>>andyly+(OP)
If anyone wants to see what the integration used to do: https://web.archive.org/web/20230728021205/https://www.home-...

>>andyly+(OP)
I hope the EFF or a similar non-profit steps in here. Bad faith DMCA notices such as this need to be challenged as a matter of principle.

>>andyly+(OP)
This is really sad. I wonder if there is a "McKenzie" like consulting company for MBAs that would explain to them in terms they could understand why it is both more powerful and market affirming to have an open ecosystem which gives you "free" programmers who will add features without you paying them a salary and without having to lay them off once the feature has been implemented.

>>ChuckM+T7
But Twitter and Reddit doesn't need them, so why would I? Sarcasm, of course. Third party devs are just as responsible for the aforementioned website's success as the first party devs

>>andyly+(OP)
In the U.S. legal system, is it possible to create a corporation specifically to do something of uncertain legality, so as to limit the liability?

E.g., could we create a FuckYouMazda corporation, whose sole purpose was to develop this software. And if Mazda successfully sued for copyright damages, the financial liability is limited to the corporation's assets?

>>crmd+k6
The DMCA notice is unclear here. It is odd that it calls out all implementations including both their copyrighted ios and android apps, as well as the client implementations in Javascript and Python.

Presumably neither their ios nor Android app used Python, so direct copyright infringement seems impossible.

It certainly seems likely that this DMCA notice was in bad faith.

>>ChuckM+T7
If you want people to use the official app (if there is/were one, I don't know), and use the app to upsell and market, or collect and sell additional user data, you're not interested in an open ecosystem.

Just remember: they don't just want money. They want all the money.

>>Coasta+Z8
Corporate protections don't work like that, or every petty criminal would be a corporation.

Knowing, deliberate actions of criminality are sufficient to piece the corporate veil.

>>andyly+(OP)
The takedown request is based on

> MNAO analyzed some of the code and determined that the code provides functionality same as what is currently in Apple App Store and Google Play App Store.

Is this really legal? Because in my mind, providing the same functionality does not violate copyright, since the actual intellectual material is new. And I don't think Mazda has a patent on the ability to control your vehicle over an API.

>>css+S5
It looks like the library could remotely start the car. I wonder if they'd care if it couldn't.

I think that's actually not something that would be wise to hook up to an automation platform. A car running in the garage can kill, and 'a human chose to press this button' is an important interlock. After all, you have to swipe your way in to the official app, and to use a key fob you need to hold the button for several seconds.

'How dare Mazda permit this' is a real lawsuit that will happen. Automakers also got sued because pushbutton start is confusing and people would leave the car running after use. There is an active lawsuit right now about push-button gear selectors making it too hard to put the vehicle in park, allowing unexpected rollaways.

>>andyly+(OP)
Mazda is (otherwise) a great and relatively speaking small car company. I agree with ChuckMcM; this is sad.

Note that the complaint appears to have been filed on behalf of Mazda North American Operations.

>>Coasta+Z8
Exactly how liable the shareholders are is going to vary a lot by state. Generally a plaintiff has to show the shareholders exercised excessive control over the corporation such that the corporation is essentially a sham.

However, a person is generally liable for his own torts regardless of corporation. The shareholders might not be liable vis-à-vis the corporation, but the actual programmers and managers doing the infringement could likely be sued individually the same as if they weren't working for a corporation.

>>sp1rit+ga
Most likely this would not stand up in court, given a proficient legal team. I imagine that the hobbyist developer had neither the money nor the inclination to mount a legal defence against a multi-billion dollar company though.

>>sp1rit+ga
If they just provide the same functionality, no. Mazda should lose this under Google v. Oracle. However, reverse engineering is dangerous. They surely read the copyrighted decompiled code. The test is whether the expressive elements of bdr99's implementation are substantially similar.

>>andyly+(OP)
Wrote a letter to my local Mazda place about this. I've had nothing but good experiences with the several Mazda vehicles I've owned (still daily-drive the rotary-engine RX8...). Seeing them engage in what appears to be dmca bullying of a project like Home Assistant feels like a betrayal.

>>malfis+v9
Sorry I wasn't clear: I was specifically asking about limiting the liability of possible civil violations of the DMCA.

I.e., the alleged violations are civil rather than criminal, and a reasonable person might believe Mazda's DMCA claims are unjustifiable.

>>mminer+Ac
> They surely read the copyrighted decompiled code

Do they? When it comes to reverse-engineering mobile app APIs, the usual strategy is to observe the network because it's so much easier than making sense of the disassembled binary.

