[HN Gopher] Instagram took down private unofficial APIs via DMCA ___________________________________________________________________ Instagram took down private unofficial APIs via DMCA Author : giansegato Score : 213 points Date : 2020-02-01 11:01 UTC (11 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | Nextgrid wrote: | Does anyone have a mirror? I might download this and keep it just | in case. | sbr464 wrote: | Some of the forks[1] still work, although outdated. There are | some on gitlab[2] also. Doing code searches finds other | copies[3]. | | [1] https://github.com/NantipatSoftEn/Instagram-API | | [2] https://gitlab.com/alihesari/Instagram-API | | [3] | https://github.com/DarriusAlexander/speaklight/tree/1b4167c3... | shervinshaikh wrote: | Yes I would like a copy too :) | rcaught wrote: | https://web.archive.org/web/20191207221404/https://github.co... | | > Why did I make this API? | | > After legal measures, Facebook, WhatsApp and Instagram blocked | my accounts. In order to use Instagram on my phone I needed a new | phone, as they banned my UDID, so that is basically why I made | this API. | pmlnr wrote: | Anyone has the actual git repo as well? | segmondy wrote: | If you fork git repos, make sure to pull them down, if the | official repo is taken down, your forks will disappear unless | you have a copy. | | Here's a script I made to backup all your repos, throw it | into a cron and run once a month or something, where 20 is | the largest number of pages you have, adjust accordingly. I | actually wrote this up when a fork I had disappeared. | #!/bin/bash USERNAME='segmond' for i in `seq 1 | 20`; do curl --fail -s | https://api.github.com/users/$USERNAME/repos?page=$i | jq | '.[] | .clone_url' | xargs -t -n1 git clone sleep | 1 done | dicytea wrote: | > if the official repo is taken down, your forks will | disappear unless you have a copy. | | https://help.github.com/en/github/collaborating-with- | issues-... | | I don't think that's true, I've personally recovered | deleted repositories by finding its forks. | | edit: Ah never mind it seems things work differently in the | case of DMCA takedowns | AdamJacobMuller wrote: | There is also a big difference between clicking `fork` on | github vs cloning and creating a new repository (on | github) and then changing the remote URL and pushing. | | The latter isn't "github fork" even if it is a "git fork" | and won't be affected by most[1] automated takedowns. | | 1> where most is defined as somewhere between 0 and 100% | [deleted] | thefounder wrote: | Isn't the google vs oracle still on? How did github rule that | apis are copyrighted? | dkarras wrote: | I think with how DMCA works, Github doesn't have to (or need | to) rule one way or another. Someone sends a notice and it is | taken down swiftly. If the owner thinks this was in bad faith | or a mistake, they can challenge it but if you are not | absolutely sure that you can win such a claim you better talk | to a lawyer first. | notyourday wrote: | Owner needs to send a counter-notice. Github will have to | restore it. FB will be forced to take owner to court but the | repo will stay up until court decides | wpietri wrote: | Easy to say. But I'd be hesitant to invite a lawsuit from a | company with infinite money, a predatory attitude to their | users, and a proven willingness to spend arbitrary sums of | money to maintain their quasi-monopoly. | notyourday wrote: | Possibly. Though based on having friends who had DMCA | used against them and fought it, a counter-notice | immediately put the brakes on large companies. | | The reason for that is simple: DMCA takedowns in large | companies are handled by someone who at best is a year | out of law school who processes hundreds of them per day. | 99.99% of those go unchallenged because no one knows | about the process. As soon as the counter-notice is | served this person/entity indicates that they aren't the | 99.99%, at which point someone actually starts looking at | their play book. It will be another round of | notice/counter notice game before someone that bills | $400/h looks at the merit of a company's assertion. In | the larger companies the cooler hands tend to prevail in | non-obvious cases. | ethanwillis wrote: | Someone has to stand up to them at some point and we | should support them when they do. | | The fact that they're willing to just throw tons of money | at lawyers to be wrong and infringe on everyone else's | rights is exactly the reason we _should_ make them take | us to court on principle. | jrockway wrote: | It is an important enough case that someone with money | will probably help out. Of course, they might not, and | then you're screwed. | | My understanding is that Google bought YouTube mostly to | avoid an underfunded YouTube in legal trouble having a | bad precedent set. | | If Facebook thought they could win against Google or | Apple, they would have sent DMCA letters to Google and | Apple for making web