> Mgp25’s Instagram-API repository (and its forks) offers a tool expressly designed to circumvent the Company’s effective access controls and protection measures by avoiding, bypassing, removing, deactivating, or impairing the Company’s technological measures without the authority of the copyright owners or the Company. Mgp25’s Instagram-API is designed to emulate the official Instagram mobile app when communicating with Instagram’s servers, which allows users of mgp25’s Instagram-API to send and receive data (including receiving legitimate, copyrighted posts by Instagram’s users) through Instagram’s private API. Mgp25’s Instagram-API also permits other types of access to, and collection of, Instagram’s users’ copyrighted works in manners that exceed the scope of access and functionality that would be permitted by a user with a legitimate, authorized Instagram account.
Is this legally a legitimate reason for a DMCA request? That it's a tool that could be used to bypass copyright controls?
It's been a long time since I read it, but my understanding of the DMCA is that you need to claim an actual copyright violation on the thing being taken down. This sounds like a claim of contributory copyright infringement, which a) I don't remember being covered by DMCA, and b) there's a reasonable claim here for substantial non-infringing use, so I'm not sure contributory copyright infringement really applies.
This is about Section 1201, one of the most interesting parts of the DMCA, which is about banning circumvention devices. What is confusing me is that I am under the impression that the DMCA "takedown" process (which I know quite little about, to be fair) was unrelated to the anti-trafficking provisions (which I do stare at a lot), so I don't think this is a valid request (even if it were a valid lawsuit... though I frankly doubt that either as I don't think an "access token" can be considered an "effective TPM").
(I am not a lawyer, but I spend an unreasonable amount of my time staring at Section 1201 issues; if anyone needs legal advice they should contact a lawyer: nothing I say should possibly be construed as legal advice.)
From what I gathered:
The author was banned from service on Instagram, he or she kept getting banned/denied new accounts because they flagged the device's UUID... So the author then made the API to mask/modify the device UUID and try to regain access to the platform (presumably signing up elsewhere, then using that token through this API to maintain access on their phone).
The author admitted to this in the readme of the repo.
Sounds 100% like the API was designed to try and bypass access control mechanisms...
Not sure if that falls under the legal definition or not.
According to the 2nd sentence on Wikipedia, which describes DCMA:
> [DCMA] criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works (commonly known as digital rights management or DRM). It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself.
While I initially thought (like many others on here) that DCMA was to keep you from spreading copyright content or passing it off as your own, the true purpose of DCMA is actually to criminalize the act of circumventing DRM. Access control on a social network I guess is considered a type of DRM for the content within the network (which, lest we not forget, is wholly owned by Instagram as soon as you post it). It specifically states that circumventing access control is a violation, regardless of whether any copyright was actually infringed upon.
So from my keyboard lawyer perspective, it seems like Instagram is actually within their rights here.
The point of the parent comment is not that the DMCA doesn't cover anti-circumvention, but rather than the DMCA contains many parts, and only the copyright content part has a safe Harbor and takedown notice provision.
The claim you're arguing against isn't that the DMCA doesn't cover this. The claim is that the DMCA takedown process doesn't apply to all infringements of the DMCA, only those of copyright wrt safe harbor.
Could one make the case that this client library enabled interoperability, since it allows one to use Instagram services on a previously unsupported device (e.g. a computer)?
It's not first case, Popcorn Times was taken down from Github because it "is designed to allow an unlimited number of users to fulfill the unlawful purpose".
That's... not what the DMCA anti-circumvention clause means. At all. The anti-circumvention clause of the DMCA does not deal with the kind of technological measures they're talking about. It only forbids circumvention of technological measures that SPECIFICALLY protect copyrighted material. Not general access controls, not access throttling or user roles or anything general like that. It doesn't even protect against things like circumventing things and convincing Instagrams servers to send copyrighted data. It's meant to protect things like the CSS encoding/encryption on DVDs. It has been used (in RealNetworks v. Streambox, one of the first if not the first lawsuit involving the DMCA right after its passage) to prevent recording streamed content and a single totally undocumented bit ended up being ruled as an adequate 'protection mechanism' when 'circumvention' boiled down to "we didn't know what that bit did because no one would tell us, so we just ignored it". But that was specifically a transfer encoding of the content itself, it didn't have to do with user account control or anything. Courts are very displeased when companies try to use copyright law or the DMCA to facilitate other business goals - like protecting their ability to collect analytics, etc. It's obviously not copyright infringement to get images from Instagram, that's literally what it exists for you to do! Copyright protects copying. And absolutely nothing else.
