[abigail95]

With no authentication it's a "gates down" scenario and it's assumed that if you put your server on the open internet you intend people to connect to it.

With authentication it's "gates up" and then "without authorization" from CFAA kicks in. I think it's unlikely that a user agent string creates a "gates up" situation, especially not if it's from code granted under a permissive license.

[imtringued]

I have a mailbox in a multi family home. The keys are numbered and standardized. There are identical mailboxes out there that have the same key as me. In fact, I had to buy a replacement key since the original key broke and I just had to tell the manufacturer which number my mailbox had.

My neighbor could in theory buy the key to my mailbox, but it would be illegal for him to actually open my mailbox and read my mail.

[15155]

The law isn't some autistic computer system, "authentication" is a very broad and amorphous term.

[Topfi]

If I build their slicer, not modifying any line of code, then accessed using that binary, would that be acceptable? If not, why not, considering it is identical to what is on their website?

If I made any changes prior to building, would it still be acceptable? And if not, where is the line? What is the legal basis, any precedent? How much of the code may I modify before I cross an invisible threshold and somehow "bypass" an "authentication" (neither fit UA anyways, either for law or other purposes unless one can provide any evidence that it ever has).

[ok_dad]

Even if that’s correct, Bambu has a right to then press charges on the users, but can’t really complain about the guy simply copying AGPL software to make it work. He’s not the one doing the illegal part.

Bambu clearly didn’t want to press charges on their users, though, so they weaponized the law to try and prevent this, and it’s causing them issues.

In any case, we’re not in some “only the laws matter” reality, we’re also have ethics and morals to consider, in which case Bambu is clearly in the wrong. If they want to secure their servers, they should do it properly rather than using legal threats.

[15155]

"Press charges" - as if this were some Simple Assault. The CFAA isn't something one "chooses" to levy or not, these are crimes against the United States of America and it is solely up to the discretion of a US Attorney to prosecute.

A US Attorney prosecuting anyone on behalf of Chinese business interests isn't a good look politically, though, and that's often a factor.