”

And:

”It is standard practice for corporate lawyers to copy—from deal binders, the SEC’s EDGAR database, and elsewhere—and revise contracts drafted by others.... It’s a safe assumption that the vast majority of contracts are either outright copies that aren’t entitled to copyright protection or contracts that derive copyright protection from their status as compilations. Because any compilation contract would resemble countless other contracts, a law firm would likely have a hard time demonstrating breach of copyright of its compilation contract. And even if were able to do so, its damages would likely be nominal, because compiling such contracts is a relatively quick scissor-and-paste exercise. So you should feel free to copy a run-of-the- mill compilation contract, not because doing so constitutes fair use, but because the likelihood of someone knowing of that copying and having any interest in preventing it are exceedingly remote.”

https://www.adamsdrafting.com/downloads/Copyright-NYLJ-8.23....


Sadly this is exactly what should be done in most contracts. (In a hypothetical alternate world where law worked more like OSS).

Of course it was unethical for them to do it without telling you and trying to charge you $5k for it, but law would be a heck of a lot cheaper if openness and code re-use were the default.


The contract may well be copyright by the competing service provider's law firm. You can't just copy&paste it. It's especially worrying when law firms specialising in IPR issues do this.


It would be nice to git clone a contract.


And the best law firms understand that. Take Cooley's terms of use generator for example:

https://www.cooleygo.com/documents/terms-use/


Especially in the startup world, such a model would be quite helpful as we spend more money on the lawyer than on anything else (in the early days).


nolo.com for standard contracts. You are welcome to stary a business or an open-source effort to publish standard contract templates.


Actually, I wish creating legal documents was that simple. I mean, most of the time competitors require quite similar documents, but as legal documents (terms of service, privacy, etc.) are also protected by copyright, copying them is simply illegal AFAIK (IANAL).

On the other hand, I wonder what the job of lawyer should look like. Writing a similar document but carefully choosing different wording to avoid to be sued?

However, charging 5K for a copied document is just cheeky.


If you just copy competitors terms of service you are on the hook. If you sign contract with lawyer and he does that, he is on the hook. You pay 5K for not being liable for a copied document.


Almost all TOS and Privacy Policies are copied from each other, and are pretty generic. It's incredibly unlikely anyone would sue you for that...


At the University of Nebraska they have an athletic director who used the same legal agreement from his past job to arrange a football game with the Zips.

The game was cancelled due to lighting. But the contract supposedly copy and pasted from his old job at a costal school only addressed "tropical storm, hurricane and flood."

It's amazing what people will or will not do when it comes to important legal matters.


> "tropical storm, hurricane and flood."

Always best to use "Act of God", which is a legally accepted (and often defined) term.


Hopefully the law firm in question went through your answers and made sure that your competitor's terms were also appropriate for you. That's where the legal expertise is needed, not in simply writing text.


Or they figured it would get noticed and were going to try to upcharge. "Well, 4 figure invoices get 4 figure quality contracts" or something like that.


I imagine law firms could experience something similar when contracting for custom software development.


Terms of Service and other types of agreements aren't copyrightable (last I checked). When bootstrapping side-projects, I do what the firm tried to charge you for.


I can imagine that lawyers in general would prefer to use a contract template that has withstood the test of time (and was held up in court) rather than try to write one up from scratch.

I'm not talking about your case though.


Smartcar has raised $12M in financing from A16Z and NEA. The difference between $12M and $55M is a single financing stage.

What likely happened here is a remote team was paid to generate docs with a directive like, “Smartcar has a good API,” and stole them directly. Then the management team didn’t bother checking.

This is great PR for Smartcar all things considered, and I actually think has a fantastic silver lining:

The value of a good API isn’t the API itself. It’s the expertise of designing them. APIs are difficult, the majority of the industry sucks at designing and delivering them. Otonomo can always copy you, but if you have the actual expertise to continually deliver a fantastic API experience you will win in the long-term. Stripe and Twilio are your proof points. Go get ‘em, team.

Bessemer invested in Twilio and they know this, and the Otonomo team just showed them that they’re incompetent in the API space. So — I think you’ve got a bigger leg up than you think.


> What likely happened here is a remote team was paid to generate docs with a directive like, “Smartcar has a good API,” and stole them directly. Then the management team didn’t bother checking.

If a remote team is writing your API documentation by copying and pasting, then what is the actual implementation team building from?


Hi, I'm the CEO of Smartcar. While I can't go into exact details, I can say from what we know so far: this occurred out of their main headquarters.


Can you clarify? "Out of" can mean either "outside of" or "within" weirdly enough.


I think in this context it means within.


It means the production of the items in question came out of the location specified.


Good to see that I am being down voted for my accent/dialect.


I didn't down-vote you, but I imagine it's because you just repeated "out of" without explicitly clarifying which definition was meant (though it's more obvious in your version, at least to a native speaker).

For what it's worth, the usage here means "from within."


Right but the parent's point is its not just the API documentation but the API itself that strongly mirrors your product?


So Otonomo took down their API.

Can you confirm that more of their API other than the authorization code was duplicated? Honestly duplicating auth APIs are perfectly fine. If you showed proof of business APIs being duplicated, I'd have more faith in your claim. Right now this looks like a publicity stunt on a baseless argument.


> Honestly duplicating auth APIs are perfectly fine.

You don't get to say this.


Unless I'm going crazy. I guess we have a big industry problem around auth then. We only have some many types/ways to implement auth and we all use them.


Remote teams can be responsible for both implementation and documentation.

I’m not saying that’s what happened here necessarily, but I’ve seen this pattern repeated before (less egregiously). Founders can only do so much and most people are completely ignorant of the value of a good API, so it’s not hard for an executive team to say, “make it like that other one,” instead of staffing out the proper team.


Seems as if you are wildly speculating?


> What likely happened here is a remote team was paid to generate docs with a directive like, “Smartcar has a good API,” and stole them directly.

They didn't steal the docs (not only the docs). They stole the whole public facing architecture as evidenced by the fact that they are using in some instances the exact same API resources names and method names.


And randomly generated UUIDs from code examples.


But we don't know that, do we? They only showed some auth code. The OP does _not_ show that Otonomo has duplicated any business APIs, and Otonomo took their docs down. Unless someone has proof Otonomo copied more than just the examples documented in the OP, this is just pure PR fluff.


Yes, unless the business API was duplicated as well (and as noted above, there is no indication that they were), it just points to someone being lazy in writing up auth documentation.

Duplicated parameter names would be expected in this case, and preferred actually, so that they conform to the OAuth spec :-) The descriptive text is not an exact copy as well. From what we know, the only damning bit is that parameter values were exactly the same as in smartcar's documentation, which while not condonable, is not as egregious as it would be, had Otonomo cloned the business API as well.


> business API was duplicated

I would like to believe that interoperability trumps copyright in this case - a competitor copying an API/protocol and making a compatible, competing service is good for the consumer.


[flagged]


I'm not saying that. I'm saying that if they copied parameter names verbatim, it's very likely that they designed the API with the same public facing approach. Possibly with the goal of attracting Smartcar customers with the premise that they just need to change an endpoint and an api key and it would work out of the box.

And BTW, your first line doesn't add anything to the conversation. Is your argument stronger by saying that "I don't know what I'm talking about"? Check the guidelines: https://news.ycombinator.com/newsguidelines.html - The idea here is to have a civil discussion.


The APIs in the blog post were not invented by Smartcar. Like most HTTP-based APIs, Smartcar's authorization endpoints follow the OAuth 2.0 standard, which specifies the exact parameter names and how they should work: https://tools.ietf.org/html/rfc6749#section-4.2.1

Maybe Otonomo copied more than that, but the blog post only covers the OAuth stuff, so it's incorrect to conclude that Otonomo "stole the whole public facing architecture".

Yea, Otonomo obviously lifted from Smartcar's docs, which is lazy and unclassy, but it's not _that_ big of a deal. I bet most people who implement OAuth end up using an existing company's API docs as a guide; they just usually know better than to copy entire sentences.

The Smartcar blog post is over the top. It makes it seem like their OAuth docs are their value proposition. I really hope it didn't take "months of ideation, engineering, chatting with customers, and iteration" to dream them up.


That's quite an assumption that they just paid a remote team to do that and their management overlooked it.


This may be a silver lining - a competitor has shown that the work you have done, exactly the work you have done is worth 55 million in VC funding.

There are enough people on here who can point you in the right direction, or arrange introductions.

Spend at least one of those millions on PR and lawyers to ensure it's clear who has the moral high ground, and who should be hired if a company has to choose between you - I mean if they are prepared to breach copyright so blatantly here, who knows what other problems they have in their repos - enterprises can be very conservatice on unknown legal risks like that

Summary: They are vulnerable - Get 'em


> Summary: They are vulnerable - Get 'em

Or, go get $55 Million in VC funding from someone else.

You have a major head start. Your company is theoretically worth at least as much as theirs.

Complaining about competitors copying you might slow them down a bit. But it will probably slow you down a lot more. On the other hand, using their valuation to raise $55M+ would be a huge boost for you.


"Your company is theoretically worth at least as much as theirs."

Maybe.

Having worked in the auto industry (albeit well over a decade ago), it is one of those industries where connections, and knowing how to navigate the relationships, goes a long way. I don't know much about either of these companies, or their founders, but in B2B scenarios like this, the value is often related to much more than just the underlying technology.

If I were Smartcar, I would look closely at relationships, physical and virtual proximity to major automotive players, and how their suppliers prefer to do business. And, perhaps they already have...


The fact that in-car tech is so bad in general is a good indicator that the auto industry is a relationship industry. Its a golf course based business, and building the tech is the "easy" part. See also: the payments and especially credit card space - if you don't start up with the backing of a major player your entire business hinges on bus-dev and exec relationships to convince the incumbents to let you play in the space.