>offers a tool expressly designed to circumvent the Company’s effective access controls
Effective access controls? I think, when someone produces a tool that can access the API despite not having valid keys, you forfeit the right to call the access controls "effective".
We considered using this client a year or so ago, due to Instagram/Facebook's reluctance to provide an API for Instagram Direct Messages, but eventually decided against it given some horror stories about ban sticks and them possibly shutting off access to the API some day.
Guess that day is here.
Seriously though, we've been waiting years for an Instagram DM API. Anyone know why they haven't yet released one?
Microsoft is running Github Legal now. It's on them. They happen to have a very long experience in shutting down third party access to unofficial APIs. (There was a lot of drama around this in the 80s, in the MS-DOS and Lotus 1-2-3 times.)
That’s not really how it works. If you claim DMCA protection, and you receive a DMCA request, you have to take the content down. GitHub/Microsoft doesn’t adjudicate the validity of the takedown request. The takedown can be appealed, but the burden falls on the person who’s content was taken down.
Whoops, I read the person I was responding to as saying "it has gotten worse now", not that they just realize it now. Didn't mean to shame someone for not knowing something!
IANAL. I'm also assuming this was an HTTP client library.
How could this possibly be a violation of copyright, if it's just a client that accesses their API? Their API is not truly "private," just undocumented. If you distribute a free app that calls a remote API over users' networks, you can't make the case that it's private, because it's clearly accessible from every network/connection/device. Something exposed to the public cannot simultaneously be private.
At least, maybe the author's lawyer could argue the above in court.
Among many things I hate about the DMCA, it's that hosts have basically no option other than to respond to takedown requests by actually taking down the content in question, for fear of litigation. It just rubs me the wrong way.
>Among many things I hate about the DMCA, it's that hosts have basically no option other than to respond to takedown requests by actually taking down the content in question, for fear of litigation.
That's the entire point. A DMCA takedown request is supposed to lead to the content being taken down. The person who uploaded it can send a counternotice, which will lead to the content being put back up if no lawsuit is filed.
What would you change about the system? Should rights owners have no recourse short of litigation to get their content taken down?
There currently is no penalty for sending bogus DMCA requests, and as such it encourages content owners of just sending gazillions of (unjustified) takedown requests.
>(f)Misrepresentations.—Any person who knowingly materially misrepresents under this section—
(1)that material or activity is infringing, or
(2)that material or activity was removed or disabled by mistake or misidentification,
shall be liable for any damages, including costs and attorneys’ fees, incurred by the alleged infringer, by any copyright owner or copyright owner’s authorized licensee, or by a service provider, who is injured by such misrepresentation, as the result of the service provider relying upon such misrepresentation in removing or disabling access to the material or activity claimed to be infringing, or in replacing the removed material or ceasing to disable access to it.
That is toothless in preventing corps (with money) from abusing individuals (who don't have the money to start litigation). Also, from what I hear, many implementations of DMCA do not give the individual enough information to take action against false claims.
>That is toothless in preventing corps (with money) from abusing individuals (who don't have the money to start litigation).
This is a problem with unequal access to the legal system, not with the law.
>Also, from what I hear, many implementations of DMCA do not give the individual enough information to take action against false claims.
It's pretty simple to get the actual information in a lawsuit. Subpoena the service provider for the complete notice sent.
In most cases a lawsuit isn't needed. If you receive a false complaint and file a counternotice, the content gets restored 10-14 days later if there's no lawsuit filed.
> In most cases a lawsuit isn't needed. If you receive a false complaint and file a counternotice, the content gets restored 10-14 days later if there's no lawsuit filed.
Yes indeed, this is exactly what is happening: they get off the hook, and they can keep filing false claims as much as they want because taking action against them is too hard. Hence, toothless. No consequence for sending false claims, the only people who suffer are those who get their stuff unjustly taken down for two weeks.
