Of course they should be able to block 3d party clients. Just because it's technically possible to hijack an API, doesn't mean it's legal or ethical. If you don't want to be tracked, don't use Instagram.
However, Meta blocking the developers fb accounts is basically harassment. Let the courts sort it out if their app is illegal. Meta shouldn't take things into their own hands.
>Of course they should be able to block 3d party clients. Just because it's technically possible to hijack an API, doesn't mean it's legal or ethical. If you don't want to be tracked, don't use Instagram.
This is the bit that's confusing to me.
If I want to access my FB/IG/whatever content, and present my credentials to the server along with a valid request for my data, why should Meta care how I do so?
I could be using nc[0] piped through openssl, rather than a web browser (do you believe Meta can mandate which browser you use and/or what add-ons/extensions it runs?). Is that "hijacking" the API?
If the answer to that question is "no," then shouldn't I be able to write my own client, to access my data, too? If you think I should, then how are either of those (nc, write my own client) really different from using software written by someone that's not me or Meta, as long as I (providing authentication/authorization for my own access) use it to access my own data?
The data served via the API is ultimately what's displayed on the screen of the official client - if they're displaying it to you, they're happy for you to be seeing it and it shouldn't matter whether you're seeing it in the official client or third-party.
That's not how it works. If a badly configured NSA server displays confidential data on your screen, you're still a criminal if you make use of that to access data.
> it shouldn't matter
According to? That's an ethical stance one can take, but it isn't how our laws work.
>According to? That's an ethical stance one can take, but it isn't how our laws work.
What law? Please be specific here as I'm not clear what you're getting at.
If you're referring the Computer Fraud and Abuse Act (CFAA)[0], it states:
The law prohibits accessing a computer without authorization, or
in excess of authorization.
WRT NSA servers, accessing classified information (assuming you don't have clearance and/or a need for that information) would violate the CFAA and possibly the Espionage Act[1].
However, in this particular case, an end user is accessing data (with appropriate credentials that have access to no more and no less than the data they are authorized to access) for which they have appropriate authorization. As such, it can't be a violation of the CFAA. So, where's the "crime" here?
I'm not sure how you're getting from point A to point B here. If you could help me out, I'd appreciate it.
> If a badly configured NSA server displays confidential data on your screen, you're still a criminal if you make use of that to access data.
If a badly configured NSA server gives you data, intentionally accessing it (and/or then misusing the data) would be the crime. I don't think it matters whether you view that data in a browser, a terminal or some third-party client.
Here, the third-party client is accessing the exact same data the official client is. It's not bypassing any access control, in fact it needs your credentials to be able to access the data you're authorized to view.
> According to? That's an ethical stance one can take, but it isn't how our laws work.
I'm not even sure if a law has been broken here? Breach of ToS != crime. As far as I know there is no unauthorized access taking place - the unofficial client is using your credentials to legitimately access the same API as the official one does; it's not giving you any extra data that the official client doesn't.
Of course it wouldn't be a breach if the data just popped up on your screen without you actively trying to access it.
But if you, knowingly, access material you shouldn't have access to, it could be a breach of ToS.
> Breach of ToS != crime.
Breaching a contract is not generally a crime either. But it might lead to a civil case.
>The data server via API isn't yours, that's FB's data. You can download YOUR data via a page on the FB site.
Just to clarify, that means your answer to the question:
I could be using nc[0] piped through openssl, rather than a web
browser (do you believe Meta can mandate which browser you use
and/or what add-ons/extensions it runs?). Is that "hijacking" the
API?
Would be "yes." Is that correct?
If so, please consider what that means for your property rights.
However, Meta blocking the developers fb accounts is basically harassment. Let the courts sort it out if their app is illegal. Meta shouldn't take things into their own hands.