[tptacek]

From exactly where do you draw the conclusion that "reverse engineering a product through public IPs is legally acceptable up to CFAA boundaries"? What are those "CFAA boundaries"? There is no exception to the CFAA for "reverse engineering"; there is only exceeding your authorization, or not.

There is a lot of authoritative writing about the legality of reverse engineering (long story short: reverse engineering is mostly fine, legally) --- but that writing covers reverse engineering stuff running on your own computer. It categorically does not extend to reverse engineering software running on other people's computers without their permission. You'd easily get into a bunch of trouble assuming otherwise.

A lot of terrifying stuff on this thread! It's good this person already has a lawyer.

[erosenbe0]

I agree with you that reverse engineering does not extend to anything one pleases on the internet.

I also don't see game-modders or game cheaters regularly going to prison even though gaming is an enormous industry.

So clearly there is some tolerance as connectivity being ubiquitous blurs the line a bit though. An app I reverse engineer on my device, may as a side-effect make some communications with a third party asset, though primarily it is all my stuff. The same applies to a cars and other items, surely.

That being said financial account creation is definitely NOT the place to take risks. Same with government systems. Pretty quick many other laws and regulations ij the book come into play. They can be very broad too.

[tptacek]

The bright line here is between code running on machines you own, and code running on machines you don't own. It's not complicated.