browsers and phone emulators with | "developer tools" built in. But they know they'd lose, so | they went after some random person on the Internet with | no money. | circular_logic wrote: | If this developer had reversed engineered some documentation | about the private API could that also receive a DMCA? | qes wrote: | Yes. I could publish the source code of, say, my access control | system, along with instructions on how it could be bypassed, | but yet if you use those instructions to bypass it, that is a | violation of the DMCA. | [deleted] | KaiserPro wrote: | In the author's own words, this API was explicitly designed to | get round access controls. (see internet archive) | | So people should be cheering this no? I mean facebook are | protecting their users from nefarious developers seeking to get | access to people's data. | | The only crit is that it took so damn long to find it. (since | 2016!) | https://web.archive.org/web/20160603201221/https://github.co... | | I know thats not whats annoyed most people. But if facebook | really are serious about privacy, then they took too damn long | the_gipsy wrote: | They should make their APIs secure, instead they abuse DMCA. | slimed wrote: | Exactly. All they did was remove an open source repository. | It's still trivial to access their services in a way that | they admit is harmful to their customers' privacy. As a | bonus, now it's on the front page of Hacker News. | | It's almost as if they're making the same error as OP who | identified the library as "an API" rather than a client of an | insecure API implemented by Instagram. Presumably they know | better. | amylene wrote: | Perfect is the enemy of good. And we don't know what work | they're doing on the engineering side. | | What if it turns out they detected this code was run by | other people and responsible for 50% of the unauthorized | access? Just because it doesn't entirely solve the problem, | does not mean they shouldn't pursue all partial tactics. | slimed wrote: | The problem is that they are abusing a statute that we | all know is harmful more generally and creating precedent | for others to do it. | keyrat wrote: | I've been using the API for a personal project, and it doesn't | let you access anything that you couldn't access in the app. It | was just an API you could use instead of scraping the site. | | That mention in the readme from 2016 mentions a UUID banned | from Whatsapp, so I'm not sure if that's what the author meant | or just something copied from another readme. Either way, if | Instagram was banning UUIDs it would be as trivial as getting | another phone to bypass it, or to log in via a web browser. | heavyset_go wrote: | What's the difference between scraping while circumventing anti- | scraping measures, which certain circuits have upheld as being | legal, and what this unofficial API client did? | | This is an honest question, and not a rhetorical one. | filoleg wrote: | That was my first thought upon seeing this post. Given the | LinkedIn scraping decision earlier this week, i would think | that this one should be in the clear. | mCOLlSVIxp6c wrote: | Looks like this is the takedown request: | https://github.com/github/dmca/blob/master/2020/01/2020-01-2... | | The core allegation is: | | > Mgp25's Instagram-API repository (and its forks) offers a tool | expressly designed to circumvent the Company's effective access | controls and protection measures by avoiding, bypassing, | removing, deactivating, or impairing the Company's technological | measures without the authority of the copyright owners or the | Company. Mgp25's Instagram-API is designed to emulate the | official Instagram mobile app when communicating with Instagram's | servers, which allows users of mgp25's Instagram-API to send and | receive data (including receiving legitimate, copyrighted posts | by Instagram's users) through Instagram's private API. Mgp25's | Instagram-API also permits other types of access to, and | collection of, Instagram's users' copyrighted works in manners | that exceed the scope of access and functionality that would be | permitted by a user with a legitimate, authorized Instagram | account. | tpmx wrote: | Microsoft is running Github Legal now. It's on them. They | happen to have a very long experience in shutting down third | party access to unofficial APIs. (There was a lot of drama | around this in the 80s, in the MS-DOS and Lotus 1-2-3 times.) | WillPostForFood wrote: | That's not really how it works. If you claim DMCA protection, | and you receive a DMCA request, you have to take the content | down. GitHub/Microsoft doesn't adjudicate the validity of the | takedown request. The takedown can be appealed, but the | burden falls on the person who's content was taken down. | tpmx wrote: | That's dumb. I actually didn't realize it was _this_ broken | until now. Thanks. | wpietri wrote: | Is this legally a legitimate reason for a DMCA request? That | it's a tool that could