I would agree on this with one caveat - you should be able to run this battle on a back burner or don't go there. If it would consume you ... Don't. Your time and positive energy are too important. But if you can (it's what's in the CEO learning curve imho) spent a small faction of your time dealing with competitors. If this one is a proper competitor and you have leverage (public goodwill, cash to burn for litigation and communication) - go there. Your investors are probably with you if the threat is both to you and their investment. The outrage factor will probably play into your hands as well. A bankrolled litigation fund (smallish) is doable.


Is it worth 55 mil, or is it just networking?

I can imagine the "Kickstarter scam" running in the VC scene, the Kickstarter scam being: you show ads for a product on Kickstarter with the line "300 thousand dollars in backers already! Get yours too!", but that money isn't from genuine backers, coming from your friends instead. Then a chump seeing the ad will think "Oh, this new gadget is popular, it must be good, let me buy 1 for the introductory price!" and gives you his money. Then you just keep the chumps updated with "Sorry for the delays, we have manufacturing difficulties" month after month.

So in the VC scene, you could get your friend to invest in your idea for $$$, get other investors interested, and... profit? I can imagine it'd be nice to spend the genuine VC money on company Lamborghinis and penthouses for a few months, declare bankruptcy, rinse and repeat (just steal the API from the next "Smartcar"...).


> I can imagine it'd be nice to spend the genuine VC money on company Lamborghinis and penthouses for a few months, declare bankruptcy, rinse and repeat

or simply refocus the startup on used lambos and penthouses :)


If the work SmartCar had done was worth $55 million, I suspect Company X (or their VC) would have used their money to purchase this company for $55 million instead of deciding to waste the time cloning it.

Instead, think of the work as a means to an end, the end being revenue.

Company X was able to raise $55 million because they were able to demonstrate that the potential market could support the revenue necessary to justify such funds, and that they could use the work already done by SmartCar to get to market more quickly.

Now, in my opinion this is very shady and should be grounds for a lawsuit, but in terms of raw business savvy, the $55 million is for a smart business that knows how to execute for less. If money raised was in direct correlation to a quality product or the ability to produce such a product, rather than in direct correlation with e.g., the team (cabal?) involved and their ability to make returns for investors, then we’d be living in a very different world.


I expected this to be a " I had the idea first" post. But it is actually a copyright infringement post AND makes the offending company look like a bunch of hacks.

If they don't have the engineering chops to build an API how are going to handle the ops of it.


I was curious if some of these docs were auto-generate or templated copy, so I double checked some of the text.

"The redirect_uri provided in Authorize User step" appears exactly once on the Internet according to Google: at smartcar.com. It looks like Otonomo did in fact copy/paste from the SmartCar website.

https://www.google.com/search?q="The+redirect_uri+provided+i...


Some people built the world's most popular operating system doing just that - copying Java's API.


They didn't copy paste API docs too, including typos, which is what we have here


The lawsuit was about copyright on headers though. I think the headers did include the same documentation as the original Java implementation.


But not their API documentation. They even copied the exact example UDID.


...and of course Java was somewhat open to begin with, which isn't the case for the technology the company that got copied in story. There's always the next level in douchebaggery, if Google was really wrong copying those headers to begin with.


Copying the headers make sense even if you rewrite the implementation from scratch, it gives a very basic layer of verification that your implementation matches the original (if the declarations in the prototype clash with your rewrite, there's probably something wrong in there). It doesn't sound like a particularly bad or unethical technical decision to me, at least as long as it's done otherwise completely legally (which has been a very expensive question to settle).

Copy/pasting docs and rewording everything to try and hide that fact is a lot lazier and shadier IMO.


I think that is reductionistic and misguided. I don't know the exact inside story of course, but this is how I read it, and how I honestly think this happened. They chose to have a garbage-collected, bytecode-VM-executed, OO language as the main platform for their external apps (the internal kernel is a still Linux with its regular C interface). They decided to implement their own VM from scratch (Dalvik). They decided to use Java language, including syntax and basic system APIs, which would make it very accessible for a ton of existing developers. They could as easily gone for another syntax and base API. It wouldn't have been more effort to design and implement (arguably, it could have been less). But of course it wouldn't be such an easy sell to existing Java developers. They opted to interpret Java language and API design as an open, public value, and that's what was dealt with in court.


What os is that?


android


thats...not the same.


Why do you say that? In some regards yes, and some no.

I think the intellectual property is in the APIs/"headers". That is what Android uses from Java and what this company is copying from SmartCar. Its not easy to write a good API. (But, I should say, once you have the headers it is not as tough to populate them with code.) As for coping actual documentation, that is just plain stupid but not the _worse_ crime here.

Now, what is different is that many of us don't approve the way Oracle is enforcing the rights on this information. Java is not like the SmartCar APIs in that it has been free to use for so long. All the same I think Oracle should have the legal right to do this.

Many may disagree about Oracle vs Android but I think it is devaluing the work of people like James Gosling _and_ SmartCar if you say there is not intellectual value in the code/API headers.


> Many may disagree about Oracle vs Android but I think it is devaluing the work of people like James Gosling _and_ SmartCar if you say there is not intellectual value in the code/API headers.

It is not the same simply because Java is an open-source project. SmartCar, on the other hand, is not. I would argue that, because of the nature of open-source, Google should have been able to do as they pleased to facilitate allowing java code on their OS. I know that many would disagree. But to say that there is not intellectual value in the code/API of Java would be disingenuous, and ultimately incorrect; I can say with certainty that I would never say that, so thank you for putting words in my mouth.


Sorry, I didn't mean to put words in your mouth, particularly based on a mere four words. I was talking to people who I have heard argue "it's only the headers".

I appreciate your response. I am not clear on if that particular information is open source. A quick Google search does not seem to give a good (single) answer.


[flagged]


Are you being deliberately obtuse? It's the contents of the tables that have been ripped off.


Its OAuth documentation - its a very well described standard protocol. Most of the OAuth documentation looks and reads exactly like this. The only "smoking gun" is the "random" value used for the state parameter, which seems to be copied over - and developers copy other products/sites documentation ALL THE TIME.

While there is substance in the post that some other company is building the same product, saying that its literally cloning it and using documentation similarity for a standardized protocol is not really cutting it.


Product ideas are not subject to copyright. Documentation is. If developers copy other products' documentation "all the time" then they should stop (unless the documentation has a licence that allows it). Doing something "all the time" doesn't make it moral or legal.


I've been in this field for 10+ years and I have never encountered ripping off others' docs and calling them your own and it being ethically OK


That smoking gun is smoking plenty. That and the typos are the kind of proof that are a godsend during a lawsuit when you're on the offense and a really really bad day when you're on the defense.


And what would the lawsuit be based on? Stealing documentation for how OAuth 2.0 works?


No, on copyright infringement.


But several examples are just way over the top. Smartcar's description for "expires_in": "The number of seconds the access token is valid for. This is always set to 7200 (2 hours)." Otonomo's description for "expires_in": "The number of seconds the access token is valid for. This is always set to 7200 (2 hours)." Coincidence that both companies choose 7200 seconds and formulated the descriptions exactly the same? I think not.


Coincidence they choose the same English language ? I think not


I built a technology to make digital books from old copyright expired printed books in various less popular languages. After I put a lot of content online and getting decent traffic from google search I started receiving DMCA take down notices from an American company that had simply copied all my data to their website and claimed to google that it is their copyright. (Imagine the audacity to call Bible translation from 1800s their own copyright).

When I tried to file an appeal with Google I had to agree to abide by California jurisdiction and American laws. I am not even American. Why should I ?

I am happy if Google blocks my site in American owing to DMCA because US traffic for me is next to zero. But I am not sure why DMCA should apply to India.


DOn't take this lightly if you are serious about the website. DMCA takedown is worldwide and with European copyright laws in place you have more reasons to worry. Talk to a good copyright attorney. There are many, seek the help of NGOs in this area. Do NOT sit back.


I have blocked my site for Europe any ways. I will not comply with European laws of any kind as the site is fully hosted and run from India.

I would rather focus my energy on getting Indian government pass laws that will protect us rather than pay an attorney for my non profitable website.


Very good prioritization. Focus on providing value rather than deal with trolls in countries outside your target market!


Holy crap. The only way forward for Bessemer et al. VCs is to immediately withdraw their funding for this “company” and cut all ties in order to prove that they had no forewarning that this is how their money was being used. There are so few actors this visibly bad that if they didn’t do anything they would become “that guy” everybody avoids, in both the deals and funding space, when orgs do their due diligence.

So they could choose to not do anything, which means the only companies approaching them in the future are the desperate ones, and they lose the capital anyways to the markets due to a shoddy portfolio.

Don’t knife your intangibles.


There is no such thing as "withdrawing funding" in this context. The Series A is long closed and Bessemer is deeply entwined with the company's governance.

The most severe move they could take would be to enforce whatever contractual mechanisms they have to block additional financing pending an independent investigation and replacement of responsible parties. Or they could directly force the matter if investors hold a majority Board vote.


If the investors have a board and shareholder majority (which they may not), and really thought this was a terrible investment decision that they want to get out of, then they could vote to wind down the company immediately, redistributing the assets pro-rata (with possible liquidation preferences). This would be roughly the same as "withdrawing funding".

They could recoup a huge part of their investment before things get worse. But again, afaik this requires a shareholder majority, barring any strings/triggers on the investment terms that could be activated.


Bessemer & Co. would not spend this kind of money without doing DD to the point where their competitive review would have snagged the OP's efforts. So most likely they know.


They would not have looked at the API docs of either the startup they are investing in or their competitor (99.95%). I've worked as VC and technical detail at such a level is basically non existent. Economics, team, market take up the vast majority of the effort.


This is correct. The odds that a VC investment fails because the company copied work and gets caught/sued is very low. Thus, there is little incentive to dig through all the weeds to ensure that absolutely no work was copied.