It'd be a little more equal if, upon receiving a counternotice, all the original claimant's claims would be instantly put on hold for 10-14 days (and then dropped) unless they file a suit.
The reason why a counternotice allows it to be put back up is because filing one requires you to swear to noninfringement and accept jurisdiction.
If you're not willing to do that, and the claimant is willing to swear to infringement, why should we give you the benefit of the doubt simply because someone else said the claimant was wrong in an unrelated case?
The reason why you should give people the benefit of the doubt is because otherwise the system is horrendously unfair and unbalanced in that 1) those who file false claims have nothing to lose (because the likelihood that they get dragged into court is virtually nil, and in most cases even dragging them to court would most likely lose you more time=money than you can hope to claim in damages) 2) those who have their content unjustly taken down keep losing over and over again.
If it's word against word, then yes both sides' word should have equal weight and consequence. Currently, that is not the case.
>If it's word against word, then yes both sides' word should have equal weight and consequence. Currently, that is not the case.
I'm not sure what you mean here. In that scenario, a DMCA notice was sent and a counternotice was sent. The content gets put back up after 14 days. This seems acceptable to me, and doesn't favor one side disproportionately. Either side can choose to go to court, but if they choose not to, the content is put back up after a delay.
I agree that there's a problem with people filing false claims. But I don't see how a law could improve that.
>This is a problem with unequal access to the legal system, not with the law.
The legal system didn't magically become the way it is recently or suddenly. When the law was created, the legislators knew that there would be unequal access to the law. They did it anyway.
>In most cases a lawsuit isn't needed. If you receive a false complaint and file a counternotice, the content gets restored 10-14 days later if there's no lawsuit filed.
And your content is taken down for 14 days with no reasonable recourse for you.
>And your content is taken down for 14 days with no reasonable recourse for you.
This is a very small harm comparatively, in my view an acceptable loss in order to establish the overall framework. The alternative is not having any way to remove content short of a lawsuit, which would lead to significantly more lawsuits that's more expensive for everyone, and hurt smaller content owners that can't afford a lawsuit.
Regardless of what the law is, people prepared to spend money on lawsuits will do better. But the direct impact of the law is moving most disputes outside of the legal system, which has the effect of making it more equal, not less. It's weird to blame the law for the few parts that do require lawsuits, when the alternative is many more suits.
Right, I have never seen this used against any major corporation ever.
This "rule" was also approved and jammed through by the same lobbyists that protect DMCA abusers. It's all smoke and mirrors to trick people into thinking "oh no it's covered see here's the fine print they would never do that"
>Take down 3 obviously (probably decided by a judge) non-infringing things and you lose the ability to send takedowns.
Once it reaches this point, the service provider would likely stop accepting the notices anyway. See e.g. the recent lawsuit by Youtube against Brady, who sent a bunch of bogus notices. Once they realized that, they stopped accepting the notices.
There's hardly a critical mass of takedowns by people who've been found 3 times by a judge to have sent fraudulent takedowns.
> There's hardly a critical mass of takedowns by people who've been found 3 times by a judge to have sent fraudulent takedowns.
Because those rarely go in front of a judge. Torrentfreak [0] gets many takedown notices where for example their reporting on a leak gets targeted with a DMCA request. If those companies had to fear someone challenging these (in this example an easy win) and making them lose their ability to send them out at all, that would change a lot.
> In previous years we’ve received erroneous complaints from the likes of Amazon, Electronic Arts, Disney, Entertainment One, Vertigo Films, Magnolia Pictures, NBCUniversal, Paramount, and even BBC Worldwide. This year we can add more.
> According to Google’s Transparency Report, in 2019 Google received a further 11 DMCA takedown notices targeting our domain, sent on behalf of Columbia Pictures, Sony Pictures, and sundry others. All of them were completely bogus.
> If those companies had to fear someone challenging these (in this example an easy win) and making them lose their ability to send them out at all, that would change a lot.
Why hasn't torrentfreak sued? Presumably because it's not an easy win and doesn't produce real benefits for them. I'm struggling to see how any of that would change under your proposal.
