From b824bb38f861f3d1bf7d44f5715b05d83c9c8ce5 Mon Sep 17 00:00:00 2001 From: Hubot Date: Fri, 4 May 2018 14:44:33 -0700 Subject: [PATCH] Process DMCA request --- 2018/2018-05-04-MatchCounterNotice.md | 192 ++++++++++++++++++++++++++ 1 file changed, 192 insertions(+) create mode 100644 2018/2018-05-04-MatchCounterNotice.md diff --git a/2018/2018-05-04-MatchCounterNotice.md b/2018/2018-05-04-MatchCounterNotice.md new file mode 100644 index 000000000..ce5c30d91 --- /dev/null +++ b/2018/2018-05-04-MatchCounterNotice.md @@ -0,0 +1,192 @@ +Match Group, LLC: + +I am the owner of the intellectual property called "Pofapi". + +This letter is a formal response to a DMCA filing, alleging that my +software, Pofapi, is designed to circumvent technological measures that +effectively control access to at least one of Match Group, LLC's +copyright-protected works, and alleges that the following files +fit this criteria: + +- github.com/cmpunches/Pofapi/blob/master/pofapi/POFSession.py +- github.com/cmpunches/Pofapi/blob/master/BroadcastExample.py +- github.com/cmpunches/Pofapi/blob/master/PhotoSpread.py + +I believe the claims of copyright infringement are inaccurate and should +be rejected because: + +The complainant misrepresents the basic functionality of Pofapi for fundamental premises of its complaint. + +The complainant misrepresents the functionality of standard browser features as access +control mechanisms. + +The complainant misrepresents the content that Pofapi accesses. + +The complainant misrepresents. + +The complaint reads: "This content is designed to circumvent Match +Group’s technological protection measures by forging user-agent and +referrer HTTP headers to misrepresent the source of the HTTP requests. +This content allows users to bypass the official POF network and +improperly access the POF backend system to extract proprietary +information from Match Group’s servers". + +This is a patently false representation of the way Pofapi accesses its +content -- as can be plainly seen by even a basic code analysis of any +version of Pofapi ever commited to that repository, Pofapi has not, nor +has it ever "bypassed the POF network", nor does it "improperly access +their backend". Furthermore, nor does it access proprietary or +restricted information not available in any other browser. Furthmore, +nor does it bypass access control mechanisms of any kind. + +The Pofapi browser library does not bypass any technological measure +that controls access to *any* content of their site and does not access +any information from their network not otherwise available to other +browsers or browser libraries not otherwise available to any user using +it, and does not access any of that content using means not used by any +other browser. + +In fact, Pofapi interfaces compliantly with all technological measures +to control access on POF's site in accordance with global web standards +over HTTP/HTTPS, connecting to the same endpoints, accessing the same +content, and viewing the same data as any other browser using the same +transport and mechanisms as all other web browsers connecting to their +site, allowing access to no more information than mainstream browsers +and the libraries that drive them, with substantially less features than +mainstream browsers and browser libraries: It is, in fact, an atomic +example of exactly what any other browser does: It accesses the HTTP +endpoint, downloads the content in HTML and Javascript using a client +(browser) library, and then renders that content to the user after +parsing it with an engine -- as any reasonable website author would +expect their site to be consumed by literally any standards-compliant +browser currently on the market, including Firefox, Google Chrome, +Internet Explorer and Opera. + +In continuance of this, if it is Match Group's contention that every +browser on the market violates their copyright by the nature of the +open standards that drive them and those browsers' architectural designs +and procotol usages, then the claim can not have been filed in good +faith as a website can not be designed in such a way that the only means +of users accessing them, which predate their existence by decades, +violates their copyright or other intellectual property and still be +designed in good faith. I defer the complainant to Title 17 USC, SS +512(f) for clarification on penalties for filing frivolous DMCA +takedowns notices without merit. + +Furthermore, while Match Group maintains a private API for its POF +service, and licenses that API's copyrighted material to authorized +users pursuant to a limited license contained in the POF TOS, Pofapi +does not access that private API and does not access any content not +accessed by every other web browser in existence. + +While the complainant states that they employ log auditing as a +technological measure of access control, it is, in fact, not a means +of access control. An access control does not meet that definition, and +the user-agent header can not be 'bypassed to gain unauthorized access'. + +The widely understood purpose of a user-agent header is for content +negotiation