[patio11]

Word to the wise: "circumventing the access restriction was easy to do, Your Honor, so I assumed it was OK" is not something you ever want to have to say.

There exist wifi systems where setting a cookie "paid=1" will save you $15. You might think there are no legal consequences for "writing a text file on your own computer." I strongly suggest not testing that.

[amirmc]

Wasn't there a time when browsers would spoof each other? How is this so different? http://en.wikipedia.org/wiki/User_agent#Format

Safari even has a 'Develop' menu that lets me switch user agents in 2 clicks (without having to install anything first).

[pyre]

I think the difference is knowledge and intent. He knew that they were using the User Agent string to differentiate iOS devices, and he used that knowledge to get a cheaper price. It would be different if he were randomly browsing the web with that User Agent for kicks, and didn't realize that he had gotten a deal.

[amirmc]

I think that's a weak argument in this case.

It's not like the author 'cracked his way in'. He got a cheaper price because he learned something from a friend and tried an experiment, which worked. Using something you've learned to get a better price seems fine with me. Especially, if it's 'ok' for someone stumbling around with the wrong user-agent.

To me, it just feels like a form of arbitrage.

[tptacek]

In most states, the to make a fraud case, you need some combination of:

(a) a representation made of some fact

(b) the materiality of that fact (the fact has to matter)

(c) the representation has to be false

(d) the person making the representation has to know it's false

(e) and they have to lie with an intent that someone else act on it

(f) and someone else has to actually be be fooled

(g) and rely on the lie

(h) and the lie has to be about something they had a right to ask (ie, not about marital status in a job interview)

(i) and thus incur damage.

You weaken a fraud case by saying the dispute is over an opinion and not a fact (a), or that the person who got something for nothing didn't realize they were lying (b), or they lied, but without intent (maybe they always lie about this question) (e).

But if all the elements fit, as they do in this case, you do not in fact have a weak case. You can, oh yes, you can, have "paid=true" in your URL and count on fraud statutes to have your back.

A lot of legal stuff becomes clearer when you realize that the court do not buy --- not even a little bit --- the nerdly tenet that "there is no way to prove intent because you can't really know what someone was thinking and maybe they weren't intending to do anything wrong". The courts have 2 centuries of case history of judging intent.

[pyre]

Doesn't help when you post your intent in a public forum too.

[tptacek]

It wouldn't matter, because you can't convince a reasonable judge or a reasonable jury that tampering with a computer system that puts (for instance) a credit card form in front of you for service in order to not pay for service doesn't constitute "intent".

[pyre]

  > Especially, if it's 'ok' for someone
  > stumbling around with the wrong user-agent.

Huh? So there's no difference between me purposely selling you a bad stock, and accidentally doing so?

[wladimir]

I don't think those cases are even comparable. Lying that you paid (through whatever means) is different from using a different user agent, which has no (direct, expected) relation to money.

But if you think changing the user agent is somehow wrong, you could also go all the way of emulating the iPad browser on your laptop, and use that to sign in for the service.

[bryanlarsen]

You'd still have trouble explaining that to a judge. The hotel has a reasonable expectation that if the traffic says it is coming from an iPad, it's actually coming from an iPad, and you don't have any non-infringing excuses to be using an iPad browser on your laptop.

[Joeri]

If they advertised the plan as an ipad plan, there would be a point. But if the plan is advertised as all-purpose, but only offered to certain user agents, i don't think there's any legal issue.

[cheald]

"I was testing our company's iPad website last week, and forgot to switch it back to the native user agent."

[joelhaasnoot]

iPad simulator as an iOS/Web developer?

[jiggy2011]

pedantic issue but if your are advertising the service as "ipad" then would you be allowed to use it with (say) an android tablet?

It seems a little arbitrary otherwise espeically since people use the word ipad synonymously with "tablet" like "ipod" for mp3 player.

[rmc]

Lying that you paid (through whatever means) is different from using a different user agent, which has no (direct, expected) relation to money.

If you change the user agent and then see that you get a different price, then you have clearly seen that user agent affects money.

[jiggy2011]

This is an interesting point and I wonder where the line would be drawn.

As an example I remember years ago when people say fit to create "secure areas" in websites by using a JS username/password prompt which meant that you could easily bypass this by viewing the source.

Now at the point you have done that perhaps you have knowingly done something to bypass the security.

Question is, what happens if you had JS disabled in your browser (or were using a browser that did not support it) which would be something you are clearly within your rights to do and therefor had no idea that such a security mechanicism was in place anyway?

[rjh29]

I was on a train with paid wifi and I discovered that if you went to pay via PayPal, the paywall was temporarily lifted completely and you could access any site you liked for 30 minutes or so, after which you simply needed to repeat the procedure. I wonder what the legal consequences of doing that are?