[bbg2401]

> Because Kampala is a MITM, it is able to leverage existing session tokens/anti-bot cookies and automate things deterministically in seconds

If a web property has implemented anti-bot mechanisms, what ethical reasons do you have for providing evasion as a service?

[alexblackwell_]

I wouldn't consider what we do evasion really. We are using real tokens that you have received from your browser as a result of browsing the web. Any good anti-bot will have enforcement for abuses of that token.

[bbg2401]

But as mentioned by another reader, that would almost certainly violate the ToS of the web property subject to the automation. It's almost indistinguishable from session hijacking as far as that property is concerned. And it certainly isn't intended usage.

Indeed, it would likely be classed as a violation according to your own ToS.

It's a delicate matter as we all deploy personal automations that break ToS without us really giving it a second thought. But as a commercial endeavour, it feels brazen, I'm sorry to say.