For what it's worth, judges have occasionally issued injunctions preventing people from filing claims, under the DMCA and otherwise. See e.g.
https://www.courtlistener.com/docket/16599762/home-it-inc-v-... ("ORDERED that the Defendant Wupin Wen, no later than eighteen (18) hours after service of this Order on her via email to trademark@cn-ip.cn, trynow@cn-ip.cn, and bzkjuk@126.com:
a. Notify Amazon that the trademark owner’s allegations of infringement against
HOMEIT are withdrawn and that Amazon should re-list the involved products
to its website as soon as possible; and
b. Refrain from filing or otherwise communicating any allegations of
infringement by HOMEIT to any third party, at minimum, for the duration of
the instant litigation relative to Saganizer branded products." docket 21
https://www.courtlistener.com/docket/4160397/design-furnishi... (older case from 2010), "Defendant is therefore enjoined from notifying eBay that
defendant has copyrights in the wicker patio furniture offered for sale by plaintiff and that plaintiff’s sales violate those copyrights. " docket 29
https://www.courtlistener.com/docket/16630192/california-bea... "THEREFORE, DU AND ALL PERSONS IN ACTIVE CONCERT OR PARTICIPATION WITH DU,
ARE TEMPORARILY RESTRAINED from taking down, based on any alleged copyright infringement,
from Facebook and Instagram, or any other service provider’s website, CBC’s online content or
product line. Du is temporarily not permitted to file any further takedown notices with Facebook,
Instagram, or any other service provider’s website as to CBC’s online content or product line.
Any current and operative takedown notices in effect that were filed by Du as to CBC are
restrained, and are to be disregarded by the online service provider. Accordingly, and specifically,
Facebook (Report #2576187715997707) and Instagram (Report #1407615876061304) are directed
to disregard Du’s takedown notice and to reinstate CBC’s online content during the period of this
Order. " docket 22
> Why hasn't torrentfreak sued? Presumably because it's not an easy win and doesn't produce real benefits for them. I'm struggling to see how any of that would change under your proposal.
a) I’m not sure they can even sue currently, isn’t the only thing illegal misrepresenting that you have the right you claim?
b) Even if they could, as you say, no real benefit
c) The change would mean that just the threat of getting sued for malicious DMCA notices would make the companies sending them better at actually having a case. Currently, there is no risk at all shooting with cluster bombs when sending notices. Barely any risk using DMCA to prevent speech. That is what my proposal would take away.
Reminds me of a case with Second Life. Someone went to DMCA virtual horse food and the horses would die, so the company got an injunction not allowing Linden Lab to process those DMCA's while it was ligated.
Seems like virtual worlds dealing with the DMCA is complicated, and even if you restore it due to a counter notice process seems like things can break due it... Then I know I was reading before some companies just delete things instead of disabling the content, so they can't even restore it.
Maybe you have an object that includes a item bought from the marketplace and linked it(for people not familiar with SL, sorta like gluing or grouping multiple 3D objects together to become one larger 3D object) to your item, wonder if they just remove the entire object even if 1 part was covered by the DMCA? and then modifying objects, etc probably changes the signature used to detect it... And I know people have used DMCA to troll and mess with competitors businesses. and not sure if the DMCA even allows you to verify people are who they say they are when submitting them, someone could use TOR and say they are the content owner even if they aren't from my understanding... I think they should require a Photo ID and picture of themselves to process a DMCA, but It's probably illegal to ask? You need a Photo ID to do almost anything else though.
I know the though the DMCA was made back in the early days of the internet where people ran their own servers before massive sites with user generated content, seems like it needs reformed.
Wow. A bit of a digression here but it appears they actually consider email a valid avenue of legal service? That blows my mind. I don’t even check my work email every 18 hours, and I haven’t looked through my home email in 3 or 4 years except to find specific messages I knew were coming.
Different courts have ruled differently on that issue. Note that it's mainly applicable to foreign defendants, and you'd have to show that you can't serve them through other channels.
DMCA doesn't require them to take it down. It just removes their safe harbor from liability if they don't. If YouTube is confident that a notice is BS, they can just ignore it.
