[wayne]

This level of API obfuscation reminds me of forever ago when MSN Messenger figured out AOL's AIM API, so MSN Messenger could send AIM messages, which annoyed AOL. AOL would make API changes to break MSN, but MSN would update the client and stay ahead. Eventually to make the API uncloneable, AOL changed their payload to exploit a buffer overrun in their own AIM clients that wouldn't be in the MSN clients.

https://nplusonemag.com/issue-19/essays/chat-wars/

[worewood]

I think the most important, and this article left it out, is why exactly this makes the API uncloneable - why couldn't MSN just emulate the buffer overflow behavior like it was doing with everything so far?

As the article says, the client also responded with some code. What I think was happening: the client was responding with portions of its own executable memory, which could be checked by AOL servers.

That way for MSN to emulate that behavior, it would need to have the AIM client's executable code inside itself, which would be an easy win in a copyright lawsuit.

[lliamander]

Why not just send copy written code as part of the payload?

[ATsch]

Especially trademark violations are very effective for this. For example the original GameBoy used it as DRM. The cartridge had to contain a Nintendo(R) logo which was displayed on boot to work, a legal deterrent for publishing unlicensed games that still works to this day.

[sanqui]

Except that the use of copyrighted and trademarked data for means of enabling interoperability has been ruled fair use in the Sega v. Accolade[1] case. So I believe Nintendo's use of the logo in this way is not much more than snake oil.

[1] https://en.wikipedia.org/wiki/Sega_v._Accolade

[timClicks]

Gentle reminder that the USA isn't the only jurisdiction. In countries without fair use, for example, this wouldn't even be able to be applied.

[telotortium]

That case was decided after the initial release of the Game Boy, so it wasn't an unreasonable thing to try at the time.

[taneq]

The TrackIR API does something similar to lock out unauthorised third party client applications.

[spideymans]

Interesting time that was. I don't believe that any of these internet giants would ship a feature that is effectively a hack, in this day and age.

HTC and Palm also engaged in the back-and-forth, when Palm attempted to get their OS to sync with iTunes.

https://www.wired.com/2009/10/palm-pre-itunes/

[Roritharr]

You will be scared to find out that a lot of Fintech has webscraping as an accepted part of their stack...

[piva00]

Yup, not only as accepted part of their stack but also offered as a product that sometimes users need to input their bank details in 3rd party applications from some fintechs.

If you look under the hood there is a lot of grey areas being exploited by fintech, all around...

[saltedonion]

Very interesting. I think this would likely lead to lawsuits today, under a complaint violating DMCA.

[xmprt]

Is there legal precedent for copyrighting APIs?

[djhaskin987]

That's actually the central issue behind the Supreme Court case battle between Oracle and Google right now: whether or not you can copyright apis

[CobrastanJorji]

Indeed, an answer of "no, they're not copyrightable" would leave the world generally how it is today. An answer of "yes, all existing APIs are copyrightable" would be tremendously impactful in all sorts of ways I can't even imagine. Presumably someone would immediately sue somebody else because of a tenuous claim to ownership of, say, HTTP or some JavaScript extension.

Microsoft has filed an amibus brief for the "not copyrightable side," as has the EFF, IBM, Red Hat, and a team of 83 computer scientists.

You should probably note the folks on the "yes, copyrightable" side for future reference as well, including Dolby, the Motion Picture Alliance, SAS, the DoJ, the Recording Industry Association of America, and also 4 CS professors (Dr Spafford of Purdue, Dr. Ding of UC Davis, Dr Hollaar at Utah H, and Dr. Porter at maryland U).

[sneak]

This thread is about web or network service APIs, which, thanks to the CFAA, have broad leeway to dictate what client software you are legally allowed to use to speak to it. It's a grey area and some real bullshit, IMO.

You are talking about programmatic APIs, which is a horse of a different color: a copyright issue, which is still being figured out.

It's annoying that we overload the same term for both things.

[stjohnswarts]

That's going to be a really big decision in our world of software. I hope that SCOTUS doesn't side with the devil.

[pc86]

Referring to the other side in a debate as "the devil," aside from being hyperbolic to the point of inducing an eye roll in every reasonable person within earshot, is exactly how the US ended up with a reality TV show host in the White House.

[foobar_]

Can't AOL use some kinda session token for this ? Super confused.