Hacker News new | ask | show | jobs
by sneak 106 days ago
It's their OAuth token, it's not being stolen. It's just being copied from one place on their computer to another. This is no different than a competing browser importing your localStorage and cookies from Chrome on first launch.
1 comments
NewsaHackO 106 days ago
No, the OAuth token is supposed to be used solely with the context of a first-party app only. Clearly, if you need to extract the key by reverse engineering or set up a proxy to spoof requests to a service, you're doing something shady.
link
sneak 106 days ago
> No, the OAuth token is supposed to be used solely with the context of a first-party app only.

The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept. It's not spoofing to use your own access credentials on your own computer to access your own account on an HTTP API.

link
squeaky-clean 105 days ago
By this logic video game companies shouldn't be allowed to ban cheaters.
link
sneak 105 days ago
Technically speaking, they haven’t been able to. There’s really no way of stopping someone using an alternate client if it appears to the server the same way.

The only reason video game cheating is more difficult is because it uses custom protocols and message types, and it needs to be reverse engineered. Usually it’s just easier to reuse the existing game client and patch it to report to the server that everything is normal.

It’s why anticheat runs in the kernel now.

link
DangitBobby 105 days ago
Most people would agree both that getting rid of cheating is desirable and that the methods of control exerted over users to accomplish it is questionable. It's one of the few freedom/security tradeoffs where people generally agree we have to come down on the side of authoritarian, because otherwise it destroys online gaming as a whole. That scenario doesn't apply here. The world is a complex place.
link
NewsaHackO 106 days ago
>The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept.

I have no idea what you are talking about. Chrome? Are you sure you are replying to the right thread?

link
sneak 105 days ago
Chrome is an HTTP client that accesses webservers at specified addresses.

Antigravity and OpenClaw are HTTP clients that access webservers at specified addresses.

link
DangitBobby 105 days ago
That's not what stealing is.
link