I don't. Craigslist said 'stay off our site' and they refused. I do not subscribe to this HN meme that 'if you can hack it, you should enjoy the benefits.' All that has resulted in is a security arms race which doesn't benefit anyone.

building your own social networking site that does everything facebook does and better is easy, get user's to sign up is not. trying to mine facebook for customers and data to jump start your site, well, that's not going to fly.

Except arms manufacturers/discoverers.

On the contrary, if we lack low level predators on a short feedback/evolution cycle, then the high level ones operating on a longer cycle will be more effective when the threat environment changes abruptly.

It's quite clear that this ruling is a mistake in the long term, I mean, if you think about it beyond the confines of a single business's perspective. Even then, I'm sure that this is a boneheaded move for any business, long-term. It's clear that relying on legal frameworks instead of technological frameworks is a recipe for business disaster. If you don't want that person to have access to your site, you don't serve the data. The defendant in this case requested the data, and the plaintiff served it. I'm sure if the defendant had comparable legal counsel, the ruling would have been different. I can think of many allegories that can symbolize why this is a bad idea. But I think the most clear indication that this is .. for lack of a better word.. pathetic, is that it's 2013 and we're talking about IP blacklisting. This is another example why China continues to eat our lunch.

Unlikely. You do not have an automatic right to content just because you can access it. If a website operator says that you, AsymetricCom, are no longer welcome to visit their website, that is their right as owners of that business property. Changing your username or IP address may allow you to circumvent their ban, in the same way that wearing a disguise may make it possible for you to enter a shopping mall that you've been banned from, but you're still in breach of the owner's lawful order to stay off their property.

As I've said before, just because it's easy doesn't mean you have the right to do it. Put yourself in the position of the injured website operator; do you want the right to ban people from your website if they persistently abuse it? O course you do, same as any business reserves the right to refuse admission/service to troublemakers.

I am sure that court would hold that [throwing your bubble gum on the side walk] would constitute "Access Without Authorization" if it believed that this act was done with that intent. Because our legal system is ultimately about intent, not action. If [throwing your bubble gum on the side walk] is done with the intent to murder, it would constitute attempted murder, etc...

Edit: All that said, the bigger questions would come down to "the legality of the shrink-wrap-license" (now featured as the "click-through-but-unread-license") question.

Disclaimer: IANAL either.

I am not a lawyer, but the author of The Illustrated Guide to the Law is: http://lawcomic.net/guide/?p=266 You should read all of it.

I don't see why we should sympathize with the 'ordinary' IP changers. I read a number of blogs plagued by persistent trolls. Why shouldn't the proprietors of these blogs have a legal tool available to deal with those who won't take a hint?

It comes up here from time to time. People strongly disagree with this or that poster being banned. That's fine, people can disagree. But what 'right' do you have to post on pg's site after he unequivicably tells you he doesn't want you to?

"The banned user has to follow only one, clear rule: do not access the website. The notice issue becomes limited to how clearly the website owner communicates the banning. Here, Craigslist affirmatively communicated its decision to revoke 3Taps’ access through its cease-and-desist letter and IP blocking efforts."

3Taps made a similar argument in the court case: they argued that if Craigslist allows the world to access craigslist.org, it can't then turn around and revoke access for a specific person or entity. But that conclusion is obviously too strong: it would not only prevent people from selectively banning, it would also prevent sites from fighting denial of service attacks, since fighting those often involves banning suspect IP addresses.

I support the right of a site owner to try to prevent a person from accessing his site. But I don't support the right to make it illegal for someone to access this person's site if he's making it publicly available.

Even if I've sent the person a C&D letter? Accessing someone's site after they've explicitly given you legal notice not to is basically the online equivalent of trespassing.

I think perhaps it's my understanding of "right" that may be wrong.

I view a "right" as something I can contact the authorities and complain over in case it isn't fulfilled. For example property rights. If someone violates this right I can contact the police and they will enforce this right (remove the person from my property).

In that sense of the word, I don't think anyone should have a right to prevent someone from accessing their website, since this would entail being able to demand that they be kept out by an authority in case my attempt at banning them doesn't work.

Apologies. I suppose I should have known this, but I didn't (I've seen many such headline over the years).

> But the ruling doesn't threaten to ambiguously target people who just change an IP to get around an ordinary IP ban.

If this ruling sticks, I can imagine that instead of blacklisting an IP, standard practice will be to return a web page saying "you are hereby notified...".

How do you legally notify someone if all you know is their IP? (serious question, IANAL)

That is a great question, but the case you linked had zero such ambiguity, and in fact is one of the more straightforward CFAA rulings I've ever seen on HN.

I don't know about legally, but Wikipedia keeps informing me that I have a new message. When I look, it's an IP-based user talk page and the message is from 2008. I'd naively consider that sufficient, but maybe a better-informed legal scholar with technical chops wouldn't.

I mean... I wasn't even living at this address or subscribed to this internet provider in 2008.

Not the ruling is precedent anyway, since it is a district court (lowest federal court) order.

sorry if I find this amusing, the article is also about rules and people interpretation of them, freedom to access information, broadly speaking freedom. As journalists are free to make up their title when reporting news, interpreting by their PoV, why are we not allowed to do same? Don't get me wrong, good rules are good (though yhey require trust), but that comment on this very news made me smile.

We are, just not here.

Did you say that in a low voice tone for added emphasis?

Yes that is the General perception of Journalists in the UK.

We are, just not in the link title field. From the guidelines: If you want to add initial commentary on the link, write a blog post about it and submit that instead.

Catch 22.

Doesn't it? What's stopping me from being prosecuted for accessing a site I've been banned from, as a person instead of (in this case) a business model?

Either way it's easy enough, just see if 3taps has data from the craigslist website that was after the effective date of the IP block and C&D letter being received.

Why? The main reason why and my point in my post is that blocking the IP address is just silly talk since an IP address can't be used at all reliably to identify a computer or user. The IP address is nearly irrelevant.

The Web site might as well find that the person, say, Tom, they didn't like ate at McDonald's and then try to block everyone who eats at McDonald's. Then Tom can eat at Wendy's, and everyone who does continue to eat at McDonald's gets blocked and maybe accused of violating the C&D letter. Again, once again, over again, yet again, IP address just says next to nothing about who did or did not connect to the Web site. So, IP address should be ignored in this legal discussion.

Away from McDonald's and more specifically about the Internet, (1) The user who got the C&D letter could just use a different IP address. One way to do that is to us a proxy as in the article. Another way is just to disconnect the electrical power from a cable modem and connect power again. Then the modem will likely forget the IP address it was last assigned, use the internet standard dynamic host connection protocol (DHCP) to get another IP address from the Internet service provider (ISP), and continue on. Another way is, the ISP can just assign a different IP address at any time for any reason. So, the person, Tom, who received the C&D letter can get a new IP address and, indeed, be forced to give up his old IP address. And the user, Tom, need not even be aware of this change in IP address.

(2) The Web site could get torqued at the wrong person. So, the ISP of the person receiving the C&D letter, Tom, could assign the the IP address blocked by the Web site to another person, Joe, not involved in any of the legal efforts, and Tom could try to connect to the Web site. Then the Web site could blame Tom for access to their site by Joe. Bummer for Joe.

For your

> just see if 3taps has data from the craigslist website that was after the effective date of the IP block

that's not nearly "easy enough". Even to start to look for this data, need full access to at least the computer of the person who got the C&D letter, Tom.

So, have to grab Tom's computer. By what right? Tom can claim that he has been honoring the C&D letter and not been accessing the Web site and that the blocked IP address has been assigned to someone else, Joe.

Even if get Tom's computer, now what? He could have several trillion bytes of data on his computer, and also have other computers in his house/office. Looking for the Craigslist data could be a lot of work and very intrusive, whether Tom had the data or not. The search could uncover business plans, love letters, etc. Tom should be able to keep private.

The Craigslist data could be anywhere in that data or nowhere. The data could be encrypted. Tom might have copied the data to DVD and hidden it in the bottom of his kitty cat's litter box, under insulation in his attic, in one of several hundred books on his bookshelf, etc. Pawing through all of Tom's private possessions all based in IP address or less is outrageously intrusive and wildly unfair to Tom.

Next, it need not be the least bit clear in what form the data is. The data, as sent by Craigslist, is essentially just simple text plus maybe some pictures in JPG, GIF, PNG, etc. A lot of that text data is HTTP, HTML, and CSS tokens, symbols, and markup that has next to nothing to do with the Craigslist data at issue; those tokens, etc. can easily be removed by a simple program or text editor leaving just the data. That data can be pulled into a spreadsheet, written to a database (e.g., SQL Server or MySql), combined with other data in files, tables, etc., graphed, formatted with TeX, PostScript, PDF, etc., and look nothing much like a Web page from Craigslist. So, turning Tom's house upside down promises to uncover nothing relevant to the C&D letter.

Since maybe Tom is honoring the C&D letter, turning his house upside down is not justified by any evidence and is unfair to Tom.

Moreover, maybe Tom got the Craigslist data from, say, a Google archived copy or a friend or another Web site.

"Easy enough" is a very long way from being true: It's easy for Tom to have what looks like Craigslist data when he did honor the C&D letter. It's easy for Tom not to have honored the C&D letter and have some Craigslist data but be next to impossible to know this, no matter what devastation is inflicted on Tom's house or office.

More generally, the Web site is volunteering to send its data over the Internet to computers and software that request the data via a HTTP GET request. About all the Web site knows is that there was a GET request from an IP address; neither the GET request nor the IP address say anything meaningful about a person. It's not the least bit clear who the person is. That's just how the Internet works. If the Web site doesn't like that, then they can shut down.

So, really, the Web site can send all the letters they want, but they have no evidence that should justify searching what data Tom has or if Tom did or did not honor the C&D letter.

The Web site effectively put the data out there in the public square for everyone, anonymously, to see, copy, keep, and in some, and maybe all, respects use. Then later the Web site changed their mind and wants some absurd restrictions based on some nearly meaningless evidence. The data is offered to anonymous users, and it is not clear just who the users are, and no amount of C&D letter writing and IP address tracking, etc. can change that.