be used to bypass copyright controls? | | It's been a long time since I read it, but my understanding of | the DMCA is that you need to claim an actual copyright | violation on the thing being taken down. This sounds like a | claim of contributory copyright infringement, which a) I don't | remember being covered by DMCA, and b) there's a reasonable | claim here for substantial non-infringing use, so I'm not sure | contributory copyright infringement really applies. | [deleted] | saurik wrote: | This is about Section 1201, one of the most interesting parts | of the DMCA, which is about banning circumvention devices. | What is confusing me is that I am under the impression that | the DMCA "takedown" process (which I know quite little about, | to be fair) was unrelated to the anti-trafficking provisions | (which I do stare at a lot), so I don't think this is a valid | request (even if it were a valid lawsuit... though I frankly | doubt that either as I don't think an "access token" can be | considered an "effective TPM"). | | (I am _not_ a lawyer, but I spend an unreasonable amount of | my time staring at Section 1201 issues; if anyone needs legal | advice they should contact a lawyer: nothing I say should | possibly be construed as legal advice.) | ldoughty wrote: | From what I gathered: The author was banned from service on | Instagram, he or she kept getting banned/denied new | accounts because they flagged the device's UUID... So the | author then made the API to mask/modify the device UUID and | try to regain access to the platform (presumably signing up | elsewhere, then using that token through this API to | maintain access on their phone). | | The author admitted to this in the readme of the repo. | | Sounds 100% like the API was designed to try and bypass | access control mechanisms... | | Not sure if that falls under the legal definition or not. | buckminster wrote: | > Sounds 100% like the API was designed to try and bypass | access control mechanisms... | | Sure, but your parent's point is that this doesn't appear | to be grounds for a takedown. Takedowns are for | infringing content, which this isn't. | jacurtis wrote: | According to the 2nd sentence on Wikipedia, which | describes DCMA: | | > [DCMA] criminalizes production and dissemination of | technology, devices, or services intended to circumvent | measures that control access to copyrighted works | (commonly known as digital rights management or DRM). It | also criminalizes the act of circumventing an access | control, whether or not there is actual infringement of | copyright itself. | | While I initially thought (like many others on here) that | DCMA was to keep you from spreading copyright content or | passing it off as your own, the true purpose of DCMA is | actually to criminalize the act of circumventing DRM. | Access control on a social network I guess is considered | a type of DRM for the content within the network (which, | lest we not forget, is wholly owned by Instagram as soon | as you post it). It specifically states that | circumventing access control is a violation, regardless | of whether any copyright was actually infringed upon. | | So from my keyboard lawyer perspective, it seems like | Instagram is actually within their rights here. | | [Source](https://en.wikipedia.org/wiki/Digital_Millennium | _Copyright_A...) | TheDong wrote: | The point of the parent comment is not that the DMCA | doesn't cover anti-circumvention, but rather than the | DMCA contains many parts, and only the copyright content | part has a safe Harbor and takedown notice provision. | | The claim you're arguing against isn't that the DMCA | doesn't cover this. The claim is that the DMCA takedown | process doesn't apply to all infringements of the DMCA, | only those of copyright wrt safe harbor. | crtlaltdel wrote: | yeah this sounds more like it would be a T&C clause | Spoom wrote: | Could one make the case that this client library enabled | interoperability, since it allows one to use Instagram | services on a previously unsupported device (e.g. a | computer)? | freewizard wrote: | It's not first case, Popcorn Times was taken down from Github | because it "is designed to allow an unlimited number of users | to fulfill the unlawful purpose". | | https://github.com/github/dmca/blob/master/2016/2016-03-16-M. | .. | deepsun wrote: | Roads allow unlimited number of robbers to rob banks and | drive away with money. | nailer wrote: | Interestingly, it's up back now: | https://github.com/popcorn-official/popcorn-desktop | capableweb wrote: | That is indeed interesting. Anyone know what happened? | otakucode wrote: | That's... not what the DMCA anti-circumvention clause means. At | all. The anti-circumvention clause of the DMCA does not deal | with the kind of technological measures they're talking about. | It only forbids circumvention of technological measures that | SPECIFICALLY protect copyrighted material. Not general access | controls, not access