Sending legal threats to individual contributors to open source projects is extremely poor form, and reflects badly on both the company that sent them, and the lawyers or law firms who helped them do so. From the perspective of the open-source software development community, this will be perceived as both an attack and a breach of ethics, and the reputation cost is likely to affect WhatsApp's ability to hire and retain developers in the future.
The answer to both questions is yes. The talent pool and cost of developer talent is significantly impacted by a company's reputation, including it's activities in the free/open source arena. Also, your question include a false presumption in "buy the talent it needs", every software company seeks to optimize talent/cost, it doesn't simply have a binary "needed quota filled." Perhaps it doesn't affect it enough yet for them to rationally stop their nasty behaviour, and that is a better question.
I was recently looking at finance job ads for programmers and the one thing that set the ads apart from 100% of the ads from the companies we all read about here was that they didn't say "competitive salary." They said, "extremely high salary."
I noticed that too. I won't say I'm oblivious to the possibility of a much earlier retirement, but leaving my current job, one I really love, will take more than just that.
Sure, but you could do finance for a short time and then go back to riskier startups, which is the thing I was trying to illustrate with my comment: finance companies appear to be much, much more confident in their viability, or at least are willing to demonstrate their confidence in having a future.
Absolutely. I have categorically declined all recruitment e-mails from Comcast. There's no way I would work for them unless I was starving. I hope the rest of you feel the same...
Speaking of Oracle - I bet they have no problem to hire people. But reputation affects what kind of developers you get. I believe this might affect company's destiny.
That article says the NSA is a bit worried about recruitment problems, but hasn't seen any yet. It also says that increasing salaries at SV companies is a far greater challenge in recruiting than reputation.
That's because they know the backbone of their organization is training people NOT to talk about what they are actually doing, nor the implications of those actions.
Hm? It's easy to make a meaningful argument without raw data. You just extrapolate from what you know.
I know that I have had the opportunity to apply to work at the NSA. When I was looking for job opportunities after college I perused lists of government jobs, including positions at the NSA. I know that today, I would not apply to work there. I'm one person, but I know many engineers of a similar mindset and read about many more, so I assume it's a trend. I definitely don't know what rate of potential applicants conform to this mindset, but I know some do (me, the people I know like me, and voices I've heard on the internet).
Therefore, I can meaningfully argue that they would have a harder time hiring. Of course I might be wrong but that's what you get when you operate with incomplete data.
Just to play the devil's advocate, one might just as easily argue that the self-selecting of you and your like-minded peers actually made the NSA's recruiting tasks easier. If you have some moral / ethical / rational belief systems that are inherently incompatible with their organizational DNA, a perfectly efficient recruiting machine would have sorted you into the "NO" pile anyway. Likewise, people more well-suited (for the sake of making ourselves feel better, we'll call them morally challenged) - might now be more inclined to sort themselves "in." So, they might have merely saved themselves some additional interview analysis and (assuming a less than perfect screening process) perhaps even prevented another Snowden Affair.
To be clear, I am not asserting that any of this is true, but I suspect that my unfounded speculation using incomplete data is no less reasonable than yours.
Many of us have always had that mindset about the NSA.
However, it takes a special type of odd personality to work there (doing amazingly cool stuff but not being able to talk about lots of it). The personalities that fit there well don't fit elsewhere very well.
> The personalities that fit there well don't fit elsewhere very well.
Source?
I think NSA employs over 30k people. You're going to make a baseless claim that they all share one common personality trait, making them a poor fit for any other possible place of employ, in the whole world?
We know, for a fact, that the vast majority of NSA employees are willing to subject themselves to enhanced scrutiny (limited travel), behavioral controls (they will discuss your porn and online accounts), and submission to a fairly arbitrary set of rules (such as polygraph tests) that have no proven connection toward their job or efficacy.
Okay, so, we HAVE demonstrated that NSA employees do share at least one common personality trait that is reasonably unusual in the general population.
Perhaps I was being a bit overzealous and should provide a bit of exception. People who stay with the NSA for very long don't fit elsewhere very well.