Ultimately, the VCs probably just ask the founders "Hey, your product looks very similar to product A, how is yours different and did you develop it on your own?" If the founder denies copying and gives a reasonable answer for how they developed it on their own, the VC then makes a judgement. They also may hire some consultants or have some outside experts look at the tech stack to make sure no red flags pop up.

However, you can't dig through every line of code and every document in diligence and compare it to several other companies code/docs. It would take too long and everyone involved (VCs, lawyers, start-up) would be annoyed.


We do technical due diligence, because at the VCs this specialty is usually not present.


I’ve been through a technical due diligence for an acquisition and the process was severely lacking. In total it took ~8 hours (compared to ~80 for financial diligence). It felt like a once-over smoke test to eek out any major red flags.

I almost wish you had done my technical diligence, Jacques. I spent a week preparing for it and was very proud of what I’d built.


We get that a lot actually. We do quite a few 'B' and later rounds (43 deals last year!) and apparently we're the hardest exam to pass for, but the people we work with are generally really happy that they finally get to show off all their hard work to people who really appreciate what they've done.

It's five of us for a week with a super intensive interview on the Wednesday and it is always the highlight of the week for me. What is also neat is that most of these turn into very long term relationships post deal, not necessarily financial ones, just that the interview day makes the whole thing a two-way street where the tech team will occasionally reach out when they are stumped on some problem or need outsider perspective.


Ya, we got very close to closing with a VC in SV. Their technical due diligence consisted of one of their contacts from Google calling and asking me questions about our tech stack. It appeared that the Google dev derailed the deal because we were building our product in PHP. That's how they decided we must not know what we are talking about.


Did you get funded with another party?


Yes, we raised millions through a few other VCs.


Good to see that that did not reduce your long term chances. I really don't like these out-of-hand dismissals without doing the homework first, PHP is not exactly the worlds most elegant language (to put it mildly) but it is definitely not a disqualifying one either.


Bessemer & Co. likely know that Otonomo is building a drop-in replacement copy of Smartcar's API. I'm not sure there's anything terribly controversial about that, although reasonable people may disagree.

Bessemer & Co. probably don't know that the docs are literally being copied though.


>> Bessemer & Co. likely know that Otonomo is building a drop-in replacement copy of Smartcar's API. I'm not sure there's anything terribly controversial about that, although reasonable people may disagree.

Anyone considering that should be aware that Oracle vs Google is still not finished.


Even a drop-in replacement does not normally go so far as to have verbatim copied documentation. Which makes me wonder how far the copying went, if they actually obtained the code as well.


A literal copy would show up during tech DD. If they did not flag it that's their problem, if they did flag it it is still their problem.


How do we know that the investment predates the public api documentation?


Bessemer's last round was a series 'B', by then the bits and pieces would have all been in place, whether it was public or not isn't even all that important.

It does raise an interesting question though: how will the OP prove that their work is the original, that might hinge on a lot of unknowns, more difficult still if the work was originally lifted by an employee of the company and then passed on to Otonomo with them being the unwitting recipients.


Yes, seems likely, but user documentation often comes really late in the process.


However, the Smartcar CEO replied in another thread that they use Readme.io for their docs, which can autogenerate using Swagger, which automatically parses hints in code.

So it is definitely possible that the codebase got stolen and the perps missed changing a few hints, resulting in the Otonomo samples generating identical sample code, as shown.


> without doing DD

It's a Series A, serious DD doesn't usually happen this early and a jr. analyst with a finance background wouldn't catch something like this.


The latest participation by Bessemer was a series 'B' as far as I can tell:

https://otonomo.io/pr/otonomo-announces-25-million-strategic...

And even then, series 'A' requires DD as much (and sometimes more so) as later rounds.


VCs are not banks and are not staffed like banks, and they don't do DD like banks. I've been in the weeds in six VC rounds and through an IPO, you'll be incredibly disappointed what passes for DD for VCs.


> you'll be incredibly disappointed what passes for DD for VCs.

There are lots of VCs, some are better at this than others, some really suck. On the whole though they tend to do their homework at least on the commercial front and a competitor with a feature-for-feature identical offering would have most likely been spotted even at the 'not so good ones', irrespective of whether or not the API docs were made public.

The interesting questions to me are:

- what was the exact timeline?

- was an (ex) employee of the company involved in the copying?

- is Otonomo itself aware of the fact that they have this sitting on their website?

- How far down does it go? Is it just the API documentation, or also the underlying code?


VCs love to tout how they reject 99.9% of their pitches. What's the competitive advantage for them to fund an investment with minimal technical review? Wouldn't avoiding the next Theranos be worth it?


No. VC is about numbers, getting into as many deals as possible because a very small number return enough to pay for the fund. 99% of deals are expected to fail. In-depth due diligence costs too and would take away money that could be better spent on just another deal.


Sounds like VCs need a plagiarism detector for websites (think TurnItIn) to make sure their portfolio companies aren't blatant ripoffs.


TurnItIn resells all of the data you submit to them. Any paper a student is required to sent to the service (it's not optional at schools where it's in place) is added to the dataset which they ultimately profit from, with nothing paid back to the students who own the original IP.

It'd be like YouTube using your videos for ContentId, but not having any avenue for you to profit from said videos. Oh and uploading to Youtube would be mandatory.

There was a lawsuit about this, decided on TurnItIn's side, but I still disagree.


I wasn't suggesting they copy the business model, just the functionality. If it's all websites, there'd be no need to have a separate database.


And I didn't think you were. My point is aside from the actual topic at hand.


Just because something is a blatant ripoff, doesn't mean it's not a good investment. VCs are doing investments based on predicted ROI, not uniqueness. Lyft and Uber are extremely similar, but the particulars of the business are much more relevant to the investment opportunity.


Sure, but neither of them was illegally copying aspects of the others' business. Business models are not protectable.


illegal or not is for the court to decide.


Are you suggesting that the article isn't describing an open and shut case, our that business models may in fact be protectable? As a former lawyer, I would say that neither of these is even a remotely close call (assuming the description is accurate).


Yes, that depends on how good are their lawyer argue it in court. Maybe they know something we don't.


Technically, yes. But practically, in cases so blatantly obvious it is fine to draw your own conclusion.

In one court case - where a company I had a majority stake in was the plaintiff - the defendant basically had to admit that they copied the code and content of our website. Their defense: 'we did not copy it from them, we copied it from someone else' (without specifying what the 'someone else' was). Needless to say that did not end well, we were surprised they actually went to court but since this was in a country where the loser pays the court costs of the winner that did not overly bother me.


Isn't that testament that their lawyer simply is not good?


Lawyers do not call the shots, clients do. So if a client wants to take a losing battle to court a typical lawyer will caution them but will not hand in their commission.


No client want to lose. Maybe they choose the wrong lawyer? Maybe they shouldn't just use 'typical' lawyer. Especially for difficult case.


That was about as unwinnable as they come. So no, that wasn't the wrong lawyer, that was simply the wrong client.

https://webwereld.nl/overheid/10591-webcamsites-bevechten-el...

(Dutch)


No case are unwinnable. At least not with that attitude. Look at the O.J. Simpson case for example.


He lost the civil suit. And the only reason you bring it up is because it is exceptional. The general rule is that the courts tend to get it right but there are obvious (and glaring) exceptions.

The quality of your lawyer will help in the gray areas, and may get you a reduced sentence in case of a criminal affair but in general you will lose if you go to court with a case where you were in the wrong. It's not a perfect system but for most cases it works out.


He win the criminal suit.

>And the only reason you bring it up is because it is exceptional

So you need exceptional lawyer.

>The quality of your lawyer will help in the gray areas

An exceptional lawyer will make seemingly black and white situation to looks like grey.

> in general you will lose if you go to court with a case where you were in the wrong

Sure, the point of court is argue that meaning of "wrong"


> He win the criminal suit.

You don't 'win' a criminal suit. The standards of proof in a criminal suit are different than the standards of proof in a civil one, because the punishment in a criminal suit is much heavier than in a civil suit (where the maximum is some monetary penalty, whereas in a criminal suit it is imprisonment or in some countries even death).

I really think your view of the legal system is somewhat theoretical, there is no such case that it can always be won given the right lawyer or argument.


He didn't get death penalty or imprisonment is a win to me.

The reality is legal system consist of human in various capacity, judge, lawyer, jury, even public opinion. Its all boil down to convincing these human. Given the right method or argument, you can convince any human. Sure some case are harder then the other but doesn't mean it impossible. Really really hard != impossible.

>there is no such case that it can always be won given the right lawyer or argument

What is your reasoning ?


Deciding it on your own before the court battle might save you millions of dollars of your own invested money.


We always check this sort of stuff for our customers, and more than once it has triggered.


How do you do it? Just using Google on various phrases? Are you checking for your customers our on your customers? If the latter, why do you care (most vendors wouldn't).


> How do you do it?

We have a team of people that exhaustively search for players in the same space. The 'Google on various phrases' is more or less the gist of it, the more unique the better.

It's not an automated process so fairly time consuming.

> Are you checking for your customers our on your customers?

We do not check on our customers, we check for our customers. And usually pre-investment.

> If the latter, why do you care (most vendors wouldn't).

You are probably wrong about that, copying something verbatim will get you a C&D pdq in most cases.


Thanks for clarifying! I'm still confused as to why a vendor would check on a customer or care if they're infringing.

I sell a SaaS reading product and don't care what my customers are using it to read, or whether their own websites our products contain any infringing content.


> I sell a SaaS reading product and don't care what my customers are using it to read, or whether their own websites our products contain any infringing content.

What they are using your product for might very well turn into 'aiding and abetting', make sure your TOS is up to snuff and that you have it checked over by a lawyer to verify that if your customers do something illegal with your service you don't end up being on the hook.

As for the second, that might be a good hint that your customer is not above-board and will bear closer watching.