I would be highly surprised if that's the way it worked at youtube because that's not the way it works in other players:
There's an takedown API/dashboard access to which is given to large content producers ( networks, large studios, transmitters, broadcasters, rights holders ). It is them who triggers the takedown action and selects the "reason"
which triggers an automated action by the platform. Most of the "content had been taken down by mistake" comes not from internal system but rather from other parties having access to the takedown API.
That's separate. It's called content ID. But the case I mentioned above was by someone who did not have access to content ID and was just submitting fraudulent DMCA notices.
Keep in mind that if a judge has to get involved, it would take a long time for the penalties to actually take effect. The idea of increasing penalties is a good one, but the lowest level needs to be an order of magnitude more significant, and ditto for the subsequent steps.
Ya, especially on GitHub, GitHub always puts the repository back up once they review the counter-notice. The people that sent the original DMCA must show proof they are pursuing a lawsuit to get it taken back down.
The DCMA has an "anti-circumvention" provision. This means that tools that can be used to "steal" copyright works can be subject to a DCMA takedown notice.
Instagram is asserting that this software is such a tool.
"The complaint claims that the tool 'Instagram-API' allows unauthorized access to Instagram users' posts, which the company says are copyrighted works to which it grants protected access."
I really wonder why is a web browser and "save image" or "save web page" or even OS screenshotting function not the the tool to "steal copyrighted work"? How is a programming interface that is harder to use any worse? If it's about "speed of gathering" large amount of data, how are tools like selenium any different?
The only difference is in the tool intent, but all of them can be used for exactly the same purpose, some of them more easily than the others.
I suspect that you can thank the 1984 Landmark Case of Universal Studios vs. Sony Corporation of America for your freedom to screenshot and save images through the web browser.
Back in the 80s, Sony made a video player that ran Betamax tapes. You might remember the HDVD vs BluRay wars of a decade ago when both formats were battling for dominance to become the new standard for playing HD movies on disc. Well, before that was the VHS vs Betamax wars. During these battles, Sony was trying to make Betamax the new standard for home movies. They wanted to distinguish themselves from VHS in some way and they ended up distinguishing themselves with an amazing and unheard of feature (for the time), you could not only watch movies with Betamax tapes, but you could RECORD movies to watch later. You could record anything on TV, in order to watch it later. This is 20+ years before DVRs, 30 years before streaming services. It was a crazy idea.
But Universal Studios didn't like the idea that someone could record a show on TV and watch it later, or watch it however many times they wanted. Someone could theoretically even sell that Betamax tape to someone else. So Universal Studios sued Sony over this invention. Universal Studios claimed it violated copyright. Sony claimed it was protected under the "fair use" clause for copyright.
The lawsuit ended up tipping in Sony's favor, but only barely. One of the most popular kids shows at the time was "Mr. Roger's Neighborhood". The supreme court heard from Mr. Roger's himself who testified that he was ok with people recording his show because it allowed them to be with their family and not controlled by the schedules dictated by the television studios. He said he was against the studios controlling people's schedule. The supreme court ultimately mentioned that this testimony is what tipped the case into Sony's favor.
But it didn't just tip in Sony's favor. This landmark case is what opened the door for all recording media in the future. The Betamax eventually died, but the VHS later made the same features available. Radios and boomboxes in the 90s had a recording feature added. DVRs came about in the early 2000's to record TV to harddrives. Then computers had screenshotting, and web browsers likely got "save image as" because of the precedent set by this landmark case.
Where the DCMA differs is that it protects tools built with direct intent to circumvent a specific copyrighted content. So the linked tool for example is a script built specifically to circumvent Instragram's access control. It doesn't circumvent anyone else's access control, and its primary purpose for existing was to gain access into Instagram. So I think Instagram can make a reasonable case to go after this tool.
However, going after a general tool like screenshotting would go nowhere, because it is considered a general good. It provides value that far surpasses the damage Instagram can claim from it.
Again, we can probably thank Mr. Rogers. Without him, recording might not be something we could take for granted today.
What if such an open APIs cause a loss to the business, is it still legal? Coz then intent can be thought of as a bad one?
Edit: people are assuming too much about my intent of this question and downvoting, I was just curious, moreover a good answer to this will make the case stronger against Instagram/Fb.
> After legal measures, Facebook, WhatsApp and Instagram blocked my accounts. In order to use Instagram on my phone I needed a new phone, as they banned my UDID, so that is basically why I made this API.
