Skip to content

Remove Snapchat API keys #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Remove Snapchat API keys #10

wants to merge 1 commit into from

Conversation

peterkelly
Copy link

No description provided.

@tlack
Copy link
Owner

tlack commented Jul 22, 2013

Hey Peter,

From your interesting and much-appreciated comments on HN, I presume you are trying to scale back this library to contain the maximum amount of fully legal functionality according to your interpretation of the DMCA. Can you walk me through your thinking?

My concern is that, since the API keys are not available unless one decompiles the Android client Java class files, removing them from the code would lead to a severely degraded user experience for developers who simply want to dive in and start developing Snapchat bots, clients, etc.

t

@peterkelly
Copy link
Author

Hi Thomas,

I agree this would make the library significantly less useful, and am not suggesting you necessarily remove them. My main point in suggesting this was to reduce your exposure to potential legal problems if they do choose to do after you more seriously (which I suspect is unlikely given all the discussion and forks that have happened). If you don't distribute the API keys, you can say to them that all you've done is implement the protocol (which, as I understand, is fairly generic in nature), and thus you're not distributing any confidential information, which they could potentially accuse you of.

If it were me, I'd remove the API keys, but ensure they are easily available somewhere else so that people have no trouble finding them. It puts you in an entirely innocent situation - of course everyone knows that people will just grab the API keys from website X, but that's not your fault - it's theirs if they choose to take the risk.
I see it as being somewhat similar to the situation of MAME. They distribute an arcade emulator, but not the ROMs. MAME is (I believe) entirely legal, but downloading copyrighted ROMs in isn't. Everyone of course does, and the MAME developers know this, but the legal responsibility (note: IANAL) lies with the users, not the developers of MAME themselves.

It's up to you - this is just my thoughts on the matter. I sympathise greatly with your situation and sincerely hope you'll come out of this fine. I think what you've done with the library is great (I haven't looked into or used it, but I support the concept), and we need to fight for the (in my view moral, and possibly legal, again IANAL) right to produce third-party clients for various Internet services. The Internet is moving away from the access-from-any-platform model towards a more closed vertical architecture, which I don't like. So I support what you are doing, though I think the providing API keys yourself may make it harder to argue your case if they do start pursuing you with really serious legal threats.

Well played on the Ask HN post though. I don't know if this was intention, but with the 150+ forks now out there, even if you do comply with their request to take your own down, there's basically nothing they can do about the fact that it's out there now.

Dr. Peter M. Kelly
Founder, UX Productivity
[email protected]
http://www.uxproductivity.com/
http://www.kellypmk.net/

On 23/07/2013, at 2:09 AM, Thomas Lackner [email protected] wrote:

Hey Peter,

From your interesting and much-appreciated comments on HN, I presume you are trying to scale back this library to contain the maximum amount of fully legal functionality according to your interpretation of the DMCA. Can you walk me through your thinking?

My concern is that, since the API keys are not available unless one decompiles the Android client Java class files, removing them from the code would lead to a severely degraded user experience for developers who simply want to dive in and start developing Snapchat bots, clients, etc.

t


Reply to this email directly or view it on GitHub.

@peterkelly
Copy link
Author

Also if Snapchat do pursue you further legally, I would recommend contacting the EFF about the case. I think this is an important issue that we need to have a discussion about as an industry.

I think Snapchat is a special case though, as they have a flawed business model (relying on a client to delete pictures quickly). It varies a lot between companies, and some go to great lengths to encourage developers to integrate with their APIs. For example, I've had a lot of contact with Box about providing client support, even meeting with them in person a couple of times and them offering to help promote my app in return for doing integration, as it's very much in their interest to have as many apps as possible use their service.

Dr. Peter M. Kelly
Founder, UX Productivity
[email protected]
http://www.uxproductivity.com/
http://www.kellypmk.net/

On 23/07/2013, at 2:28 AM, Peter Kelly [email protected] wrote:

Hi Thomas,

I agree this would make the library significantly less useful, and am not suggesting you necessarily remove them. My main point in suggesting this was to reduce your exposure to potential legal problems if they do choose to do after you more seriously (which I suspect is unlikely given all the discussion and forks that have happened). If you don't distribute the API keys, you can say to them that all you've done is implement the protocol (which, as I understand, is fairly generic in nature), and thus you're not distributing any confidential information, which they could potentially accuse you of.

If it were me, I'd remove the API keys, but ensure they are easily available somewhere else so that people have no trouble finding them. It puts you in an entirely innocent situation - of course everyone knows that people will just grab the API keys from website X, but that's not your fault - it's theirs if they choose to take the risk.

I see it as being somewhat similar to the situation of MAME. They distribute an arcade emulator, but not the ROMs. MAME is (I believe) entirely legal, but downloading copyrighted ROMs in isn't. Everyone of course does, and the MAME developers know this, but the legal responsibility (note: IANAL) lies with the users, not the developers of MAME themselves.

It's up to you - this is just my thoughts on the matter. I sympathise greatly with your situation and sincerely hope you'll come out of this fine. I think what you've done with the library is great (I haven't looked into or used it, but I support the concept), and we need to fight for the (in my view moral, and possibly legal, again IANAL) right to produce third-party clients for various Internet services. The Internet is moving away from the access-from-any-platform model towards a more closed vertical architecture, which I don't like. So I support what you are doing, though I think the providing API keys yourself may make it harder to argue your case if they do start pursuing you with really serious legal threats.

Well played on the Ask HN post though. I don't know if this was intention, but with the 150+ forks now out there, even if you do comply with their request to take your own down, there's basically nothing they can do about the fact that it's out there now.

Dr. Peter M. Kelly
Founder, UX Productivity
[email protected]
http://www.uxproductivity.com/
http://www.kellypmk.net/

On 23/07/2013, at 2:09 AM, Thomas Lackner [email protected] wrote:

Hey Peter,

From your interesting and much-appreciated comments on HN, I presume you are trying to scale back this library to contain the maximum amount of fully legal functionality according to your interpretation of the DMCA. Can you walk me through your thinking?

My concern is that, since the API keys are not available unless one decompiles the Android client Java class files, removing them from the code would lead to a severely degraded user experience for developers who simply want to dive in and start developing Snapchat bots, clients, etc.

t


Reply to this email directly or view it on GitHub.

@tlack
Copy link
Owner

tlack commented Jul 22, 2013

Thanks for the good thoughts Peter. I've already reached out to the EFF through a media contact and hope to hear from them soon.

I wish more companies were open to the incredibly obvious idea of opening up their APIs, but charging for keys or usage; i.e., you can use my API all you want, as long as you follow my rules, and pay me $0.001 per request. Let the client app developers figure out how to monetize it! If Microsoft wants Snapchat for Windows 8, let them build it and pay for its usage. If their client breaks the rules, revoke the key. So damn simple.

The only reason I even posted this on HN is to underscore what a ridiculous state of affairs we've gotten ourselves into as an industry due to a lack of ethics, foresight, and regulation.

I feel like we are going to look back at the current state of the world regarding open access to our own data in APIs and laugh, one day in the distant future (on our hover boards).

I'll let you know how things develop!

@peterkelly
Copy link
Author

On 23/07/2013, at 2:55 AM, Thomas Lackner [email protected] wrote:

(on our hover boards).

Only two more years! ;)

Dr. Peter M. Kelly
Founder, UX Productivity
[email protected]
http://www.uxproductivity.com/
http://www.kellypmk.net/

@kenany kenany mentioned this pull request Oct 4, 2013
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@mireinaa24hu mireinaa24hu mireinaa24hu approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@peterkelly @tlack @mireinaa24hu