8

Recently I see some debates about bypassing paywalls by modifying browser's HTTP request as stated on ghack.

Most paywalled websites allow users to read a certain number of free articles before blocking them outside of the paywall. They do it by saving a record in browser's cookies or by checking the request referrer to identify whether the user exceeds his / hers daily reading limit.

There's some browser extensions that clears the browser cookies and modify the request referrer before user send out a HTTP request. By this way they can gain access to unlimited articles since it's harder for websites to identify them.

Are making or spreading these kind of extensions illegal? How about the users that use the extension?

Johnson
  • 181
  • 1
  • 5

3 Answers3

6

This is relatively uncharted legal territory, so until multiple cases establish some sort of precedent, we can only guess.

I know of no legal requirement that a Browser or User has to submit cookies or referrer data or other meta-information accurately. In that regard, a user is unlikely to be prosecuted just for submitting HTTP headers. It is likely closely related to Free Speech issues.

The DMCA spells out that it is illegal to circumvent copyright protection measures. While this law is typically used to make it illegal to copy DVDs, video-games or streaming movies, it is possible that the "3-free articles" policy could be interpreted as a copyright protection mechanism, and defeating it by changing HTTP headers is a circumvention. A good summary is here.

A specific site's TOS (Terms of Service) probably contains language that spells out it is a violation to use the site in a manner other than as it is intended. This is a typical anti-hacking, anti-screen-scraping provision. Altering a browser session to circumvent their services is probably a violation of the license to access the site, and may open a user to a civil lawsuit for damages or even criminal hacking charges (the details of which are different state-to-state)

abelenky
  • 3,190
  • 15
  • 29
2

In the USA modifying cookies in this way would probably be considered a violation of the Computer Fraud and Abuse Act, which prohibits any "unauthorised" use of a computer. In the past the word "unauthorised" has been construed pretty widely.

The nearest parallel case I'm aware of was United States v. Andrew Auernheimer. Auernheimer had changed a numeric serial number in a URL to gain access to supposedly private data, and was convicted under the CFAA. His conviction was subsequently overturned on venue grounds, but the appeal court did not address the question of "unauthorised" use.

If the writers of the extension are promoting it as a paywall circumvention tool then they would be criminally liable too. However it would be a defence if they could show that the tool had legitimate uses and they were not promoting the illegitimate ones.

Paul Johnson
  • 14,252
  • 3
  • 39
  • 63
-8

It's not really illegal. I know you guys want page long answers, but I mean no one really cares in this instance.

Putvi
  • 4,050
  • 11
  • 22