Sunday, August 30, 2015

My Response to Whatsapp's (?) Cease and Desist Notification Against Me

I'd received a letter in legalese from someone who claims to be WhatsApp's lawyer asking me to do certain ludicrous things. Here's my response.

Dear RAB,
This is in response to your email on 4th August titled "WhatsApps’s Cease and Desist and Demand Against Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp". Let me make it clear to you at the outset that your email "threat" was completely inappropriate and wrong for various reasons which I shall elucidate in this mail. 

I understand that you have not even gone through my code and rather just did a search for "whatsapp" on my github repositories before sending me this stuff. I understand it because you tell me that "QRtoWhatsapp expose[d] WhatsApp users to anonymous messages that others may use to deliver solicitations or malicious software to WhatsApp users." A cursory knowledge of Android programming and the patience to first go through my code before accusing me of something should have let you known that QRtoWhatsapp was a program that scans a QR code and starts an Intent, which is the official way for inter-process communication on Android, thus allowing someone to easily share the message behind a QR code to WhatsApp.

Like QRtoWhatsapp, python-whatsapp-bot and pyWhatsapp both had whatsapp only in their names. They could as well have been called python-bots and most of the code in those programs were not even mine, but copies of others' code released in permissive licenses. They were of generic nature and could have been used to build a program which responds to commands. Of course I also gave links to instructions to connect it with Yowsup. But the following accussations in your email is totally wrong.
you will not attempt to reverse engineer, alter or modify any part of the Service;
I haven't attempted to reverse engineer, alter or modify any part of your service. I love free and open source software. And I love FOSS precisely because I can understand how it works without struggling through reverse engineering or whatever. If you gave me three months of holidays, I wouldn't spend a minute on trying to figure out how a proprietary software works.

The most I have tried to understand how WhatsApp works is by being a power user and testing all the features WhatsApp provides. When WhatsApp introduced blue check marks, or voice call, or groups of 50, or 100, I was probably among the first few users to notice or use those features. Because I used to care for WhatsApp.
you will not duplicate, transfer, give access to, copy or distribute any part of the Service in any medium without WhatsApp’s prior written authorization;
I haven't done any of these because I have only as much access to WhatsApp's "Service" as any other user. I have had no connection with anyone who develops WhatsApp and I do not have the magic power to obtain access to your "Service" through any other medium.
you agree not to collect or harvest any personally identifiable information, including phone numbers, from the Service;
You (and WhatsApp) are being ridiculous. WhatsApp's entire business is on connecting people through their phone numbers. I cannot communicate to someone on WhatsApp without first knowing their phone number. If I already know someone's phone number, why would I "harvest" it from WhatsApp?

Also, when I am added to a group on WhatsApp, it shows me phone numbers and nickname of everyone whom I don't already have in my contacts. What am I supposed to do with these phone numbers? If I save them to my phone's contacts using WhatsApp's own "add to contacts" option, am I harvesting their personal details?
you will not interfere with or disrupt the integrity or performance of the Service or the data contained on the Service; and
I have not. Since WhatsApp wouldn't allow multiple clients to connect with the same phone number, I couldn't even run my own bots on WhatsApp.
you will not attempt to gain unauthorized access to the Service or its related systems or networks.
I haven't attempted this because I don't care and I don't think I can gain access even if I try (because WhatsApp should have set up some really strong security in there).

You accuse me of:
using the names “Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp” and “WhatsApp” which creates confusion about the origin of Python--whatsapp-bot, pyWhatsapp, and QRtoWhatsapp; 
But this is unfounded fear. People who use Github probably know the difference between free software and proprietary software. They know that WhatsApp has no love for free software and therefore wouldn't ever have any source code open to scrutiny. Therefore, this confusion you describe is imaginary.
using (and/or facilitating the use of) the WhatsApp registration system to generate credentials for and authenticate unauthorized clients and services in violation of the WhatsApp Terms of Service;
reverse engineering, altering, modifying, copying, using, or redistributing WhatsApp code, and/or circumventing certain technical measures put in place to protect WhatsApp’s Service, IP, and WhatsApp users; and
enabling users of unauthorized clients and services built using Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp to circumvent technical measures to protect WhatsApp’s Service, access the Service without authorization, and violate WhatsApp’s Terms of Service.
These are all wrong accusations as explained earlier.
Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp willfully exploits WhatsApp’s Service, undermines the goals of WhatsApp, and intrudes upon and undermines the service experience of the community of WhatsApp users.
This is where I have serious disagreement with you. If bots worked properly, they would only add to the experience of the community of WhatsApp users. This can be easily seen from how Telegram messenger introduced an official API to build bots. Maybe WhatsApp should stop thinking that it is the best messaging platform on Earth right now.

