Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My guess at the origins of this project...

Firm somewhere far away where Microsoft's lawyers cannot reach (China?) wanted Skype capability in their product and paid this smart Russian guy to reverse-engineer the Skype client.

Smart guy gets permission to open source it and publishes it with commercial license option with hopes of finding more such clients.

Personally I'd not touch this with a 3-meter bargepole, because I live in a country where people use copyright and trademark law to take people to court, yet it's an interesting project.



Telecommunications products should be based around open protocols. That Skype keeps their protocols to themselves should not be reason enough to send lawyers after software implementing interoperability after reverse engineering.

Re-using the reverse engineered code is the problem, he should have simply used it to spec out the protocol and then use that spec to re-implement it.


One team documents the protocol as a spec. A second team takes the spec and writes implementations. The advantage of this for open source is that when the protocol changes, it's relatively simple for that first team to update the spec, and safe for the second team to update their code.

This is legal and safe. It is how the first clone PCs survived even IBM's lawyers.


> One team documents the protocol as a spec. A second team takes the spec and writes implementations.

How is the first team compensated? or am I missing something?

>This is legal and safe. It is how the first clone PCs survived even IBM's lawyers.

Very interesting. Does anyone have a link to a write up on this? or at least have a place to start looking for info on it?


Not a typical recommendation, but they actually created a not half-bad Television series out of the story. From everything I've read on the subject, the first season of the show actually does stay pretty close to how things actually went down (with some 'dramatic' elements slightly embellished since it is on TV after all). The story is worth reading about (sorry for no recommendations on this), and the show, at least the first season which concerns this issue in particular, is worth watching as well if the topic interests you. The show is called 'Halt and Catch Fire'


As much as I hate to just link to a wikipedia article:

https://en.wikipedia.org/wiki/Clean_room_design

Basically, you need to find developers with no experience at all with the technology (e.g. never used Skype before), and then get another set of developers to reverse engineer the product, and send the spec to the "naive" developers, for lack of a better term.


Two teams in the same firm, as gruez says below. The key is that the second team does not look at the internals of the product, and that the two teams communicate only by specifications of interfaces (physical, software, electronic, etc.) and not of behavior.

This approach to cloning was established long ago (1960's) by IBM's competitors and has always been legal.

You can just google "clean room design", Wikipedia is quite informative on it.

BTW a few early PC firms did try to cut corners and clone the PC BIOS without the chinese wall; they were sued and died. This isn't theory; it's been practice for decades.


> Does anyone have a link to a write up on this?

Here was a little insight:

https://nakedsecurity.sophos.com/2011/06/03/skype-protocol-c...


The "teams" can be from the same organization


> because I live in a country where people use copyright

I live in a EU country where interoperability is a law yet is almost never respected, so I say, fuck copyright in that case.

However, this is not the first successful reverse engineering of skype. Each time they broke compatibility with their next version.


As I said, people use copyright law to take other people to court, and then get money from them. Your "fuck copyright" statement is bold, and one I'd generally agree with, unfortunately it has zero relevance to the legal risks a business would take, using this code in a commercial product, in such a country.


As the author said, the files violating copyright are easy to replace. Let Skype ask for it, it will be 2 more days of work.

The reason why people want to see a clean room implementation is because they are afraid of patent and anticipate US-like silliness like Oracle claiming copyright on an API. Now that this is a very US-specific issue. If you don't plan to market to US, you can just ignore the issue.

I used to work for a French AR company. We were successful and at one point we planned to open offices in the US, but even without having done that, we already had received two frivolous claims by people based in the US (one who claimed he patented the idea of replaying the video at a varying speed). This delayed a bit our opening to the US and the first US employee was... a lawyer.

Do you realize that patents and copyright hell is the reason why, for more than a decade, VLC, a project made by French students, was better at playing videos than Microsoft's player, even when this was seen as crucial? Because France did not have to care for patent litigation.


Patents are another issue. Doesn't specifically affect this project.

And clean-room implementations have no effect on patent violations or claims. None at all. It is entirely a copyright issue. And the issue here is that the same person who disassembled one codebase then wrote a new, equivalent codebase. Thus the new work is a derived work, or at least a lawyer can argue that easily, and thus distributing it for profit is a serious crime. Not even a civil offense, in any EU country. Criminal.


> Thus the new work is a derived work, or at least a lawyer can argue that easily

And this is totally stupid. This amounts to claiming that musicians derive their work from others. Of course they do.


If this is newly written code not based on Skype code then there is clearly no copyright issue. Trademark is a potential problem but easily solved by removing the Skype name from the project.


Lawyers are paid to make cases. Here, it's quite simple. The author of this code saw the Skype code, indeed he admits it. Then he wrote new code. Same person. Your honor, it is unreasonable for him to claim that his new code was not heavily influenced by what he had seen. It is like me listening to a song and then writing a new one "heavily inspired by it", and then claiming I'm not committing copyright infringement.