I'm not sure I follow (and I'm a lawyer). If someone uses my chrome extension to research how to rob a bank, and then they go do it, what is the legal theory that puts me at risk? Is Google at risk because they're using chrome? Or the computer manufacturer?

Napster is one end of the spectrum, but I'm not sure how anything short of that is a legal risk. Are there cases or legal theories I'm unaware of?


There is a lot under 'SaaS' that you could use to further illegal schemes that do not fall under 'chrome extensions'.

Off the top of my head: anything payment related and two sided market places (money laundering, false binning), anything that allows large volumes of data to be moved around (copyright violation, child pornography, exfiltration of data from corporate networks), proxy services and spider services (DOS attacks, harassment, TOS circumvention and copyright violation) etc.

So nothing that would require legal theories, just the usual abuse of service.


> anything that allows large volumes of data to be moved around (copyright violation, child pornography, exfiltration of data from corporate networks)

So could Mozilla be on the hook if people used Firefox Send to do any of these things?


They could be on the hook, except the ToS of Firefox Send includes this language:

You hereby represent and warrant that your content will not infringe the rights of any third party and will comply with any content guidelines presented by Mozilla...

We may suspend or terminate your access to the Services at any time for any reason, including, but not limited to, if we reasonably believe:... you create risk or possible legal exposure for us...

You agree to defend, indemnify and hold harmless Mozilla [et al] from and against any and all third party claims and expenses, including attorneys' fees, arising out of or related to your use of the Services (including, but not limited to, from any content uploaded by you).

(https://www.mozilla.org/en-US/about/legal/terms/services/#se...)


The indemnification bit is pretty much testimony to the fact that Mozilla also realizes the abuse potential of 'Send', but it may not work out well for them if they end up as the defendant in some lawsuit and the party breaking the TOS is penniless.


That thought definitely crossed my mind when it was first announced. I sure hope they thought of that before releasing.


Getting onboard a company where there is a fast growing but not established market leader might even be a sound investment. Just add more thrust.


> The only way forward for Bessemer et al. VCs is to immediately withdraw their funding for this “company” and cut all ties in order to prove that they had no forewarning that this is how their money was being used.

I mean, you might eventually be right. But why "immediately"? What's wrong with taking some time to talk to people, hear the other side, find out more details, do a proper investigation, and then decide what to do?

One side of a story is never the whole story.


Can someone explain me what illegality did they do?

Is it illegal to just copy some docs from somewhere on the web?

are APIs copyrightable?


The docs are definitely copyrighted. Same as if you wrote a blog post and they copied it, it would be copyright infringement.

Otonomo sounds like a deeply unethical and shady company. If I was doing any kind of business with them I would not continue to do so. While it would be hard to sue them, hopefully when you Google them in the future the fact they ripped of Smartcar will be one of the first results.


In the US, whether APIs are copyrightable is a question being currently litigated. https://en.wikipedia.org/wiki/Oracle_America,_Inc._v._Google....

The latest decision in that saga is that yes, they can be. Whether that holds up in the Supreme Court is an open question. Most of us hope it doesn't, I suspect.

Copying documentation is definitely a copyright violation. Similar situation exists with recipes - a list of ingredients can't be copyrighted, but the wording of the steps can be. You have to at least put it in your own words.


As it turns out, probably nothing. Their API docs are apparently open source.


Wayback Machine:

https://web.archive.org/web/20190422150111/https://smartcar....

(And a reminder to donate to archive.org if you can!)



Forgive me, but all I really see that’s ripped of are...some API docs?

You can tell they copied them but this is likely the work of a single lazy employee rather than indicative of an entire company.

Consider that the value of a company is more than API documentation. It’s the customers, the business relationships, and the employees. The actual tech is last in the things that are valuable.

If you want to survive in this industry you need to understand that eventually someone is going to copy your product. They might even do it better than you. Unless you can prove fraud, there’s nothing you can do. There’s no crime in copying someone's public API and offering an identical service; people do it all the time.

Instead of worrying about your competitor and some lazy employee they hired there, worry about your own product, customers, business. Start planning your next feature or next way you’re going to WOW your customers. That’s your real job.

Now get to it!


It's not just the API docs that are copied, but the API structure itself. Then again, the examples shown in the article are just OAuth flows, which are a standard and docs are going to look similar regardless.

But I totally agree with not worry about competitors. There's always going to be people copying you, and if they do that means you're doing something right. Think Stripe - I'm sure they're a huge source of 'inspiration' for a lot of sites when it comes to design and documentation.


It is curious that while HN as a whole seems to be on the same side regarding the Google vs. Oracle case, they also are quick to jump on this bandwagon, but in the other direction.

Is it lame to blatantly copy someones API docs? Sure. But even looking at the screenshots in their blog post, which I presume is meant to highlight this issue, it's clear that there are changes as well, so it looks more like derivative work than just blind copying (I'm not sure if there's a meaningful legal distinction here, but it feels more ethical).


Same thought here but fwiw to me it seems that there are plenty of people on this thread who are on the Google side of this discussion.


So they built a new product to a competitor's API spec? There is nothing wrong with that, the API itself is a plug - you need to implement the backend to compete.

It is super lame and dumb to have ripped off their doc, but the API format itself is not an issue to me. If I were going to implement a competitor to Google Maps, it would make sense to copy the Maps API so people can migrate seamlessly. That is the nature of SaaS.

The core value proposition is not in API design, it's in the implementation.


I agree with you completely, but Oracle vs Google is still going through the courts on this exact issue - copyright on APIs. I've seen product roll-outs delayed because that case isn't settled yet. For VCs to jump in knowing that's what this was seems risky, but maybe they factored that in.


This isn't (only) about copyright on APIs; it's also about copyright on the API docs.


The docs definitely is a violation, but that's a foregone conclusion when even the examples are exactly the same.

The copyright of the structure of the API, however, is still something to be debated about.


documentation is protected under copyright.


Api design is part of the value.


And not all value is capturable under copyright. If you want this level of capture of value, use patents instead.


I have solid evidence that some EV startups that raised billions like Faraday Future are built on our EV-technology and self-driving stack that we built during 2007-2012.

Our project died in 2014 due to lack of support and funding on Europe, while our "Chinese partners" started raising mega large rounds literally copying everything from us, from business plan to technology.

You can also see an overnight quality jump on engineering and powertrain from the Chinese EVs (pre-2014) to 2015+, based on our previous work.


In a previous thread about China ripping of IP and blatantly sabotaging others illegally, many commentators supported them saying it’s better for the world. The fact that people are this naive scares me. I’m so sorry this happened, I am glad more light is being shined in unfair practices like this.


It really breaks my heart every time I read this kind of thread in HN, the terrible personal experience of seeing how others build empires with your corpse is the least terrible for me. China thinks like civilization and as long as the rest of us keep thinking that this is a global world, where we are all good, kind and we do yoga while we walk our dogs, we will keep having problems with the Chinese.


I have also seen calls for caution and warning dismissed as racism. I agree - this is an extremely sad situation.


> self-driving stack that we built

what company was it that went out of business in 2014?


> 0facda3319

That's bad for sure.

However, most "Oauth2 flow" documentation pages look like that. They all have a table that's basically copied out of the Oauth2 spec. They all have very similar language.

This is a good thing. Oauth2 is a well defined spec, and there just isn't a lot of ambiguity there.

If it weren't for the copied random state, I'd shrug this off.


I don't have a problem with copying another API for compatibility; Think of the Oracle/Google lawsuit, and the fact that reverse engineering for compatibility is already a protected right.

I do have major issues with verbatim copying of documents and websites, there's an obvious copyright violation there.


This is obviously frustrating, but do not focus on it. They were wrong and lazy to blatantly copy, but would it really make a difference if they spent an extra couple hours with a few copy/css changes to make it look more unique?

Unfortunately, the market does not care about who had what first. This is a validation for you. Frustrating validation. You likely do not have the resources to fight them for anything meaningful. Stay focused on your customers.


> We created a standard API for cars.

What do they mean by "standard" here if they object to this API being copied?

The very goal of API standardization is to have a common interface for TWO parts to talk to each other in a consistent manner. An API that through whatever means allows for only one specific backend doesn't really qualify for being a "standard".

> How Otonomo is illegally cloning our product

So am I to understand that the API spec is their product?

Or is their API not as standard as they claim?

Can't have your cake and eat it too.


Exactly, I don't understand what is their objection.

Since when copying some API docs is illegal? We don't even know yet if API are copyrightable, right?

Ever since Facebook copied snapchat's features like it was nothing it became clear for everyone that the best clone will win. You have a product? Expect a clone of it.

To me this post is just "they stole my idea" whining.


No, verbatim copying of the docs, API or not, is obviously not right. However if they are claiming to aim for API standardization, the specs should be in public domain from the start.


Facebook's cloning of Snapchat's features is legal.

If they'd copied Snapchat's "how to use <feature>" documentation verbatim, typos and all, that'd have been a copyright violation.


Did you look at the linked article? It's not verbatim. It's clear that it was heavily based on Smartcar's docs, but it's most certainly not verbatim.


Did you? There's no way they got the same random state and client UUID via chance. That's a direct copy/paste. So are various tables they provided screenshots of.


I'm not saying they didn't copy small portions of the original, such the highlighted UUIDs. But they most certainly did not copy the entire documentation (or even large portions) _verbatim_. They _paraphrased_ large portions of the documentation. "Verbatim" ("in exactly the same words as were used originally") has a purposefully different meaning than "paraphrase" ("express the meaning of (the writer or speaker or something written or spoken) using different words").


I feel like this happens often in tech but most offenders do a better job covering it up. This is pretty blatant.


It's interesting — I have a couple competitors who have done the exact same thing to my API product (https://keygen.sh). Total copy of a feature subset, down to the API payloads, and verbatim copying my painstakingly written documentation. It bothered me (immensely) at first, but then I stopped thinking about it and instead turned my focus back onto my business. If they want to copy me, so be it. I'll still have the edge because I'm the leader, in a sense.