Your demands and my responses:
Cease all promotion and distribution of Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp at all distribution points, including GitHub repositories (e.g. https://github.com/asdofindia/python-whatsapp-bot; https://github.com/asdofindia/pyWhatsapp; https://github.com/asdofindia/QRtoWhatsapp), websites (e.g. http://asdofindia.blogspot.com/), and social media accounts, and confirm you will not in the future develop, sell, offer for download, and/or distribute Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp or like code and resources;
I have removed the repositories from github on the day you sent me the email because the very act of sending such a mail offended me. I used to think WhatsApp was a cool software but now I realize it isn't. I do not care about WhatsApp any more to be developing anything related to WhatsApp.
Confirm you will not in the future develop, sell or offer any unauthorized code, resources, services or products that interact, or enable other to interact, with WhatsApp services, products, or users;
Like I said, I f***ing don't care any more. You can be assured that I will not even talk good about WhatsApp any more, let alone interact with it.
Cease using the terms “Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp,” “WhatsApp” and any other terms or logos confusingly similar to WhatsApp in connection with any code, resource, product or service you currently offer and may offer in the future;
I'll continue using the name WhatsApp when I mean WhatsApp. I shall make sure that nobody is confused which WhatsApp I mean when I refer to WhatsApp in sentences like "WhatsApp sucks".
Account for and disgorge all profits you have obtained from the development and distribution of Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp;
I have not obtained any profit from the development of these programs. I have only incurred losses of time and energy.
Compensate WhatsApp for the damages it sustained from your distribution of Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp;
Compensate WhatsApp for damages associated with Python-whatsapp-bot, pyWhatsapp, and QRtoWhatsapp’s infringement of WhatsApp’s IP; and
You should rather give me compensation for the insults and threats you hurled on me and for the effort I have wasted on making WhatsApp any usable.
Immediately take steps to preserve all documents, tangible things and electronically-stored information potentially relevant to the issues addressed in this letter, as those could be potentially relevant and discoverable materials in connection with any legal proceeding WhatsApp may choose to pursue against you or Python-whatsapp-bot, pyWhatsapp, and  QRtoWhatsapp.
Yes, that is why I'm writing this response as a post on my blog.
WhatsApp and its affiliates have taken technical steps to deactivate your WhatsApp, Facebook, and Instagram accounts, and hereby revoke your  limited licenses to access WhatsApp’s, Facebook’s, or Instagram’s websites and/or to use any of their services for any reason whatsoever. This means that you, your agents, employees, affiliates, or anyone acting on your behalf (“You” or “Your”) may not access the WhatsApp, Facebook, and Instagram services, websites, apps, networks, platforms, or otherwise (“Platforms”) for any reason whatsoever.
Please feel free to delete all my accounts on these platforms. Also I demand that you (or your client) do the following:
  • Delete all the data you have stored with or without my permission on the servers of Facebook/WhatsApp/Instagram.
  • Delete all the metadata you have collected from me with or without my permission.
  • Publish the details of all the data about me that you have handed over to any third party (NSA, advertisers, or anyone who is not Whatsapp/Facebook/Instagram). Take all steps possible to remove the data from those third party servers.
  • Delete all the groups I have created on WhatsApp/Facebook.
  • Remove the accounts of or give a warning to all users who have joined WhatsApp/Facebook/Instagram through an invitation sent by me.
  • Stop interfering in the Internet experience of millions of Internet users in India and other countries through programs like Internet org. (More about this later)
WhatsApp's log from their site. Probably a TradeMark violation by using it here.
Some friendly advice to WhatsApp and its new boss
WhatsApp was a cool thing when it was born. So was Facebook. That's why people like me started using those services. That's why we asked our friends to start using those services. That's why some of us continue using WhatsApp/Facebook even now.

But that doesn't mean these things will continue to be cool no matter what you do to it. In my opinion, WhatsApp is no longer cool. It does not support multiple devices, cloud sync, or sending files. It does not have a proper desktop/web client that works on its own. (Copy some good things from Telegram, maybe?).

To be a programmer is to automate things. Programmers have built automation on top of every popular communication medium (Jabber, IRC, diaspora, even facebook). WhatsApp cannot be an exception to this rule. Yet, unlike other instant messaging services, you continue to staunchly believe that automation shouldn't be possible on WhatsApp. That makes WhatsApp uncool too.

Services like WhatsApp relies on power users to gain traction. I am a power user myself. I am among those who start using your app before 1% of the world have heard of it. We are the people who bring traction to your apps. We are the people who dare into the unexplored and explore choices to their fullest. By sending hate mails to people like me, you're alienating the very people who made your service a success. I understand that you have gained the critical mass required to sustain without power users like me. But should you continue doing such hateful things, we will make people switch because we can.

