[richardzhang]

We are working on a way to auto-patch internal APIs that change by having another agent trigger the requests.

Regarding the legality aspects — really appreciate you mentioning this — we’ve put a lot of thought into these issues, and it’s something we’re continually working on and refining.

Ultimately, our goal is to allow each developer to make their own informed decision regarding the policies of the platforms that they're working with. There are situations where unofficial APIs can be both legal and beneficial, such as when they're used to access data that the end user rightfully owns and controls.

For our hosted service, we aim to balance serving legitimate data needs with safeguarding against bad actors, and we’re fully aware this can be a tricky line to navigate. What this looks like in reality would be to prioritize use cases where the end-user truly owns the data. But we know this is not always black-and-white, and will come up with the right legal language as you recommended. What does help our case is that many companies are making unofficial APIs for their own purposes, so there are legal precedents that we can refer to.

[shmatt]

I have to disagree, it is definitely not legal in the US to use unauthorized access points to access authorized data. Thats like saying you're allowed to get into your apartment through breaking your neighbors door and climbing between the windows

In the US this is pretty simply covered by Computer Misuse Act and Computer Fraud and Abuse Act, both federal laws

Im not claiming you're liable, just surprised no lawyer pointed this out at YC

[conradev]

There is a carve out if the data is "publicly available": https://en.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn

If I open the Safeway app and it fetches what is available in a given store without any authentication and everyone sees the same data, that could possibly fall under that exemption.

[chatmasta]

If my browser is downloading some data, then what’s the difference if my AI agent is doing the same? I’ll even tell you it’s my browser. Who are you to say what qualifies as a browser?

[anon291]

The law will say what qualifies as a browser.

Computer programmers are not legal experts lol. The law is not a program.

The difference between you accessing it and a computer accessing it makes these things different.

[chatmasta]

A browser is a user agent, it's some software that makes requests to a server and renders them in a way I can understand. There's no difference between using a screen reader to vocalize content and using an AI agent to summarize it.

[anon291]

Sigh and now you're arguing with me instead of the law, as if I matter.

Bits have color and if you don't know what that means, Google that before responding.

[instakill]

I think this is the reference but I'm too lazy to get a TLDR https://news.ycombinator.com/item?id=24917679

[kgc]

Just have the AI use the browser.

[nkrisc]

Likely a judge or jury will decide. Law isn’t code.

If it’s two different things then it’s not the same thing.

[daveguy]

This analogy is completely off. A closer analogy is someone calls you on your phone letting you know they're here. You were expecting them, so you say "come on in." But, they were at the back door instead of the front door. I don't think anyone would consider that your friend did something illegal.

[korkybuchek]

Yeah, the CFAA doesn't work by analogy unfortunately.

[erohead]

CFAA has recently (2021) been limited by Van Buren ruling.

[CPLX]

The entire US legal system works by analogy.