[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:18.76,0:00:20.38,Default,,0000,0000,0000,,*Wikipaka Intro Musik*
Dialogue: 0,0:00:20.38,0:00:29.39,Default,,0000,0000,0000,,Herald: Welcome to the next talk about\Nfree substitution for schools. Yeah. By…
Dialogue: 0,0:00:29.39,0:00:36.20,Default,,0000,0000,0000,,if it was done by Fynn […]. Thank you, for\Nthe translators for translating into
Dialogue: 0,0:00:36.20,0:00:40.98,Default,,0000,0000,0000,,German. Let's start.
Dialogue: 0,0:00:40.98,0:00:47.97,Default,,0000,0000,0000,,Fynn: In general, as you know, teachers\Ncan't always teach as planned, so students
Dialogue: 0,0:00:47.97,0:00:54.20,Default,,0000,0000,0000,,need to be informed when their lessons are\Nmoved in time or space or both, or don't
Dialogue: 0,0:00:54.20,0:00:59.93,Default,,0000,0000,0000,,take place as they should, or they have a\Ndifferent teacher. All that. And for that,
Dialogue: 0,0:00:59.93,0:01:05.26,Default,,0000,0000,0000,,schools create a substitution plan.\NThere's software for that. For example,
Dialogue: 0,0:01:05.26,0:01:09.43,Default,,0000,0000,0000,,Untis. And these substitution plans need\Nto be distributed. And in Germany, a lot
Dialogue: 0,0:01:09.43,0:01:16.71,Default,,0000,0000,0000,,of schools use Digitales Schwarzes Brett\Nor Digital Signage Board or DSB for that.
Dialogue: 0,0:01:16.71,0:01:23.28,Default,,0000,0000,0000,,And it works like this. Um. Oh, yeah. And\Nit works like this that the school uploads
Dialogue: 0,0:01:23.28,0:01:30.50,Default,,0000,0000,0000,,the plan. Pupils can read this\Nsubstitution plan on these DSB screens, on
Dialogue: 0,0:01:30.50,0:01:36.14,Default,,0000,0000,0000,,their mobile devices using the client\Nsoftware developed by Heinekingmedia and
Dialogue: 0,0:01:36.14,0:01:41.96,Default,,0000,0000,0000,,using the website, once they have the\Ncredentials that they acquired from their
Dialogue: 0,0:01:41.96,0:01:46.67,Default,,0000,0000,0000,,school. It's one pair of username and\Npassword for all pupils and one for all
Dialogue: 0,0:01:46.67,0:01:55.84,Default,,0000,0000,0000,,teachers. Well. And this costs money,\Nschools buy way to expensive screens from
Dialogue: 0,0:01:55.84,0:02:01.92,Default,,0000,0000,0000,,Heinekingmedia. And then the schools pay\Nextra for this, uh, fantastic web
Dialogue: 0,0:02:01.92,0:02:07.30,Default,,0000,0000,0000,,interface here where you can sign in and\Nview your substitution plans. You can also
Dialogue: 0,0:02:07.30,0:02:14.53,Default,,0000,0000,0000,,use this mobile app. It's not really good,\Nthough, as I will explain. Um, this is
Dialogue: 0,0:02:14.53,0:02:21.31,Default,,0000,0000,0000,,what it looks like. Things are tiny, as\Nyou can see. It's obviously proprietary
Dialogue: 0,0:02:21.31,0:02:27.45,Default,,0000,0000,0000,,software. It depends on Google Play\Nservices. You need to zoom around. You
Dialogue: 0,0:02:27.45,0:02:31.79,Default,,0000,0000,0000,,need to scroll around to see all the\Ninformation because it's so tiny. So this
Dialogue: 0,0:02:31.79,0:02:39.21,Default,,0000,0000,0000,,is super suboptimal. Um, I don't even know\Nwhy this is so small. If you look it up on
Dialogue: 0,0:02:39.21,0:02:44.63,Default,,0000,0000,0000,,a Web browser, it zooms fine when you have\Na small device. And I really don't know
Dialogue: 0,0:02:44.63,0:02:50.91,Default,,0000,0000,0000,,how that… screwed up like that. It has\Nuseless push notifications like new
Dialogue: 0,0:02:50.91,0:02:55.44,Default,,0000,0000,0000,,content available. It's not not useful.\NAnd you have to click at least one time
Dialogue: 0,0:02:55.44,0:03:00.37,Default,,0000,0000,0000,,too much all the time. And due to these\Nissues, I always wanted something that is
Dialogue: 0,0:03:00.37,0:03:06.48,Default,,0000,0000,0000,,better than DSB mobile. So I began\Ncapturing DSB mobiles network traffic.
Dialogue: 0,0:03:06.48,0:03:13.18,Default,,0000,0000,0000,,Surprisingly, in Android, this is really\Neasy. Um, you can use user friendly
Dialogue: 0,0:03:13.18,0:03:20.09,Default,,0000,0000,0000,,software like HTTPCanary, which is this\None, or packet capture, which is this one.
Dialogue: 0,0:03:20.09,0:03:25.16,Default,,0000,0000,0000,,It's unfortunately proprietary, but I\Ndon't know any non-proprietary software
Dialogue: 0,0:03:25.16,0:03:32.93,Default,,0000,0000,0000,,for this is. If you know any, please tell\Nme. Um, it acts like a VPN provider app
Dialogue: 0,0:03:32.93,0:03:38.75,Default,,0000,0000,0000,,and proxies all the traffic that is going\Nout, uh, through it; installs a
Dialogue: 0,0:03:38.75,0:03:43.38,Default,,0000,0000,0000,,certificate in your system so that apps\Nstill think that the net…work connection
Dialogue: 0,0:03:43.38,0:03:49.79,Default,,0000,0000,0000,,is secure, and then this app will decrypt\Nand store and re-encrypt all the traffic
Dialogue: 0,0:03:49.79,0:03:54.66,Default,,0000,0000,0000,,that is going out and in. And so you can\Nread it, then. Uh, this is essentially
Dialogue: 0,0:03:54.66,0:04:01.66,Default,,0000,0000,0000,,like a attacker-in-the-middle attack that\Nyou're doing yourself on your own network
Dialogue: 0,0:04:01.66,0:04:07.49,Default,,0000,0000,0000,,traffic. Uh, yeah, except on recent\NAndroid versions. Apparently Android
Dialogue: 0,0:04:07.49,0:04:12.77,Default,,0000,0000,0000,,doesn't trust certificates that you\Ninstall, anymore. So you actually now have
Dialogue: 0,0:04:12.77,0:04:20.80,Default,,0000,0000,0000,,to have root access to move them to this\Nlocation /systems/etc/security/cacerts so
Dialogue: 0,0:04:20.80,0:04:25.43,Default,,0000,0000,0000,,that they are ultimately trusted. And that\Nis unfortunate because it makes it a
Dialogue: 0,0:04:25.43,0:04:33.02,Default,,0000,0000,0000,,little more difficult. But in all our\NAndroid versions, it works really easy.
Dialogue: 0,0:04:33.02,0:04:41.35,Default,,0000,0000,0000,,Um, with more effort, this capturing of\Nnetwork traffic can be circumvented by
Dialogue: 0,0:04:41.35,0:04:46.58,Default,,0000,0000,0000,,implementing a kind of certificate\Npinnings so that the app checks beforehand
Dialogue: 0,0:04:46.58,0:04:50.63,Default,,0000,0000,0000,,which certificates it trusts, and which it\Ndoesn't. With more effort, such a
Dialogue: 0,0:04:50.63,0:04:57.35,Default,,0000,0000,0000,,prevention could also be circumvented. Uh,\Nbut DSB Mobile didn't have that, so I
Dialogue: 0,0:04:57.35,0:05:03.62,Default,,0000,0000,0000,,could figure out how this end point works.\NAs you can see, it's called the iPhone
Dialogue: 0,0:05:03.62,0:05:14.25,Default,,0000,0000,0000,,Service. On Android. Using your user ID\Nand password, you can request an auth
Dialogue: 0,0:05:14.25,0:05:20.69,Default,,0000,0000,0000,,token. It has the form of this. Actually,\Nthat's what it looks like when you have
Dialogue: 0,0:05:20.69,0:05:25.98,Default,,0000,0000,0000,,invalid credentials. So if it returns\Nthis, then your credentials are not valid.
Dialogue: 0,0:05:25.98,0:05:35.15,Default,,0000,0000,0000,,It never changes. So I don't know what the\Nuse of this token is. Um, however, DSB
Dialogue: 0,0:05:35.15,0:05:43.34,Default,,0000,0000,0000,,Mobile never stored it, even though it's\Nthe same all the time. So it took one
Dialogue: 0,0:05:43.34,0:05:49.59,Default,,0000,0000,0000,,extra round trip time, every log in to\Nfetch this, never changing auth token.
Dialogue: 0,0:05:49.59,0:05:56.41,Default,,0000,0000,0000,,Using this auth token, you can request\Nyour substitution plan URL, and then once
Dialogue: 0,0:05:56.41,0:06:02.83,Default,,0000,0000,0000,,you have this substitution plan URL, you\Ncan access your substitution plan. OK, so
Dialogue: 0,0:06:02.83,0:06:08.23,Default,,0000,0000,0000,,using this knowledge, I developed a client\Nthat allows me to directly have access to
Dialogue: 0,0:06:08.23,0:06:13.27,Default,,0000,0000,0000,,just the relevant information and I call\Nit DSBDirect. Uh, the very first thing it
Dialogue: 0,0:06:13.27,0:06:19.77,Default,,0000,0000,0000,,did better than DSBmobile is that it\Ndisplay things not as tiny. This is a kind
Dialogue: 0,0:06:19.77,0:06:26.18,Default,,0000,0000,0000,,of old screenshot as you can see. These\NHTML files here can be parsed using a
Dialogue: 0,0:06:26.18,0:06:36.21,Default,,0000,0000,0000,,parser and such that, uh, you can filter\Nit, you can, um, have useful notifications
Dialogue: 0,0:06:36.21,0:06:44.51,Default,,0000,0000,0000,,that I added later on. This is a native\Nlist, not a web view. So it has… it feels
Dialogue: 0,0:06:44.51,0:06:54.44,Default,,0000,0000,0000,,better. And uh, yeah, of course it's not\Nproprietary but Free Software. Uh yeah.
Dialogue: 0,0:06:54.44,0:07:02.42,Default,,0000,0000,0000,,Oh, by the way, this logo, it's supposed\Nto represent my school's logo. Uh, this
Dialogue: 0,0:07:02.42,0:07:08.83,Default,,0000,0000,0000,,one. Hmm. Please don't tell me I did, too\Nbad. OK? At least it's different from the
Dialogue: 0,0:07:08.83,0:07:15.31,Default,,0000,0000,0000,,DSB mobile logo. This endpoint is fun in\Nother regards. The first time I
Dialogue: 0,0:07:15.31,0:07:19.84,Default,,0000,0000,0000,,encountered it, it allowed completely\Nunencrypted connections, and the website
Dialogue: 0,0:07:19.84,0:07:27.50,Default,,0000,0000,0000,,did not redirect users to HTTPS. So\Nactually you'd most of the time input your
Dialogue: 0,0:07:27.50,0:07:34.99,Default,,0000,0000,0000,,username and password and transmit it\Nunsecurely. It supported up to TLS version
Dialogue: 0,0:07:34.99,0:07:42.23,Default,,0000,0000,0000,,1.0, which is obsolete. It supported\NSSLv2, which enables a DROWN attack, which
Dialogue: 0,0:07:42.23,0:07:47.86,Default,,0000,0000,0000,,I didn't quite understand. But apparently\Nthose aren't very likely to be exploited
Dialogue: 0,0:07:47.86,0:07:53.63,Default,,0000,0000,0000,,here. But it could allow attackers to read\Nyour traffic. I informed the company about
Dialogue: 0,0:07:53.63,0:07:59.11,Default,,0000,0000,0000,,this on August 11th. And I believe this is\Nwhen I introduced the "not my fault
Dialogue: 0,0:07:59.11,0:08:05.82,Default,,0000,0000,0000,,grumble" tag in the issue tracker…\Ntracker. They were happy to be informed
Dialogue: 0,0:08:05.82,0:08:17.55,Default,,0000,0000,0000,,about this. On August 22nd, they enabled\NTLS version 1.2, disabled SSLv2, er, still
Dialogue: 0,0:08:17.55,0:08:23.02,Default,,0000,0000,0000,,allowed insecure connections. And I also\Nnoticed that they embedded fonts from
Dialogue: 0,0:08:23.02,0:08:29.56,Default,,0000,0000,0000,,Google and this is obviously bad for\Nprivacy. So I told them about that. Uh,
Dialogue: 0,0:08:29.56,0:08:37.26,Default,,0000,0000,0000,,Twice. September 19th, the iPhone service\N404s if the connection is insecure.
