Ask HN: Why is "exploiting" a website illegal?

4 points

17 years ago

This is in reference to the Twitter worm, and the Samy Myspace worm awhile back.

MySpace filed a lawsuit against the virus creator, Samy Kamkar. He entered a plea agreement, on January 31, 2007, to a felony charge.[2] The action resulted in Kamkar being sentenced to three years probation, 90 days community service and an undisclosed amount of restitution.

From: http://en.wikipedia.org/wiki/Samy_(XSS)

I'm not sure what is going to happen to the kid that did the Twitter worm.

On what grounds is what these people did considered harmful? It doesn't harm any end-users... at worst it only modifies their profile page. It's a bug (or feature) in the web application, not exactly a virus that affects other peoples computers. I guess my point is, it's all encapsulated to the website.

Furthermore, it just seems like they're taking advantage of the features the developers created. If you can execute javascript, why not force people to friend you? If the developers included a big button that said: "Delete a random user's profile" and you pushed it... would that be illegal? What if instead of a button, there was a hidden URL that did this? What if you needed to provide a 1 digit password?

I just don't get how fooling around with a website can be considered illegal, and what defines the line between legal and not.

11 comments