Ethics aside, this actually sounds kind of fun to me. It's the kind of clever puzzle solving many of us love about programming - it's basically a cat and mouse game.
I worked on something like this (but at a very much lower scale, of course) and it's fun at first but then I realized that my whole job was making users experience worst and I was miserable for as long as I had that job. I swore not to work on anything advertising-related ever again.
Nobody is 'hurting anyone' - not even slightly, by ensuring that their free product also has ads.
If ads are unscrupulous, or if the company is doing shady things otherwise, then yes - bad.
But there is no moral argument against making sure that decent ads work with a free product, or when ads are part of any product wherein the social contract is to that expectation.
Facebook has ads, just like CNN and Cosmopolitan, that's normal, ethical, and within the expectations for user's experience. Again, shady things notwithstanding.
In 2018, people can pay or see ads, or a combination of both, there is no pragmatic way around this, and too many decent products depend upon ads for their existence, that's where we are until someone comes up with something better.
I had a job where I had to reverse engineer broker API's. A few brokers sent us warning letters since it's technically legal but brokers obviously hate it.
That was the best cat-and-mouse game. We had a revolving door of proxies that we would use to hit their endpoints so they couldn't catch us. So much fun.
In what context was this done/could you provide more details (without giving away any information that you don't care to share)? Sounds like something I would enjoy doing as well!
Although I can say that most financial institutions are not nearly as scrupulous in checking their systems as you would expect.
When I would work my way through their auth layer, I'd be sending them like 500 login requests every hour. They never contacted the account I used, so I have to assume they weren't checking for abnormalities like that.
The only time I really fucked up was when I tried to do that with a particular broker in Singapore. Singaporean companies have their shit _locked down_. I spent one hour debugging one of their endpoints, and it let off so many alarms that the CTO of their company was woken up in the middle of the night.
I respect the need to abide by an NDA, and I assumed something along those lines would be the case. Thanks for the tidbits nonetheless! The intersection between finance and tech at the highest levels like that has always intrigued me.
Work on anti-user stuff in the day job, and outside of work, participate (under an alternate identity/pseudonym) in the community efforts to circumvent it --- that might be one way to feel less bad about yourself, although in a weird "solving the problems you created" way.