Dialogue: 0,0:08:37.26,0:08:43.86,Default,,0000,0000,0000,,Although Google fonts are still embedded.\NAnyhow, it's October 4th that the iPhone
Dialogue: 0,0:08:43.86,0:08:54.24,Default,,0000,0000,0000,,service is shut down. So I start focusing\Non the new endpoint that apparently the
Dialogue: 0,0:08:54.24,0:09:01.05,Default,,0000,0000,0000,,DSB apps have been using for a while, but\NI didn't notice that. Uh, so I had to
Dialogue: 0,0:09:01.05,0:09:11.29,Default,,0000,0000,0000,,figure out how this data format works. It\Nlooks like this. So you can see it has a
Dialogue: 0,0:09:11.29,0:09:22.87,Default,,0000,0000,0000,,JSON body usi– which has a request, which\Nis an object that has data, which is a
Dialogue: 0,0:09:22.87,0:09:29.17,Default,,0000,0000,0000,,string. So I wanted to figure out how to\Nread this. It looks like base64 when I'm
Dialogue: 0,0:09:29.17,0:09:36.31,Default,,0000,0000,0000,,escaping these slashes, of course, because\Nit's quoted in JSON. Um, however, decoding
Dialogue: 0,0:09:36.31,0:09:41.55,Default,,0000,0000,0000,,this JSON string here did not, er, this\Nbase64 string did not deliver a nice
Dialogue: 0,0:09:41.55,0:09:49.27,Default,,0000,0000,0000,,result. Uh, so I had to look for clues by\Ndecompiling the app. There are online
Dialogue: 0,0:09:49.27,0:09:55.11,Default,,0000,0000,0000,,tools for that. Unfortunately, the app was\Nminified or… which is obfuscated during
Dialogue: 0,0:09:55.11,0:10:00.63,Default,,0000,0000,0000,,compile time, which made the results not\Nvery readable, which means that once you
Dialogue: 0,0:10:00.63,0:10:05.40,Default,,0000,0000,0000,,have it decompiled, you will have, the\Nfirst function that appears is "A", and
Dialogue: 0,0:10:05.40,0:10:09.86,Default,,0000,0000,0000,,the second one is "B" or something.\NFortunately, I don't remember how exactly
Dialogue: 0,0:10:09.86,0:10:15.19,Default,,0000,0000,0000,,I did that. So instead we're going to have\Nto look at whether this was legal or not.
Dialogue: 0,0:10:15.19,0:10:25.68,Default,,0000,0000,0000,,Because that's interesting, too, because I\Nthink it is. Let's look at § 69e UrhG,
Dialogue: 0,0:10:25.68,0:10:30.34,Default,,0000,0000,0000,,copyright law, Urheberrechtsgesetz,\N"Dekompilierung". "Die Zustimmung des
Dialogue: 0,0:10:30.34,0:10:36.52,Default,,0000,0000,0000,,Rechteinhabers ist nicht erforderlich,\Nwenn die," und hier steht "Verviefältigung
Dialogue: 0,0:10:36.52,0:10:41.23,Default,,0000,0000,0000,,des Codes oder die Übersetzung der\NCodeform im Sinne der in § 69c Nr. 1 und
Dialogue: 0,0:10:41.23,0:10:44.05,Default,,0000,0000,0000,,2.," gemeint ist Dekompilierung,\N"unerlässlich ist, um die erforderlichen
Dialogue: 0,0:10:44.05,0:10:46.26,Default,,0000,0000,0000,,Informationen zur Herstellung der\NInteroperabilität eines unabhängig
Dialogue: 0,0:10:46.26,0:10:50.26,Default,,0000,0000,0000,,geschaffenen Computerprogramms mit anderen\NProgrammen zu erhalten, sofern folgende
Dialogue: 0,0:10:50.26,0:10:54.94,Default,,0000,0000,0000,,Bestimmungen erfüllt sind." So. It says\Nyou may decompile without permission when
Dialogue: 0,0:10:54.94,0:10:59.79,Default,,0000,0000,0000,,it is strictly necessary while trying to\Ncreate interoperability between two
Dialogue: 0,0:10:59.79,0:11:06.57,Default,,0000,0000,0000,,programs created independently from each\Nother. Under these conditions. And here
Dialogue: 0,0:11:06.57,0:11:12.27,Default,,0000,0000,0000,,are three conditions. Um, "Die Handlungen\Nwerden von dem Lizenznehmer oder einer
Dialogue: 0,0:11:12.27,0:11:14.93,Default,,0000,0000,0000,,anderen zur Verwendung eines\NVervielfältigungsstückes des Programms
Dialogue: 0,0:11:14.93,0:11:18.87,Default,,0000,0000,0000,,berechtigten Person oder in deren Namen\Nvon einer hierzu ermächtigten Person
Dialogue: 0,0:11:18.87,0:11:23.06,Default,,0000,0000,0000,,vorgenommen". It says, you must have\Npermission to use the program. Hey, I
Dialogue: 0,0:11:23.06,0:11:27.05,Default,,0000,0000,0000,,think I'm allowed to use the program. I'm\Nassuming I am. My school paid for it.
Dialogue: 0,0:11:27.05,0:11:30.94,Default,,0000,0000,0000,,Second, "die für die Herstellung der\NInteroperabilität notwendigen
Dialogue: 0,0:11:30.94,0:11:36.44,Default,,0000,0000,0000,,Informationen sind für die in Nummer 1\Ngenannten Personen noch nicht ohne
Dialogue: 0,0:11:36.44,0:11:39.48,Default,,0000,0000,0000,,weiteres zugänglich gemacht". So the\Ninformation you want to know is not
Dialogue: 0,0:11:39.48,0:11:44.67,Default,,0000,0000,0000,,already provided. Oh yeah. Actually\NHeinekingmedia didn't document this
Dialogue: 0,0:11:44.67,0:11:48.75,Default,,0000,0000,0000,,obviously. So yeah. This\N*indistinguishable*. Third, "Die
Dialogue: 0,0:11:48.75,0:11:53.54,Default,,0000,0000,0000,,Handlungen beschränken sich auf die Teile\Ndes ursprünglichen Programms, die zur
Dialogue: 0,0:11:53.54,0:11:56.98,Default,,0000,0000,0000,,Herstellung der Interoperabilität\Nnotewndig sind". So you're only planning
Dialogue: 0,0:11:56.98,0:12:03.18,Default,,0000,0000,0000,,the part that contains the information you\Nwant to know. Uh, yeah. I don't think this
Dialogue: 0,0:12:03.18,0:12:10.65,Default,,0000,0000,0000,,Android app is divided into parts. So\Nlet's just, let's just skip that. The law
Dialogue: 0,0:12:10.65,0:12:14.39,Default,,0000,0000,0000,,text goes on stating three things you may\Nnot do with the information you gain from
Dialogue: 0,0:12:14.39,0:12:19.41,Default,,0000,0000,0000,,decompiling. "Bei Handlungen nach Abs. 1\Ngewonnene Informatione dürfen nicht zu
Dialogue: 0,0:12:19.41,0:12:23.52,Default,,0000,0000,0000,,anderen Zwecken als zur Herstellung der\NInteroperabilität des unabhängig
Dialogue: 0,0:12:23.52,0:12:27.39,Default,,0000,0000,0000,,geschaffenen Programmes verwendet werden."\NSo don't use it for other purposes than
Dialogue: 0,0:12:27.39,0:12:31.22,Default,,0000,0000,0000,,creating interoperability,\Ninteroperability with the independently
Dialogue: 0,0:12:31.22,0:12:37.11,Default,,0000,0000,0000,,created program. Oh yeah, of course. I\Nnever did use my knowledge for any other
Dialogue: 0,0:12:37.11,0:12:44.98,Default,,0000,0000,0000,,reasons. Never. "…an Dritte weitergegeben\Nwerden, es sei denn, das dies für die
Dialogue: 0,0:12:44.98,0:12:50.22,Default,,0000,0000,0000,,Interoperabilität des unabhängig\Ngeschaffenen Programms notwendig ist". So
Dialogue: 0,0:12:50.22,0:12:54.60,Default,,0000,0000,0000,,don't tell third parties about the\Ninformation unless necessary for
Dialogue: 0,0:12:54.60,0:13:01.34,Default,,0000,0000,0000,,interoperability. Oh, yes, my Free\NSoftware implementation couldn't be
Dialogue: 0,0:13:01.34,0:13:06.86,Default,,0000,0000,0000,,interoperable if the information wasn't\Npublic. Unless it was Non-Free Software,
Dialogue: 0,0:13:06.86,0:13:10.97,Default,,0000,0000,0000,,which is not obviously. "Für die\NEntwicklung, Herstellung oder Vermarktung
Dialogue: 0,0:13:10.97,0:13:15.43,Default,,0000,0000,0000,,eines Programms mit im Wesentlichen\Nähnlicher Ausdrucksform oder für
Dialogue: 0,0:13:15.43,0:13:19.88,Default,,0000,0000,0000,,irgendwelche anderen das Urheberrecht\Nverletzenden Handlungen verwendet werden".
