Are you trying to say it's morally wrong to read data made publicly available through a site's API? I think that's a stretch. Clearly there are very obviously malevolent things you could do with data acquired with such queries, but just iterating on a URL query string seems pretty far from an obvious moral wrong.
Legally questionable, for sure. Morally forthright, doubtful.
The wrong comes in using data nefariously, surely; not in merely observing it.
> Are you trying to say it's morally wrong to read data made publicly available through a site's API? I think that's a stretch. Clearly there are very obviously malevolent things you could do with data acquired with such queries, but just iterating on a URL query string seems pretty far from an obvious moral wrong.
I used to think this. But I changed my opinion and yes, in this particular instance, it's pretty much unambiguously morally wrong.
Why did I change my opinion? Because the previous one was wrong (morally). Ethics isn't rocket science or brain surgery. Well, maybe a little like brain surgery.
I could download that data and IMO, it'd be wrong to do so. I'm not always a good person, even by my own standards of ethics, so I might download that data. I wouldn't use the data maliciously because IMO that'd be even wronger (but by now why are you taking my word for this? I already violated my own ethical code once!). So all in all (if you take my word for it), the consequence of me downloading that data is strictly less bad than some malicious actor doing the same. I'm not really a big fan of Consequentialist Ethics. It's nice in theory (say, Utilitarianism), but in practice people simply have to use a derived code, which is not always as clearly defined. I like to keep my hypocrisies at surface-level.
So I could do it, things would probably turn out right for everyone involved, but I'm not going to kid myself and tell myself it's not wrong to do so in the first place.
(Also, there's the risk where having a copy of the data could mean I could lose control of it, fall into more malicious hands, and that'd be bad. Practical considerations I do not disagree with, but I should not need these to determine whether something is right or wrong)
I don't think there's any ambiguity here. Deliberately downloading personal information—clearly not intended to be released publicly—does not seem to be a defensible action.
We're not talking about downloading a couple of records and alerting someone about it, after all.
Which do you find is indefensible, seeking to consume data or consuming it? Or, does one need to actively seek it and also consume it to cross your threshold of immorality? Or ...
Yes there is – you've consumed other people's data without permission.
Would the same apply to physical trespass in your mind? Is there any harm in entering an accidentally unlocked house and snooping around? There's nothing preventing you from doing so...
I'd argue that it's wrong, and equivalent to consuming data which is obviously intended to be private. It's not like there's ambiguity about it's status.
Which do you find is indefensible, seeking to consume data or consuming it
Surely you can only consume data if you seek to do so?
Except you don't consume it, you view it. The data remains and is accessible at all times to others. If you don't use it you haven't consumed it in any way.
>Is there any harm in entering an accidentally unlocked house and snooping around? //
There is a lack of equivalence here IMO as personal space, such as in a dwelling place, is quite different from non-dwelling space. The case of viewing data (to me) is like a person walking across your farmland without permission; quite different to finding them in your bedroom. The lack of equivalence between physical and virtual spaces makes this analogy fundamentally flawed.
If it's addressable on the internet then it's not private: If you hide your diary under your bed, that's private. If you hide it under a bush in the park, that's not private.
>Surely you can only consume data if you seek to do so? //
I shouldn't have used "consume", as the data is not consumed but viewed (unless it's used in later actions that "consume" it somehow). That said, you can view data without seeking to view it; you can seek to view data without being able to view it. If in the OP the person had tried altering the account ID and they couldn't view data from their other account would they still be committing an indefensible wrong in your opinion?
Interestingly I was just on a site called PC Builder that had price data in INR (Rupee), switching to USD added a section to the URL and I, to see if I could use the site in GBP, went to the URL and altered it ... did I commit a crime in your opinion?
Given the context is scraping, I'd argue enumerating a customer ID is pretty obviously wrong -- if that wasn't obvious enough, the response data is. And to accidentally, unknowingly harvest and store that data is much more of a stretch.
Are you trying to say it's morally wrong to read data made publicly available through a site's API? I think that's a stretch. Clearly there are very obviously malevolent things you could do with data acquired with such queries, but just iterating on a URL query string seems pretty far from an obvious moral wrong.
Legally questionable, for sure. Morally forthright, doubtful.
The wrong comes in using data nefariously, surely; not in merely observing it.