Instagram took down private unofficial APIs via DMCA

Looks like this is the takedown request: <a href="https:&#x2F;&#x2F;github.com&#x2F;github&#x2F;dmca&#x2F;blob&#x2F;master&#x2F;2020&#x2F;01&#x2F;2020-01-22-facebook.md" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;github&#x2F;dmca&#x2F;blob&#x2F;master&#x2F;2020&#x2F;01&#x2F;2020-01-2...</a><p>The core allegation is:<p>&gt; Mgp25’s Instagram-API repository (and its forks) offers a tool expressly designed to circumvent the Company’s effective access controls and protection measures by avoiding, bypassing, removing, deactivating, or impairing the Company’s technological measures without the authority of the copyright owners or the Company. Mgp25’s Instagram-API is designed to emulate the official Instagram mobile app when communicating with Instagram’s servers, which allows users of mgp25’s Instagram-API to send and receive data (including receiving legitimate, copyrighted posts by Instagram’s users) through Instagram’s private API. Mgp25’s Instagram-API also permits other types of access to, and collection of, Instagram’s users’ copyrighted works in manners that exceed the scope of access and functionality that would be permitted by a user with a legitimate, authorized Instagram account.

IANAL. I&#x27;m also assuming this was an HTTP client library.<p>How could this possibly be a violation of copyright, if it&#x27;s just a client that accesses their API? Their API is not truly &quot;private,&quot; just undocumented. If you distribute a free app that calls a remote API over users&#x27; networks, you can&#x27;t make the case that it&#x27;s private, because it&#x27;s clearly accessible from every network&#x2F;connection&#x2F;device. Something exposed to the public cannot simultaneously be private.<p>At least, maybe the author&#x27;s lawyer could argue the above in court.<p>Among many things I hate about the DMCA, it&#x27;s that hosts have basically no option other than to respond to takedown requests by actually taking down the content in question, for fear of litigation. It just rubs me the wrong way.

<a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20191207221404&#x2F;https:&#x2F;&#x2F;github.com&#x2F;mgp25&#x2F;Instagram-API" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20191207221404&#x2F;https:&#x2F;&#x2F;github.co...</a><p>&gt; Why did I make this API?<p>&gt; After legal measures, Facebook, WhatsApp and Instagram blocked my accounts. In order to use Instagram on my phone I needed a new phone, as they banned my UDID, so that is basically why I made this API.

You can still find the implem in various language, like this one in js:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;dilame&#x2F;instagram-private-api" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;dilame&#x2F;instagram-private-api</a>

What&#x27;s the difference between scraping while circumventing anti-scraping measures, which certain circuits have upheld as being legal, and what this unofficial API client did?<p>This is an honest question, and not a rhetorical one.

Question, is there any way to design an API such that it can&#x27;t just be reversed into a new client library like this? Certificate pinning makes it harder to MITM but that&#x27;s trivial to disable.

Does anyone have a mirror? I might download this and keep it just in case.

unofficial APIs or unofficial documentation about the APIs? what exactly was this, and if the latter, are the APIs still available?

Now facebook developers&#x27; app approval is so hard. I submit 6 times to review and every time reviewer point a mistake. I&#x27;m building for a tool that sets up a third party API gateway for your 3rd party applications APIs. <a href="https:&#x2F;&#x2F;nocodeapi.com" rel="nofollow">https:&#x2F;&#x2F;nocodeapi.com</a>

I don&#x27;t know the details of the code, so I&#x27;m left with questions.<p>Is the only difference between using this library and using Instagram&#x27;s mobile app the fact that the library is not the &quot;right&quot; web browser?<p>Isn&#x27;t the library simply a different web client accessing a publicly available API? And requests from the library are properly authenticated &#x2F; authorized by Instagram&#x27;s servers through normal means (the library isn&#x27;t bypassing some mechanism, it&#x27;s just not the official app)?<p>If it&#x27;s true that it&#x27;s just a different API client, then there may be some TOS violation, but isn&#x27;t DMCA an overreach? Is there any validity to the claim?

Isn&#x27;t the google vs oracle still on? How did github rule that apis are copyrighted?

If this developer had reversed engineered some documentation about the private API could that also receive a DMCA?

In the author&#x27;s own words, this API was explicitly designed to get round access controls. (see internet archive)<p>So people should be cheering this no? I mean facebook are protecting their users from nefarious developers seeking to get access to people&#x27;s data.<p>The only crit is that it took so damn long to find it. (since 2016!) <a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20160603201221&#x2F;https:&#x2F;&#x2F;github.com&#x2F;mgp25&#x2F;Instagram-API" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20160603201221&#x2F;https:&#x2F;&#x2F;github.co...</a><p>I know thats not whats annoyed most people. But if facebook really are serious about privacy, then they took too damn long