So with Facebook. If you cannot continue to innovate, you'll fail. Just because you can change the algorithm at will to push posts from pages down, you shouldn't be asking pages to pay dollars to make themselves heard to their own hard earned fans. You shouldn't arbitrarily censor people. You shouldn't try to suppress social revolutions. You shouldn't interfere in people's social lives. The very fact that you continue doing these harmful things to the society means that you've become arrogant. You've forgotten your modest beginnings. And people will find out. They will switch away from you just like they switched away from others to you.

Maybe you understand. Maybe that's why you're now trying to restrict people's access to what services they can access on the Internet. Maybe that's the reason you push for misnomered schemes like Internet org which gives people easier access to your own services.

But I warn you and challenge you. You cannot continue being successful with strategies like this. You will fail. Walled gardens like yours will be replaced by open, vibrant spaces. Diversity will become the norm and monochromatic services like yours will become history. The Internet is not your property and it will not be. And we will protect that rich, diverse, free Internet.

Broad-chested,
Akshay


If you like what you're reading, subscribe!

Get posts via email:

Friday, August 21, 2015

Don't put all your eggs in one Wikipedia

If you have ever tried creating a wikipedia article on a not so popular subject you know how it gets flagged for speedy deletion even before you make the second edit on the page.

For example, I recently tried creating a page for Swathanthra Malayalam Computing which anyone active in the free software sphere of Kerala would be knowing about. But, it was soon deleted. I have a fairly good understanding of how the WP:NOTE policy works and I was fairly convinced with my knowledge of reliable sources that SMC is notable enough to warrant an inclusion in Wikipedia. So, I started trying to convince the administrator who deleted the page (a non-Malayali, non-Indian) to restore the article. After at least 4 hours spent in writing essays to convince him, the article was partially restored to my User space. I was then asked to edit it, get it reviewed and then move it to the encyclopedia.

This ruthless deletion of content can be understood from one point of view - that of maintaining a high quality encyclopedia which gives people immediate access to a brief summary of a certain topic.

But that's where Wikipedia (or rather Jimmy Wales) becomes slightly hypocritical and arrogant. It's claimed (by who? by Jimmy Wales and many others) that Wikipedia is trying to give people free access to the sum of all human knowledge.

Is this realistic or true? Can Wikipedia be the sum of all human knowledge? Assuming Wikipedia gets enough donations to run millions of servers. Can it include the sum of *all* human knowledge? Or, more importantly will it?

Wikipedia quite clearly allows only encyclopedic knowledge to be included in itself. And there are quite a few guidelines on what content belongs to Wikipedia and what doesn't. This very fact shows that "encyclopedic" is only a subset of all human knowledge and has two corollaries:

  1. wikipedia is not the sum of all human knowledge
  2. the editors will constantly be under pressure to categorize any knowledge as encyclopedic and non-encyclopedic and omit some of the information

This is a handicap wikipedia has put on itself to make itself useful for someone who comes in for a superficial knowledge of a topic. Thus wikipedia easily becomes a ready reference to get an overview of things. But it becomes impossible to go deeper on anything.

And this compulsion to trim articles by removing some facts selectively paves way for problems like the hegemony of asshole consensus.

I believe the problem is that we try to put all our eggs in Wikipedia because we're mistakenly led to believe that only the content that exists in Wikipedia is the content that is worthy of knowing. (Because you see, Wikipedia is the sum of all human knowledge). This is both false and stupid.

Who decides notability on Wikipedia? The editors, based on notability guidelines. And who decides that? People like Jimmy Wales and editors who have significant majority or influence over the policy formation process of Wikipedia?

Currently notability is heavily relying on reliable sources. Who decides reliability? In a world where censorship and political correctness is not unknown, is there a way to be sure that reliable sources are telling you the whole truth and nothing but the truth?

Does these policies and guidelines take into account the perspectives of people who are under-represented on Wikipedia?

How different is Wikipedia from a multi-author blog? Does having a million editors automatically make Wikipedia infinitely better than a blog if what the editors can and cannot do is decided by a smaller set of people?

But, are you saying all codifiable knowledge should go on Wikipedia? Shouldn't there be some kind of curation or peer review of what is right and what's wrong?

What I am saying is that Wikipedia should stop claiming that it is the summum bonum of human knowledge. (This should also help them be less arrogant when trying to push Wikipedia as the only website that people need access to)

It is not, and it can never be.