Dialogue: 0,0:13:19.88,0:13:25.55,Default,,0000,0000,0000,,So don't violate the rest of the copyright\Nlaw. Of course, we're not. Surely,
Dialogue: 0,0:13:25.55,0:13:29.44,Default,,0000,0000,0000,,creating an alternative to something, on\Nits own, doesn't violate copyright law.
Dialogue: 0,0:13:29.44,0:13:36.65,Default,,0000,0000,0000,,Right? So yeah, after doing it, I\Ndiscovered that I did so legally. So I
Dialogue: 0,0:13:36.65,0:13:41.32,Default,,0000,0000,0000,,found a usage of some class related to\Ngzip. So I tried around a bit and figured
Dialogue: 0,0:13:41.32,0:13:50.51,Default,,0000,0000,0000,,you could use this command to decrypt this\Nstring. And guess what it is? It's more
Dialogue: 0,0:13:50.51,0:13:57.18,Default,,0000,0000,0000,,JSON! What an efficient data format.\NYou're hiding our encoded JSON inside more
Dialogue: 0,0:13:57.18,0:14:03.48,Default,,0000,0000,0000,,JSON. Let's look at the data we are\Nsending. Of course, we have a user ID and
Dialogue: 0,0:14:03.48,0:14:09.73,Default,,0000,0000,0000,,a pass. Besides that we have a lot of\Ndata, apparently for statistics. You have
Dialogue: 0,0:14:09.73,0:14:17.20,Default,,0000,0000,0000,,the app's version, you have the package\NID, the device model, the Android version
Dialogue: 0,0:14:17.20,0:14:22.57,Default,,0000,0000,0000,,and API level, the user's language and the\Ncurrent date. I don't know why you have
Dialogue: 0,0:14:22.57,0:14:28.14,Default,,0000,0000,0000,,the date. I think they know the date that\Nthe query arrives at, but, ya, you have
Dialogue: 0,0:14:28.14,0:14:35.01,Default,,0000,0000,0000,,that anyway. You have a… oh sorry, some of\Nthis is redundant from the request header
Dialogue: 0,0:14:35.01,0:14:44.59,Default,,0000,0000,0000,,or user agent that is already sent. I\Ndon't know why they do that twice. Um, you
Dialogue: 0,0:14:44.59,0:14:48.67,Default,,0000,0000,0000,,have App ID, which is a unique-per-\Ninstallation ID, which I at first didn't
Dialogue: 0,0:14:48.67,0:14:54.37,Default,,0000,0000,0000,,know how to generate. And you push ID,\Nwhich is, I'm assuming, an ID generated by
Dialogue: 0,0:14:54.37,0:14:58.78,Default,,0000,0000,0000,,Google Mobile Services now known as Google\NPlay Services to enable push
Dialogue: 0,0:14:58.78,0:15:05.08,Default,,0000,0000,0000,,notifications. So it becomes obvious that\Nthey're able to link requests together and
Dialogue: 0,0:15:05.08,0:15:10.18,Default,,0000,0000,0000,,possibly create usage patterns. What are\Nthey doing with this data? No clue!
Dialogue: 0,0:15:10.18,0:15:17.46,Default,,0000,0000,0000,,There's no privacy policy anywhere. Which\Nof these fields are required? All of them,
Dialogue: 0,0:15:17.46,0:15:23.27,Default,,0000,0000,0000,,but push ID. But most strings can be left\Nempty. So DSBdirect sent the minimal
Dialogue: 0,0:15:23.27,0:15:30.91,Default,,0000,0000,0000,,amount of requested data, which is\Neverything but with empty strings. And
Dialogue: 0,0:15:30.91,0:15:39.66,Default,,0000,0000,0000,,yeah, actually guess what, this server\Nallows insecure connections again. So, uh,
Dialogue: 0,0:15:39.66,0:15:51.67,Default,,0000,0000,0000,,something happened. Um. On some date, the\Nserver side verification of this query was
Dialogue: 0,0:15:51.67,0:15:57.97,Default,,0000,0000,0000,,changed and the field AppVersion suddenly\Nbecame mandatory. I ran some experiments
Dialogue: 0,0:15:57.97,0:16:03.23,Default,,0000,0000,0000,,and found examples of valid and invalid\Nversion names. These are examples of valid
Dialogue: 0,0:16:03.23,0:16:09.85,Default,,0000,0000,0000,,version names. These are examples of\Ninvalid version names. Finally,
Dialogue: 0,0:16:09.85,0:16:14.65,Default,,0000,0000,0000,,AppVersions that aren't real versions of\NHeinekingmedia's apps are accepted anyhow,
Dialogue: 0,0:16:14.65,0:16:28.03,Default,,0000,0000,0000,,like version 7.0.0. We're only at version\N2.5.… I don't remember, 6, I think. So,
Dialogue: 0,0:16:28.03,0:16:33.76,Default,,0000,0000,0000,,DSBlight started sending along some\NAppVersion… its own actually, which was
Dialogue: 0,0:16:33.76,0:16:40.88,Default,,0000,0000,0000,,2.5, and the same as an older DSBmobile\Nrelease. And because I thought maybe
Dialogue: 0,0:16:40.88,0:16:46.72,Default,,0000,0000,0000,,they'd have more server side changes in\Nthe future, I implemented a new system. It
Dialogue: 0,0:16:46.72,0:16:52.35,Default,,0000,0000,0000,,was to prevent server side changes from\Nrequiring an update because that would
Dialogue: 0,0:16:52.35,0:16:57.10,Default,,0000,0000,0000,,mean I have to write change logs because\Nafter it releases are slow because the one
Dialogue: 0,0:16:57.10,0:17:03.13,Default,,0000,0000,0000,,who was uploading it to Google Play for me\Nalso always took a while. And because of
Dialogue: 0,0:17:03.13,0:17:07.73,Default,,0000,0000,0000,,that, there was now a "look for a fix"\Nbutton that creates the news file, which
Dialogue: 0,0:17:07.73,0:17:12.85,Default,,0000,0000,0000,,is located at the repository's root, which\Nallows me to inform users when they can
Dialogue: 0,0:17:12.85,0:17:19.73,Default,,0000,0000,0000,,expect a fix. It allows me to change this\Nbase JSON, that credentials are appended
Dialogue: 0,0:17:19.73,0:17:26.02,Default,,0000,0000,0000,,to which is this without the user ID and\Nuser password. So they're added to this
Dialogue: 0,0:17:26.02,0:17:35.97,Default,,0000,0000,0000,,JSON later. And… in case they checked that\NI added an option to send the real date. I
Dialogue: 0,0:17:35.97,0:17:42.10,Default,,0000,0000,0000,,thought maybe that's what they would do\Nnext. They never did that, unfortunately.