Now, this probably doesn't apply to those who don't have security clearances. But then, you're basically claiming that the NSA is just like a standard employer--and that's not normally what people think of when they think of "working for the NSA".
If you develop a web service and make it accessible from the public internet, what restrictions should you be allowed to place on its usage? And what should the consequences be for individuals trying to bypass those restrictions?
I agree if you mean "whatever [technical] restrictions you want".
However, providing the tools that allow instituting legal restrictions is a big can of worms; property rights just don't apply cleanly to client/server communications.
I agree that legal restrictions carry little to no weight in the technical world (I'm not arguing if they should or not, just if the do).
The solution is to require API accounts, which you can then monitor and terminate with prejudice. Tie the account to something unique-ish, or difficult to constantly cycle (SMS? check provider, deny if Google Voice, Twilio, has to be a physical carrier if we're talking messaging client).
They don't apply cleanly to real property either which is why people who own property have 'people with guns' (gov't technical solution) to resolve any disputes about who's property it is.
Similarly when someone uses a server in a way you don't like you send 'people with guns' to resolve any disputes, because in this case lawyers are believed to be cheaper than changing the server.
This isn't about the ideals of law and power, it's about getting people to stop doing things you don't like, apparently WhatsApp chose a reasonably effective strategy.
In this case they do. When you access my API, you're accessing my server, my property. If I have decided that I do not want you accessing that, it's no different than if I have decided I do not want you on my land.
Not everything is special simply because it's digital.
In a hypothetical world in which SaaS has taken over the market, and 3rd-party clients are forbidden by virtue of license agreements, interoperability becomes impossible.
Imagine if Windows Server had been SaaS; Samba would never exist, Mac OS X and Linux couldn't operate in a Windows environment.
Where property law falls down is when we consider what it is you're selling -- access to a service, or a fully controlled end-to-end service agreement where you assert control over both the client and server.
If it's the latter, does this create a healthy market, or does it create something that could never exist before: the ability to create a "natural monopoly" on an individual customer level. That is, once people are invested in your platform, the cost to compete for that person is so high that it creates a nearly unassailable barrier to entry?
Pre-SaaS, if someone wanted to compete with Microsoft Office, they could invest the effort supporting the Office file format to ease customer transition.
Post-SaaS, if Google Docs, Office 365, et al disallow data/API access to third-party clients, supporting your competitors' existing customers becomes impossible.
It depends on why you've decided. If it's by some predetermined rule that applies the same to everybody, it's probably OK. If it's something like "I didn't like that comment supporting same sex marriage you posted on my blog" maybe not. At what point are APIs considered public accommodations?
I agree. Instead of sending demand letters directly to the open-source developers, wouldn't it be more efficient (and more compliant with the DMCA) to send the demand letter to Github? If the developers are truly at fault, they will have breached the Github terms of service and Github will have a cause of action against the developers.
I think most people realize that this is not an attack on any kind of open source community or a breach of ethics. Further, the unethical ones are those that worked on the project, knowing that it was not their api.
While legally the senders of the C&D letters are right, doing that might be an unwise move. Curbing your developer community in a hostile way may be a mistake in a longer term.
In a longer term, open solutions prevail. OTOH it might be not the moment yet for WhatsApp. Compare the stance of Microsoft in 2005 and 2015.
Interesting observation: out of the 105 comments in this HN thread, none mention the company that owns whatsapp: facebook. Is whatsapp still a separate entity? Aren't whatsapp laywers facebook lawyers? just asking as I'm curious to know.
In related news: "Facebook drops hint about MAJOR changes to WhatsApp – and you are NOT going to like it" [1]
From what (admittedly little) I know, WhatsApp still operates as an autonomous entity beside Facebook. Kinda similar to Oculus and Facebook or YouTube and Google.
Facebook spent billions buying WhatsApp. There is no way they are operating autonomously. Same goes for Oculus, and the same most definitely goes for YouTube.
I'm curious about the legality of this. Someone wrote that it was an "unauthorized" PHP API which was a client to the Whatsapp service. You don't need authorization to write a client to someone else's API, do you? They own neither the API, nor the right to build clients to it, right?
