dmca/2018/2018-05-04-MatchCounterNotice.md

Match Group, LLC:

I am the owner of the intellectual property called "Pofapi".

This letter is a formal response to a DMCA filing, alleging that my
software, Pofapi, is designed to circumvent technological measures that
effectively control access to at least one of Match Group, LLC's
copyright-protected works, and alleges that the following files
fit this criteria:

- github.com/cmpunches/Pofapi/blob/master/pofapi/POFSession.py  
- github.com/cmpunches/Pofapi/blob/master/BroadcastExample.py  
- github.com/cmpunches/Pofapi/blob/master/PhotoSpread.py

I believe the claims of copyright infringement are inaccurate and should
be rejected because:

The complainant misrepresents the basic functionality of Pofapi for fundamental premises of its complaint.

The complainant misrepresents the functionality of standard browser features as access
control mechanisms.

The complainant misrepresents the content that Pofapi accesses.

The complainant misrepresents.

The complaint reads: "This content is designed to circumvent Match
Group’s technological protection measures by forging user-agent and
referrer HTTP headers to misrepresent the source of the HTTP requests.
This content allows users to bypass the official POF network and
improperly access the POF backend system to extract proprietary
information from Match Group’s servers".

This is a patently false representation of the way Pofapi accesses its
content -- as can be plainly seen by even a basic code analysis of any
version of Pofapi ever commited to that repository, Pofapi has not, nor
has it ever "bypassed the POF network", nor does it "improperly access
their backend". Furthermore, nor does it access proprietary or
restricted information not available in any other browser. Furthmore,
nor does it bypass access control mechanisms of any kind.

The Pofapi browser library does not bypass any technological measure
that controls access to *any* content of their site and does not access
any information from their network not otherwise available to other
browsers or browser libraries not otherwise available to any user using
it, and does not access any of that content using means not used by any
other browser.

In fact, Pofapi interfaces compliantly with all technological measures
to control access on POF's site in accordance with global web standards
over HTTP/HTTPS, connecting to the same endpoints, accessing the same
content, and viewing the same data as any other browser using the same
transport and mechanisms as all other web browsers connecting to their
site, allowing access to no more information than mainstream browsers
and the libraries that drive them, with substantially less features than
mainstream browsers and browser libraries: It is, in fact, an atomic
example of exactly what any other browser does: It accesses the HTTP
endpoint, downloads the content in HTML and Javascript using a client
(browser) library, and then renders that content to the user after
parsing it with an engine -- as any reasonable website author would
expect their site to be consumed by literally any standards-compliant
browser currently on the market, including Firefox, Google Chrome,
Internet Explorer and Opera.

In continuance of this, if it is Match Group's contention that every
browser on the market violates their copyright by the nature of the
open standards that drive them and those browsers' architectural designs
and procotol usages, then the claim can not have been filed in good
faith as a website can not be designed in such a way that the only means
of users accessing them, which predate their existence by decades,
violates their copyright or other intellectual property and still be
designed in good faith. I defer the complainant to Title 17 USC, SS
512(f) for clarification on penalties for filing frivolous DMCA
takedowns notices without merit.

Furthermore, while Match Group maintains a private API for its POF
service, and licenses that API's copyrighted material to authorized
users pursuant to a limited license contained in the POF TOS, Pofapi
does not access that private API and does not access any content not
accessed by every other web browser in existence.

While the complainant states that they employ log auditing as a
technological measure of access control, it is, in fact, not a means
of access control. An access control does not meet that definition, and
the user-agent header can not be 'bypassed to gain unauthorized access'.

The widely understood purpose of a user-agent header is for content
negotiation for browser compatibility and is neither bypassed nor is an
accesss control mechanism -- by the nature of its design it is not able
to be /used/ as one either, and is not in the case of POFapi.

The usage of a user-agent header on the server side is so that content
optimized for a specific browser can be served. It is not able to serve
as an access control mechanism, and is in no way imaginable a security
feature or a "technological mechanism to effectively control
access" to any feature on any website by the nature of what it is. To
say otherwise, or to attempt to use it in this fashion, would be a
misunderstanding of the basic technologies in use.

Furthermore, the ability to determine the source of requests or collect
data from users about what browser they are using is not a
copyrightable ability and the data string used for it is entirely at
the discretion of users to share by the nature of what it is and where
it is. Nor is it an access control measure.

Using a user-agent string in Pofapi that is consistent with the browsers
the Pofapi developers ensures consistency between development and
testing. The content served to our browsers is the same content served
to Pofapi. That can't even be construed as "bypassing a technological
mechanism to effectively control access" and strains the definition of
the concept of "good faith" when paired with even an introductory
understanding of how these tools and components work.

Furthermore, the complainant states that they employ referrer header
checks in post-connection log audits as a means of access control, which
also does not meet the definition of a technological measure to control
access and is not a thing that can be 'bypassed to gain unauthorized
access' by the nature of what the referrer header is and how the
complainant has already stated that they use it.

A referrer check is to prevent cross-site forgery requests, which Pofapi
does not and can not make to POF servers by the nature of its design. It
simply is not able to serve that function in any design.

The complainant can not reasonably construe our use of a
referrer header in consistency with all other browsers as bypassing an
access control mechanism without changing either the definition of the
referrer header or changing the definition of an 'access control
mechanism'.

The user's choice of web browser to access a website is not a
copyrightable intellectual property.

Pofapi uses standard web browser components internally, to access
the same material a GUI browser accesses, using the same
mechanisms on their site as any other standards based browser, including
the use of a referrer url, which is a feature all web browsers employ.

It accesses absolutely no content not otherwise available to the user in
any other web browser.

I must emphasize to the complainant that a DMCA notice is drafted under
penalty of perjury and that simply saying you are making it in good
faith is not the only criteria for determining good faith-- as such it
would be well advised not to file further frivolous legal notices to
cause annoyance, disruption, damages.

In furtherance of that, please be aware that continued malfeasance
could result in legally protected development of new
features, as well as co-location of the source code -- by someone that
clearly eclipses even the apex points of software engineering and
architecture design at your client's organizations. I strongly
encourage you to research both this issue and your correspondent
further before deciding that a response is appropriate.

I have received no offer for purchase of my intellectual property from Match Group. Surely that would be a more appropriate and productive talk.

I have read and understand GitHub's Guide to Filing a DMCA Counter
Notice.

This communication to you is a DMCA counter notification letter as
defined in 17 USC 512(g)(3):

I declare, under penalty of perjury, that I have a good faith belief
that the complaint of copyright violation is based on mistaken
information, misidentification of the material in question, or
deliberate misreading of the law.

I ask that Github, upon receipt of this counter-notification, restore
the material in dispute, unless the complainant files suit against me
within ten (10) days, pursuant to 17 USC 512(g)(2)(B).

My name, address, and telephone number are:

[private]

I hereby consent to the jurisdiction of Federal District Court for the
judicial district in which I reside.

I agree to accept service of process from the complainant.

No content identified by the complainant is infringing of their
copyrighted works, bypasses any technological measure of access control,
and all content referred to consists entirely of my own copyrighted and
licensed work except where expressly stated in the source code-- source
code which easily verifies every point in this counternotice. I did
expect github to protect me and my projects from frivolous complaints of
this nature, so, I'm disappointed, but hopefully this clarification resolve the
issue.

Best regards,  
[private]