Dialogue: 0,0:17:42.10,0:17:48.76,Default,,0000,0000,0000,,This was the same release as the one with\Nthe version number fix, this one. Uh, we
Dialogue: 0,0:17:48.76,0:17:55.22,Default,,0000,0000,0000,,have good news elsewhere, though. It was\Nthe same day, October 15th, that I
Dialogue: 0,0:17:55.22,0:18:02.00,Default,,0000,0000,0000,,received an email that app.dsbcontrol.de\Nwas no longer accessible on Port 80 and
Dialogue: 0,0:18:02.00,0:18:08.03,Default,,0000,0000,0000,,that Google fonts were now being loaded\Nlocally. This e-mail contained no usual
Dialogue: 0,0:18:08.03,0:18:11.52,Default,,0000,0000,0000,,"bei Rückfragen können Sie sich gerne\Ndirekt an mich wenden", unfortunately,
Dialogue: 0,0:18:11.52,0:18:17.37,Default,,0000,0000,0000,,maybe they didn't want to hear from me\Nanymore. I couldn't verify this at first.
Dialogue: 0,0:18:17.37,0:18:23.29,Default,,0000,0000,0000,,Uh, October 16th, I could verify this. So\Na friend noted that they have slow deploy
Dialogue: 0,0:18:23.29,0:18:29.48,Default,,0000,0000,0000,,times, apparently. Uh, round 3, it's\NOctober 17th, and we're getting an invalid
Dialogue: 0,0:18:29.48,0:18:38.67,Default,,0000,0000,0000,,answer from the server again. And now the\NApp ID has to be set to a UUID and last ID
Dialogue: 0,0:18:38.67,0:18:46.36,Default,,0000,0000,0000,,has to be set to something. It can't be\Nempty. So we are now sending
Dialogue: 0,0:18:46.36,0:18:55.03,Default,,0000,0000,0000,,"zurfrühstückszeit". I wasn't aware of how\Nto generate App IDs yet, so I just took
Dialogue: 0,0:18:55.03,0:19:00.08,Default,,0000,0000,0000,,the one that I had captured from my\Ndevice. Contributor Pixilon and me learned
Dialogue: 0,0:19:00.08,0:19:04.01,Default,,0000,0000,0000,,this through trial and error. I thought it\Nwas very bothersome because the service
Dialogue: 0,0:19:04.01,0:19:10.39,Default,,0000,0000,0000,,sometimes accepted and sometimes rejected\Nthe very same query. Uh, so this slow
Dialogue: 0,0:19:10.39,0:19:15.51,Default,,0000,0000,0000,,update cycle we noticed earlier turned out\Nto be really bothersome and frustrating
Dialogue: 0,0:19:15.51,0:19:19.09,Default,,0000,0000,0000,,because you'd, you try something and then\Nit would work and then you'd remove it
Dialogue: 0,0:19:19.09,0:19:21.76,Default,,0000,0000,0000,,again and that wouldn't work anymore. And\Nthen you thought this was the cause for
Dialogue: 0,0:19:21.76,0:19:30.23,Default,,0000,0000,0000,,it… actually was just the slow release,\Ndeploy cycle. Um, likely, or maybe, they
Dialogue: 0,0:19:30.23,0:19:35.16,Default,,0000,0000,0000,,had just banned this app ID at this point\Nin time, but I didn't realize, I'm not
Dialogue: 0,0:19:35.16,0:19:39.95,Default,,0000,0000,0000,,sure. Rather, I believe the server was\Ngenerally are struggling and rejecting log
Dialogue: 0,0:19:39.95,0:19:45.24,Default,,0000,0000,0000,,ins because my DSBmobile installation,\Nwith this app ID, was also sometimes
Dialogue: 0,0:19:45.24,0:19:53.37,Default,,0000,0000,0000,,rejected. *incomprehensible*. They seem to\Nhave reverted some of these changes later,
Dialogue: 0,0:19:53.37,0:19:57.52,Default,,0000,0000,0000,,which reaffirmed my belief that all\NDSBmobile installations were affected.
Dialogue: 0,0:19:57.52,0:20:04.25,Default,,0000,0000,0000,,Contributor Pixelon figured that device\Nwas now mandatory, which meant not empty.
Dialogue: 0,0:20:04.25,0:20:11.56,Default,,0000,0000,0000,,So we sent device "a". I remembered to\Nhave at some point in time sent the words
Dialogue: 0,0:20:11.56,0:20:16.99,Default,,0000,0000,0000,,"kartoffel" or "poster" as a device\Neventually. Now, I thought we were smart.
Dialogue: 0,0:20:16.99,0:20:22.37,Default,,0000,0000,0000,,I added new functionality to this new\Nsystem I explained earlier. Firstly, as a
Dialogue: 0,0:20:22.37,0:20:28.29,Default,,0000,0000,0000,,precaution, I could remotely activate\Nsending the last date, in case that, I
Dialogue: 0,0:20:28.29,0:20:33.73,Default,,0000,0000,0000,,mean remotely means that it happens when\Nusers click on "Look for a fix". Secondly,
Dialogue: 0,0:20:33.73,0:20:38.54,Default,,0000,0000,0000,,I could now set an array of headers to\Nsend to the server. And thirdly, we had
Dialogue: 0,0:20:38.54,0:20:43.59,Default,,0000,0000,0000,,discovered some alternative endpoints. To\Nunderstand this, you first have to know
Dialogue: 0,0:20:43.59,0:20:49.76,Default,,0000,0000,0000,,that they have sold skinned versions of\NDSB. Uh, so this is the normal DSBmobile.
