A U.K. company behind the digital addressing system What3Words has sent a legal threat to a security researcher for offering to share an open-source software project with other researchers, which What3Words claims violates its copyright.
Aaron Toponce, a systems administrator at XMission, received a letter on Thursday from a law firm representing What3Words, requesting that he delete tweets related to the open-source alternative, WhatFreeWords. The letter also demands that he disclose to the law firm the identity of the person or people with whom he had shared a copy of the software, agree that he would not make any further copies, and delete any documents that he had in his possession.
The letter gave him until May 7 to agree, after which What3Words would “waive any entitlement it may have to pursue related claims against you,” a thinly-veiled threat of legal action.
“This is not a worth battle fighting,” he tweeted. Toponce told TechCrunch that he has complied with the demands, fearing legal repercussions if he didn’t. He has also asked the law firm twice for links to the tweets they want deleted but has not heard back. “Depending on the tweet, I may or may not comply. Depends on its content,” he said.
U.K.-based What3Words divides the world into three-meter squares and labels each with a unique three-word phrase. The idea is that sharing three words is more accessible on the phone in an emergency than finding and reading out their precise geographic coordinates.
But security researcher Andrew Tierney recently discovered that What3Words would sometimes have two similarly-named squares less than a mile apart, potentially confusing a person’s actual whereabouts. In a later write-up, Tierney said What3Words was inadequate for safety-critical cases.
It’s not the only downside. Critics have long argued that What3Words’ proprietary geocoding technology, which it bills as “life-saving,” makes it harder to examine it for problems or security vulnerabilities.
Concerns about its lack of openness partly led to the creation of the WhatFreeWords. A copy of the project’s website, which does not contain the code, said reverse-engineering What3Words developed the open-source alternative. “Once we found out how it worked, we coded implementations for it for JavaScript and Go,” the website said. “To ensure that we did not violate the What3Words company’s copyright, we did not include any of their code, and we only included the bare minimum data required for interoperability.”
But the project’s website was nevertheless subjected to a copyright takedown request filed by What3Words’ counsel. Twitter even removed tweets pointing to cached or backup copies of the code at the lawyers’ demands.
Toponce — a security researcher on the side — contributed to Tierney’s research, tweeting his findings as he went. Toponce said he offered to share a copy of the WhatFreeWords code with other researchers to help Tierney with his ongoing research into What3Words. Toponce told TechCrunch that receiving the legal threat may have been a combination of offering to share the code and finding problems with What3Words.
In its letter to Toponce, What3Words argues that WhatFreeWords contains its intellectual property and that the company “cannot permit the dissemination” of the software.
Regardless, several websites still retain copies of the code and are easily searchable through Google. Techcrunch has seen several tweets linking to the WhatFreeWords code since Toponce went public with the legal threat. Tierney, who did not use WhatFreeWords as part of his research, said in a tweet that What3Words’ reaction was “totally unreasonable given the ease with which you can find versions online.”
We asked What3Words if the company could point to a case where a judicial court asserted that WhatFreeWords violated its copyright. What3Words spokesperson Miriam Frank did not respond to multiple requests for comment