throttling or user roles or anything | general like that. It doesn't even protect against things like | circumventing things and convincing Instagrams servers to send | copyrighted data. It's meant to protect things like the CSS | encoding/encryption on DVDs. It has been used (in RealNetworks | v. Streambox, one of the first if not the first lawsuit | involving the DMCA right after its passage) to prevent | recording streamed content and a single totally undocumented | bit ended up being ruled as an adequate 'protection mechanism' | when 'circumvention' boiled down to "we didn't know what that | bit did because no one would tell us, so we just ignored it". | But that was specifically a transfer encoding of the content | itself, it didn't have to do with user account control or | anything. Courts are very displeased when companies try to use | copyright law or the DMCA to facilitate other business goals - | like protecting their ability to collect analytics, etc. It's | obviously not copyright infringement to get images from | Instagram, that's literally what it exists for you to do! | Copyright protects copying. And absolutely nothing else. | enterabdazer wrote: | I don't know the details of the code, so I'm left with questions. | | Is the only difference between using this library and using | Instagram's mobile app the fact that the library is not the | "right" web browser? | | Isn't the library simply a different web client accessing a | publicly available API? And requests from the library are | properly authenticated / authorized by Instagram's servers | through normal means (the library isn't bypassing some mechanism, | it's just not the official app)? | | If it's true that it's just a different API client, then there | may be some TOS violation, but isn't DMCA an overreach? Is there | any validity to the claim? | buckminster wrote: | A TOS violation is an unauthorised access which is a federal | crime. See, for example, the case of Aaron Swartz. Using the | DMCA seems preferable. Changing these laws would be better | still. | capableweb wrote: | So if I put "If you visit the website, you owe me 5 USD" in | my Terms of Service, I can have them arrested? Something | feels very fishy here, has to be more conditions than just | "TOS violation === federal crime" | buckminster wrote: | The difference is in what you can convince an investigator, | a prosecutor and a jury to take seriously. | h1fra wrote: | You can still find the implem in various language, like this one | in js: | | https://github.com/dilame/instagram-private-api | thosakwe wrote: | IANAL. I'm also assuming this was an HTTP client library. | | How could this possibly be a violation of copyright, if it's just | a client that accesses their API? Their API is not truly | "private," just undocumented. If you distribute a free app that | calls a remote API over users' networks, you can't make the case | that it's private, because it's clearly accessible from every | network/connection/device. Something exposed to the public cannot | simultaneously be private. | | At least, maybe the author's lawyer could argue the above in | court. | | Among many things I hate about the DMCA, it's that hosts have | basically no option other than to respond to takedown requests by | actually taking down the content in question, for fear of | litigation. It just rubs me the wrong way. | mkagenius wrote: | What if such an open APIs cause a loss to the business, is it | still legal? Coz then intent can be thought of as a bad one? | | Edit: people are assuming too much about my intent of this | question and downvoting, I was just curious, moreover a good | answer to this will make the case stronger against | Instagram/Fb. | ikeboy wrote: | >Among many things I hate about the DMCA, it's that hosts have | basically no option other than to respond to takedown requests | by actually taking down the content in question, for fear of | litigation. | | That's the entire point. A DMCA takedown request is supposed to | lead to the content being taken down. The person who uploaded | it can send a counternotice, which will lead to the content | being put back up if no lawsuit is filed. | | What would you change about the system? Should rights owners | have no recourse short of litigation to get their content taken | down? | Semaphor wrote: | > What would you change about the system? | | 3 strikes and you are out. Take down 3 obviously (probably | decided by a judge) non-infringing things and you lose the | ability to send takedowns. | ikeboy wrote: | >Take down 3 obviously (probably decided by a judge) non- | infringing things and you lose the ability to send | takedowns. | | Once it reaches this point, the service provider would | likely stop accepting the notices anyway. See e.g. the | recent lawsuit by Youtube against Brady, who sent a bunch | of bogus notices. Once they realized that, they stopped | accepting the notices. | | There's hardly a critical mass of takedowns by people | who've been found 3 times by a judge to have sent | fraudulent takedowns. | Semaphor wrote: | > There's hardly a critical mass of takedowns by people | who've been found 3 times by a judge to have sent | fraudulent takedowns. | | Because those rarely go in front of a judge. Torrentfreak | [0] gets many takedown notices where for example their | reporting on a leak gets targeted with a DMCA request. If | those companies had to fear someone challenging these (in | this example an easy win) and making them lose their | ability to send them out at all, that would change a lot. | | [0]: https://torrentfreak.com/all-dmca-notices-filed- | against-torr... | | > In previous years we've received erroneous complaints | from the likes of Amazon, Electronic Arts, Disney, | Entertainment One, Vertigo Films, Magnolia Pictures, | NBCUniversal, Paramount, and even BBC Worldwide. This | year we can add more. | | > According to Google's Transparency Report, in 2019 | Google received a further 11 DMCA takedown notices | targeting our domain, sent on behalf of Columbia | Pictures, Sony Pictures, and sundry others. All of them | were completely bogus. | ikeboy wrote: | > If those companies had to fear someone challenging | these (in this example an easy win) and making them lose | their ability to send them out at all, that would change | a lot. | | Why hasn't torrentfreak sued? Presumably because it's not | an easy win and doesn't produce real benefits for them. | I'm struggling to see how any of that would change under | your proposal. | | For what it's worth, judges have occasionally issued | injunctions preventing people from filing claims, under | the DMCA and otherwise. See e.g. | | https://www.courtlistener.com/docket/16599762/home-it- | inc-v-... ("ORDERED that the Defendant Wupin Wen, no | later than eighteen (18) hours after service of this | Order on her via email to trademark@cn-ip.cn, trynow@cn- | ip.cn, and bzkjuk@126.com: a. Notify Amazon that the | trademark owner's allegations of infringement against | HOMEIT are withdrawn and that Amazon should re-list the | involved products to its website as soon as possible; and | b. Refrain from filing or otherwise communicating any | allegations of infringement by HOMEIT to any third party, | at minimum, for the duration of the instant litigation | relative to Saganizer branded products." docket 21 | | https://www.courtlistener.com/docket/4160397/design- | furnishi... (older case from 2010), "Defendant is | therefore enjoined from notifying eBay that defendant has | copyrights in the wicker patio furniture offered for sale | by plaintiff and that plaintiff's sales violate those | copyrights. " docket 29 | | https://www.courtlistener.com/docket/16630192/california- | bea... "THEREFORE, DU AND ALL PERSONS IN ACTIVE CONCERT | OR PARTICIPATION WITH DU, ARE TEMPORARILY RESTRAINED from | taking down, based on any alleged copyright infringement, | from Facebook and Instagram, or any other service | provider's website, CBC's online content or product line. | Du is temporarily not permitted to file any further | takedown notices with Facebook, Instagram, or any other | service provider's website as to CBC's online content or | product line. Any current and operative takedown notices | in effect that were filed by Du as to CBC are restrained, | and are to be disregarded by the online service provider. | Accordingly, and specifically, Facebook (Report | #2576187715997707) and Instagram (Report | #1407615876061304) are directed to disregard Du's | takedown notice and to reinstate CBC's online content | during the period of this Order. " docket 22 | mokus wrote: | Wow. A bit of a digression here but it appears they | actually consider email a valid avenue of legal service? | That blows my mind. I don't even check my work email | every 18 hours, and I haven't looked through my home | email in 3 or 4 years except to find specific messages I | knew were coming. | ikeboy wrote: | Different courts have ruled differently on that issue. | Note that it's mainly applicable to foreign defendants, | and you'd have to show that you can't serve them through | other channels. | | See https://blog.ericgoldman.org/archives/2019/05/court- | rejects-... for a court finding otherwise on a similar | case. | | If you're running a business, there's different | expectations. | Semaphor wrote: | > Why hasn't torrentfreak sued? Presumably because it's | not an easy win and doesn't produce real benefits for | them. I'm struggling to see how any of that would change | under your proposal. | | a) I'm not sure they can even sue currently, isn't the | only thing illegal misrepresenting that you have the | right you claim? b) Even if they could, as you say, no | real benefit c) The change would mean that just the | threat of getting sued for malicious DMCA notices would | make the companies sending them better at actually having | a case. Currently, there is no risk at all shooting with | cluster bombs when sending notices. Barely any risk using | DMCA to prevent speech. That is what my proposal would | take away. | ikeboy wrote: | a) USC 512(f) makes it illegal to misrepresent that | something is infringing. Not considering fair use is | included, per Lenz v. Universal Music Corp. | | c) To do that, you'd need to make suing easier. I don't | see how your proposal does that. | dmitriid wrote: | Or, same, but with increasing penalties. | | 3 strikes, can't send notices for a week. 3 more strikes, a | month. 3 more strikes, a year | Wowfunhappy wrote: | Keep in mind that if a judge has to get involved, it | would take a long time for the penalties to actually take | effect. The idea of increasing penalties is a good one, | but the lowest level needs to be an order of magnitude | more significant, and ditto for the subsequent steps. | stingraycharles wrote: | There currently is no penalty for sending bogus DMCA | requests, and as such it encourages content owners of just | sending gazillions of (unjustified) takedown requests. | | This is a major hole in the current law. | ikeboy wrote: | >(f)Misrepresentations.--Any person who knowingly | materially misrepresents under this section-- (1)that | material or activity is infringing, or (2)that material or | activity was removed or disabled by mistake or | misidentification, shall be liable for any damages, | including costs and attorneys' fees, incurred by the | alleged infringer, by any copyright owner or copyright | owner's authorized licensee, or by a service provider, who | is injured by such misrepresentation, as the result of the | service provider relying upon such misrepresentation in | removing or disabling access to the material or activity | claimed to be infringing, or in replacing the removed | material or ceasing to disable access to it. | | USC 512 (f) | clarry wrote: | That is toothless in preventing corps (with money) from | abusing individuals (who don't have the money to start | litigation). Also, from what I hear, many implementations | of DMCA do not give the individual enough information to | take action against false claims. | | EDIT: see for example | https://news.ycombinator.com/item?id=22211087 | ikeboy wrote: | >That is toothless in preventing corps (with money) from | abusing individuals (who don't have the money to start | litigation). | | This is a problem with unequal access to the legal | system, not with the law. | | >Also, from what I hear, many implementations of DMCA do | not give the individual enough information to take action | against false claims. | | It's pretty simple to get the actual information in a | lawsuit. Subpoena the service provider for the complete | notice sent. | | In most cases a lawsuit isn't needed. If you receive a | false complaint and file a counternotice, the content | gets restored 10-14 days later if there's no lawsuit | filed. | clarry wrote: | > In most cases a lawsuit isn't needed. If you receive a | false complaint and file a counternotice, the content | gets restored 10-14 days later if there's no lawsuit | filed. | | Yes indeed, this is exactly what is happening: they get | off the hook, and they can keep filing false claims as | much as they want because taking action against them is | too hard. Hence, toothless. No consequence for sending | false claims, the only people who suffer are those who | get their stuff unjustly taken down for two weeks. | | It'd be a little more equal if, upon receiving a | counternotice, all the original claimant's claims would | be instantly put on hold for 10-14 days (and then | dropped) unless they file a suit. | ikeboy wrote: | The reason why a counternotice allows it to be put back | up is because filing one requires you to swear to | noninfringement and accept jurisdiction. | | If you're not willing to do that, and the claimant is | willing to swear to infringement, why should we give you | the benefit of the doubt simply because someone else said | the claimant was wrong in an unrelated case? | clarry wrote: | > If you're not willing to do that | | I never said that. | | The reason why you should give people the benefit of the | doubt is because otherwise the system is horrendously | unfair and unbalanced in that 1) those who file false | claims have nothing to lose (because the likelihood that | they get dragged into court is virtually nil, and in most | cases even dragging them to court would most likely lose | you more time=money than you can hope to claim in | damages) 2) those who have their content unjustly taken | down keep losing over and over again. | | If it's word against word, then yes both sides' word | should have equal weight and consequence. Currently, that | is not the case. | ikeboy wrote: | >If it's word against word, then yes both sides' word | should have equal weight and consequence. Currently, that | is not the case. | | I'm not sure what you mean here. In that scenario, a DMCA | notice was sent and a