[gingerlime]

Absolutely.

I wonder if by that token you could find a security exploit in an API that causes undesired behaviour (e.g. elevated privileges) and claim you're simply accessing an undocumented API?

Or another way of looking at it - does accessing an undocumented API constitute hacking/unauthorized access? (which is probably an even more serious violation than copyright infringement in most countries)

(disclaimer: I don't even know what this particular API is doing, or what's the alleged infringement, I'm just wondering about the principles in general)

[GhotiFish]

I had this philosophy for every single crack.

Computers do what they're programmed to do, they do what you told them to do, if you didn't want your computer to respond to a buffer overflow by writing over the stack and executing a sequence of commands that escalated the defendant to an administrator, you shouldn't of programmed that feature in.

When you inserted that string directly into that SQL command, you gave your users access to a wide range of features. Now all of a sudden you don't like that feature any more because someone used it? You gave the users the ability to ask for arbitrary tables in your database, why should a hacker go to court for asking for a "user table"? Shouldn't you be the one in court?

That's how I saw things when I was ~15, anyway. I still kinda think that way... Though I've figured out that just because someone left their safe open, doesn't mean you get to steal the gold.

[jlgreco]

> Though I've figured out that just because someone left their safe open, doesn't mean you get to steal the gold.

True. Though on the other hand, if somebody figures out they they get free sodas when they hold down both the coke and sprite buttons, as far as I am concerned they get to have their free soda.

[kivikakk]

There is surely some cognitive dissonance here.

> > Though I've figured out that just because someone left their safe open, doesn't mean you get to steal the gold.

> True. Though on the other hand, if somebody figures out they they get free sodas when they hold down both the coke and sprite buttons, as far as I am concerned they get to have their free soda.

So, if the safe is left open, you don't get to take it, but if you press buttons that unintentionally make it open up, you get you have your free gold? uh.

[jlgreco]

If the teller gives you free money, that is on the teller, not you. Whether that teller is human or an automated machine doesn't particularly matter to me.

Just don't take money that the teller, automated or otherwise, does not volunteer. Regular safes and vaults, with no teller, have no agency and are not capable of giving you money.

[jacalata]

Does 'inserting a coat hanger into a vending machine' count as 'pressing the coke and sprite buttons together' or 'they left their safe open'?

[GhotiFish]

Exactly, it's not a solid line. The smarter the system gets, the more the blame goes from the user to the system.

I wonder what's going to happen to philosophy if/when we hit the event horizon.

[analog]

"If the teller gives you free money, that is on the teller, not you." That's not true in law, if a bank mistakenly credits your account they can retrieve the money.

[jlgreco]

Considering that most custom scrapers these days simplify their job by using whatever undocumented API the site's javascript might be using (makes the job very easy, but is of course a fragile solution), making the use of undocumented APIs be considered "unauthorized access", even in the absence of a restrictive robots.txt or EULA, would be very bad for a lot of people.

[yebyen]

If pushing the right buttons on a Video Poker machine to make it pay out 10x jackpot is a CFAA violation, then yes, writing a script to access an undocumented API is unauthorized access.

Then again, I'm pretty sure that company lost their case. How can you claim that it's not documented if you provide HTML and Javascript example code?