[danShumway]

Yes.

https://www.iana.org/assignments/http-status-codes/http-stat...

It's hard to describe an HTTP status as anything other than a sign. If it was purely technical, we wouldn't distinguish between 402 (payment required) and 403 (forbidden).[0]

While HTTP status codes can be understood by a machine, they're also designed to be highly semantic and understandable by humans. I would argue that the burden is on people who argue that they are not contractual to justify why, in the same way that I would expect them to justify why a handshake isn't contractual.

Edit: Potentially interesting as well is a semi-recent court ruling about web scraping[1], where courts effectively ruled that once LinkedIn made their information public, they couldn't block web scrapers from accessing that information, which suggests that the law also agrees with the web community on this one.

> "But Judge Chen concluded that the issue isn't so simple. When you publish a website, you implicitly give members of the public permission to access it, he ruled."

[0]: Although admittedly, nobody really makes much use of 402.

[1]: https://arstechnica.com/tech-policy/2017/08/court-rejects-li...

[darawk]

> It's hard to describe an HTTP status as anything other than a sign. If it was purely technical, we wouldn't distinguish between 402 (payment required) and 403 (forbidden).

I agree that the existence of those status codes does a good job at disambiguating representations of intent regarding payment. However, to my knowledge, there's no status code that means "Ok, as long as you don't use an adblocker". As such, any such provision has to be layered on higher up the stack. The current solution is to put it in the site's terms of service.

That seems pretty equivalent to an HTTP status code, no? I'd argue that you have contracts simply operating at multiple levels here. All an entity ought need to do is clearly communicate the terms of access to their interlocutor. If they have done so, and the client understands the terms, then they should be bound by them if they proceed.

> Edit: Potentially interesting as well is a semi-recent court ruling about web scraping[1], where courts effectively ruled that once LinkedIn made their information public, they couldn't block web scrapers from accessing that information, which suggests that the law also agrees with the web community on this one.

Haha, yes i'm quite familiar with this case, having written a LinkedIn scraper recently. LinkedIn still does not make this particularly easy, despite being compelled to by the courts. The nuances the judge seems to have settled on are a bit interesting. Apparently they're allowed to block access to stuff that requires you to login to see, but not stuff that doesn't.

[danShumway]

> As such, any such provision has to be layered on higher up the stack. The current solution is to put it in the site's terms of service.

But the problem is that I never signed that TOS. We keep on coming back to this, but putting a TOS somewhere on your site is not binding. You need to get my informed consent. In the same way, if I stuck up a contract on my public blog that said "by fulfilling any HTTP request I make, you grant me license to republish your content," I couldn't steal everyone's artwork off of DeviantArt and claim "well, we did have a contract."

We have a really good solution for this problem - put a 401 (unauthorized) page in front of your content, which is accurate because the site operator has decided that someone who hasn't agreed not to block ads is not authorized to view the content. Then require me to sign the TOS before you authenticate me.

That would be an enforceable contract. Ad blocking is a solved problem for anyone who's really willing to block requests and require authentication.

Of course, the vast majority of sites don't want to do that because it's incredibly annoying to the average user. But that's not a problem with the technology - informed consent is fundamentally annoying to procure in any context. It will always be more work to get someone to voluntarily agree to a set of conditions than it will be to just give them something. On the web, that's just more of a problem because quick, impulsive, uninformed clicks currently form the majority of web revenue.

So site operators have discovered that it is more profitable not to get informed consent and just hope that nobody blocks your stuff. The downside is that you have no TOS to enforce because you never got anybody to agree to it. But, that's a downside many sites are willing to live with.

The conflict comes when courts rule that the implied contract that users believe they're agreeing to isn't the terms that ad networks wanted. I find that often what ad agencies want is to have legally binding implied contracts, but only in one direction and under terms that they can change at any time.

I'm all for contract law, but if it's the users responsibility to understand a site's TOS before they request information, shouldn't it also be the site's responsibility to understand a user's TOS and intent before they fulfill a request?

That's what web authentication does. It gives sites the opportunity to form a contract with a user, and to tell users who don't want to form a contract "sorry, but we have conditions before you view this."

[darawk]

> But the problem is that I never signed that TOS. We keep on coming back to this, but putting a TOS somewhere on your site is not binding. You need to get my informed consent. In the same way, if I stuck up a contract on my public blog that said "by fulfilling any HTTP request I make, you grant me license to republish your content," I couldn't steal everyone's artwork off of DeviantArt and claim "well, we did have a contract."

Yep. Totally agree. Consent needs to be informed. In order for anything i'm saying to apply, the agreement must be meaningfully made. Personally, I consider a checkbox saying "I won't use an ad blocker" to be sufficient to declare that agreement valid.