> The Web site voluntarily sent this data, mostly just simple text.

If you know of a way to configure Apache to deliver web data to everyone but a certain subset of users without having to force the authorized subset to use authentication then the whole world is all ears.

In fact, I'm sure HN could use this good news first so that they don't have to use such a non-specific ban system as IP bans...

But until then 3taps had no question that they knew the web site operator did not want them to access their website at all, and in fact had to go out of their way to get around the IP ban, so let's not pretend like the court decision here is setting some kind of general precedent.

No, your argument is mixed up and confused.

IP is irrelevant and not good evidence of anything. The IP address used by 3taps can be changed by the 3taps ISP at any time for any reason.

IP can't be used for authentication.

With public key cryptography and Kerberos, there are some excellent means of authentication. If Craigslist wants to use such authentication, fine, and then they can effectively and accurately block any given collection of users.

But usually a Web site, e.g., HN, offers access to any IP address anonymously, without authentication. In that case, it's next absurd for the Web site to complain about some person when they have next to no good evidence on that person.

Your "go out of their way" is wildly false; all that had to happen was just their electric company to drop power for one second. My electric company does this about once a week. Then the cable modem will forget its assigned IP address and, when electrical power is restored, request a new IP address. The 3taps people need not be aware of this at all.

Moreover, the ISP can have assigned the banned IP address to someone else, Joe, not involved. Then Joe's usage of the Web site is no evidence against 3taps.

Maybe 3taps knew that the Web site did not want them to use their site, but more importantly the site had no good evidence, at least not from IP address, if 3taps was using their site at all or not.

> Your "go out of their way" is wildly false; all that had to happen was just their electric company to drop power for one second.

So you're saying that business networks typically have completely random IPs setup by their ISP? I would hope not, as that means SSL sites could not have worked at all for most people prior to Windows Vista. Not to mention the certain problem of how Google DNS is setup for people (Hint: It uses a static IP).

In fact I think you might get even more disappointed if you consider the types of "proof" that are considered acceptable within the legal system, and commerce in general.

For instance, completing a contract by faxing over a document, having it signed, and faxing it back. That has all the same theoretical issues associated with it as blocking static IP address and yet you don't see the entire edifice of the justice system or commerce falling to bits, now do you?

> Moreover, the ISP can have assigned the banned IP address to someone else, Joe, not involved. Then Joe's usage of the Web site is no evidence against 3taps.

Why are you speaking in terms of "maybes"? 3taps themselves admitted to using a proxy to evade the ban. They knew they were blocked, and they knew why. QED

So while I would agree with you in general that an IP address is not a priori an identifier, that's not at issue in this specific case.

> So you're saying that business networks typically have completely random IPs setup by their ISP?

No. If 3taps was using a static IP address to access Craigslist, then IP address is at least somewhat meaningful as evidence, but mostly Internet users do not have static IP addresses and mostly only organizations that want to operate Internet servers, or Web servers, do. Why? Because mostly to get to a server, a user uses a domain name which uses the domain name system (DNS) which requires a static IP address.

Yes, in the specific case 3taps asked for trouble and got it.

But the article seems to suggest that this case is a threat to ordinary Internet users who, maybe, get an unusually large number of Web pages from a Web site. So, there is also some interest in the more general situation. There IP address is poor evidence.

To me, in the general case, say, Web sites that send data to anonymous users, without strong authentication, etc., should just f'get about the lawyers, suck it up, and f'get about users downloading data. Else the Web site can use strong authentication of users, charge for access to the site, etc.

Why are you talking about "most users"?

The article, and the court case it references, are about 3Taps. 3Taps had a static IP which was banned, and additionally received a Cease and Desist letter. The court case is very clear that the combination of these factors demonstrate that 3Taps' access had been revoked, and that therefore their continued access (through proxies) constituted an intentional, unauthorized access of a protected system.

If the article "seems to suggest" something other than that, either the article is wrong, or you're reading it wrong. This is only a threat to "ordinary" internet users if they're given clear indication that they are no longer allowed to use a site (something like a C&D letter to go along with an account or IP ban.)

The whole point is that it's not freely sent. Craigslist declined to send it to 3taps any more, blocked their IP address, and told them they were no longer welcome to use the site at all, in addition to adjuring them to stop republishing ads from CL. They were well within their rights to do so.

When your argument requires changing the facts, there's something wrong with it.