[kgersen]

port scanning is fine and should not be illegal. It's just "looking" at a house to see if there is a door and what type of key (protocol) it uses.

Trying to open a connection on the other hand it's like trying to open the door. That should be considered as a violation.

[jerf]

Don't try to understand this with metaphors. It's a trap. Port scanning isn't enough like anything in the real world for the analogies to apply.

I'd strengthen pfundstein's claim; port scanning intrinsically works by trying to open connections. That isn't enough "like" any particular physical thing to make it a correct analogy; it isn't knocking, or walking in, or opening, or anything else. But one thing we can say, without using analogies, is that it is definitely an active effort, an action deliberately taken, not something passive like "looking" is in the real world. That is not on its own proof that it is wrong... I am merely saying, it is certainly active, not passive.

[pbhjpbhj]

I think your final objection fails by bad analogy too: one has to _actively_ direct ones gaze, in general, if one is to notice a type of lock or other security arrangements.

[jerf]

I'm not analogizing to "actively looking"; I am saying, it is an active action. You can tell it's active because if they don't make deliberate decisions to write code that performs this scan, no scan will happen. They have had meetings about this functionality, and implemented it, and tested it, and management has signed off on it, and in a place like eBay quite likely their legal department has signed off on it. It is an action they have taken, with deliberation and intention; it is not a thing that just suddenly started happening to them one day, like, Firefox shipping a new browser that has a new default font or something.

I'm referring to the literal, probably-hundreds-of-person-hours actions taken to create this functionality. This is relevant to both ethical and legal analyses. No analogy.

[koheripbal]

Yeah, I'm not saying it should be illegal, but it's hard to see a use-case for scanning on a remote network that isn't malicious or security related.

[pfundstein]

Most port scanning works by 'Trying to open a connection'. I'm not sure where you're saying the line is, but it's very fuzzy.

[pbhjpbhj]

That's called "casing a joint" ...

I think it comes under the Criminal Attempts Act 1981. But it might come down to whether you gather information, if you test a port, intending later - if successful - to attempt an exploit, then that seems like it could be unlawful (under the Law of England & Wales). Keeping a record of ports found with services could be sufficient to demonstrate intent.

[Just to be clear, I'm not endorsing/condemning the law here.]

[ozim]

It is not fine. Just like burglars looking at a house is not fine (still nothing to do with being legal or not). Intent defines if something is OK or not. Just like killing is always illegal but when you do it to save someone else it is hmm less bad, you see intent...

What are the intents of people doing scan? I don't see any legitimate reason for scanning random people computers or servers that are not yours.

[corentin88]

Imagine you start to look at houses in your neighborhood « to see if there is a door and what type of key it uses ».

That sounds pretty suspicious to me. At least you need the consent of the house’s owner.

[pbhjpbhj]

Do you need consent of the owner?

You might be doing a legitimate survey (as part of a locksmith business, say)?

[kchr]

Suspicious != Illegal.

[woadwarrior01]

Port scanning from an external host is fine and dandy, but doing it on localhost from the user's browser crosses the line, IMO.

[crankylinuxuser]

Then why did your "user agent" permit it? Seems rather anti-user.

[megous]

I use uMatrix, and only thanks to that I realized my bank is doing this too a long time ago.

[kchr]

Regardless, your user agent still tries to.

[underdeserver]

Doing it from the browser is like trying to open the door from the inside. It's crappy behavior.

[bencollier49]

It's a bit like being invited to someone's house, and then going through the drawers in their bedroom while they're in the toilet.

[enedil]

In this case, it's asking a clueless kid that lives in this house to try to open the selected door, and you guess whether the door was open or closed by the time after he returns.