What makes you think you have the right to the content
The fact that my web browser received a 200 from the server. Server seemed to think it's okay to give it to me.
You're violating the contract you implicitly agree to when you visit the site.
I will once again remind those that pull out this argument that the "implicit agreement" is that my web browser sends a request, and if the server thinks I am worthy of viewing the content, it sends said content along with a "200: everything is A-Okay! Happy to be of service!". If the server thinks me unworthy, it can send a 403.
If someone wishes to redefine the "implicit agreement", please include a reference to the relevant RFC. Because otherwise it's just some marketing person trying to redefine the world the way they wished it were. Should someone care to redefine the World Wide Web experience such that I do not control what my browser displays, well, maybe the WWW isn't appropriate for their business.
You seem to think technical implementations matter for some reason. I find that rather odd. Do you think that someone leaving their front door open entitles you to the contents of their home?
If they put up a public sign in front of it that says "come on in and take anything you want" then... kind of.
It's not that access implies consent, it's that the technical standard is the methodology by which a company grants consent.
The fact that there's ink on a piece of paper is meaningless by itself, but if it forms my signature on a contract, then it does have meaning. The fact that I can get to a server is meaningless by itself, but if the server returns a 200, explicitly designated as "yes, you can access this", then that's a different story.
Of course there are gray areas there. If someone faked my signature, or if someone accidentally made their server return a 200 code without meaning to or understanding what they were doing... then fine, I'll concede that they haven't really offered informed consent.
But that's not the position that any news site is in. No news site is accidentally returning a 200 code when my computer asks "can I have this content?"
It's hard to describe an HTTP status as anything other than a sign. If it was purely technical, we wouldn't distinguish between 402 (payment required) and 403 (forbidden).[0]
While HTTP status codes can be understood by a machine, they're also designed to be highly semantic and understandable by humans. I would argue that the burden is on people who argue that they are not contractual to justify why, in the same way that I would expect them to justify why a handshake isn't contractual.
Edit: Potentially interesting as well is a semi-recent court ruling about web scraping[1], where courts effectively ruled that once LinkedIn made their information public, they couldn't block web scrapers from accessing that information, which suggests that the law also agrees with the web community on this one.
> "But Judge Chen concluded that the issue isn't so simple. When you publish a website, you implicitly give members of the public permission to access it, he ruled."
[0]: Although admittedly, nobody really makes much use of 402.
> It's hard to describe an HTTP status as anything other than a sign. If it was purely technical, we wouldn't distinguish between 402 (payment required) and 403 (forbidden).
I agree that the existence of those status codes does a good job at disambiguating representations of intent regarding payment. However, to my knowledge, there's no status code that means "Ok, as long as you don't use an adblocker". As such, any such provision has to be layered on higher up the stack. The current solution is to put it in the site's terms of service.
That seems pretty equivalent to an HTTP status code, no? I'd argue that you have contracts simply operating at multiple levels here. All an entity ought need to do is clearly communicate the terms of access to their interlocutor. If they have done so, and the client understands the terms, then they should be bound by them if they proceed.
> Edit: Potentially interesting as well is a semi-recent court ruling about web scraping[1], where courts effectively ruled that once LinkedIn made their information public, they couldn't block web scrapers from accessing that information, which suggests that the law also agrees with the web community on this one.
Haha, yes i'm quite familiar with this case, having written a LinkedIn scraper recently. LinkedIn still does not make this particularly easy, despite being compelled to by the courts. The nuances the judge seems to have settled on are a bit interesting. Apparently they're allowed to block access to stuff that requires you to login to see, but not stuff that doesn't.
> As such, any such provision has to be layered on higher up the stack. The current solution is to put it in the site's terms of service.
But the problem is that I never signed that TOS. We keep on coming back to this, but putting a TOS somewhere on your site is not binding. You need to get my informed consent. In the same way, if I stuck up a contract on my public blog that said "by fulfilling any HTTP request I make, you grant me license to republish your content," I couldn't steal everyone's artwork off of DeviantArt and claim "well, we did have a contract."
We have a really good solution for this problem - put a 401 (unauthorized) page in front of your content, which is accurate because the site operator has decided that someone who hasn't agreed not to block ads is not authorized to view the content. Then require me to sign the TOS before you authenticate me.
