you will get prison for DDoS in USA
Who said anything about DDoS? I’m using ad blockers and saving/caching/archiving websites with a single computer, and not causing damage. I’m just using the website in a way the owner doesn’t like. That’s not a crime, nor should it be.
Thats a crime yeah and if Alphabet co wants to sue you for $1.34 damages then they have that right
So yeah, I stand by my statement that anyone thinks this is a crime, or should be a crime, has a poor understanding of either the technology or the law. In this case, even mentioning Alphabet suing for damages means that you don’t know the difference between criminal law and civil law.
press charges for the criminal act of intentional disruption of services
That’s not a crime, and again reveals gaps in your knowledge on this topic.
No, but it is a starting point for passing some kind of sanity check. Someone who was making $81k in 1990 was making an exceedingly high salary in the general population, and computer-related professions weren’t exactly known for high salaries until maybe the 2000’s.
[This report] (https://www.bls.gov/ocs/publications/pdf/white-collar-pay-private-goods-producing-industries-march-1990.pdf) has government statistics showing that in March 1990, entry level programmers were making on average about $27k. Senior programmers were making about $34k. Systems analysts (which I understand to have primarily been mainframe programmers in 1990) were making low 30s at the entry level and high 60s at the most senior level. Going up the management track, only the fourth and highest level was making above $80k, and it seems to me that those are going to be high level executives.
So yeah, $81k is a very senior level in the 1990s tech industry, probably significantly less common than today’s $200k tech jobs.
You have to expect that OP, who is well established in his field, to compare accordingly, not with average pay of 1990.
I’m talking about a number that is 1.4x the 95th percentile generally. It’d be weird to assume that programmers were getting paid that much more than doctors and lawyers and bankers.
According to this survey series, median IEEE members were making about $58k (which was also the average for 35-year-olds in the survey. Electrical engineering is a closely related discipline to programming.
So yeah, an $81k salary was really, really high in 1990. I suspect the original comment was thinking of the 90’s in general, and chose a salary from later in the decade while running the inflation numbers back to 1990, using the wrong conversion factor for inflation.
Edited to add: this Bureau of Labor Statistics publication summarizes salaries by several professions and experience levels as of March 1990. The most senior programmers were making around $34k, the most senior systems analysts were making about $69k, and the most senior managers, who could fairly be described as executives, were making about $88k.
I’m gonna continue to use ad blockers and yt-dlp, and if you think I’m a criminal for doing so, I’m gonna say you don’t understand either technology or criminal law.
Who is making $165k out of college?
Computer science and engineering grads at the top of their class at top schools who choose not to go to grad school. This thread claims to cite Department of Education data to show median salaries 3 years after graduation, and some of them are higher than $165k. Sure, that’s 3 years out, but it’s also median, so one would expect 75th or 90th percentile number to be higher.
Anecdotally, I know people from Stanford/MIT who did get their first jobs in the Bay Area for more than $150k more than 10 years ago, so it was definitely possible.
But this NYT article has stories about graduates from Purdue, Oregon State, and Georgetown which are good schools but also generally weren’t the schools producing many graduates landing in those $150k jobs as that very top tier. I would assume the kids graduating from Cal Tech, MIT, Stanford, and UC Berkeley are still doing well. But the middle is getting left behind.
Were people getting paid $81k in 1990? This site shows that 95th percentile in 1990 was $58k, and doesn’t have more granular data than that above the 95th percentile. So someone making $81k was definitely a 5 percenter, maybe even a 2 percenter.
to decide for what purpose it gets used for
Yeah, fuck everything about that. If I’m a site visitor I should be able to do what I want with the data you send me. If I bypass your ads, or use your words to write a newspaper article that you don’t like, tough shit. Publishing information is choosing not to control what happens to the information after it leaves your control.
Don’t like it? Make me sign an NDA. And even then, violating an NDA isn’t a crime, much less a felony punishable by years of prison time.
Interpreting the CFAA to cover scraping is absurd and draconian.
What counts as an algorithm? Surely it can’t be the actual definition of algorithm.
Because in most forum software (even the older stuff that predates reddit or social media) if I just click on a username, that fetches from the database every comment that the user has ever made, usually sorted in reverse chronological order. That technically fits the definition of an algorithm, and presents that user’s authored content in a manner that correlates the comments with the same user, regardless of where it originally appeared (in specific threads).
So if it generates a webpage that shows the person once made a comment in a cooking subreddit that says “I’m a Muslim and I love the halal version” next to a comment posted to a college admissions subreddit that says “I graduated from Harvard in 2019” next to a comment posted to a gardening subreddit that says “I live in Berlin,” does reddit violate the GDPR by assembling this information all in one place?
I don’t understand.
If someone writes a reddit post and says “I’m fasting for Ramadan,” can I not infer from that public post that the user is probably Muslim?
Why does this image look like an AI-generated screenshot? The letter spacing and weights are all wrong.
That doesn’t logically follow so no, that would not make an ad blocker unauthorized under the CFAA.
The CFAA also criminalizes “exceeding authorized access” in every place it criminalizes accessing without authorization. My position is that mere permission (in a colloquial sense, not necessarily technical IT permissions) isn’t enough to define authorization. Social expectations and even contractual restrictions shouldn’t be enough to define “authorization” in this criminal statute.
To purposefully circumvent that access would be considered unauthorized.
Even as a normal non-bot user who sees the cloudflare landing page because they’re on a VPN or happen to share an IP address with someone who was abusing the network? No, circumventing those gatekeeping functions is no different than circumventing a paywall on a newspaper website by deleting cookies or something. Or using a VPN or relay to get around rate limiting.
The idea of criminalizing scrapers or scripts would be a policy disaster.
gaining unauthorized access to a computer system
And my point is that defining “unauthorized” to include visitors using unauthorized tools/methods to access a publicly visible resource would be a policy disaster.
If I put a banner on my site that says “by visiting my site you agree not to modify the scripts or ads displayed on the site,” does that make my visit with an ad blocker “unauthorized” under the CFAA? I think the answer should obviously be “no,” and that the way to define “authorization” is whether the website puts up some kind of login/authentication mechanism to block or allow specific users, not to put a simple request to the visiting public to please respect the rules of the site.
To me, a robots.txt is more like a friendly request to unauthenticated visitors than it is a technical implementation of some kind of authentication mechanism.
Scraping isn’t hacking. I agree with the Third Circuit and the EFF: If the website owner makes a resource available to visitors without authentication, then accessing those resources isn’t a crime, even if the website owner didn’t intend for site visitors to use that specific method.
Fuck that. I don’t need prosecutors and the courts to rule that accessing publicly available information in a way that the website owner doesn’t want is literally a crime. That logic would extend to ad blockers and editing HTML/js in an “inspect element” tag.
You were talking about $1.34 in damages, which doesn’t sound like downtime or disruption.