Why does it have to be binary with all you guys? :P
I didn't say weev deserved a felony conviction. I said he dun goofed, as a counterpoint to what many here are saying, that because the API he accessed was unauthenticated, it meant he did nothing wrong. That argument's completely bogus as well, just as much as a 2 year prison sentence for this is bogus.
I don't think what he did is ethical and I would be happy to see him jailed for an actual crime.
But talking to a webserver isn't like entering a house. It's like making a phone call. "Hi.. my name is Firef--, I mean, Mobile Safari. Can I have your email?"
I think creating a precedent for prosecution when accessing a number of web pages after spoofing a header is far, far worse than making an example of a troll that exploited a loophole to grab information that he shouldn't have. When talking to a webserver, without a clear separation between public and private with something like an API key or username/password, the only possible convictions we should allow is over DoS and that is only if there is malicious intent.
> the only possible convictions we should allow is over DoS and that is only if there is malicious intent.
What's 'malicious intent'? Is it what the 'reasonable person' decides it is? If so I don't see how what you're proposing is significantly different from what I've been saying.
Likewise a DoS is not the worst possible thing you could do to a website with an unauthenticated API. Why do you carve open an exception for DoS but not for e.g. identity theft or doxxing?
I didn't say weev deserved a felony conviction. I said he dun goofed, as a counterpoint to what many here are saying, that because the API he accessed was unauthenticated, it meant he did nothing wrong. That argument's completely bogus as well, just as much as a 2 year prison sentence for this is bogus.