A second question is: so you have the right to build a client. Do you actually have the right to run that client against their service? Is that "unauthorized access"? It makes sense that you can control who accesses your computer system; controlling how they do it seems murkier to me.
It really, really doesn't matter. WhatsApp has the money to manipulate the law however they want. Small-time developers do not. I came up as an engineer in the bot development industry (for online games), and the history of the industry proves this. Historically, game companies like Blizzard[1][2] and Jagex[3] have managed to win multi-million dollar lawsuits against small bot developers, citing intellectual property laws; even though the defendants only ever created custom clients or injected code into clients with the permission of the players using them.
If gaming companies are able to use such absurd interpretations of IP law to win $7 million judgments against people who modify clients in-memory on end-user machines, then I'm sure a company with the capital of WhatsApp can destroy any open source developer that they want to.
I haven't read your links or spent time researching but is this really the same thing?
Seems like game companies can argue (and IMO be correct) that bots are damaging to the game and community. Technically you're "just" injecting code into their software to make it operate differently but they typically have a EULA to prevent this.
> You don't need authorization to write a client to someone else's API, do you?
If the owner says "don't do that" and you do it anyway, even if there are no technical limitations, you are committing a crime in the eyes of federal law.
Even if they don't tell you no and you just start poking around and accessing random (or guessed) API fields, it's still a federal crime since you "circumvented" their exposed interface.
> It makes sense that you can control who accesses your computer system; controlling how they do it seems murkier to me.
"How" can be difficult in a web context (browser vs. crawler), but in other contexts such as a mobile-only app with a proprietary API, they can say you're "hacking" their system if you access their system without directly interacting with their app (again, even if there are no technical limitations). Basically, just do this: http://static4.businessinsider.com/image/54db994569bedd6e65f...
I think you and many people are overcomplicating this subtopic into the legal context of receiving C&D, etc letters.
Their service is their software. They have control over it. If they wish to impose technical limitations to how it may be accessed and by whom, that is entirely their prerogative. Nothing in the law can tell a company or a user otherwise, short of subpoenas for customer data or some such like that.
I think the larger legal issues come from the fact that circumventing these technical limitations can lead to to degradation of value and security for a company's customers due to derivative products created via this unauthorized client -- much like what has happened with SnapChat and third-party services retaining snaps. If systematic unauthorized access to a system could serve to diminish the value and trustworthiness of a company and its brand, you're damn right they will legally pursue those enabling it.
Sure, they have complete right to safe guard customer data with authentication checks.
But the situation here is that the customer is offering its consent to use their data on another platform or application.
The same holds for rooting android/iphones and making them do what you want. Not getting into legal details, you should own your data across services and your hardware that you buy.
Adding technical barriers is one thing, suing and interdependent group of people trying to learn the API and building tools on top is completely unfair.
I think the real question is why would you spend your time working on an API for a closed protocol knowing that you don't have the expressed or even tacit consent to do so, when you intend to turn around and release it.
I mean if they made it for themselves and didn't share it maybe there wouldn't have been a problem, but I still wouldn't spend my time reversing a closed protocol without expecting the hammer to drop at some point.
I'm not clear on whether you can write a client for someone else's protocol, but I can say for sure that I have every right to incercept and block any and every request that the official app makes, despite SSL. I pay for my internet connection, not the app developer.
How people choose to spend their time is definitely not the "real question" here. The real question is it legal to write software that interacts with an API which is covered by someone else's copyright (assuming you can even copyright an API) without their express permission?
Since that happens pretty much every time you write a line of code, I would say it's a pretty important question. Whether or not you distribute said software, whether you distribute it in binary or source form, and whether you charge for said software are all interesting confounding variables and it would be extremely interesting to delve into whether those factors impact the result.
Keep in mind this is simply software which sends and receives packets over a network. The server has no obligation to response, and there is no "linking" of libraries. Let's assume that none of WhatsApp's code is being distributed (assume a clean room implementation of the API, not decompiled from WhatsApp source)
I wonder if things like if WhatsApp included a magic string in the header, and then claiming copyright of that string, if that could also impact the legal result.
That's a very different kind of case. This one refers to creating third-party presences on WhatsApp's messaging platform by talking to their servers remotely and mimicking the official client software in order to gain access. The Oracle case is a matter of Google implementing a Java standard library so that their Google's Java VM could run the same code that runs on Oracle's.
Aside from an overloaded meaning of the term "API", the two situations have very little in common.
I can see two claims here: (1) the name is arguable confusingly similar to WhatsApp and could be considered a trademark violation, (2) using the service without permission could qualify as "exceeding authorized access" under the CFAA (Computer Fraud and Abuse Act, which is meant more for people who crack security for other purposes; although there's an argument that it applies here).
Even if we were to assume the CFAA is a reasonable and just law that should be applied in this case, it would still apply to those who use the code in a way that was against WhatsApp's permission, not for the one who provided the code. You might as well send legal threats to github for hosting the code.
Aiding and abetting someone breaking the law is often illegal. Consider someone building and selling physical lock picks, even with a clear legal use case it's considered a grey area.
One important consideration is whether your state, local, or national laws consider possession to be prima facie intent to commit a crime.http://lockwiki.com/index.php/Legal_issues
Tools that have both legal and illegal uses have a lot more latitude. Consider TOR was funded by the US government in the first place; they clearly had non-criminal intent in mind.
It's hard to picture a 'legal' use for something that is tied to a proprietary API.
Being used with that API when there is permission to do such and being an example to help someone who is building a similar access to the API (with permission).
Also, TOR was funded with illegal uses in mind. Beneficial to the US government, perhaps even legal with the US, but illegal in their intended application.
> Also, TOR was funded with illegal uses in mind. Beneficial to the US government, perhaps even legal with the US, but illegal in their intended application.
In what way is browsing the internet without someone recording your every move illegal? You may choose to use the anonymity for illegal purposes. But you may also choose to use your car or house for illegal purposes and no one says that these should be illegal.
I think you and Lawtonfogle are in agreement. For example, anonymity on the internet is illegal (or very close to it) in China, and Tor is meant to circumvent that law. Thus, it was designed for an illegal purpose as far as the Chinese government sees it.
It's the "in part" bit that is key (also the fact that this is legal in some countries). Where a tool has legitimate uses it tends to be legal (but may have restrictions placed upon its use - an example from the physical world is machetes) whereas when something has only illegitimate uses it tends to be made illegal (e.g. flick knives). Tor is the first category, some illegal use and some legal. An API for a proprietary service is tied to that services and can only be used to access it if this access is not allowed then why should the tool exist?
It has legal uses that I've already pointed out. First, it is legal to use by anyone with permission. Second, it serves as an example of code for others to learn from.
As for bans on knives and such, I consider such bans just as unjustified.
Yeah. I don't agree with the legal threats in any way; I'm simply answering "what law does the attorney claim was broken?"
I don't know enough about the CFAA to say whether providing the tools to exceed authorized access counts as an additional violation. But it would be reasonable to assume that creating the tools required (sporadic) efforts to exceed authorized access.
TBH, the CFAA scares me. While it isn't used to the full potential, it makes a vast amount of normal internet activity a felony, which then allows those in charge to pick off who they want as long as they don't incur too much outrage.
According to Sen. Ron Wyden (D-Ore.), the current incarnation of CFAA would make a mere violation of a website’s terms of service, like lying about your age on Facebook a felony.[1]
Another practice would be changing the '1' to a '2' in the URL http://www.example.com/1.pdf, since the computer running www.example.com is a 'protected computer', and you didn't get authorization to access 2.pdf on the server.
"Protected computer" is basically any server. The CFAA defines it as any computer used or affecting "interstate or foreign commerce", which works out to be most of the internet, thanks to CDNs and the practice of centralized data-centers.[2]
Another case where I wish the answer was for the court to tell the company:
"This is venomous0x's and other contributors information. They developed it on their own and have no contract with you, and as such are free to do with this information as they see fit. Your lawyers, who are under contract with a local Bar Association may be in violation of their contract if they continue to make some outlandish claims concerning the law. We shall not be hearing from you again in this matter."