Even if you can decompile, you'd generally use it as an aid to understand the network captures rather than using it as your primary source.

>>mminer+Ac
This might be the case, but how could Mazda even prove this? Unless they communicate in some weird proprietary binary protocol I could imagine that the API (especially if it's just some JSON/XML REST stuff) can be reverse engineered by MitM traffic analysis.

>>maweki+l9
More importantly, their employees want money and will use whatever means necessary to justify their paycheck.

A Home Assistant integration means people "engage" less with their app and thus whoever is working on it is at risk of irrelevance. Doesn't matter whether this actually translates to more business and money coming in at the top, PM wants their "engagement" and this is an easy way to trade long-term customer goodwill for it.

>>Nextgr+fe
This is what I would usually do as well, self-MiTM and analyze the traffic, reverse engineer from there.

>>jabron+Ia
I have my car (Subaru) hooked to an automation with home assistant. Several, actually. I can start the car in winter by pushing a button in my kitchen, heat it up, and then walk there. But the most important one is that I can turn the car off remotely as well, based on timers and automations. I generally don’t buy the ‘we should not allow this or that because it can be dangerous’. I’m a big boy. Driving is even more dangerous always. Let me choose. Please.

>>mminer+Ac
I've reverse engineered many an API, and I've never done it by decompiling the executable. Also, what's illegal about decompiling an executable?

>>darkr+ic
Even view-source is considered "hacking" and you might easily end up in jail if some dumb judge/prosecutor decides so.

https://www.theregister.com/2022/02/15/missouri_html_hacking...

>>Coasta+jd
I think naming your company `FuckYouMazda` and violating their copyright gives a judge plenty of incentive to pierce the corporate veil.

>>stavro+Gf
They could argue that by viewing the copyrighted code/implementation, you could effectively infringe by (even subconsciously) writing the same/similar code.

There's merits to this claim if you're indeed implementing some advanced, niche algorithm but it definitely wouldn't apply here as all he's doing is calling HTTP APIs, a very generic and common thing to do.

>>sp1rit+pe
If it's HTTPS stuff, they might be claiming that it falls under DMCA 1201 shenanigans.

> (A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

https://www.law.cornell.edu/uscode/text/17/1201

As I understand it, car manufacturers prevent independent repair shops from lawfully obtaining some of the diagnostics information in the onboard computer by encrypting it with a key that sits on the very same drive. Said encryption is the "technological measure that effectively controls access" and using the key to decrypt it is "circumvention" -- naturally, of the "effective" access control.

(https://www.law.cornell.edu/definitions/uscode.php?def_id=17... to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner)

Mazda might be interpreting the SSL certificate as a similar measure and therefore use of the certificate to decrypt traffic as a similar violation.

>>Nextgr+vg
Ah, so it's not the act of disassembling that's the problem, but that you're infringing on the original code's copyright? That makes sense, thank you.

>>malfis+hg
You might be missing my point: the corporation would be premised on its founders' sincere belief that Mazda's DMCA claims were, at best, dubious.

>>crmd+k6
The EFF doesn't give a damn about helping fight specific DMCA abuses unless you're one of the technorati; they're focused on the "big picture."

At best you might get an amicus brief if there's a lawsuit and the lawsuit is high-profile enough for them to be interested.

>>andyly+(OP)
I don't have a Mazda, nor do I use HA but I'd happily contribute to a legal defense fund.

>>lcnPyl+zg
From the posted notice[1], they answered "No" to the question "Do you claim to have any technological measures in place to control access to your copyrighted content? Please see our Complaints about Anti-Circumvention Technology if you are unsure." Is that the same thing you are referencing?

[1] https://github.com/github/dmca/blob/master/2023/10/2023-10-1...

>>gonzal+kf
Here's a really fun one from yesterday's 'midwit' thread:

> I have somehow automated some lights to come on too early in the morning but the specific task/automation I set to do this is nowhere to be found.. I can create and remove new tasks but I'm being haunted by this old task.

Do you have an attached garage? How about if it gets turned on with the door closed at 4am after a daylight savings changeover gone horribly wrong. I enjoy my home assistant but I wouldn't let it control something that can gas me. I've seen way too much weird shit in my iot network to ever trust it with that.

>>37859813

>>jabron+Ia
Potentially valid concerns, but not what copyright law was designed to address. Mazda can easily prohibit their own customers from doing this kind of thing in their terms of service if they want.

>>stavro+Zg
You may have come across this concept already, but this is where clean rooms come in.