If you fork git repos, make sure to pull them down, if the official repo is taken down, your forks will disappear unless you have a copy.
Here's a script I made to backup all your repos, throw it into a cron and run once a month or something, where 20 is the largest number of pages you have, adjust accordingly. I actually wrote this up when a fork I had disappeared.
#!/bin/bash
USERNAME='segmond'
for i in `seq 1 20`;
do
curl --fail -s https://api.github.com/users/$USERNAME/repos?page=$i | jq '.[] | .clone_url' | xargs -t -n1 git clone
sleep 1
done
There is also a big difference between clicking `fork` on github vs cloning and creating a new repository (on github) and then changing the remote URL and pushing.
The latter isn't "github fork" even if it is a "git fork" and won't be affected by most[1] automated takedowns.
1> where most is defined as somewhere between 0 and 100%
What's the difference between scraping while circumventing anti-scraping measures, which certain circuits have upheld as being legal, and what this unofficial API client did?
This is an honest question, and not a rhetorical one.
That was my first thought upon seeing this post. Given the LinkedIn scraping decision earlier this week, i would think that this one should be in the clear.
Scraping is getting data, which are publicly available. Using API is a) getting data behind login, which I am not sure if is covered by LinkedIn lawsuit, and also b) posting data to the app: likes, comments and so on.
Question, is there any way to design an API such that it can't just be reversed into a new client library like this? Certificate pinning makes it harder to MITM but that's trivial to disable.
theoretically no, but snapchat do a damn fine job of locking accounts that use iphone tweaks. it's not perfect but they seem to create enough FUD that people are wary to use them.
"This is a PHP library which emulates Instagram's Private API. This library is packed full with almost all the features from the Instagram Android App. This includes media uploads, direct messaging, stories and more."
“API” is a weird term to use in this context as it’s not actually an API server or anything like that. This is just an HTTP client for Instagram’s mobile app API.
Now facebook developers' app approval is so hard. I submit 6 times to review and every time reviewer point a mistake. I'm building for a tool that sets up a third party API gateway for your 3rd party applications APIs. https://nocodeapi.com
Since you're advertising your product in a thread about Instagram, I thought your product would work with Instagram, but trying it I get "Insufficient developer role". Not sure if it's a bug or just not implemented yet.
I don't know the details of the code, so I'm left with questions.
Is the only difference between using this library and using Instagram's mobile app the fact that the library is not the "right" web browser?
Isn't the library simply a different web client accessing a publicly available API? And requests from the library are properly authenticated / authorized by Instagram's servers through normal means (the library isn't bypassing some mechanism, it's just not the official app)?
If it's true that it's just a different API client, then there may be some TOS violation, but isn't DMCA an overreach? Is there any validity to the claim?
A TOS violation is an unauthorised access which is a federal crime. See, for example, the case of Aaron Swartz. Using the DMCA seems preferable. Changing these laws would be better still.
I know it's been interpreted as that under the CFAA, but I know there was a recent case regrading scraping so sounds like that that interpretation isn't true anymore. There was an debate between lawyers saying that sharing passwords for streaming services like Netflix, HULU, Spotify, etc with family could be seen as a federal crime too in theory if companies wanted to push it under that law but no actual lawsuits as far as I know.
So if I put "If you visit the website, you owe me 5 USD" in my Terms of Service, I can have them arrested? Something feels very fishy here, has to be more conditions than just "TOS violation === federal crime"
I think with how DMCA works, Github doesn't have to (or need to) rule one way or another. Someone sends a notice and it is taken down swiftly. If the owner thinks this was in bad faith or a mistake, they can challenge it but if you are not absolutely sure that you can win such a claim you better talk to a lawyer first.
Owner needs to send a counter-notice. Github will have to restore it. FB will be forced to take owner to court but the repo will stay up until court decides
Easy to say. But I'd be hesitant to invite a lawsuit from a company with infinite money, a predatory attitude to their users, and a proven willingness to spend arbitrary sums of money to maintain their quasi-monopoly.
Possibly. Though based on having friends who had DMCA used against them and fought it, a counter-notice immediately put the brakes on large companies.
The reason for that is simple: DMCA takedowns in large companies are handled by someone who at best is a year out of law school who processes hundreds of them per day. 99.99% of those go unchallenged because no one knows about the process. As soon as the counter-notice is served this person/entity indicates that they aren't the 99.99%, at which point someone actually starts looking at their play book. It will be another round of notice/counter notice game before someone that bills $400/h looks at the merit of a company's assertion. In the larger companies the cooler hands tend to prevail in non-obvious cases.
It is an important enough case that someone with money will probably help out. Of course, they might not, and then you're screwed.
My understanding is that Google bought YouTube mostly to avoid an underfunded YouTube in legal trouble having a bad precedent set.
If Facebook thought they could win against Google or Apple, they would have sent DMCA letters to Google and Apple for making web browsers and phone emulators with "developer tools" built in. But they know they'd lose, so they went after some random person on the Internet with no money.
Someone has to stand up to them at some point and we should support them when they do.
The fact that they're willing to just throw tons of money at lawyers to be wrong and infringe on everyone else's rights is exactly the reason we should make them take us to court on principle.
Yes. I could publish the source code of, say, my access control system, along with instructions on how it could be bypassed, but yet if you use those instructions to bypass it, that is a violation of the DMCA.
Exactly. All they did was remove an open source repository. It's still trivial to access their services in a way that they admit is harmful to their customers' privacy. As a bonus, now it's on the front page of Hacker News.
It's almost as if they're making the same error as OP who identified the library as "an API" rather than a client of an insecure API implemented by Instagram. Presumably they know better.
Perfect is the enemy of good. And we don’t know what work they’re doing on the engineering side.
What if it turns out they detected this code was run by other people and responsible for 50% of the unauthorized access? Just because it doesn’t entirely solve the problem, does not mean they shouldn’t pursue all partial tactics.
I've been using the API for a personal project, and it doesn't let you access anything that you couldn't access in the app. It was just an API you could use instead of scraping the site.
That mention in the readme from 2016 mentions a UUID banned from Whatsapp, so I'm not sure if that's what the author meant or just something copied from another readme. Either way, if Instagram was banning UUIDs it would be as trivial as getting another phone to bypass it, or to log in via a web browser.
Where? Pretty much anyone will honor a DMCA takedown. There might be some grey area where some hosts will be better at identifying an invalid/bad-faith one, but this one appears to be valid.
Your own webserver that's hosted by a hosting company? Most of the have very well oiled workflows for responding to DMCA violations. If you run your own server they'll go to your ISP.
Maybe not 100% identical to the DMCA takedown requests but there are systems in place to deal with these kinds of issues. If your hoster / ISP receives a bunch of these notices they'll probably reconsider hosting your content.
Valid point. Bill C-11 certainly made a mess of the situation in Canada. That said, there are plenty of other international jurisdictions where a server or VPS could be used to host this kind of content, so I think the fundamental point still remains: Yes, hosting content on a large US-based provider like GitHub means your content is available at their discretion. Hosting the content yourself gives you a much greater degree of freedom to control the availability of that content.
Which is why I never rely solely on commercial cloud services like this for hosting my content.
GitHub waits fourteen days for the complainant to respond to your counter-notice before putting your repo back up, from experience :/
In addition, they won't even give you any info they hold on the complainant other than that explicitly included in the notice itself, claiming 'data protection' (some troll hit a bunch of my repositories with fraudulent takedowns in two waves, meaning it took about a month before they were all restored)
The core allegation is:
> Mgp25’s Instagram-API repository (and its forks) offers a tool expressly designed to circumvent the Company’s effective access controls and protection measures by avoiding, bypassing, removing, deactivating, or impairing the Company’s technological measures without the authority of the copyright owners or the Company. Mgp25’s Instagram-API is designed to emulate the official Instagram mobile app when communicating with Instagram’s servers, which allows users of mgp25’s Instagram-API to send and receive data (including receiving legitimate, copyrighted posts by Instagram’s users) through Instagram’s private API. Mgp25’s Instagram-API also permits other types of access to, and collection of, Instagram’s users’ copyrighted works in manners that exceed the scope of access and functionality that would be permitted by a user with a legitimate, authorized Instagram account.