This is surprisingly and unfortunately common. I do technical DD for big tech companies and VCs in my areas of expertise -- databases, geospatial, and sensor analytics. Plagiarism, particularly of white papers and documentation, is ubiquitous. I've personally been plagiarized by famous unicorn startups that are now post-IPO. I never call any of these companies out but it is a poor startup strategy for two reasons:

First, someone like me flagging this has killed or crippled potential acquisitions by big tech companies. In most cases, the startup has no idea that the plagiarism was discovered but it follows their reputation. It is a giant red flag since it raises questions about the provenance of the rest of the IP. Plagiarism reduces your probability of a successful exit.

Second, in some cases, it puts you in the position of tacitly trying to execute someone else's technical vision that you may be lack the expertise to replicate. I've also seen this failure mode multiple times. Plagiarized documentation makes a promise that will be difficult or impossible for the startup to deliver on because they lack specialized expertise that the company they copied it from has. This is a form of self-sabotage since it puts the startup in the position of executing from a position of weakness in order to match the content they ripped off from some other startup, which leads to poor product and poor customer experience.

Copying abstract ideas is fine, there are many possible implementation variations, but blatantly ripping off other startups is a very low ROI strategy for startup success.


This is a great opportunity for Bessemer, and the other investors, to demonstrate that it isn't returns above all.

Updated to include my tweet: https://twitter.com/MattHurewitz/status/1120356791932604421?...


What else is it for a VC? Isn’t that literally their purpose?


Every business has an obligation to make money. However, the VC game has been filled with a win at all cost mentality that has led to the downfall of many companies - as well as evidence that the companies themselves are not prepare to become public (they aren't worthy of the public trust).

One could argue that the market is okay with these types of things. But, we talk about doing the right thing. And if it's not just lip service, this could be a great opportunity to prove it.


lumbering forward blindly without responding to the red flags a company throws up is not profitable.


You may not hear anything right away, but someone who works for (or was outsourced by) Otonomo is currently having a Very Bad Day.


Otonomo management will have an even worse day when they realize that they are not indemnified just because someone works for them. They will likely have to kiss a substantial portion of that money goodbye as compensation in whatever settlement will be reached. Their lawyers will not be able to win this one from what I've read and seen so far so the best they will be able to achieve is to settle before it gets to court, fighting this will only make it much more expensive.

OP should figure out if the public stuff is all that was ripped or if it went further, it would not be the first time that an ex employee made off with a copy of the company crown jewels.


It would be (morbidly? Sadochistically? I lack the term) interesting to watch how many people jump ship in a situation like this.


Once upon a time a group called 'CitizenX' copied the Camarades.com website and software and gave us the proverbial finger because 'they were in the US and we were in Europe and what were we going to do about it?'.

Turns out not everybody working there agreed with the tactic and the day they raised money I got a very nicely worded anonymous email with the name of the investor. The ink on the press release was still wet when I mailed the VC for their legal contact because we were still well within the statue of limitations and now they could actually pay up.

The only message I got back was 'we will not be investing'.


That is truly poetic.


I thought we all decided APIs shouldn't/couldn't be copyrighted because that was evil when Oracle and Microsoft tried to do it?

I guess literally copy-pasting the docs is a flagrant violation, but it seems like that's the least of their problems. Presumably BigCorp will now get a cleanroom team to re-document the re-implemented API.


I don't know that "we" decided that at all, and I don't think that "we" were ever naive enough to assume that it's okay to copy Oracle or Microsoft's documentation or code just because they're big and "we" don't like them.

This appears to be a lawyer's dream case and I wouldn't be surprised that, if this case makes it to court, discovery finds some actual stolen code. If this company ever poached employees they'd better be very, very careful.

IBM "bluewashes" their terminology and vocabulary for this same reason. They can easily catch someone else using IBM-specific language, and they'll often call very common things by unique and very different names compared to other companies. This can also help cover for any perceived issues with employees bringing over ideas from their previous company.


Ya, I find it even more interesting that they copied the Smartcars API.

In theory, if you copy an API, you also copy its semantics. The docs for it are supposed to be interchangeable. Its touchy. For example, wouldn't most people rely and use the Java doc even for Android?

Now obviously, redistributing a copyrighted doc on their own website without permission is something else. Cause I'm guessing docs are copyrightable, but not APIs. The whole thing is getting more interesting to be honest.


Good opinions here. I worked at very early stage startup, and our huge competitors with 1 billion worth of funding were stealing our shit from day 1. Thankfully, we didnt spec out a nice API and all that shit because we were in startup mode. That makes it a bit harder to copy things our stuff because it was a huge pile of undocumented software and data.

I think that is just life in tech now. You put out a 'feature' in your app that is new and cool. Two weeks later the same feature shows up in your competitors app.

In our case, always better to be ahead of the curve. You've got a small team with 20 folks who are putting pressure on the 100 person teams at these giant companies.


They could just say "Our API is identical to the Smartcars API, documentation can be found here (link)". Smartcars might even be happy about that as it's free advertising.

The way they did it looks much shadier, but I doubt it's actually illegal. The longer text blocks are all original, even if clearly inspired by smartcars. The descriptions of paramters is mostly copied verbatim, but I have my doubts it's copyrightable, after all there are only so many ways to describe what "access_token" does. The overall structure of the documentation is also clearly copied and is probably protected by copyright, but it's easily changed.


Well, "we" don't have authority to decide those things, do we?

It looks like API copying violates copyrights on the US, so go for it. In a democracy crazy laws can't be crazy just for the bad.


Its not even their proprietary API, its OAuth endpoints.


Came to say just this. They say "illegally cloning our product", but I see nothing illegal so far and I'd love to be corrected.

I doubt it is so, but even if those tokens pass the threshold of originality[0], does a few blobs of superficial text justify a lawsuit?

Things would be dramatically different if they'd copied source code, but so far, it's just documentation.

[0]: https://en.wikipedia.org/wiki/Threshold_of_originality


Directly copying a document is simple copyright infringement. Just because it's documentation doesn't mean everyone has a free license to copy and redistribute it.

Whether or not any violations occurred in copying code probably depends on whether any employees with company secrets were poached and involved in development. That's a very big, well known no-no amongst tech companies. It's why Compaq had a complete "clean room" to reverse engineer the IBM PC.


The screenshots in the article don't show a direct copy. They show copied tokens only.


Direct copied text in Request Access Token section


I seem to have missed that, thanks for pointing it out! Then we arrive to the question: is a copyright claim over a few paragraphs of text worth the effort?


Maybe, maybe not. I don't know if this kind of thing reaches trial at any point, but I wonder if discovery would turn up any sort of direct code copying or reverse engineering done by poached employees.

Perhaps the company even used decompiled code, it's not out of the realm of possibility that they simply directly stole the whole thing.

I'm not sure any of that is actually likely, but I think that the fact that some paragraphs are directly lifted is a massive red flag.


Couldn't they have written exactly the same things, taking inspiration ?


There is a UUID they use in a example that is 1:1 copied.

> For example, the number of random version-4 UUIDs which need to be generated in order to have a 50% probability of at least one collision is 2.71 quintillion [...] This number is equivalent to generating 1 billion UUIDs per second for about 85 years, and a file containing this many UUIDs, at 16 bytes per UUID, would be about 45 exabytes, many times larger than the largest databases currently in existence, which are on the order of hundreds of petabytes.

https://en.wikipedia.org/wiki/Universally_unique_identifier#...

The probability that they generated the same text 1:1 and a UUID in it by random chance is very, very, very, very slim.


I agree, that's what I meant. Are directly copied tokens enough to justify a lawsuit? There isn't a direct copy of any other content.


I hope the VC notices this. At best they invested in a lazy company. At worst, fraudsters.

If they actually believe the idea has merit, they should do right by Otonomo.


A lazy company—one that gets the job done expending the least unnecessary resources—is what investors want.

Playing fast and loose with the law—whether it's competitors legal interests or regulatory conpliance—is often part of the economy of disruption.


I don't have any data to back it up but majority of Israeli startups have one goal: to be acquired (and are extremely good at marketing them to acquiring companies and investors). So continue your product and in a couple of years time, they would have been acquired and the product put on back burner by the acquiring company.


> I don't have any data to back it up but majority of Israeli startups have one goal: to be acquired...

As someone that worked for one, and knows enough people that work in other Israeli startups, I can tell you it isn't true.

True, some startups get acquired, but no more then any other place (the only difference I see is that in some tech areas Israeli talent is considered very good, so when looking for an acquisition, big corps are probably more likely to go for the Israeli options)


As someone who worked for one and is originally from Israel, I can tell you it is, absolutely, 100% true. No one in Israel is interested in managing or building a large company and they all want to exit as soon as possible.


Also Israeli, can also back this up. There are a handful of Israeli startups trying to build a large companies. There are exceptions, and large one at those. But it's the common mentality.


In some ways it reminds one of the Google/Oracle API thing -- most of us didn't _want_ the API itself (the method signatures or 'shapes') to be copyrightable or otherwise protectable as IP (as the law seemed to say it _wasn't_ until the Google/Oracle case).

However, copying the _docs_ like that is a clear copyright violation, always has been, still is, not really a legal gray area, I don't know what the heck Otonomo was thinking, and I hope they get their hat handed to them.


Can you not use a DMCA and contact their hosting provider?

One per offense.

Also, if the docs are registered copyright, willfull infringement per offense is over $100k per instance.

$50mil/$140k = 357.14

Thoughts?


A bit naive. I am sure the DMCA can be used to put some fire on their ass to rewrite the documentation though but not much more than that.


The DMCA can be used to put a fire under them to file a DMCA counternotice, at which point the whole issue with their hosting provider is done and you are down to the basic question of are you going to file, litigate, and win an actual copyright lawsuit on a timeline and at a cost that leaves you with a viable startup.