One person views the "contaminated" decompiled code and writes a specification. A separate person writes the code based solely on the specification. This is an accepted method of demonstrating that there is no infringement.

>>sp1rit+ga
DMCA != copyright

>>wuuza+gi
Yep, sounds like it, which rules that out. Good to know that it might be on the served notice; I'll look for that next time.

>>jabron+pi
You'll be pleased to know that pretty much no post 2005 car can gas you.

Old cars gassed people with carbon monoxide. Odorless and deadly.

Modern cars make basically none of that. Instead, you'll die of too much CO2.

Luckily, humans are pretty good at detecting gradually increasing levels of CO2 - it's what happens when 5 people are in a car together and someone says "it's getting stuffy in here, turn the vent on!".

Sudden CO2 increases can still kill. But gradual ones like a car gradually producing more and more CO2 likely wouldn't. Even in your sleep, you will wake up and find the air stuffy (it can happen when lots of cave people are all sleeping in a badly ventilated cave, so we evolved to handle it).

However, you shouldn't rely on the above for the safety of people - all it takes is someone to be drunk or taking sleeping pills, and they might not be able to act on their senses... Also, cars where the emissions system has been tampered with or faulty can still produce a lot of deadly carbon monoxide.

>>andyly+(OP)
That is truly frustrating as a customer. You know that person that built the code is putting that Mazda up for sale right now if not setting it on fire as I'd likely do.

These fools really don't like someone building a better mousetrap, particularly when they see it as an exploit of their systems to do so, as they can't track/monetize/charge, etc the usage without the app component. That's really what Mazda is angry about.

As a result of things like these, I'll end up keeping my old non-connected cars as long as possible, environment be damned.

>>jabron+Ia
Mazdas will turn off 15 min after being remote started

>>Nextgr+Re
On the other side of that coin though - Home Asssistant isn't exactly a mainstream app, it's almost exclusively run by tech geeks. The same type of people who are usually willing to mentally cross off brands when they make moves like this.

It's a wash.

>>failra+Tk
What does the C stand for in DMCA?

>>andyly+(OP)
Dammit. I just bought a Mazda and I have Connected Services. The app sucks. Also I was about to spend this weekend trying to figure out how to get it hooked into HomeKit so I could turn on climate controls while getting kids ready in the morning. I’ve used Home Assistant in the past, sad to see it removed.

I guess I’ll just reverse engineer it myself. Good to know it is possible since I can replace the app.

>>Coasta+4h
I don't think that premise really matters.

You could sincerely believe that murder was ok, but that's not going to change how the law would view you murdering someone.

The idea around "piercing the corporate veil" is that you can't just slap a company in front of your actions -- regardless of whether or not you believe your actions are justified or legal -- and avoid legal consequences.

>>london+qm
Man, I live in snow country and every year someone gets killed idling in the winter. Kids idling and hanging out or someone parked eating their lunch. It's true that CO emissions are way down since the mid-aughts rules went in, but it isn't 0 ppm.

The last go-around about the keyless ignitions was kicked off by a 2017 toyota. The story was from 2019

https://www.nytimes.com/2019/06/28/business/keyless-carbon-m...

>>angus-+Mk
Yep, I knew of clean-room reimplementations, I was just wondering whether decompiling is somehow in itself illegal.

>>mminer+Ac
It wouldn't matter anyway, it's unlikely that someone would put up the money to test this in couet.

>>jabron+Ia
If the library can do it, then the API allows it.

>>bastar+xm
Keeping an old car that has already been produced running is almost always the most environmentally friendly choice instead of throwing it away and producing a new car. The only reason to upgrade should be the changes in safety technology.

>>andyly+(OP)
Would be good to have EFF involved as they are good with these kind of nonsense takedowns.

>>hultne+3f
While if possible, it's the best course of action, the truth is these days additions like HSTS make it extremely difficult to MITM.

Additionally, MITM and trying things out on a toaster are one thing, doing the same on a 40k$ machine that can potentially make it impossible to do your commute is another.

This is IMO a prime example where the double team rev eng is key to success: one documents the API, the other uses it without having access to code (whiteroom)

>>bastar+xm
They should buy a Tesla, as they support their API as a first class citizen in the ecosystem.

https://www.tesla.com/developer-docs

https://electrek.co/2023/10/12/tesla-releases-official-api-d...

>>tremon+Up
Cookies!