Dialogue: 0,0:20:49.76,0:20:56.68,Default,,0000,0000,0000,,I showed it earlier already. This is the\NIHK skinned DSBmobile. It's accessible via
Dialogue: 0,0:20:56.68,0:21:03.37,Default,,0000,0000,0000,,two URLs, that delivers the same data as\Nthis website. Uh, it also has a
Dialogue: 0,0:21:03.37,0:21:12.91,Default,,0000,0000,0000,,corresponding skinned Android app. So I\Nconfigured… so I could configure the
Dialogue: 0,0:21:12.91,0:21:18.46,Default,,0000,0000,0000,,endpoint the client would send the data to\Nbecause each of these had a different
Dialogue: 0,0:21:18.46,0:21:30.60,Default,,0000,0000,0000,,endpoint and this app used one of these\Ntwo. However, this was tricky because I
Dialogue: 0,0:21:30.60,0:21:37.92,Default,,0000,0000,0000,,had to prevent myself from giving myself\Nthe power to redirect users' queries to my
Dialogue: 0,0:21:37.92,0:21:44.78,Default,,0000,0000,0000,,own server, so I hardcoded four URL\Nendpoints… endpoint URLs, mobile, web, IHK
Dialogue: 0,0:21:44.78,0:21:52.20,Default,,0000,0000,0000,,mobile and app IHK BB into the app so I\Ncould switch between them using an integer
Dialogue: 0,0:21:52.20,0:21:58.80,Default,,0000,0000,0000,,and I set it to the IHK mobile endpoint. I\Nbelieve it was the very next day that IHK
Dialogue: 0,0:21:58.80,0:22:04.63,Default,,0000,0000,0000,,mobile and and app IHK BB endpoints were\Nbroken. Actually, they returned invalid
Dialogue: 0,0:22:04.63,0:22:14.06,Default,,0000,0000,0000,,data in a way that crashed my app. Oops.\NAnd suddenly the web endpoint from the
Dialogue: 0,0:22:14.06,0:22:19.27,Default,,0000,0000,0000,,normal website was constantly moving to\Nnew locations and there was a
Dialogue: 0,0:22:19.27,0:22:25.90,Default,,0000,0000,0000,,configuration.js script that contained\Nwhere it was, so I hard coded into the app
Dialogue: 0,0:22:25.90,0:22:31.37,Default,,0000,0000,0000,,as a precaution in case I'd need it later\Na very specific way to to find this
Dialogue: 0,0:22:31.37,0:22:36.47,Default,,0000,0000,0000,,location. And it was like behind this\Nseventh quotation mark or something.
Dialogue: 0,0:22:36.47,0:22:40.32,Default,,0000,0000,0000,,Clearly unreliable, and suddenly the\Nstring was moved a line downloads, so it
Dialogue: 0,0:22:40.32,0:22:48.49,Default,,0000,0000,0000,,was now the ninth quotation mark.\NInteresting. Um, also this App stopped
Dialogue: 0,0:22:48.49,0:22:53.28,Default,,0000,0000,0000,,working. It's still on the Play Store now\Nand it's still not working. This website
Dialogue: 0,0:22:53.28,0:23:00.40,Default,,0000,0000,0000,,is still available and it's not working\Nbecause they broke their end point. Uh,
Dialogue: 0,0:23:00.40,0:23:04.50,Default,,0000,0000,0000,,this was around the time that this Google\NPlay takedown notice reached us because
Dialogue: 0,0:23:04.50,0:23:10.56,Default,,0000,0000,0000,,apparently DSBdirect infringes the\Ntrademark of DSB. I don't feel qualified
Dialogue: 0,0:23:10.56,0:23:15.11,Default,,0000,0000,0000,,to comment on this as I don't understand\Ntrademark law. I tried to ask for a
Dialogue: 0,0:23:15.11,0:23:20.92,Default,,0000,0000,0000,,specific clarification as to why they\Nremoved my app, three times, but they
Dialogue: 0,0:23:20.92,0:23:25.13,Default,,0000,0000,0000,,never responded. Oh, by the way, that's a\Nnice trick you can do with emails you
Dialogue: 0,0:23:25.13,0:23:31.43,Default,,0000,0000,0000,,don't like. You can just pretend you never\Nreceived them. So a few days later, the
Dialogue: 0,0:23:31.43,0:23:36.46,Default,,0000,0000,0000,,website JavaScript, including\Nconfiguration.js, was obfuscated in such a
Dialogue: 0,0:23:36.46,0:23:43.19,Default,,0000,0000,0000,,way that I don't understand how it works,\Nbut it constantly evokes the debugger, if
Dialogue: 0,0:23:43.19,0:23:48.32,Default,,0000,0000,0000,,the developer tools are open. You can in\Ntheory easily circumvent this by telling
Dialogue: 0,0:23:48.32,0:23:52.97,Default,,0000,0000,0000,,the browser to ignore breakpoints. This\Ndoesn't seem to work with Firefox, but it
Dialogue: 0,0:23:52.97,0:23:57.34,Default,,0000,0000,0000,,works in chromium. I don't know why. I'm\Njust going to assume you could have
Dialogue: 0,0:23:57.34,0:24:02.76,Default,,0000,0000,0000,,figured this out somehow. Be it that we\Ncould have had a web view running in the
Dialogue: 0,0:24:02.76,0:24:07.00,Default,,0000,0000,0000,,background if we absolutely had to. But\Nfortunately, contributor Pixon had come up
Dialogue: 0,0:24:07.00,0:24:12.95,Default,,0000,0000,0000,,with what is needed to talk to the mobile\Nendpoint now. Because it's more data.