Depends who is hosting their documentation. Under the DCMA, hosting providers are obligated to take content down when they recieve a valid takedown notice (They can put it back up when they get a counter notice).


And now that this has hit HN, I bet they're rewriting the docs right now.


No judge would agree that damages are anywhere close to 100k per instance.

It just isn't something a judge would ever agree to.


Someone I know worked for a company making ultra sound machines. A US company bought one of their machines and exported it to Japan where it was reverse engineered. And they found out about it. The upshot was both the US company and the Japanese company were enjoined from developing, manufacturing or selling ultra sound equipment for 20 years.

Federal three letter agency's were heavily involved in wielding the stick side of things.

That is the angle OP should pursue.


I don't understand what is the problem. If you made your API public, you want people to use it. If another company decides to use the same API, it is only good, in my opinion.

It is very similar to an issue with phone chargers. There were times, where each phone manufacturer had a different charger, and if a new company decided to use a charger desing from Nokia, they would probably sue them. I am so glad those times are over and we use USB everywhere. Arent you glad, that your API could be used everyhwere?

Or another example, imagine if every web browser had a different "web language" like Javascript, and developers would have to make several versions of their website for each browser. And if a new browser wanted to display webpages ment for Firefox, Firefox would sue them.


According to their repo the API is under MIT license? So what's the problem?

https://github.com/smartcar/node-sdk


To say they're illegally cloning your product is probably misleading. They're potentially infringing your copyright on your documentation but there's nothing illegal about their general product offering. I think you are hurting your case with hyperbole.


I sort of feel that if the worst thing you can find is that someone stole your registration or OAuth documentation, you're a bit over-exaggerating.

And to say that someone is cloning your startup when they only (supposedly) stole the documentation is extreme in any case, especially when they're not really a very new startup, so it's not like you can claim everything they did was just copy from you.


"I cloned a sheep" does not imply "I am a clone of a sheep" or "The only thing I have ever done is clone sheep".


There are zero material consequences for a well-funded startup to pull shenanigans like this. Why should we be surprised this is happening?


Yes except if you are a well funded startup and look like amateurs that copy things verbatim that does not bode well for your reputation going forward. Someone needs to get fired for copying shit verbatim.


Unfortunately for the little guy it's the winner take all market. If the well-funded company wins at the end, no one would even remember the other one existed. Is it ethical? Depends on your ethical stands. Happens all the time.


They'll fire a couple people and everyone will forget in six months. That does nothing to discourage this type of behavior moving forward.


A small number of developers are going to see this, unfortunately, and the ding to their reputation will be marginal.

I don't know what legal recourse smartcar has, but I would think it is time to seek that advice.


Someone will get fired and the company will be ordered to pay $30,000 - $150,000 for willful copyright infringement


$150k is probably worth it from a strictly cost benefit perspective.


Does this mean that smartcar.com is cloning the many year old API for authenticating with Google backends for limited-input devices?

https://developers.google.com/identity/protocols/OAuth2ForDe...

Because these APIs all look very similar to me.


I am sorry to hear that but it is does not really surprise me. I bet they will just rewrite their docs a little bit and then go on with their business.

Amazing that they have 55M$ in funding and still hire a bunch of amateurs. I bet the design for their docs is based on some free online template too because it looks very cheap.

I wish you all luck!


While the posted stuff does look very similar, with identical random numbers etc, the APIs in question looks like pretty standard off-the-shelf OAUTH... Unless other APIs are very similar as well, it seems that Otonomo just took a shortcut in documenting their OAUTH by copying Smartcars documentation.


Initial disclaimer that I might be wrong about this and the space in general

Have they cloned the API docs or the entire product? Copying API docs is stupid but I can see how that would have been done in a hurry.

However, if I were building a Saas product with an API and a competitor to a popular tool who has it, I will deliberately keep the basic functions as similar to ensure seamless transition. Its not about uniqueness but moving fast. Companies which might want to switch will have it easier given they wont have to change their code much, and by extension can be deployed faster, and I will try to sell them on the features we offer extra over the competitors.

I am not sure about copyright/patent infringement so cant comment about that. Part of what I wrote above might not be allowed, but maybe mentioning explicitly might be ok .


i think this is a perfect example of:

ideas mean nothing, execution means everything.

you had the idea, but they had the connections(VC, industry, etc) and knowhow to execute on it faster and bring it to market faster.

Sad, but this is the market we have created! The rich can steal ideas, or do whatever they want, with impunity because they can defend their questionable actions in court. This is what AirBNB and Uber were built on.


Maybe they're just better? I'm sure A16Z was aware of both and decided to fund only one. Money (especially smart money like A16Z) goes where it's treated best, and apparently some smart people think smartcar isn't going to treat their money as well.

Copying and pasting the docs seems a little egregious, but that's a pretty small issue that could be changed in a day.


Cloning someone's documentation is not "cloning our product"

Using the Wayback machine, I looked at both company's docs and the navigation isn't the same - https://twitter.com/CaseySoftware/status/1120521768723255297 - so even the copy/paste job looks like a single page.

Yes, it's absolutely poor form and may be a copyright violation but the screencaps cover OAuth 2.0, therefore everything - yes, including the parameter names - MUST be the same, according to the spec.

Without more evidence, this is a nothing burger.


Wait, I can make an app that unlocks my car??


Yep! Just check out our docs: https://smartcar.com/docs/

Would love any feedback you may have!


The documentation only has a screenshot of the brands supported. Would be nice to just be able to lookup my car brand and make support in the docs instead of having to make an Auth flow first...


Yeah... I went to their homepage and still had no idea what cars they supported, what features the car needed, etc.

From my understanding though they're just a wrapper API around the car manufactures existing apis?



Agreed. The homepage is confusing and doesn't give me some of the information I need.

The requirements/supported brands & models should be somewhere prominent on the front page, and I'm honestly still confused. Similar any country restrictions. This being limited to the US should not be hidden three levels deep in some FAQ.

The Otonomo isn't any better though, it doesn't even seem to have any links to the docs.


> From my understanding though they're just a wrapper API around the car manufactures existing apis?

Yep, think EasyPost for car functions


That's good feedback. We'll try to make things more clear!


How is it possible?


You will need additional hardware in the car to achieve this. Smartcar just does a really thorough job of hiding this fact.

AFAIK the is not a single car manufacturer (not even Tesla) that has any API available. Most cars don't have internet connectivity anyway.

Disclosure: I do NOT work for Smartcar, but have build multiple backends for P2P carsharing and bike rental platforms.


Disclosure: I used to work for Smartcar.

This is patently false. Smartcar does not require additional hardware. Quoting from their product page:

> Our API works with the embedded telematics module built into most new vehicles. No need for aftermarket hardware like OBD2 dongles.


Only a very, very small selection of cars support this.

As it stands now, the documentation is very much misleading as Smartcar makes it sound as if you can use this on any vehicle. Look again at sahaskatta's response, he/she made it sound as if you just have to read the docs to 'unlock your car with an app'. But in reality, you'll also need to have a brand new and very specific car if you want to do this.

Sahaskatta also asked for 'any feedback I have'. I gave that and now I'm being downvoted for my criticism...


So it’s like builtin Bluetooth?


through builtin cellular data


A lot of new cars do have internet built in whether that is exposed for your use or not.

My 2014 Chevy gave me 2 years of their mobile app which could unlock/lock the car via cellular for free. I know the car still has a data connection available because if I play songs via bluetooth it pulls in album art that doesn't exist on my phone via Gracenote. I can also hit the OnStar button and talk to someone via the car and I don't pay for that.

That Chevy lock/unlock API may not be a public API but there is nothing stopping someone from reversing it. Or just signing up to use it: https://developer.gm.com/vehicle-apis

Most modern cars offer the same features.


Looks like par for the course. This happens all the time and it’s just part of the game you have to play when entering the markets. A judge or jury will have to figure out the rest of it, if you have the resources to go that route. Ultimately you’d be better off viewing this as a distraction. Every hour you spend on this is an hour you don’t spend on your own customers or hiring your team to do what matters: execute. And others will pop up just like this, with more funding and more powerful lawyers.


A lot of good advice on here. Let me add another point, maybe just consider negotiating an acquisition.

Yes, it does kind of suck they stole your idea. But the fact that they have $55 million in funding, probably means they're willing to buy you out for a couple million. One, just to avoid any legal issues. Two, because you've already done a lot of work on the problem.

Maybe it's worth fighting. But maybe it's also worth considering getting a multi-million dollar payday, and moving on to something else.


If they go down this route, SmartCar should ask for at least their post-money valuation based on their last $10M raise back in March 2018[1], not just a "couple of million".

[1] https://www.crunchbase.com/organization/smartcar#section-ove...


No judge would agree to that as damages.

The smart car documentation is worth some amount of money. But there is no way in hell that it is worth 10 million dollars.

In law, there is this concept of "damages". Smartcar did not get lose 10 million dollars because a company stole their docs.


Unless I misunderstood, the parent comment referred to a buy-out/acquisition route, which is where SmartCar should ask for at least a post-money ballpark figure -- no judge involved in an acquisition process.

If SmartCar goes for damages, then that's an entirely different ball of wax.


Wow, this is as blatant as it gets.


Rocket does the exact same thing. Almost pixel perfect clones


Who is Rocket? Could you give us a link, please?



https://en.wikipedia.org/wiki/Rocket_Internet

They did a 1:1 facebook clone for example.


Would it be beneficial for you to make this a big deal from a political or media perspective? You seem to have an excellent case, and I would reach out to major news publications like Bloomberg or the NYTimes now while it’s at the top of HN. Maybe make a medium article or something for extra exposure as well?

Are there entities that protect American IP from other countries? Maybe the US chamber of commerce, or maybe reach out to the government itself.