for browser compatibility and is neither bypassed nor is an +accesss control mechanism -- by the nature of its design it is not able +to be /used/ as one either, and is not in the case of POFapi. + +The usage of a user-agent header on the server side is so that content +optimized for a specific browser can be served. It is not able to serve +as an access control mechanism, and is in no way imaginable a security +feature or a "technological mechanism to effectively control +access" to any feature on any website by the nature of what it is. To +say otherwise, or to attempt to use it in this fashion, would be a +misunderstanding of the basic technologies in use. + +Furthermore, the ability to determine the source of requests or collect +data from users about what browser they are using is not a +copyrightable ability and the data string used for it is entirely at +the discretion of users to share by the nature of what it is and where +it is. Nor is it an access control measure. + +Using a user-agent string in Pofapi that is consistent with the browsers +the Pofapi developers ensures consistency between development and +testing. The content served to our browsers is the same content served +to Pofapi. That can't even be construed as "bypassing a technological +mechanism to effectively control access" and strains the definition of +the concept of "good faith" when paired with even an introductory +understanding of how these tools and components work. + +Furthermore, the complainant states that they employ referrer header +checks in post-connection log audits as a means of access control, which +also does not meet the definition of a technological measure to control +access and is not a thing that can be 'bypassed to gain unauthorized +access' by the nature of what the referrer header is and how the +complainant has already stated that they use it. + +A referrer check is to prevent cross-site forgery requests, which Pofapi +does not and can not make to POF servers by the nature of its design. It +simply is not able to serve that function in any design. + +The complainant can not reasonably construe our use of a +referrer header in consistency with all other browsers as bypassing an +access control mechanism without changing either the definition of the +referrer header or changing the definition of an 'access control +mechanism'. + +The user's choice of web browser to access a website is not a +copyrightable intellectual property. + +Pofapi uses standard web browser components internally, to access +the same material a GUI browser accesses, using the same +mechanisms on their site as any other standards based browser, including +the use of a referrer url, which is a feature all web browsers employ. + +It accesses absolutely no content not otherwise available to the user in +any other web browser. + +I must emphasize to the complainant that a DMCA notice is drafted under +penalty of perjury and that simply saying you are making it in good +faith is not the only criteria for determining good faith-- as such it +would be well advised not to file further frivolous legal notices to +cause annoyance, disruption, damages. + +In furtherance of that, please be aware that continued malfeasance +could result in legally protected development of new +features, as well as co-location of the source code -- by someone that +clearly eclipses even the apex points of software engineering and +architecture design at your client's organizations. I strongly +encourage you to research both this issue and your correspondent +further before deciding that a response is appropriate. + +I have received no offer for purchase of my intellectual property from Match Group. Surely that would be a more appropriate and productive talk. + +I have read and understand GitHub's Guide to Filing a DMCA Counter +Notice. + +This communication to you is a DMCA counter notification letter as +defined in 17 USC 512(g)(3): + +I declare, under penalty of perjury, that I have a good faith belief +that the complaint of copyright violation is based on mistaken +information, misidentification of the material in question, or +deliberate misreading of the law. + +I ask that Github, upon receipt of this counter-notification, restore +the material in dispute, unless the complainant files suit against me +within ten (10) days, pursuant to 17 USC 512(g)(2)(B). + +My name, address, and telephone number are: + +[private] + +I hereby consent to the jurisdiction of Federal District Court for the +judicial district in which I reside. + +I agree to accept service of process from the complainant. + +No content identified by the complainant is infringing of their +copyrighted works, bypasses any technological measure of access control, +and all content referred to consists entirely of my own copyrighted and +licensed work except where expressly stated in the source code-- source +code which easily verifies every point in this counternotice. I did +expect github to protect me and my projects from frivolous complaints of +this nature, so, I'm disappointed, but hopefully this clarification resolve the +issue. + +Best regards, +[private]