Lawyers make such arguments all the time and it comes down to who has the time & money to take them to court, and defend against them, and then the judge is a human who decides, and is heavily influenceable.


I have exploited several products that align closely with protocols and/or brand names used by large companies. For every single product, I have received a request to take down my product. And in every single case, after my (kickass, I must add) IP lawyer wrote them a reply, they went away.


What are you saying here, that you are good at skirting the law without breaking it, that all takedown claims are bogus, or that your lawyer is so good one letter can chase away even determined legal action by deep pocketed firms?

Only the first one makes sense, and it has no relevance to the project we're discussing, so it's unclear why you say it.

No disrespect, just trying to understand your point here.


> No disrespect, just trying to understand your point here.

To me the point is pretty clear: Copyright law is also used for chilling effects on recalcitrant projects.


Indeed. Copyright law is more often than not abused (instead of used) by large companies. If you are careful + understand the law and what you're doing, 99% of claims turn out to be bullshit.


In Europe, reverse engineering a protocol + building a commercial product on it, is legal. You cannot copyright a protocol or an API, if you built something merely by studying how it works.


The issue here is this appears likely to have been created by disassembly rather than pure study of behavior.

Is that legal in Europe?


I'm not entirely sure of that. If you would have two teams though, it would. Team A creates a spec of the protocol, and Team B implements a connection lib based on the spec created by Team A.

Europe tends to be pretty good through, copyright wise.


Yes, clean-room reimplementations are legal everywhere. The problem with this code is it's not clean room. This leaves commercial users open to serious accusations of copyright infringement (as in, criminal prosecution.) See my comments in the thread. IANAL and my analysis is based on the README of the project.


Disassembly by a team that results in new code written by the same team is not legal in any country that enforces copyrights. That includes the EU. Possibly excludes Russia and probably excludes China unless the owner is a large Chinese company.

In fact I'd be surprised if this code isn't taken off GitHub by a DCMA from Microsoft, as soon as it hits their lawyers' radars.


> Disassembly by a team that results in new code written by the same team is not legal in any country that enforces copyrights.

It's not illegal in itself. But you are easily opening yourself up to claims that the code you have written has been "tainted" by the disassembled code you have read and has therefore become a derivative work, which is going to be very to defend hard against.

Also note that even if it is decided that you have made a derivative work you might still successfully launch a fair use defense on the grounds on interoperability, see e.g. Sega v. Accolade[1].

That said, doing a proper clean-room reverse engineering with two teams kept separate is a much safer approach.

[1]: https://en.wikipedia.org/wiki/Sega_v._Accolade


Thanks for correcting me.


Probably. No DMCA here.


Directive 2009/24/EC has very similar implications, however.


> Personally I'd not touch this with a 3-meter bargepole, because I live in a country where people use copyright and trademark law to take people to court, yet it's an interesting project.

You feel using it would open you up to a copyright claim?


If I used this in a commercial product, it would be trivial (absolutely trivial) for the owner of the original product to take me to court for illegal distribution of their copyrighted works, based on the argument that the code I was distributing (for profit!) was written by someone who (by own admission in public) had reverse-engineered the original product.

IANAL but I'd be willing to bet money on this.

The only questions would be (a) is the original product one that matters enough to protect in such a way and (b) does the owner of that original product have the money and lawyers to start such legal actions.

This isn't some random app. This is one of Microsoft's crown jewels we're talking about.


As long as you didn't use any of the original Skype code, you have nothing to fear (if you're based in Europe)


> As long as you didn't use any of the original Skype code, you have nothing to fear (if you're based in Europe)

The original Skype code is clearly not available to anyone outside the original Skype team or some team inside Microsoft. What is publicly available is a binary that is produced from this code.


I made a quite clear explanation of the argument a lawyer would use. This open source client is in effect a pirate copy of the closed source client. I expect it will disappear from Github rather soon.


It is a derivation.


It's not a derivative of the presentation of the artistic elements of a work. It's derived from the technical working of a piece of software.

The elements of the software doing novel technical stuff might be patented, but copying the technical working is allowed. Copyright doesn't protect technical aspects.

If the project copies the UK of Skype, then that's a tort. If it copies the written code or uses the human reading of that code to derive a new codebase, then that's a tort. If it copies the technical implementation, how memory is accessed, what codecs are used, what packets are sent and when ... that's not copyright infringement.


I doubt it. What prevents a Chinese citizen from installing Skype? Nothing. It's the payment and protocol that are blocked.

Looks useful for command and control type applications though.


It's not blocked. However, if you download in China you get a version specifically compromised for Chinese government surveillance.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: