This reads like the beginning of The Hacker Crackdown..
As a Canadian, reading this article made me angry. If the information is not supposed to be public, it should not be reachable without authorization or authentication.
Never mind a curious 19-year-old, there are tons of crawlers and indexers out there that attempt to enumerate URLs where they think there might be other content.
Shame on them for building a poorly secured site, but even more for trying to railroad a curious kid who made them look stupid.
i can see how the older generation is thinking though, they see it like leaving a window unlocked doesn’t mean you can
the laws are interpreted and applied by powerful people in a way that suits the way they think - that much i think could have been predicted (but not by a teenager)
did the weev ruling surprise anybody other than hackers?
Since it helps the older generation to think about digital content in metaphors, I'd argue that the kid was entering through an open window of a public building. Although a bit strange, no one would give this hypothetical person a third look.
I think the most precise metaphor is: a kid walked through the front door of a public library, borrowed a couple freely available books, then the government realized those books mistakenly included sensitive information.
In order to address that error, 15 police officers raided the kid's house.
That would be an accurate analogy if these documents were linked to from a publicly-accessible portion of the site. They were not. This is more like someone walking into an unlocked back room and grabbing books that hadn't been shelved.
These analogies are not helping. Here's what actually happened: the accused allegedly sent requests to a web server asking "may I please look at the document with id X?" for various values of X. Each time the web server had the option to say "no, you may not", or even "no, that document doesn't exist." Instead, it responded each time by sending the requested document.
That's all that happened: someone used HTTP in the way it's intended to be used, and inferred quite reasonably that the people who set up that web server knew what they were doing and meant to set it up that way. It turns out those people didn't know what they were doing, and they got embarrassed about it.
The computer is not a person and what it does only matters insofar as you may infer that the owner of the property programmed it to do what the owner intended.
As you admit, the property owners did not intend those documents to be accessible. So the only relevant question is: would a reasonable person infer that documents which could only be accessed by editing a URL (by "tricking the HTTP server," if you insist on anthropomorphizing a dumb machine) was intended or not intended to be accessed?
I think most people would assume that documents that can only be accessed by editing an ID were not meant to be accessed. And that really is the end of the analysis.
You do realize HN provides an API that allows you to request any item by using an ID? [1]
Stories, comments, jobs, Ask HNs and even polls are just items.
They're identified by their ids, which are unique integers, and
live under /v0/item/.
If you really know better than everyone else who has replied to you on this story, why don't you point out the exact law that states accessing resources over HTTP is forbidden if not initiated from another resource originating from the target server? Otherwise, I'll assume your "analysis" is simply a subjective view on how you would like the web to work. A pretty limited and unrealistic view that wouldn't work in the real world.For example: here is the link to the first story posted on HN: https://news.ycombinator.com/item?id=1
1. I don't think you can access that story by starting from the front page, because scrolling for more stories only gets you to page 25. Does that mean the intention is the story is private?
2. You can now access it by using the DOM element generated for my comment. Does that mean it's public?