The closest it can come to that is to become a great foundation for building a federated system in which people can easily get started codifying all the knowledge that they happen to have. In fact, by creating mediawiki software they've done a great deal towards that.

The next step they should embark on is federation. Federation instantly solves all the problems that I mentioned above. Because if one wikipedia doesn't like your content, there would be another wikipedia to accept it. Instead of spending all your time and effort in convincing a random white male admin that your article is worthy or notable, you can spend it on writing down all that you know about your subject on a wiki where it is welcome.

But remember that this is already how the Internet is. The Internet is decentralized and federated. "Knowledge" on the Internet is uploaded by whoever is interested. People have to spend some energy in figuring out what is correct and what's wrong. Instead of censoring anyone, the Internet allows everyone to speak. Peer review and content curation is implemented not by removing content, but by adding more content. If there's something wrong on the Internet, there'll be another article on the Internet explaining why it is wrong.

Wikipedia can help a lot if it tries to facilitate this process by encouraging federation. But instead if it tries to be a centralized authority, it is hampering access to knowledge.

In other words we must give Wikipedia only the importance that it deserves - just another multi-author website on the Internet. Wikipedia is not the sum of all human knowledge; the Internet could be.


If you like what you're reading, subscribe!

Get posts via email:

Saturday, August 15, 2015

Secure Communication on Mobile Phones Using Only Libre Apps

I have previously written why I prefer Telegram over WhatsApp and that gap continues to widen since Telegram introduced an API for building bots and since WhatsApp sent me a legal notice for building a bot.

Meanwhile, one thing we should remember is that despite Telegram's promise that it'll eventually open source all code, its server side code isn't open yet and shows no sign of being open any time soon.

People like me often wonder if there can be a completely free working application for secure mobile messaging.

TextSecure is hailed upon as a solution to this issue by many. But, its developers have trust issues with f-droid and also want Google Play Services installed on the phone which's ridiculous in my opinion. People who'd want to use TextSecure instead of Telegram are the people who would want complete free software on their phones and TextSecure is virtually impossible to be installed on your CyanogenMod phones unless you flash Google apps which beats the entire purpose.

Another approach was brought out by Tox which worked almost like a torrents did, with a peer to peer messaging system. But this consumes large amounts of data on a mobile device and leaves one less than satisfied.

I often tend to like standards based approach in situations like these. And the only long time IM standard that I know of is XMPP. But, the way XMPP is defined right now there are a lot of things that make it unsuitable for the mobile environment.

  1. Nobody is developing a good XMPP based solution.

    There is an app called Conversations which is very very nice. But if you were to list down the steps to get started on it here's how it goes:
    • Buy the app on play store OR allow untrusted sources, download & install f-droid, then download & install Conversations
    • Find an XMPP server
    • Sign up for the XMPP server
    • Notify friends (probably through other means) about your XMPP id
    • Enable encryption manually and only when mutually agreed upon.

    This complicated approach can never get the critical mass of people on it.

  2. That bit about encryption deserves to be a point on its own. As of now, OTR is the most popular solution for encrypted chat on XMPP. But OTR works only if both sender and receiver are online at the same time. OpenPGP based encryption is unreliable. Encryption will probably be solved when axolotl support gains traction.
  3. Contact discovery is more important than we think it is.
  4. Push messaging?

That's where Kontalk comes in. Kontalk is built on top of XMPP and stays as close to standards as is possible. It is encrypted by default and designed to save on the server as little information as possible about the clients.

Kontalk supports push messaging which is a battery saver on mobile phones.

Also, the contact discovery on Kontalk is based on one's phone number (just like on Telegram). This makes it easier to find friends using Kontalk.

But Kontalk still doesn't have group chat support. It doesn't work on multiple devices simultaneously.




The way forward

An ideal mass messaging client should have the following features
  • Easy to use, even for the least technical people.
  • Encrypted.
  • Allow discovery of contacts with existing contact information.
  • Support multiple devices and sync chat history among them.
  • Support group messaging. 
  • Support push notifications.
  • Use as little data as possible.
  • Allow sending files. 
  • Federated. 
  • Follow standard protocols (or create them if none exists)
Both Conversations and Kontalk get some parts of the above feature set correct. But neither fulfills it completely.

Diaspora now has built in XMPP server thus allowing Conversations to connect with it. Once it supports tigase it can be made to also support Kontalk.

Ambitious diaspora pods like poddery.com and diasp.in are certainly dreaming of a social future where diaspora and XMPP are closely knit together to form a standard based, federated, secure, free, self-hostable, cohesive social network infrastructure.


If you like what you're reading, subscribe!

Get posts via email:




One more time, subscribe via email: