[cipherzero]

Uh yeah. I'm assuming you know how HTTP works, but if not, _basically_ you send a request to GET content, and the server makes a decision on what/whether or not to return. If that user shouldn't be able to see the content because they haven't logged in then its up to the server to decide.

It's crazy to send them the content but tell them not to read it... back to your example would you expect your bank to do that? Here's all the account details and transactions but oops thats not your account. I'm guessing no, you'd hold your bank to a high technical standard.

To be clear, if newspapers/journalists want to work out some special agreement with google (or partner/agreed upon indexers) so their requests are authenticated so that only they have access to the content - i think that is a better solution then pay walls and sending the article and saying "don't read this please"

[__d]

I agree: it's a crazy strategy. And you're correct: if my bank sent my details to someone with a half-baked attempt to prevent them accessing the data they were given, I'd be getting a new bank.

But regardless of how crazy this scheme is, I don't think it justifies taking advantage of that craziness to unwrap such content.

I think it's reasonable to question the approach of banning the plugin too: the problem is the users' choice to use the plugin, not making it available. But ... when there's no justifiable use for the plugin, and the author clearly intends it to be used to view unauthorized content ... I can see that it's an attractive strategy to just ban it.