counternotice was sent. The content | gets put back up after 14 days. This seems acceptable to | me, and doesn't favor one side disproportionately. Either | side can choose to go to court, but if they choose not | to, the content is put back up after a delay. | | I agree that there's a problem with people filing false | claims. But I don't see how a law could improve that. | kgwxd wrote: | "Should rights owners have no recourse short of litigation to | get their content taken down?" | | Yes | andyjpb wrote: | The DCMA has an "anti-circumvention" provision. This means that | tools that can be used to "steal" copyright works can be | subject to a DCMA takedown notice. | | Instagram is asserting that this software is such a tool. | | "The complaint claims that the tool 'Instagram-API' allows | unauthorized access to Instagram users' posts, which the | company says are copyrighted works to which it grants protected | access." | | More info here: https://torrentfreak.com/instagram-uses-dmca- | complaint-to-pr... | necovek wrote: | I really wonder why is a web browser and "save image" or | "save web page" or even OS screenshotting function not the | the tool to "steal copyrighted work"? How is a programming | interface that is harder to use any worse? If it's about | "speed of gathering" large amount of data, how are tools like | selenium any different? | | The only difference is in the tool intent, but all of them | can be used for exactly the same purpose, some of them more | easily than the others. | jacurtis wrote: | I suspect that you can thank the 1984 Landmark Case of | Universal Studios vs. Sony Corporation of America for your | freedom to screenshot and save images through the web | browser. | | Back in the 80s, Sony made a video player that ran Betamax | tapes. You might remember the HDVD vs BluRay wars of a | decade ago when both formats were battling for dominance to | become the new standard for playing HD movies on disc. | Well, before that was the VHS vs Betamax wars. During these | battles, Sony was trying to make Betamax the new standard | for home movies. They wanted to distinguish themselves from | VHS in some way and they ended up distinguishing themselves | with an amazing and unheard of feature (for the time), you | could not only watch movies with Betamax tapes, but you | could RECORD movies to watch later. You could record | anything on TV, in order to watch it later. This is 20+ | years before DVRs, 30 years before streaming services. It | was a crazy idea. | | But Universal Studios didn't like the idea that someone | could record a show on TV and watch it later, or watch it | however many times they wanted. Someone could theoretically | even sell that Betamax tape to someone else. So Universal | Studios sued Sony over this invention. Universal Studios | claimed it violated copyright. Sony claimed it was | protected under the "fair use" clause for copyright. | | The lawsuit ended up tipping in Sony's favor, but only | barely. One of the most popular kids shows at the time was | "Mr. Roger's Neighborhood". The supreme court heard from | Mr. Roger's himself who testified that he was ok with | people recording his show because it allowed them to be | with their family and not controlled by the schedules | dictated by the television studios. He said he was against | the studios controlling people's schedule. The supreme | court ultimately mentioned that this testimony is what | tipped the case into Sony's favor. | | But it didn't just tip in Sony's favor. This landmark case | is what opened the door for all recording media in the | future. The Betamax eventually died, but the VHS later made | the same features available. Radios and boomboxes in the | 90s had a recording feature added. DVRs came about in the | early 2000's to record TV to harddrives. Then computers had | screenshotting, and web browsers likely got "save image as" | because of the precedent set by this landmark case. | | Where the DCMA differs is that it protects tools built with | direct intent to circumvent a specific copyrighted content. | So the linked tool for example is a script built | specifically to circumvent Instragram's access control. It | doesn't circumvent anyone else's access control, and its | primary purpose for existing was to gain access into | Instagram. So I think Instagram can make a reasonable case | to go after this tool. | | However, going after a general tool like screenshotting | would go nowhere, because it is considered a general good. | It provides value that far surpasses the damage Instagram | can claim from it. | | Again, we can probably thank Mr. Rogers. Without him, | recording might not be something we could take for granted | today. | | Sources: | | - https://en.wikipedia.org/wiki/Sony_Corp._of_America_v._Un | ive.... | | - https://www.theatlantic.com/technology/archive/2012/01/th | e-c... | mddanishyusuf wrote: | Now facebook developers' app approval is so hard. I submit 6 | times to review and every time reviewer point a mistake. I'm | building for a tool that sets up a third party API gateway for | your 3rd party applications APIs. https://nocodeapi.com | capableweb wrote: | Since you're advertising your product in a thread about | Instagram, I thought your product would work with Instagram, | but trying it I get "Insufficient developer role". Not sure if | it's a bug or just not implemented yet. | 1hakr wrote: | Awesome! I love this tool. What were you doing all these days. | mddanishyusuf wrote: | Thanks, I'm adding lot's of applications and here are the | list you can find them https://nocodeapi.com/marketplace | todd8 wrote: | Looks very useful. I like your landing page, it nicely | designed, works great on a phone, and communicates clearly. | | A tiny suggestion, it looks like a typographical error | slipped though in the sentence: | | > Convert these applications APIs without any hustle and | Power-up your products, tools & portfolio by these | NoCodeAPI. | | I think you meant to use the word "hassle" instead of | "hustle" as it would be a bit more idiomatic in the | sentence. | mddanishyusuf wrote: | Thanks, todd8 for the catch. I'm working on the content. | stay tuned. | coleifer wrote: | And GitHub bent over. | | Just host it somewhere else. | paulgb wrote: | Where? Pretty much anyone will honor a DMCA takedown. There | might be some grey area where some hosts will be better at | identifying an invalid/bad-faith one, but this one appears to | be valid. | CarelessExpert wrote: | On your own web server? | | You don't need GitHub to publish or host a git repo... | dewey wrote: | Your own webserver that's hosted by a hosting company? Most | of the have very well oiled workflows for responding to | DMCA violations. If you run your own server they'll go to | your ISP. | CarelessExpert wrote: | Are you aware that companies in countries like Canada | don't respond to DMCA takedown requests, nor do they have | domestic equivalents? | dewey wrote: | Maybe not 100% identical to the DMCA takedown requests | but there are systems in place to deal with these kinds | of issues. If your hoster / ISP receives a bunch of these | notices they'll probably reconsider hosting your content. | | https://ic.gc.ca/eic/site/oca-bc.nsf/eng/ca02920.html | CarelessExpert wrote: | Valid point. Bill C-11 certainly made a mess of the | situation in Canada. That said, there are plenty of other | international jurisdictions where a server or VPS could | be used to host this kind of content, so I think the | fundamental point still remains: Yes, hosting content on | a large US-based provider like GitHub means your content | is available at their discretion. Hosting the content | yourself gives you a much greater degree of freedom to | control the availability of that content. | | Which is why I never rely solely on commercial cloud | services like this for hosting my content. | [deleted] | notyourday wrote: | Counter-notice fixes it, making github restore it and giving | Github immunity. | thejsa wrote: | GitHub waits fourteen days for the complainant to respond | to your counter-notice before putting your repo back up, | from experience :/ | | In addition, they won't even give you any info they hold on | the complainant other than that explicitly included in the | notice itself, claiming 'data protection' (some troll hit a | bunch of my repositories with fraudulent takedowns in two | waves, meaning it took about a month before they were all | restored) | slig wrote: | That's a nice way to get legal problems with one of the | biggest companies in the world. | asjw wrote: | Outside of the US | | The world is a pretty large place... | coleifer wrote: | Git has an amazing variety of frontends and ways to | _distribute_ your code. | tpmx wrote: | > And GitHub bent over. | | You mean Microsoft bent over. Legal is the first and most | urgent part to integrate when aquiring a company, for obvious | reasons. | maxerickson wrote: | Choosing not to involve themselves in legally representing a | user is not comparable to submissive participation in a sex | act. | | There's also nothing wrong with submissive participation in a | sex act. | | Communicate better. | vga805 wrote: | unofficial APIs or unofficial documentation about the APIs? what | exactly was this, and if the latter, are the APIs still | available? | Nextgrid wrote: | "API" is a weird term to use in this context as it's not | actually an API server or anything like that. This is just an | HTTP client for Instagram's mobile app API. | g4k wrote: | "This is a PHP library which emulates Instagram's Private API. | This library is packed full with almost all the features from | the Instagram Android App. This includes media uploads, direct | messaging, stories and more." | | https://web.archive.org/web/20191207221404/https://github.co... | [deleted] ___________________________________________________________________ (page generated 2020-02-01 23:00 UTC)