Comment

Comment on Perplexity AI is complaining their plagiarism bot machine cannot bypass Cloudflare's firewall

GamingChairModel@lemmy.world ⁨7⁩ ⁨months⁩ ago

gaining unauthorized access to a computer system

And my point is that defining “unauthorized” to include visitors using unauthorized tools/methods to access a publicly visible resource would be a policy disaster.

If I put a banner on my site that says “by visiting my site you agree not to modify the scripts or ads displayed on the site,” does that make my visit with an ad blocker “unauthorized” under the CFAA? I think the answer should obviously be “no,” and that the way to define “authorization” is whether the website puts up some kind of login/authentication mechanism to block or allow specific users, not to put a simple request to the visiting public to please respect the rules of the site.

To me, a robots.txt is more like a friendly request to unauthenticated visitors than it is a technical implementation of some kind of authentication mechanism.

Scraping isn’t hacking. I agree with the Third Circuit and the EFF: If the website owner makes a resource available to visitors without authentication, then accessing those resources isn’t a crime, even if the website owner didn’t intend for site visitors to use that specific method.

source

Sort:hotnew top

finitebanjo@lemmy.world ⁨7⁩ ⁨months⁩ ago
Site owners currently do and should have the freedom to decide who is and is not allowed to access the data, and to decide for what purpose it gets used for. Idgaf if you think scraping is malicious or not, it is and should be illegal to violate clear and obvious barriers against them at the cost of the owners and unsanctioned profit of the scrapers off of the work of the site owners.

source
- GamingChairModel@lemmy.world ⁨7⁩ ⁨months⁩ ago
  
  to decide for what purpose it gets used for
  
  Yeah, fuck everything about that. If I’m a site visitor I should be able to do what I want with the data you send me. If I bypass your ads, or use your words to write a newspaper article that you don’t like, tough shit. Publishing information is choosing not to control what happens to the information after it leaves your control.
  
  Don’t like it? Make me sign an NDA. And even then, violating an NDA isn’t a crime, much less a felony punishable by years of prison time.
  
  Interpreting the CFAA to cover scraping is absurd and draconian.
  
  source
  - finitebanjo@lemmy.world ⁨7⁩ ⁨months⁩ ago
    If you want anybody and everyone to be able to use everything you post for any purpose, right on, good for you, but don’t try to force your morality on others who rely on their writing and artworks to make a living to survive.
    
    source
    GamingChairModel@lemmy.world ⁨7⁩ ⁨months⁩ ago
    I’m gonna continue to use ad blockers and yt-dlp, and if you think I’m a criminal for doing so, I’m gonna say you don’t understand either technology or criminal law.
    
    source
    -> View More Comments
EncryptKeeper@lemmy.world ⁨7⁩ ⁨months⁩ ago

If I put a banner on my site that says “by visiting my site you agree not to modify the scripts or ads displayed on the site,” does that make my visit with an ad blocker “unauthorized” under the CFAA?

How would you “authorize” a user to access assets served by your systems based on what they do with them after they’ve accessed them? That doesn’t logically follow so no, that would not make an ad blocker unauthorized under the CFAA. Especially because you’re not actually taking any steps to deny these people access either.

AI scrapers on the other hand are a type of users that you’re not authorizing to begin with, and if you’re using CloudFlares bot protection you’re putting into place a system to deny them access. To purposefully circumvent that access would be considered unauthorized.

source
- GamingChairModel@lemmy.world ⁨7⁩ ⁨months⁩ ago
  
  That doesn’t logically follow so no, that would not make an ad blocker unauthorized under the CFAA.
  
  The CFAA also criminalizes “exceeding authorized access” in every place it criminalizes accessing without authorization. My position is that mere permission (in a colloquial sense, not necessarily technical IT permissions) isn’t enough to define authorization. Social expectations and even contractual restrictions shouldn’t be enough to define “authorization” in this criminal statute.
  
  To purposefully circumvent that access would be considered unauthorized.
  
  Even as a normal non-bot user who sees the cloudflare landing page because they’re on a VPN or happen to share an IP address with someone who was abusing the network? No, circumventing those gatekeeping functions is no different than circumventing a paywall on a newspaper website by deleting cookies or something. Or using a VPN or relay to get around rate limiting.
  
  The idea of criminalizing scrapers or scripts would be a policy disaster.
  
  source
Glitchvid@lemmy.world ⁨7⁩ ⁨months⁩ ago
When sites put challenges like Anubis or other measures to authenticate that the viewer isn’t a robot, but they employ measures to thwart that authentication (via spoofing or other means) I think that’s a reasonable violation of the CFAA in spirit — especially since these mass scraping activities are getting attention for the damage they are causing to site operators (another factor in the CFAA, and a factor that would promote this to felony activity.)

The fact is these laws are already on the books, we may as well utilize them to shut down this objectively harmful activity AI scrapers doing.

source
- Aatube@lemmy.dbzer0.com ⁨7⁩ ⁨months⁩ ago
  That same logic is how Aaron Swartz was cornered into suicide for scraping JSTOR, something widely agreed to be a bad idea by a wide range of lawspeople including SCOTUS in its 2021 decision Van Buren v. US that struck this interpretation off the books.
  
  source
- tomalley8342@lemmy.world ⁨7⁩ ⁨months⁩ ago
  Nah, that would also mean using Newpipe, YoutubeDL, Revanced, and Tachiyomi would be a crime, and it would only take the re-introduction of WEI to extend that criminalization to the rest of the web ecosystem. It would be extremely shortsighted and foolish of me to cheer on the criminalization of user spoofing and browser automation because of this.
  
  source
  - Glitchvid@lemmy.world ⁨7⁩ ⁨months⁩ ago
    Do you think DoS/DDoS activities should be criminal?
    
    If you’re a site operator and the mass AI scraping is genuinely causing operational problems (not hard to imagine, I’ve seen what it does to my hosted repositories pages) should there be recourse? Especially if you’re actively trying to prevent that activity (revoking consent in cookies, authorization captchas).
    
    In general I think the idea of “your right to swing your fists ends at my face” applies reasonably well here — these AI scraping companies are giving lots of admins bloody noses and need to be held accountable.
    
    I really am amenable to your arguments wrt the right to an open web, but look at how many sites are hiding behind CF and other portals, or outright becoming hostile to any scraping at all; we’re already seeing the rapid death of the ideal because of these malicious scrapers, and we should be using all available recourse to stop this bleeding.
    
    source
    tomalley8342@lemmy.world ⁨7⁩ ⁨months⁩ ago
    DoS attacks are already a crime, so of course the need for some kind of solution is clear. But any proposal that gatekeeps the internet and restricts the freedoms with which the user can interact with it is no solution at all. To me, the openness of the web shouldn’t be something that people just consider, or are amenable to. It should be the foundation in which all reasonable proposals should consider as a principle truth.
    
    source
    -> View More Comments
- ubergeek@lemmy.today ⁨7⁩ ⁨months⁩ ago
  
  The fact is these laws are already on the books, we may as well utilize them to shut down this objectively harmful activity AI scrapers are doing.
  
  Silly plebe! Those laws are there to target the working class, not to be used against corporations. See: Copyright.
  
  source
  - RangerAndTheCat@lemmy.dbzer0.com ⁨7⁩ ⁨months⁩ ago
    Image
    
    source