Dialogue: 0,0:24:12.95,0:24:17.73,Default,,0000,0000,0000,,Through decompilation he learned that it\Nwas being generated using the default Java
Dialogue: 0,0:24:17.73,0:24:29.66,Default,,0000,0000,0000,,UUID class, UID. … randomUUID.toString.\NAlso device idea was mandatory. So I added
Dialogue: 0,0:24:29.66,0:24:36.40,Default,,0000,0000,0000,,spoof data. I took a random device ID from\Nthis list. I took a random OS version from
Dialogue: 0,0:24:36.40,0:24:41.84,Default,,0000,0000,0000,,anything between 4.0.2 and 10.0, I took a\Nrandom language, mostly German, sometimes
Dialogue: 0,0:24:41.84,0:24:50.08,Default,,0000,0000,0000,,English. And as a BundleId, I took the\Npackage ID of DSBmobile. With an option to
Dialogue: 0,0:24:50.08,0:24:55.20,Default,,0000,0000,0000,,disable this via news in case it would get\Nin the way somehow. And that was the end
Dialogue: 0,0:24:55.20,0:25:01.33,Default,,0000,0000,0000,,of that. Apparently they stopped trying to\Nprevent DSBmobile from working. Apparently
Dialogue: 0,0:25:01.33,0:25:05.30,Default,,0000,0000,0000,,after it releases don't count to them and\Nit isn't worth their time. Or maybe they
Dialogue: 0,0:25:05.30,0:25:09.76,Default,,0000,0000,0000,,were just uncreative. I could still think\Nof a few ways to tell DSBlight and
Dialogue: 0,0:25:09.76,0:25:17.17,Default,,0000,0000,0000,,DSBmobile apart, but I'm clearly not going\Nto tell them. However, just this month,
Dialogue: 0,0:25:17.17,0:25:22.96,Default,,0000,0000,0000,,Pixilon asked again why DSBmobile was\Nremoved from the Play Store, also because
Dialogue: 0,0:25:22.96,0:25:27.59,Default,,0000,0000,0000,,he believed we didn't violate German\Ntrademark law, currently, but, uh,
Dialogue: 0,0:25:27.59,0:25:33.21,Default,,0000,0000,0000,,Jasmich, who, uh, is sitting here, by the\Nway, had uploaded DSBdirect to the Play
Dialogue: 0,0:25:33.21,0:25:38.70,Default,,0000,0000,0000,,Store again and received a rather\Ninteresting response. "Sehr geehrter Herr
Dialogue: 0,0:25:38.70,0:25:42.81,Default,,0000,0000,0000,,Zwerger", dear Pixilon, "Vielen Dank für\NIhre E-Mail. Leider sehen wir uns
Dialogue: 0,0:25:42.81,0:25:48.45,Default,,0000,0000,0000,,außerstande mit Ihnen einen qualifizierten\NDiskurs zu diesem Thema zu führen. Uns
Dialogue: 0,0:25:48.45,0:25:52.49,Default,,0000,0000,0000,,sind weder Daten zu Ihnen noch zum Herrn\NGodau bekannt." This means, unfortunately,
Dialogue: 0,0:25:52.49,0:25:56.74,Default,,0000,0000,0000,,we don't have your address and thus can't\Nsend you legally meaningful messages.
Dialogue: 0,0:25:56.74,0:26:02.78,Default,,0000,0000,0000,,Heißt, sie wollen Einwurfeinschreiben\Nmachen. "Ebenfalls ist uns nicht klar, in
Dialogue: 0,0:26:02.78,0:26:07.54,Default,,0000,0000,0000,,welcher Rechtsbeziehung Sie zueinander\Nstehen". We don't know about your legal
Dialogue: 0,0:26:07.54,0:26:11.36,Default,,0000,0000,0000,,relationship. This is a bit strange\Nbecause I don't know either. According to
Dialogue: 0,0:26:11.36,0:26:16.45,Default,,0000,0000,0000,,my father, we might be a "Gesellschaft\Nbürgerlichen Rechts", but it's not exactly
Dialogue: 0,0:26:16.45,0:26:22.33,Default,,0000,0000,0000,,proof of familiarity with Free Software.\N"Dennoch möchte ich im Folgenden unsere
Dialogue: 0,0:26:22.33,0:26:27.01,Default,,0000,0000,0000,,Position nochmals klar ausdrücken. Es ist\Nweder Ihnen noch anderen Dritten
Dialogue: 0,0:26:27.01,0:26:30.42,Default,,0000,0000,0000,,gestattet, unsere interne DSBmobile-API\Nfür eigene Softwareprodukte abzufragen.
Dialogue: 0,0:26:30.42,0:26:34.83,Default,,0000,0000,0000,,Wir untersagen es Ihnen hiermit\Nschriftlich und letztmalig." You may not
Dialogue: 0,0:26:34.83,0:26:40.58,Default,,0000,0000,0000,,use our internal API, I find it\Nquestionable whether a publicly facing API
Dialogue: 0,0:26:40.58,0:26:45.90,Default,,0000,0000,0000,,is to be considered internal. One might\Nargue that it is only for communication
Dialogue: 0,0:26:45.90,0:26:51.39,Default,,0000,0000,0000,,between software they control. But I\Nbelieve I control my device and my client
Dialogue: 0,0:26:51.39,0:26:57.54,Default,,0000,0000,0000,,installation, not them making the API, not\Ninternal. "Eine Inverkehrbringung einer
Dialogue: 0,0:26:57.54,0:27:02.33,Default,,0000,0000,0000,,App mit gleichem oder ähnlichen Namen zu\NDSB ist Ihnen im europäischen Raum
Dialogue: 0,0:27:02.33,0:27:07.39,Default,,0000,0000,0000,,ebenfalls untersagt. Hier liegt\NMarkenschutz durch Heinekingmedia vor." I
Dialogue: 0,0:27:07.39,0:27:10.19,Default,,0000,0000,0000,,don't understand trademark law. There are\Nso many trademarks starting with this or
Dialogue: 0,0:27:10.19,0:27:15.43,Default,,0000,0000,0000,,just consisting of the letters DSB with\Npartially overlapping registered use cases
Dialogue: 0,0:27:15.43,0:27:17.91,Default,,0000,0000,0000,,and their trademark doesn't have\Ndistinctive character,
Dialogue: 0,0:27:17.91,0:27:23.03,Default,,0000,0000,0000,,"Unterscheidungskraft", and I just don't\Nunderstand it. By the way, there are other
Dialogue: 0,0:27:23.03,0:27:27.99,Default,,0000,0000,0000,,trademark "Digitales Schwarzes Brett"\Nwhich is registered as a different one
Dialogue: 0,0:27:27.99,0:27:32.66,Default,,0000,0000,0000,,from DSB was once rejected as a national\Ntrademark just because it didn't have
Dialogue: 0,0:27:32.66,0:27:37.90,Default,,0000,0000,0000,,distinctive character. Why can there be\NEuropean trademark laws without– European
Dialogue: 0,0:27:37.90,0:27:41.94,Default,,0000,0000,0000,,trademarks, without distinctive character?\NI do not understand and I'm not qualified
Dialogue: 0,0:27:41.94,0:27:47.02,Default,,0000,0000,0000,,to comment. "Eine App-Bereitstellung im\NStore ist dabei eine geschäftliche
Dialogue: 0,0:27:47.02,0:27:51.24,Default,,0000,0000,0000,,Tätigkeit, ganz egal welchem\Nwirtschaftlichen Zweck diese folgt, es
Dialogue: 0,0:27:51.24,0:27:54.35,Default,,0000,0000,0000,,besteht Verwechslungsgefahr. Wir\Nuntersagen Ihnen hiermit die Benutzung der
Dialogue: 0,0:27:54.35,0:28:02.82,Default,,0000,0000,0000,,geschützten Wortmarke DSB letztmalig." Um,\Nthe first part is true. I had gotten lot
Dialogue: 0,0:28:02.82,0:28:05.71,Default,,0000,0000,0000,,wrong. It counts as "geschäftlicher\NVerkehr" when you provide a service even
Dialogue: 0,0:28:05.71,0:28:11.44,Default,,0000,0000,0000,,for free to the public. Er, there's danger\Nof confusion, this has to be about the
Dialogue: 0,0:28:11.44,0:28:16.16,Default,,0000,0000,0000,,letters DSB, right? Because as I explained\Nearlier our logo is completely unrelated.
