Most countries will have laws covering cases of unauthorized access, theft of services, and computer misuse.
The user agreement helps define the service as a paid service with defined access cases. Going around those would put the user in violation of some laws.
An analogy would be showing up to a paid event venue and noticing a back door was left open. Going into the building without paying is not okay, even though you never engaged with the ticket office to agree to anything.
I would have had far more positive feelings towards the hack if they had done that - e.g. had their roommate configure a bot to monitor a wechat room and respond to url requests by sending back a webpage. tunneling over DNS feels icky because the reason DNS traffic goes into a separate accounting pool is so that the basic infrastructure of the internet can be kept working smoothly, so this is getting firmly into tragedy of the commons territory.
> Not law per se. More like contractual obligations taken upon by connecting to the flight's WiFi.
Well, being pedantic, you could be said to be breaking Civil Law. :)
Jest aside, IANAL but most western countries have some sort of Criminal Law relating to mis-use of computers.
A brief search for Canada reveals Criminal Code (R.S.C., 1985, c. C-46)[1].
Again IANAL, but from my reading in this scenario it would be (c) -> (a), "uses or causes to be used ... a computer system" to "obtains, directly or indirectly, any computer service".
If you never clicked "I agree" in the captive portal prompt, and still got free internet via port 53 proxying, could you argue you never broke the contract because you never agreed to the terms? Genuinely curious
I would bet a little bit of money that this is still illegal because you cheated yourself access to a service that is clearly meant to be paid and usually requires agreement (as indicated by the captive portal). Sounds like fraud to me.
As far as I know courts in most jurisdictions are allowed to look at a case in its entirety and that won't look good for you.
A defense like "I thought it was just an config error and couldn't possible imagine that someone would want payment" doesn't sound very plausible to me in particular if it comes from an IT expert who just used sophisticated means to surgically circumvent the block.
In this particular cases of course they confessed the "crime" while bragging about it in their post.
Now what if a random person downloaded an app called "Internet anywhere" from their store and it justed worked? Much muddier because they wouldn't even know it was circumventing anything. For all they know it could be a deal between Air Canada and the app vendor.
This is theft. Stealing is illegal. Giving a blueprint for how you stole is the icing on the prosecutorial cake because you can’t claim lack of knowledge if you create a conspiracy to enable the theft.
This may be the dumbest write up I have ever read.
Theft comes with the connotation of taking someone away from someone and depriving them of their possession.
Using their internet connection without paying is unlicensed usage/illicit access, but nobody is being deprived of it. Mega corps tried, and failed, to get people to think watching a free movie on YouTube was theft. Same logic, very few people agree with the claim.
This is Hacker News. Hacking has a long history of being, well, not exactly respectful of legalities, especially when dealing with "profiteering gluttons". Phreaking was kinda what the early hacker scene was famous for, for example.
The nature of the non-transaction was such that they were given access to a service that was constrained in certain ways. They used the service, and the constraints that AC technically applied still applied. They used what was available to them under the constraints and weren't required to pay for any other service but the removal of the constraints. I don't see how any theft occurred.
Likewise illegality is just a boring and simple way to dismiss someone on moral grounds, but laws are only as effective as the level of agreement people have with them. Drinking in the park is technically illegal, but I don't care, the police don't care, nobody cares, unless someone needs to care, and I'm going to do it anyway, because the law does not make drinking in the park inherently wrong, it just provides a framework for telling you to stop if you're interfering with others in a way that relates to alcohol consumption.
Courts don't tend to be impressed by arguments like this. It was made very clear what was being offered and what wasn't, and technical barriers were even put in place. The fact that the barriers weren't foolproof doesn't give carte blanche to bypass them.
I agree more with your second argument, though that tends to be strained when the exploit is published.
> Courts don't tend to be impressed by arguments like this.
This is a court of casual opinions, but incidentally when all Air Canada employees recently went on strike—grounding and/or rescheduling all flights, including my own, and causing plenty of inconvenience—and were quickly ordered back to work by the federal government, basically everyone supported them continuing to refuse to work even though technically it was illegal because the government just decided it was. The government's move ended up backfiring and turned into a negative mark on their record after the employees basically won and everything went back to normal with more equitable pay. The CEO outright said they hadn't planned for the situation in which the employees just said no to the order.
The user agreement helps define the service as a paid service with defined access cases. Going around those would put the user in violation of some laws.
An analogy would be showing up to a paid event venue and noticing a back door was left open. Going into the building without paying is not okay, even though you never engaged with the ticket office to agree to anything.