What3Words sends legal threat to a security researcher for sharing an open-source alternative

[Lightwreather]

Summary

A U.K. company behind digital addressing system What3Words has sent a legal threat to a security researcher for offering to share an open-source software project with other researchers, which What3Words claims violate its copyright.

 

Quotes

Quote

Aaron Toponce, a systems administrator at XMission, received a letter on Thursday from a law firm representing What3Words, requesting that he delete tweets related to the open-source alternative, WhatFreeWords. The letter also demands that he disclose to the law firm the identity of the person or people with whom he had shared a copy of the software, agree that he would not make any further copies of the software and to delete any copies of the software he had in his possession.

The letter gave him until May 7 to agree, after which What3Words would “waive any entitlement it may have to pursue related claims against you,” a thinly-veiled threat of legal action.

“This is not a battle worth fighting,” he said in a tweet. Toponce told TechCrunch that he has complied with the demands, fearing legal repercussions if he didn’t. He has also asked the law firm twice for links to the tweets they want deleting but has not heard back. “Depending on the tweet, I may or may not comply. Depends on its content,” he said.

U.K.-based What3Words divides the entire world into three-meter squares and labels each with a unique three-word phrase. The idea is that sharing three words is easier to share on the phone in an emergency than having to find and read out their precise geographic coordinates.

But security researcher Andrew Tierney recently discovered that What3Words would sometimes have two similarly-named squares less than a mile apart, potentially causing confusion about a person’s true whereabouts. In a later write-up, Tierney said What3Words was not adequate for use in safety-critical cases.It’s not the only downside. Critics have long argued that What3Words’ proprietary geocoding technology, which it bills as “life-saving,” makes it harder to examine it for problems or security vulnerabilities.

Concerns about its lack of openness in part led to the creation of the WhatFreeWords. A copy of the project’s website, which does not contain the code itself, said the open-source alternative was developed by reverse-engineering What3Words.

“Once we found out how it worked, we coded implementations for it for JavaScript and Go,” the website said. “To ensure that we did not violate the What3Words company’s copyright, we did not include any of their code, and we only included the bare minimum data required for interoperability.”

But the project’s website was nevertheless subjected to a copyright takedown request filed by What3Words’ counsel.Toponce — a security researcher on the side — contributed to Tierney’s research, who was tweeting out his findings as he went.

Toponce said that he offered to share a copy of the WhatFreeWords code with other researchers to help Tierney with his ongoing research into What3Words.In its letter to Toponce, What3Words argues that WhatFreeWords contains its intellectual property and that the company “cannot permit the dissemination” of the software.Tierney, who did not use WhatFreeWords as part of his research, said in a tweet that What3Words’ reaction was “totally unreasonable given the ease with which you can find versions online.”

In a statement, What3Words chief executive Chris Sheldrick said: “The specific incident we’ve taken action against stems from an unauthorized version of our software which was offered for distribution. This includes a set of non-trivial, proprietary binary data resources. As stated in our letter, we aren’t requesting that criticism of us or our software is taken offline.”

When reached, a What3Words spokesperson was unable to immediately point to a case where a judicial court has asserted that WhatFreeWords has violated its copyright.

 

My thoughts

In my honest opinion, I feel that this is pretty sad. A larger company using its power to force an open-source competitor down. Now, I must admit, I may be a little biased because I am an advocate for Open-source but this is still pretty serious. I'm guessing that the security researcher isn't associated with a university with legal council to pen "haha, no" responses.

Sources

https://techcrunch.com/2021/04/30/what3words-legal-threat-whatfreewords/

[AMD A10-9600P]

Seems fairly harsh to me.

 

That said, the name might have been what annoyed them most.

 

Edit = I've just read a bit further into this, because the reaction seemed disproportionate for just making his own version. It turns out the guy did some slightly dodgy stuff, I'm gonna have to side with What3Words here. It seems they're worried that the guy went through their own code and wanted to pass it off as their own.

[aom]

The fact that the open source alternative was developed by reverse engineering the product and took data "for interoperability". Even if none of the original code is in it, the fact that they likely decompiled it and saw how it worked and wrote code based on their observations is very sketch to me. 

 

He must not be affiliated with a university because this would be a huge violation at least from my limited experience in a research lab.

[wanderingfool2]

A bit ironic that you copied nearly the entire article in an article about copyright (I know it isn't strictly irony, but still).  You shouldn't really do that

 

31 minutes ago, J-from-Nucleon said:

In my honest opinion, I feel that this is pretty sad. A larger company using its power to force an open-source competitor down. Now, I must admit, I may be a little biased because I am an advocate for Open-source but this is still pretty serious. I'm guessing that the security researcher isn't associated with a university with legal council to pen "haha, no" responses.

While I dislike the copyright system, they literally named their clone very similarly and ran with the same concept that made What3Words unique.  To be clear as well, they used reverse engineering to make their project happen...so I feel that the researchers have little ground to stand on.

 

This isn't a larger company taking their competitor down just to do so, this is a larger company seeing someone who took their idea, reversed engineered and created a similarly named program to compete.

 

[Fasterthannothing]

From my understanding to properly reverse engineer a product without violating copy write laws and to stand up to them in court you need to a lot of things to happen. You need someone who has never read the exact code or had inside knowledge of how it works. You need someone else to be able to construct the software without ever knowing about said product once the software is written (you need a fully documented process for the construction of the program without relying on the thing you are reverse engineering). Plus a bunch of other stuff like having a license in the software that doesn't prohibit reverse engineering.

 

https://www.eff.org/issues/coders/reverse-engineering-faq#faq13

[Tenelia]

On 5/2/2021 at 10:19 PM, J-from-Nucleon said:

In my honest opinion, I feel that this is pretty sad. A larger company using its power to force an open-source competitor down. Now, I must admit, I may be a little biased because I am an advocate for Open-source but this is still pretty serious. -snip-

I mean, regardless of how you wanna take this, open-source is the baseline. If your product/service can't even compete against that, it's time to go back to the drawing board.