Binding Arbitration is a solution to this- companies don't sue each other so much these days because they just get it resolved by hiring a mutually agreed arbitrator from one of the Binding Arbitration organizations.
The number of cases handled by this method now, today, in the USA is far larger than the number handled by courts.
The government run the courts in a very inefficient way that makes the costs of lawsuits very high, and take forever and less reliable than arbitration.
Worse, courts interpret the laws often in a way that favors the government. EG: Courts are not actually neutral in the way that arbiters are. (Remember many judges are hired via election, many more are appointed by elected politicians and these politicians re-electability depends on who they appoint... at the federal level the judgeships are highly political.)
A lot of big problems, like copyright and patent disputes, could be resolved more quickly via an arbitration method (where the possibility of getting an arbiter who actually understands the technology issues at hand is a possibility.)
Mandating Binding Arbitration as condition of service or sale can be problematic. A contract of adhesion may effectively be used to deny people their rights in law; throwing in a biased arbitration process just adds insult to injury.
And the arbitration process will inherently be biased. Which party picks the arbitrator? Pays them and has a long-term relationship with them? Not the customer.
There are a few ways to decide who picks the arbitrator. Depending on how the agreement was written, one party may get to pick, or both parties may need to come to a mutual agreement. I recently saw one where each party picks an arbitrator, and those 2 arbitrators then decide on a 3rd party to be the final arbitrator.
So yes, the customer may have a long-term relationship with the arbitrator and may even pay them. It depends entirely on the situation. (For example, I know an arbitrator that I have used in the past and would be willing to use again.)
A lot of big problems, like copyright and patent disputes, could be resolved more quickly via an arbitration method (where the possibility of getting an arbiter who actually understands the technology issues at hand is a possibility.)
I seem to remember that some 250 years ago there was a revolution where part of the discontent was about proper access to the justice system. The insurgent party won and they wrote such things as right to jury trial into the constitution.
I talked to a lawyer a while back and he told me that arbitration is slowly falling out of favor because often one of the parties will simply dispute that the arbitration was fair and it winds up back in court anyway.
First, this shouldn't get to a court any longer than it takes to be tossed out.
Second, arbitration among entities with vast differences in power is not fair because the more powerful entity will tend to have greater control over who they pick, thus corrupting the process.
This is not really different to a civil lawsuit. If one side has deep pockets or significant in-house legal resources, they can delay the process with all kinds of legal motions and maneuvers until the other side runs out of money.
Another problem that needs to be fixed. The difference is that one has grown a cancer that needs to be removed while the other was cancerous from the start.
WhatsApp complained about users of the API spamming the service; instead of taking the necessary steps to secure their service, they sent lawyers. So they've been dealing with legal threats for a long time.
This wasn't a DMCA complaint (Or whatever equivalent - if that's not correct) sent to Github though, this was sent directly to the author of the original repository. But point still stands - even if Github took it down, there are forks out there - the code will always exist.
If WhatsApp wants to get rid of the project, shouldn't they send a DMCA request to GitHub rather than individual users? That way they could wipe out the clones/forks too.
(I'm not saying I want them to do that -- just curious why the lawyers aren't using that technique.)
Still, most platforms have somekind of program like eBay's Vero service that is used to report and enforce violations of its terms of service that trademarks and copyrights not be used without permission. Which would have been the better way to go in this case.
What I don't understand is that in theory filing invalid DMCA takedown requests is an actual crime -- yet nobody ever seems to go after companies that do it.
Just another reason the DMCA is fundamentally broken.
Yeah, seems like one of those law firms where companies hire them to handle the distasteful part of their obligation to defend their intellectual property.
It sounds good, we'll do this basically free for you and collect our own fees from violators. But they don't know just how much damage these groups can do to their credibility. Rolex is another company that has lost my business forever with their scam.
The law states you have to send a letter. The scam part is in demanding money or profits made from a perceived violation of IP. Companies that do that crap can die in a fire.
Missing the context... What code was there before? Was it a reverse engineering of the API whatsapp binaries use? Is there any legal basis for demanding someone remove that?
It's not well-known, but if you use "git clone --mirror" instead of just "git clone", you get a copy of all the pull requests as git commits, with the full history leading to each of them.
Actually these libraries are used by third-party clients on platforms that Whatsapp doesnt officially support such as webOS, Firefox OS and others. Its not about spamming, its about being able to offer a decent client on platforms that are not covered by official clients.
Does the library enable the service to be used on more platforms? Yes. Does the library enable spammers to abuse the service? Also yes. It's not an either/or situation.
A library is just a tool, like a hammer, you can build a shelf with it or hit your neighbor. anyway, you don`t solve that problem by banning hammers....
I don't think there's a legal basis for preventing someone from reverse engineering an API in general.
The "non-circumvention" clause in the DMCA is often used to go after people reverse engineering DRM, but I fail to see how it would be applicable in this case.
Nothing suitable for regular users yet. We don't have a true open alternative to Skype yet, but we will. There's more effort in the area over the last couple of years.
I may be slightly OT but to me it's kinda sad that the internet is increasingly being built around closed platforms instead of open APIs/protocols. Especially in the IM scene there must be a ton of services incompatible with each other. You need to have a dozen or so of IM programs installed (skype, viber, whatsapp, you name it). Too bad XMPP will probably never see any mainstream adoption. I know it had its share of problems but I believe that it was a step towards the right direction. My hope is with decentralized protocols but still if there isn't some form of standard you will still need a different client for each service. Admittedly opener (anyone can implement a client) but not quite there.
Now I'm only waiting for Google to completely kill XMPP access to Talk/Hangouts. That will be... frustrating.
The authors intention of wiping the repository is in direct conflict with one of the demands (the last bullet):
"Immediately take steps to preserve all documents,
tangible things and electronically-stored information
potentially relevant to the issues addressed in this letter."
I'm not a lawyer and don't know how enforceable it is, and I doubt that WhatsApp would take any action once the repository is no longer a concern, but I'm curious if there are any comments about this.
"I find your comments offensive and in violation of the Bullshit Act 2012, and hereby request that you delete your comment and jump off the roof."
IANAL, but unless it's a court or other public body telling you to do something, you are under no obligation to do anything whatsoever. Lawyers use scary words to intimidate and scary regular people but until the courts are involved, they're just posturing. In doubt, always ask a real lawyer before doing anything rash.
However, even if they did keep the source code, there are issues and other information on github that would not be preserved. I think it's safe to assume this information is very relevant to litigation involving a scenario such as this one.
Even if that wasn't a factor, the court may get the idea that the repository was wiped in order to destroy evidence. Convincing them otherwise may be technically challenging.
Self-incrimination does not apply in civil cases. This is actually a pretty standard warning against spoilation of evidence in a potential civil case -- if a party doesn't convey such a warning, then, in the event of ensuing litigation, the court is likely to find that they did not trigger a duty to preserve evidence on the part of the defendant.
If a defendant is so warned and destroys evidence, then the trial court may impose sanctions such as an adverse inference instruction (essentially, instructions to the jury that any evidence not produced by a side should be inferred to be damaging to that side's case). So any lawyer who stayed awake during civil procedure is going to make sure that they keep that option alive in the event they decide to sue.
Yes. WhatsApp has been pretty aggressive with hunting down and stopping any third party implementations out there. They're also issuing temporary bans for anyone caught using third party clients:
Reminds me a bit of the old dispute between AOL and GAIM, which was later renamed to Pidgin in part to appease AOL. WhatsApp seem to be acting in an even more aggressive way than AOL was, though. AOL limited themselves mainly to: 1) complaining about the name; and 2) playing occasional games with the protocol to break third-party clients. Afaik they didn't sue anyone claiming that simply distributing a third-party client was illegal.
There was recently an article from a person working at Microsoft who implemented AIM support in MSN Messenger back in the day who had similar experiences.
I probably would have never heard of this if someone wasn't trying to kill it. Now I am interested and have been looking through the source of the clone.
What are they gonna do if you use TOR to set up a public repo of this code? It's not like they can send their petty legal letters anywhere. If github is forced to take it down, we need some kind of a distributed github.
No, the origin is one central server. Or am I missing something? If I work on a piece of open-source code with a github repository, if github is down, nobody else will be able to access my code unless I upload it somewhere else (which doesn't happen automatically).
With git there doesn't need to be a central server. Many people/orgs use one (e.g. github) because that pattern is very well understood and most developers are used to it. There is no reason that you can't push branches/commits between individual clones (in this context called remotes). Origin is one remote, but you can set up any other clone to be a remote as well.
Just to expand on the other comments: yup, you're missing something! :D
Specifically, git is a DVCS/DSCM (distributed version control system/source code management system), which means that each "checkout" of the repository that exists is a complete clone of the original, including the full commit history and a cryptographically verifiable codebase.
In this world the "master" repository is simply a convention: everyone agrees that <insert person here> has the "master". But in reality everyone's copy is a peer of every other.
Sharing between repositories can be done any number of ways. Github is convenient, but originally email was the way code moved between copies. In fact, I host a number of my own private repositories over straight SSH.
So Github is a useful piece in the puzzle, but fortunately it's not a single point of failure in any way.
This is already the case for DRM-breaking code that is not DMCA-compliant, but you'll be hard-pressed to find a service willing to host arbitrary 3rd-party repositories via TOR.
Individual developers are easier to intimidate. I suspect they don't have a strong legal argument. It's relatively cheap to have your lawyer draft a letter.
I see a lot of interest in saving the repo/forks as archive, perhaps to revive it to some extent in the future. Wouldn't it be more constructive to build an open client that can compete with WhatsApp instead? Granted that it's hard, but definitely more fun than fighting legal notices and guessing hidden features that break the code occasionally.
I wonder if he is here, but I was under the impression this dude was/is Bahraini or Emirati. I wonder what kind of legal pressure they could seriously impose, seeing as few in the GCC would care (locals routinley do not even show up for criminal legal proceedings, so I am skeptical).
Now, could there be side channels they would use to pressure and bully him into giving up? Sure. But I would love to hear more from this venomous developer.
Telegram bills itself as secure, which comes with a rather large burden of proof if anyone is to take you seriously.
As the saying goes: "don't roll your own crypto, unless you're a professional cryptographer, and even then…". Telegram are not cryptographers but decided to roll their own anyway and have come in for not a little flack as a result.
Search for "telegram app crypto criticism" and you'll find plenty of examples of this.
Is Telegram secure? I'm not qualified to answer that, but I understand enough to be sceptical.
Is Whatsapp secure? If not, and they're both insecure, then I think Telegram makes a better choice, if for nothing else than its better multi-platform support.
I liked Telegram but all my friends were on WhatsApp, so stuck with WhatsApp for that. I agree on your point that Telegram does not send nasty letters like this.
Facebook use to be open company, opening up platforms for letting other developer write amazing application on top of it. But with WhatsApp- approach has been very close than open. In India where whatsapp is so popular, companies and startup are trying to get hands on any form of access to build a solutions around it.
It's easy for me because I don't use it but I suspect that for some it will be difficult, imagine telling your girl friend that you are deleting Whatsapp and that she can't contact you that way any more.
I suggest everyone here fork the repository in one of it's older forms and contact support@whatsapp.com to tell them how you feel about them attacking one of our own.
"Whats" isn't a generic term in the computing field. "WhatsAPI" isn't a dictionary word, it's a colocation of Whats and API, the first element being chosen specifically to render association with WhatsApp. The use of WhatsAPI differs in only one letter from the trademark.
IMO provided they headline the fact they're not associated nor extraordinarily authorised by WhatsApp then there would be no actual trademark issue; the law I suspect will see it quite differently.
“WhatsApp Messenger is a cross-platform mobile messenger that replaces SMS and works through the existing internet data plan of your device. WhatsApp is available for iPhone, BlackBerry, Android, Windows Phone, Nokia Symbian60 & S40 phones. Because WhatsApp Messenger uses the same internet data plan that you use for email and web browsing, there is no cost to message and stay in touch with your friends.”
Just saying.