So every URL is a trespass unless you have explicit permission?
If you say the protocol determines authorization, then the Fizz protocol granted them authorization. I don't have a clear answer here because it is messy.
Its not all or nothing. The law is literally decided on a case by case basis.
Going to the home page of a public website is clearly authorized access. Creating admin users for yourself on someone else's server without permission is clearly unauthorized access. Any judge or jury would agree.
Going to the home page of a public website is clearly authorized access. Creating admin users for yourself on someone else's server without permission is clearly unauthorized access. Any judge or jury would agree.