>>andyly+(OP)
Just in case anyone else would like to send a quick note to Mazda:

https://webpage.mazdausa.com/MazdaStatic/contactus.action

>>sccxy+3g
There were no charges filed in this case. The prosecutor correctly ascertained that the allegations were false and the whole thing was a waste of taxpayer money.

>>ensign+Zx
Yeah, but still it is/was very stressful for this person.

Never know when they decide otherwise. "Hacking/cyber crime" is very wide and open term.

>>andyly+(OP)
When I wrote a HA plugin for my heating system (which involved “reverse engineering” the JS on the front end login interface to break the extremely naive checksum generation that validates requests) I sent an email to that company asking for permission to share it.

They firmly asked me not to do so and kindly asked me to stop using my plugin.

I complied with the first request. For the second, not so much.

Anyway, the moral of the story is that the DMCA was written to GitHub. Your own local clone is no one’s business.

>>stavro+Zg
But disassembling/decompiling doesn't give you anything like the original code!

>>6502ne+AB
That kind of depends on the language, but it's a fair point. I think it might only matter that the general algorithm/solution is the same, not the lines of text themselves.

>>sccxy+Qz
People would be absolutely aghast at how much trouble the law can make for you without ever actually even charging you with anything.

And how relatively easy lawfare can be brought against someone, especially if the person bringing it has infinite money and/or nothing to lose.

>>somehn+zp
If you’re smart you make it so that the API needs a “key” from the app in some way, so that the API being used “registers” as an app usage.

>>jabron+vq
It’s common enough that I’m surprised garage door openers don’t have alarms/ automatic opening.

>>callal+Ar
Cars are rarely thrown away if they’re still operational (which was one of the huge problems with cash for clunkers, those were crushed).

The best reason to buy new is that your mission has changed and the available used vehicles don’t provide a cost effective resource.

>>andyly+(OP)
Angra Mainyu

>>6502ne+AB
It gives you a derivative work of the original code

>>JRKrau+Dc
A daily driver RX-8 that stills drives? How? What's your mileage and oil consumption like. As quirky as the RX-8 was, I liked the car but not the engine.

>>ChuckM+T7
Eric von Hippel at MIT has written a bunch of business-oriented research along these lines (related to "user innovation").

https://en.wikipedia.org/wiki/Eric_von_Hippel

>>andyly+(OP)
Mazda isn't the first car company to abuse DMCA takedowns: https://github.com/toyotha/toyota-na

>>sp1rit+ga
Probably not, but more and more I’ve been reminded that the law only applies if you have the financial means to prove/defend your position in court.

>>andyly+(OP)
Can I still download the code somewhere, is there a mirror?

>>aneutr+Ls
Nitpick: HSTS doesn't interfere with MITM. You're thinking of certificate pinning.

>>Grazes+DH
Not OP, but I know people who mix two-stroke oil with the gas to have better reliability, but AFAIK you need to change apex seals sooner or later.

For me it's sad how such an interesting engine had so many problems.

>>amelia+l91
You are right, I was thinking of stapling but wrote HSTS. Thanks

>>andyly+(OP)
Gosh, it's a good thing for Mazda that this code wasn't open source or anything... https://web.archive.org/web/20230310065424/https://github.co...

Code not being hosted on Github != it being unavailable

>>andyly+(OP)
Could someone start a for-profit law firm that took these kinds of cases on a commission basis?

Could that company join Y Combinator?

I do not care about donating to a legal defense fund. I do want to give to a legal OFFENSE fund.

Nukers need to go to loose everything and die broken and penniless.

>>sp1rit+pe
I would assume Mazda looked at the infringing code and thought it looked suspiciously like their own code.

>>atesti+861
https://files.pythonhosted.org/packages/6f/39/148a82a2f38cf7...

https://files.pythonhosted.org/packages/c8/98/6da75ea926e4b3...

>>amelia+l91
HSTS interferes with MITM when the mobile device in question doesn't allow you to install new certificate authorities (as is slowly becoming the case).

>>Grazes+DH
Many days late on this reply but I am at 120K miles (2008 model). The engine compression is noticeably low now. Before warming up and at low RPM the car really struggles to make it up the hill out of my neighborhood. I've had 3 flooding events that were only fixed by rolling the car down that same hill 3-4 times. I have to slip the clutch a concerning amount when getting into first from a stop.

A new engine at the dealership price of $7K is still going to be cheaper than an equivalently sporty new car though!

>>i-use-+kA
Why? It's also none of their business if you share code to frontend the system they sell to others.

I understand if we're talking zero days and you have reasonable faith the company will attempt to fix, but I presume here we're talking more accessible heating control?