That would be an enforceable contract. Ad blocking is a solved problem for anyone who's really willing to block requests and require authentication.
Of course, the vast majority of sites don't want to do that because it's incredibly annoying to the average user. But that's not a problem with the technology - informed consent is fundamentally annoying to procure in any context. It will always be more work to get someone to voluntarily agree to a set of conditions than it will be to just give them something. On the web, that's just more of a problem because quick, impulsive, uninformed clicks currently form the majority of web revenue.
So site operators have discovered that it is more profitable not to get informed consent and just hope that nobody blocks your stuff. The downside is that you have no TOS to enforce because you never got anybody to agree to it. But, that's a downside many sites are willing to live with.
The conflict comes when courts rule that the implied contract that users believe they're agreeing to isn't the terms that ad networks wanted. I find that often what ad agencies want is to have legally binding implied contracts, but only in one direction and under terms that they can change at any time.
I'm all for contract law, but if it's the users responsibility to understand a site's TOS before they request information, shouldn't it also be the site's responsibility to understand a user's TOS and intent before they fulfill a request?
That's what web authentication does. It gives sites the opportunity to form a contract with a user, and to tell users who don't want to form a contract "sorry, but we have conditions before you view this."
> But the problem is that I never signed that TOS. We keep on coming back to this, but putting a TOS somewhere on your site is not binding. You need to get my informed consent. In the same way, if I stuck up a contract on my public blog that said "by fulfilling any HTTP request I make, you grant me license to republish your content," I couldn't steal everyone's artwork off of DeviantArt and claim "well, we did have a contract."
Yep. Totally agree. Consent needs to be informed. In order for anything i'm saying to apply, the agreement must be meaningfully made. Personally, I consider a checkbox saying "I won't use an ad blocker" to be sufficient to declare that agreement valid.
What if they put a sign up next to that robot that says the robots answers do not constitute a legally binding agreement to ownership transfer of any property herein?
It's fine as long as the robot, when asked "Can I have a table lamp?", doesn't fetch that lamp, give it to you and say "ok, take it". If it does, then the whole example breaks down, and the judge would just laugh and tell you it's your own fault that you got your apartment cleaned out.
Whether if it's the contents of a home or the contents of a text file sitting on a web server, if I ask, "can I have the contents of that, please?" and they answer in the affirmative then the answer to your question is, umm, yes? And should I decide to leave items that I don't want, I don't see where the homeowner has reason to complain.
So, you consider a GET request to be the equivalent of an unconditional request for content. That's an interesting perspective. What if the GET request delivers you the terms of a contract, that then requires a POST request containing "agree=yes" to the terms of the initial GET request to obtain the actual content, and the terms of that first stage GET request say "You must not use an ad blocker when viewing the second stage GET request".
YES! That would start to make sense. With such a setup, if I answered POST "agree=yes" and proceeded to GET your content while using an ad blocker, you'd have a right to call me an asshole breaking a social contract, and - if the content of that initial GET with contract met appropriate legal standards - you could probably even sue me for misuse of computer resources and win. Might be a hard case to win, given that nothing on the Internet is built with expectation of users having to fetch more than they want, but at least you'd have a basis for a case, because I did enter a contract with you and didn't held to my end.
What if a frog had wings? It wouldn't bump its ass when it hops. I'm talking about today, as it is currently implemented. You seem to think that if you keep moving the goal posts, you'll "win" the internet. "That's an interesting perspective."
The analogy is closer to having a butler permit entry to a visitor. The website operator has delegated authority to the webserver to issue their content to visitors.
If the operator doesn't like what their webserver butler is doing with the operator's content, that's on the operator.
The fact that my web browser received a 200 from the server. Server seemed to think it's okay to give it to me.
You're violating the contract you implicitly agree to when you visit the site.
I will once again remind those that pull out this argument that the "implicit agreement" is that my web browser sends a request, and if the server thinks I am worthy of viewing the content, it sends said content along with a "200: everything is A-Okay! Happy to be of service!". If the server thinks me unworthy, it can send a 403.
If someone wishes to redefine the "implicit agreement", please include a reference to the relevant RFC. Because otherwise it's just some marketing person trying to redefine the world the way they wished it were. Should someone care to redefine the World Wide Web experience such that I do not control what my browser displays, well, maybe the WWW isn't appropriate for their business.