Dialogue: 0,0:28:16.16,0:28:21.22,Default,,0000,0000,0000,,Either, I'm not too certain that there\Nreally is danger of confusion that
Dialogue: 0,0:28:21.22,0:28:26.14,Default,,0000,0000,0000,,Heinekingmedia is directly affected by or\Nexclusively affected by. After all, one
Dialogue: 0,0:28:26.14,0:28:30.78,Default,,0000,0000,0000,,could also believe that it is an app that\Nprovides access to something related to
Dialogue: 0,0:28:30.78,0:28:35.10,Default,,0000,0000,0000,,the Danish railway company. Of course it\Ndoes not, but it is about recognition
Dialogue: 0,0:28:35.10,0:28:39.60,Default,,0000,0000,0000,,value, which is not something that the DSB\Nhas exclusively for sure. "Wir untersagen
Dialogue: 0,0:28:39.60,0:28:43.85,Default,,0000,0000,0000,,Ihnen hiermit die Benutzung der\Ngeschützten Wortmarke DSB letztmalig."
Dialogue: 0,0:28:43.85,0:28:47.66,Default,,0000,0000,0000,,*undistinguishable" "Sollten Sie weiterhin\Ngegen unsere deutlichen Aufforderungen
Dialogue: 0,0:28:47.66,0:28:53.39,Default,,0000,0000,0000,,verstoßen, werden wir den Fall an unsere\Nrechtliche Vertretung, Herrn Doktor Selig
Dialogue: 0,0:28:53.39,0:28:58.63,Default,,0000,0000,0000,,übergeben. Dieser ist in dieser E-Mail\Nbereits CC." Scaring us. "Ebenfalls werden
Dialogue: 0,0:28:58.63,0:29:03.29,Default,,0000,0000,0000,,wir weiterhin gegen jede Veröffentlichung\Neiner solchen App vorgehen. Entsprechend
Dialogue: 0,0:29:03.29,0:29:07.53,Default,,0000,0000,0000,,dadurch entstehende Kosten würden wir bei\NIhnen als Schadensersatz geltend machen.
Dialogue: 0,0:29:07.53,0:29:12.90,Default,,0000,0000,0000,,Wir bitten um zwingende Beachtung. Mit\Nfreundlichen Grüßen, Andreas Noack. Noag,
Dialogue: 0,0:29:12.90,0:29:19.67,Default,,0000,0000,0000,,Norg, Noack. That's the CEO of\NHeinekingmedia. Yeah, we are famous! We
Dialogue: 0,0:29:19.67,0:29:23.27,Default,,0000,0000,0000,,redirected this email to contributor\NJasmich who had DSBdirect up on the Play
Dialogue: 0,0:29:23.27,0:29:27.27,Default,,0000,0000,0000,,Store at this point of time. And he\Ndecided to take it down and apologize.
Dialogue: 0,0:29:27.27,0:29:31.39,Default,,0000,0000,0000,,Suddenly, and this was the very next day\Nhe received an email that sounded a lot
Dialogue: 0,0:29:31.39,0:29:36.49,Default,,0000,0000,0000,,friendlier. "Hallo. Vielen Dank für Ihr\NEntgegenkommen. Wir finden Ihren Ansatz
Dialogue: 0,0:29:36.49,0:29:41.16,Default,,0000,0000,0000,,prinzipiell sehr gut. Allerdings hätten\Nwir uns gewünscht, dass Sie uns vor
Dialogue: 0,0:29:41.16,0:29:44.54,Default,,0000,0000,0000,,Veröffentlichungen und Nutzung unserer API\Num Erlaubnis gebeten hätten." If we had
Dialogue: 0,0:29:44.54,0:29:50.25,Default,,0000,0000,0000,,asked for permission, I'm quite sure we\Nwould not have received it. "Dennoch
Dialogue: 0,0:29:50.25,0:29:58.48,Default,,0000,0000,0000,,möchten wir Ihr Engagement gerne würdigen,\Nund würden Sie daher gerne zu uns nach
Dialogue: 0,0:29:58.48,0:30:02.64,Default,,0000,0000,0000,,Hannover einladen. Vielleicht können Sie\Nuns mit Ihren Ideen helfen eine bessere
Dialogue: 0,0:30:02.64,0:30:08.11,Default,,0000,0000,0000,,App zu bauen? Vielleicht finden wir ja\Nsogar einen Weg, dass Sie daran mitbauen?
Dialogue: 0,0:30:08.11,0:30:12.80,Default,,0000,0000,0000,,Gerne fördern wir junge Talente. Wir\Nwürden uns freuen, Sie kennenlernen zu
Dialogue: 0,0:30:12.80,0:30:16.70,Default,,0000,0000,0000,,dürfen. Ich freue mich auf Ihre\NRückmeldung. Mit freundlichen Grüßen,
Dialogue: 0,0:30:16.70,0:30:21.23,Default,,0000,0000,0000,,Noack." I rather– I'll rather leave this\Nlargely uncommented. I don't know exactly
Dialogue: 0,0:30:21.23,0:30:27.18,Default,,0000,0000,0000,,what they want from us, but I guess we'll\Nhave to see. And that's the dramatic
Dialogue: 0,0:30:27.18,0:30:33.26,Default,,0000,0000,0000,,cliffhanger that we have to end our talk\Nwith. Events are yet to unroll. There's
Dialogue: 0,0:30:33.26,0:30:36.82,Default,,0000,0000,0000,,one thing that I can learn from this.\NDon't use other people's trademarks.
Dialogue: 0,0:30:36.82,0:30:41.27,Default,,0000,0000,0000,,Because trademark law is too complicated.\NApologizing instead of being rebellious
Dialogue: 0,0:30:41.27,0:30:46.14,Default,,0000,0000,0000,,seems to work better, even if the thought\Nof conflict intrigues you and you really
Dialogue: 0,0:30:46.14,0:30:50.95,Default,,0000,0000,0000,,do believe you're in the right, you\Nprobably just misunderstood the law.
Dialogue: 0,0:30:50.95,0:30:56.25,Default,,0000,0000,0000,,Alternatively, exclusively do such things\Nanonymously. Decide beforehand what you
Dialogue: 0,0:30:56.25,0:30:59.69,Default,,0000,0000,0000,,want to put your name on. Thank you.
Dialogue: 0,0:30:59.69,0:31:00.69,Default,,0000,0000,0000,,*Applause*
Dialogue: 0,0:31:00.69,0:31:01.69,Default,,0000,0000,0000,,*postroll music*
Dialogue: 0,0:31:01.69,0:31:03.19,Default,,0000,0000,0000,,Subtitles created by c3subtitles.de\Nin the year 2021. Join, and help us!