You can't copyright an API, right? What are you asking them to stop doing in the c&d? Copying the website and documentation?


See Oracle vs Google.[1] It's not as simple a question as it might seem. Google is currently appealing to the Supreme Court.

1: https://en.m.wikipedia.org/wiki/Oracle_America,_Inc._v._Goog....


Reddit faked comments in the early days.

Youtube & Vkontakte hosted pirated content knowingly.

In the early days, iOS apps juiced their valuations with vanity invite metrics that entailed invite-walls that juiced downloads to access full functionality of apps. (invite 50 people to use full app features). Some of these were acquired for 8 figures plus.

Paypal created a bot that bought goods on eBay and then, insisted on paying for it using PayPal.

Rentoid bought and rented the items themselves.

Dating networks seed enough fake accounts on both sides to start the demand.

AirBnB allegedly created a bot & fake email addresses that would automatically respond to posts on Craigslist.

Marc Benioff of SalesForce hired fake protesters to disrupt his biggest rival’s conference and commandeered all the taxis at the event to deliver a 45-minute pitch about his own product. In another instance, he cancelled his keynote at the Oracle Conference and drew crowds to his own speech at a nearby restaurant.

Otonomo cloned some code, nothing that was impossible to deduce as well.


I am not really sure if this is very insightful. Other people having done something doesn't make it suddenly ethical. The documentary (and book) about Theranos goes over the "fake it until you make it mentality of Silicon Valley. It's only a useful tool if you can actually eventually pull it off. Of course if you can fake it in a way that's not a felony that can help too.


I was expecting another company copying the core business logic based off the title, but it looks like things related to redirect and auth are very (very) similar.

Nearly every API is going to need solutions for these, and they all look very similar. I'd be surprised if the redirect and auth parts weren't at least in some way inspired by other APIs.


It "looks" like they verbatim copy-pasted the documentation (and the api).


Am I missing something or did they only copy the OAuth flow? Yes it's unethical and seemingly illegal, but it's not like this is getting them anywhere close to a working product. None of the content in the article is related to any API that actually does something... It's just authorization.


I am not from the automotive industry, but if they are selling predominantly to automotive OEMs then I suppose Otonomo can be in serious trouble. Even a pending IP infringement case could potentially stop OEMs from working with them. Plus OEMs don't typically like companies that infringe IP, afaik.


A way to avoid this problem is to use a combined copyright + trademark licence.

"smartcar" feels like a weak trademark and is likely not registrable. "Otonomo" is inherently more distinctive - making it a stronger mark.

To avoid this problem - "smartcar" needed a stronger trade mark in the first place. Secondly the API copyright licence needs to work in combination with the improved "smartcar" trademark.

The Artistic Licence 2.0 for Perl 6 is an example of a copyright licence that works in combination with a trade mark.

Copyright licences are incredibly flexible - it's possible to restrict server-side implementations for example. Depending on the business objectives it should be possible to strike the right balance - binding the API to your trademark via the copyright licence - could be a good move if your API is a market-maker.


This just looks like an OAuth flow, which is rather standard.

It's not a good example to use of someone stealing an API.


Being in the authentication/authorization space for a while, this couldn't be truer. If OAuth 2.0 was a compelling differentiator from your API standpoint, they are doing it wrong.


Just read through the blog post. it's absolutely nuts.


I found more pages on their website https://imgur.com/a/35wax6T

Also their stats dashboard isn't secured: https://dashboard.otonomo.io/dashboard

you can see public data here


Given the title of the Dashboard page is "CES Showcase" I'm confident that's just an HTML mockup.


Are they complaining about someone else implementing the same API? Since the entire point of an API is interoperability, what could the problem possibly be? Are Smartcar claiming their product is a series of URLs? And that sounds sane enough to defend?

Or are they complaining this other company is copying their documentation, which is evidently released with a permissive license? Is Smartcar's product the API documentation?

Either way, this is far removed from my understanding of how computers work. Copyright exemptions for compatibility work have a long precedent. If Otonomo's business model is to build Smartcar-compatible products, and Smartcar does not like this, it seems like they should have more carefully considered what their product is, and how to protect it.


When Google clones the java API's the tone here is that API's are not protected and Oracle are evil gold diggers. Now an Israeli startup copies API's from another startup and the tone here is completely the opposite. What's up?


The tone of the post is that way. The comments here suggest quite the opposite.


not sure how to formulate it but wouldn't a great execution be very hard to reproduce? looks like it's copying the external API.

also looking at the other company documentation, it's different from the screenshots: https://docs.otonomo.io/docs/getting-started (archive.org history is quite limited so may have been scrubbed)

edit: yes those "screenshots" are very disingenuous: https://smartcar.com/docs/api#introduction


Actually, many of the otonomo docs were saved to web.archive.org, last week:

https://web.archive.org/web/*/https://docs.otonomo.io/docs/*

And many were saved to archive.fo today:

https://archive.fo/docs.otonomo.io

The screenshots look accurate to me, what discrepancies do you see?


yes I meant I didn't see anything very old.

I meant that it's just copying the API format (e.g. probably to make migrating from the other service easy) which isn't uncommon (e.g. most of AWS services copied APIs)


Sell your rights to sue them to those Texas class action lawyers and call it a day.


Besides the blatant copy.

I think Otonomo needs to decide whether they using oauth v1 or v2.

Point being, the quality of work is speaking for itself.

JSON FROM OTONOMO ------------------- https://consent.otonomo.io/oauth/v1/authorize?response_type=...

curl https://consent.otonomo.io/oauth/v1/token \

Documents Shows ------------------- response_type

This value must be set to code. OAuth2 outlines multiple authorization types.


It looks to me like they only use OAuth2 (based on the authorize/token endpoints), they just oddly decided to version their OAuth2 api.


Yeah. I completely missed to see that.


It's obvious that someone read the SmartCar docs, and copied the oAuth2 flow. But it's not like SmartCar's API is unique. It's pretty standard flow. Correct me if I am wrong. Check this, https://www.oauth.com/ On custom schemes, check https://www.oauth.com/oauth2-servers/redirect-uris/redirect-...


Am I one of the few failing to see what is so egregious here? Looking at the screenshots, the documentation text differs quite a lot. The API structure is very similar and many of the parameters have the same names, but I thought the HN crowd generally agrees that API's should not be copyrightable?

To me this looks like a smart business strategy: Otonomo can migrate SmartCar customers to their platform with very few code changes. With that said, copying the identifier from the SmartCar's documentation could be seen as lazy or clever.


I can't find the Otonomo API docs online. Have they been taken down?



it seems like they took it down.


Yes, that appears to be the case. (Which in itself is a bit suspicious. Why would they remove it if they thought they had nothing to hide?)

Anyway, it was archived:

https://web.archive.org/web/20190416030526/https://docs.oton...

https://archive.fo/QiMY9

The full list of archived otonomo doc pages:

https://web.archive.org/web/*/https://docs.otonomo.io/docs/*

https://archive.fo/docs.otonomo.io


It is still here: http://otonomo-docs.readme.io/docs

(found on another internal forums/board) Save a copy maybe?


> Otonomo’s docs are a systematically written rip-off of ours

> Did none of the over 100 Otonomo employees (according to LinkedIn) think that what they were doing was wrong?

> Today we are taking legal action. We have sent Otonomo a cease and desist, demanding that they immediately stop ripping off our hard work.

Is publicly available documentation protected by intellectual property rights?

Since I'm not familiar with the subject I'm trying to understand the grounds for taking the legal action in this situation.


> Is publicly available documentation protected by intellectual property rights?

Yes, by copyright. Copyright is one of the most straightforward and easiest to enforce IP rights.


In general, you can't copyright a "working part". That's why there are 3rd party auto parts. That's pretty much true in the software area too, although Google and Oracle are over- litigating that issue.

The idea here probably isn't patentable. "Locate and unlock a car's doors remotely" is not exactly original.

Just rewording the docs is cheezy. The other party should have done a full rewrite.


> The idea here probably isn't patentable. "Locate and unlock a car's doors remotely" is not exactly original.

I don't want to be disrespectful and also don't want to condone somebody ripping off API docs. But if the whole product is nine pretty simple and straightforward RESTful API endpoints with OAuth2 integration(eg. [1]), then I have a hard time to understand why there are not hundreds of other companies doing the same thing. Where is the value here, is it the integration with car manufacturers?

[1] https://smartcar.com/docs/api#get-basic-vehicle-info


From a quick search, at least four apps for remote car unlocking are available. Not clear what makes this new one special.


Not on such a broad idea, but a specific implementation for accomplishing such a task is much more likely to be patentable, and would be very useful to protect against a copycat that is just purely copying.


Somebody at Otonomo used the Smarcar OAuth 2.0 documentation as a reference for their own documentation because it is pretty much the same (as it is for anyone who runs an OAuth 2.0 server).

To conclude from this that Otonomo is "illegally cloning [their] product" is misleading at best. The Smartcar CEO is obviously pissed that they have a direct competitor with more funding so he tries to smear them over some trivialities.


Every single instance of professional plagiarism that I’ve encountered in my working career has been techpubs/documentation. And that has been exponentially more common for outsourced documentation.

Even solid companies like Arista got bitten by their doc writers cloning Cisco documentation.

So while this sucks, the most likely explanation for the evidence presented is at that layer.


Just because they copied your idea doesn't mean they've won. Executing on that idea better than your competitors is how you ultimately win. It seems like you have a bit of a head start, so find a way to take advantage of that. Just don't forget that many companies with even deeper pockets have tried to knock off ideas before and have failed. Go execute better than them.


Playing the "our small team" card is a stretch for a startup that's raised $12m from two >$5B funds (a16z, NEA).

It's also a stretch to say their product was cloned. It looks like what was copied was just a pretty standard OAuth setup, which most developers cut-and-paste anyway. There's nothing core to the product or even having to do with cars here.


This is obviously terrible, inexcusable behavior...

However, I expected to see that SmartCar (which somehow is not a trademark violation against the BMW marque?) was a scrappy indie startup being violated by a company backed by serious institutional money.

TL;DR; Smartcar is backed by NEA and A16Z. (Crunchbase says they have raised $12mm, which would likely put them comfortably in the top 1% of companies by capital raised.) This is a spat between two well-funded and well-backed companies.

None of this is to excuse the behavior of the Israeli company, just recognizing that the violated company probably has access to more levers than most to fix this.


Looks like someone is looking to pull a Peter Thiel. He stole Palantirs primary product from a developer in Florida. The developer sued and won completely, with the court openly declaring that Palantir had stolen his technology lock, stock, and barrel. But... they had enough money that it didn't matter.


It doesn't look like they're complaining about copying the API itself, but rather the docs specifically.


Contact Delphi.


Look who the investors are, go to person's similar in the same niche.

Go for funding, your idea is already validates.


This almost scares me away from even trying to start a business - I have no idea how to compete if someone with more money tries to steal it. It seems the solutions are: 1. Do some accelerator to get connections and money. 2. Just do it and hope you don't get stomped.


I used to have these feelings as well.

I'm soon to be jumping into a crowded market as well. Many of my competitors have had VC funding and do billions per year.

It doesn't bother me in the slightest. I can be far more nimble than they can. Doesn't matter if they try and stomp me. A bigger company will always do something in their own interests and piss off a segment of their customer base which means they will move eventually.

Not only that, because I don't have VC funding. I can always have lower prices CapEx and move it OpEx instead. As long as I am much lower costs compared to being with the incumbents then it's a better prospect cost wise to my customers.

Finally, better customer service, features, ease of use, pricing and roi to the customer is what matters at the end of the day. If you simply have a much better product and able to generate and retain trust in your user base. You'll be alright.

My advice. Just start the business today. Whether or not you get stomped on is neither here or there. What matters most is the experience you'll get vs in 5 years time when you wish you had started and still scared!


I read the post, from the documentation I can tell it is a very standard oauth2 API will look like. Standard like OpenID connect has very specific on message and query format as well. Do you have more details about API which related to your product and they copied?


This is pretty weird, some of the things, like the fields related to auth, are just standard oauth data... Granted they providing a very similar service. Similar products, using similar technologies... I mean yeah, things are going to look similar.


Interesting legal point. Whether an api falls under copywrite is still under adjudication between oracle and google. Generally apis are fair game, although that might change.

Otherwise, if you published and they cloned, that's the way the game is played.


it seems that both companies started up at the same time both have raised tens of millions. the only direct copypasta i'm seeing is some oauth references (lame yes, but big deal without the backend code)

why does this post read like david vs goliath? i hate to be such a cynic but given those two facts this reads to me like a marketing piece

[0] https://venturebeat.com/2018/03/01/smartcar-raises-10-millio...


Can someone explain where the "illegal" part comes in? Copyright would probably cover the exact text, but it looks like they massaged it enough to not run afoul of copyright laws, so... which laws were broken?


What kind of tools are used to create API Docs like this?

I made a dev-focused SaaS and struggle to find a good way to document API's directly via the codebase, so that code changes can be reflected automatically in the docs.


I think the de facto standard for creating API docs based on code is to use https://swagger.io/


While we built ours in house using a few open source frameworks, we do highly recommend https://readme.io


For GraphQL I like graph2doc. I assume if you follow a different API spex exactly you've got many options that do exactly what this package does.


This is bad, but not quite as bad as it could be: they have tons of money and are ripe for the plucking due to their incredible stupidity at ripping you off in this blatant manner.

Lawyer up and take them to the cleaners.


Another company with a similar idea (although I am not aware of any API similarities): https://high-mobility.com/.


Welcome to the world of startups: I hope you developed some secret sauce!


The good news is your domain name is sooo much better than theirs


What would be a smart move for Otonomo now? Complicated perhaps... we are at Peak HN now, so there is a feeling to calm the storm immediately, but maybe there is an argument that things will die down and they have not broken the law (depending on the technicalities re gepoch’s comment), so doing nothing is prudent, though mean. My gut feeling is to put it right today though, maybe 1) give $1MM to Smartcar, 2) put a link to Smartcar’s site while the current document structure exists 3) redo the docs and try to make them better then Smartcar’s.


Man, plagerism is too bad. That's all I can say.


Slight tangent but can you “copyright” a REST API or UI? Sure, the endpoints and look can be copied but the secret is the implementation, no?


Is there a name and shame site ... other than HN ?


Looks like the link is down. Is there a mirror?



Check the competitors' website. /s


I would have found the article more damning had the author cited examples beyond standards-based protocols like OAuth


In this case hate the game and the players.


Serious question here: how does this compare to what Google did in the Oracle vs Google java api copyright case?


Google was openly copying an API for compatibility. Similar to how a toaster company may make their toaster support bread exactly the same size as a competitor does. The toaster company would advertise the compatibility, not hide it.

In this case this company is being accused or taking the API design as well as the supporting documentation. Not for compatibility reasons but to represent the design as their own.


Some may call it 'outsourcing'.


Inn't this the Java API Oracle/Sun/Google/Android case, only cast with different players?


Serious question: Is it actually illegal to knock off documentation? Is documentation protected by copyright?


Isn't it mostly standard OAuth workflow, Is there something proprietary in the docs themselves.


Same thing has happened to us more than once. I blame the founders for not seeing the scalable parts and running with them.

I'm tired of building things, getting knocked off and then having to say "welp didn't see that coming" because I totally did from miles away.

It takes good engineers and good founders. If one group are bozos who don't listen it doesn't work.


Even for my simple freelance projects I fork up the dough to make the repos private.


Serious question: how does this situation compare to the google vs oracle case ?


> We created a standard API for cars.

Does that not mean anyone else can use the API?


Meh.

APIs are not copyright-able. See the whole Google-vs-Oracle Java debacle.

You can try and go the bad-press route but there's not really much you can do. That's how the free market works, basically. Also, if an idea is good, it would have attracted competition sooner or later.


"is illegally cloning our product"

isn't it for the court to establish?


No. If I photocopy the Harry Potter books, change the name on the covers, and sell them as my own, that is obviously illegal. This is the same thing, and nobody needs to wait for the courts to say that it is illegal.


I am sorry. Maybe your Harry Potter example is "obvious", but the case in the blog post is not obvious to me at all. I don't see any verbatim copied documentation. "overall structure"? Hey, the overall structure of almost any api doc is pretty much the same. All I see is similar API, which is not copyrightable, and identical randomly generated identifiers - and it's not obvious to me that it constitutes copyright infringement.

Let's not do witch-hunting.


It's obviously not the same thing because the only parts that were verbatim copied are some property descriptions for the OAuth 2.0 protocol. Maybe 100 words or so. This whole thing was blown way out of proportion.


does this page ever load? I've tried like 5 or 6 times over the course of the last 9 hours and never been able to see what the hell that is all about even with a VPN


Yes, the page does load.

Try this mirror: https://outline.com/FfSCUm


Thank you, that works


Does this mean I can sell a car and then unlock (steal) it? :)


Keep going and look for ways to turn it to your advantage


I got stuck at "Developers can read our docs and use our API to locate or even unlock a car’s doors with just a few lines of code"


But you can understand the outrage: now two sets of developers can do this.

I'm still getting over the fact I upgraded the radio on my car back in 2010 with a USB stick and using the driver's side door to control the process. I think a well-documented API that shows exactly how my car is vulnerable is a step up.


I wish they identified Otonomo's IP address and served them a different (inaccurate) version of the product to copy instead.


That's capitalism, baby.


Suck it up and stop whining.


Could there possibly be reasonable explanation for this? With big name investors involved it's likely that respectable and legitimate reporters wouldn't be interested in digging up the truth.


That seems totally backwards to me. Did you mean "unlikely"? The higher profile the investors, the bigger the news story if something dodgy's happening.

In either case, how does that relate to the existence of a reasonable explanation?


You think they accidentally the whole docs?


Hard to think of a reasonable explanation for copying somebodys work and publishing it.


API usually have at least copyright protection, sometimes even license protection.

Although I am not a huge fan of many of their business practices, Oracle has been quite successful in defending API copyright violations.

https://searchoracle.techtarget.com/news/2240220840/Oracle-t...


At a certain startup i worked at, we decided to rip off some random strings from a competitors docs, solely to make them think we ripped them off. In truth, we started on the product at the same time of them and waited for them to launch first to use their press and marketing against them.


You blew it. By posting this article and getting to the top of Hackernews you may have alerted their attention and they may rapidly change everything to not seem like copyright infringement. Then you might have weak or no claims.


The C&D letter mentioned in the post probably already alerted them.


Nothing to blow. This is not illegal.

That's why they wrote it up as a blog post and are trying to garner PR from it.


So a postmortem basically.


Ah just the uplifting words op needed for the battle ahead.


"Expecting the world to be fair with us because we are fair, is like expecting the lion not to eat us because we didn't eat him" - Paul Graham

I am no Paul Graham, but I think you are wasting your time. Let's say you win the case next Tuesday and the judge miraculously orders them to shut shop. They dissapear on Thursday. Then what?

You still wake up next Friday with 99% of the problems (and opportunities) you had, before you "came across Otonomo’s publicly available API documentation" a few days ago.

If there's still a little voice inside your head that's sayin - Paul Graham didn't say that, you are missing the f*ing point. Start over.


> I am no Paul Graham, but I think you are wasting your time. Let's say you win the case next Tuesday and the judge miraculously orders them to shut shop.

The judge won't order them to “shut shop”, but to pay damages. Though it will obviously take longer than next Tuesday (but the real objective is to use the likelihood of a verdict and the harm on both sides to secure a pretrial settlement which either involves stopping and compensation or just more compensation that amounts to a buyout.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: