Correct me if I'm wrong, but this plugin just removes stuff that the site puts over the content to restrict it. It doesn't fool the site into sending the content to the user's computer; it's already done that. Am I wrong in this?
IMO, there needs to be shift in understanding. They sent their information to my computer. Whatever I do with what they sent is my business, not theirs. It's on my computer. And yet they want it to stop.
IMO, if you want it to stop, don't be lazy; don't send it in the first place.
Then a bypass might have CFAA behind it.
These are the same people who want to use my bandwidth and CPU capacity to track me everywhere I go on the web. If they can make legal claims about what I do with the information they send to my computer, I should be able to make legal claims for them using my own computer against me without my consent.
Of course, I'm also more than a little drunk at the moment, so what do I know?
> IMO, there needs to be shift in understanding. They sent their information to my computer. Whatever I do with what they sent is my business, not theirs. It's on my computer. And yet they want it to stop.
This is the whole thing to me. Companies like YT have no right to force me to see stuff I don't want to, or bypass what I say goes on in my browser (i.e., an adblocker)
If they don't like it, they can not serve my requests. Simple.
> If they don't like it, they can not serve my requests. Simple.
this can just as easily be flipped around. if you don't like it, why are you requesting the page? no one is forcing you to view ads on youtube. what they are trying very hard to do is make it difficult for you to consume the thing that costs them money serve without also viewing the ads that pay for it.
I get it. I don't like ads either, and I also avoid viewing them whenever possible. I would prefer to pay whatever it costs to serve me the content plus a reasonable profit. but elevating this technical workaround to some sort of moral principle is not tenable. you're not entitled to make up whatever terms you want for consuming the work of others, and it's absurd to think otherwise.
I don't know if I want to see the content or not until I request the page.
What if I go on youtube, but some scammer replaced it with a page that says "your computer is hacked, send BTC to enable youtube, go to scamwebsite.com". My safe browsing add-on should be able to block the content of scamwebsite.com, or even block this message completely if the maintainers act more quickly than youtube
To argue "you visited youtube.com and the scammer has the right to show you the scam message" is not logical, so why should "you visited youtube.com and Google has the right to show you advertisements" hold? You only argued from the act of visiting the website and it costing someone money. It costs the scammer money to serve the requests from billions of people hitting the website, that doesn't change from the perspective of your argument.
A closely related way to think about this is that with control comes liability for damages.
If the content provider wants to argue they deserve control over What calculations and things my computer does, then they ought be liable for any crashes or scams or exploits that come from that.
I find there's a lot of frustrating internet crap that boils down to someone demanding power without responsibility.
You've invented a scenario that doesn't even make glancing contact with reality in order to rationalize your point of view. I'm actually on your side in this argument but not for this totally contrived reason.
The scenario is very real. Ad networks don't review ad content well enough, so scams and other malicious content are sometimes shown to users. This is also why the FBI recommends using an ad blocker [1]. Pretty embarrassing for Google that a public service announcement like this was needed.
> if you don't like it, why are you requesting the page
Also, why is this sort of argument only applied to websites? If I go to a store and avoid looking at ads, people aren't going to paint me as the asshole. And if the store had people holding ads in front of my face in an attempt to force me to view them, I would hope people would say that's unreasonable.
If I knock on your door, you have a choice to ask who I am first, and decide if I should come in, or you can simply let me come in and look at things. You can't then sue me I look where you don't want me to look. You can kick me out, and you can improve your security. But you're suing because you still want me to be there, you want my attention. Well, my terms are I look at everything or nothing.
Regarding visiting your website? Well, it's on the public internet. Don't be on it if you don't want random visitors.
As for ads, I get it, ads are the easiest way to generate revenue, fine. But can we agree that they've gotten to the point of being immensely profitable and then some, yet advertisers still want you to believe that:
1. They need to abuse your rights and steal your private info so they can survive?
2. That YT really needs to show you 10 ads on a 3 minute video?
3. They deserve to litter every pixel of your browser with ads and you deserve nothing?
This is another concept that seems to be lost on so many people. The vast majority of people, myself included, have no problem with a reasonable amount of unobtrusive ads
The problem is it's just gotten worse - more ads, more tracking, more manipulation. Yet consumers are the ones at fault for getting sick of it. Hmmm...
This seems like a terribly one-sided transaction that doesn't seem to apply to basically any other consumer-business relationship. To continue the delivery driver analogy from another comment, does a pizza place have the right to dictate whether I can cover up ads on their pizza box when it comes to my house?
I think an important distinction here might be the difference between consuming content versus re-publishing it.
1. If I buy a newspaper and I cut out all the ads, that's perfectly fine. (Except in a corporatist dystopia.)
2. If I make a business buying newspapers, cutting out their ads, and then reselling the results, then that could easily get me in trouble for copyright and trademark infringement.
3. If I sell a device people can operate on their own newspapers that automatically cuts out all the ads, that should be fine.
So when it comes to some of these paywall avoiding services, I think the question is they're doing number 2 or number 3.
You’re conflating controlling what a merchant sends with controlling how a consumer receives. Both parties control their own side of the transaction. This is why the delivery driver can’t make you raise your pinky while eating their fancy pizza. Same deal when the delivery is bits not chips.
The argument against it is that by visiting a site you are initiating an exchange as determined by the site operator. In the case of YT, you are watching a video you want to, and must in return watch ads or pay for a premium subscription. The technical details, according to this argument, are invisible to most people and therefore irrelevant. This is, of course, a stance that only makes sense to someone without a real sense of ownership over their computing devices, i.e. to someone who views computers as appliances that are used to consume services.
If the page content included the content that was supposed to be behind paywall, but you didn't agree to any ToS because you never had seen the paywall, how far in the forest does the pained cry of IP lawyer carry?
Even though drunk, I think you have articulated valid points. Visiting a website is not making a binding promise that your user agent will execute all scripts that are served. In fact, if you consider a11y needs, the web could never work that way.
I don’t think publishing information can come with a conditional license on how the information is processed (“the reader shall not skip ahead to the ending of this book”).
And yet what we see progressing with the likes of Win11 and WEI is that they're working deliberately and tirelessly to make the majority of the PC landscape into appliances like phones. Perhaps someday I will be arrested for connecting to the internet with a pre-TPM machine.
Arguably Microsoft is funnily enough on side of consumers in that, comparably to many others, because their business incentives match up with ensuring that there has to be a way to be a real owner of the machine.
They did bend to allow Protected Video/Audio Path, but those aren't backed by TPM - they are backed by Intel ME, they are most probable reason AMD PSP isn't open source, they are part of the reason HDMI 2.0 can't be supported properly with open source components.
But so long as Microsoft wants to have certain high-paying customers interested, it's going to offer and push systems with more owner control than some.
Sure... enterprise and gov customers. But I think their moves with win11 show that they view most windows users as products, not customers. Even Apple lets big customers sideload apps, but not the product class of customer.
Apple explicitly makes it so that they keep the keys to the machine in ways you cannot deal with.
Microsoft, in order to support enterprise and government clients, pushes certain policies onto hardware manufacturers. While it's not the same as pushing it for everyone, enterprises being at times stingy means you can acquire relatively cheaply hardware that is "certified" for Microsoft Windows Enterprise - where Microsoft certification requires certain owner-friendly policies (including complete removal of vendor keys from secure boot and resigning everything with your own).
although the definition of ‘free’ has been adjusted over time, mostly to mean no money changes hands. Just watch a few ads, allow the content providers to share your data with the world, and enjoy a lifetime of ‘free’ content.
And it stays this way, because attention and personal data are magically exempt from AML/KYC.
If I "pay with my attention" by watching ads, no AML/KYC is required.
If I "pay with my data" by being tracked, no AML/KYC is required.
But if I want to pay with real money, AML/KYC is required. And the cost of doing AML/KYC is prohibitive for micropayments.
We have outlawed micropayments-with-money while allowing micropayments-with-data and micropayments-with-attention.
The result of doing this should surprise absolutely nobody.
We asked what is "self respect?" in a recent thread [0].
Here's a fresh definition; It's the difference in the exchange rate
between dollars and the alternative currency of attention and personal
data.
I've been on the Internet since it existed (well, mid 80s) and never
had a problem that some things must be paid for. But for whatever
reason (the corrupt banking system?) micropayments never got
traction. So, as you say, alternative economies have arisen.
Some people have been happy to treat their data and time like the
price of a cup of coffee. For me, I would not give my attention or
personal data for hundreds of thousands of dollars. So each person has
their own "price for which they will sell themselves", and in the
digital world that is what "self-respect" means.
It also means the determination to stick by that self valuation.
This gives corporations an incentive to aggressively drive down
self-respect - to get a better exchange rate. BigTech not only wants
to colonise your devices, it wants to colonise your dignity, to
undermine your confidence, independence and sense of self-worth. No
wonder there is a mental health crisis arising from digital
technology.
Sadly for BigTech things are moving the other way. Minimum levels of
dignity and self-respect are literally being legislated. But also
(perhaps consequently) people are waking up and realising the real
value of their attention and private affairs.
A hope is that this forces BigTech to turn on the banking system and
financial regulators, so we can finally get universal, frictionless
anonymous micropayments and put this while tawdry "surveillance
capitalism" episode behind us.
It also means the determination to stick by that self valuation.
Current laws impose an unpayable tax on micropayments with money-settled valuations but no tax whatsoever on micropayments with attention-settled or personal-data-settled valuations.
It's not a "self-valuation" when you have such an extreme level of state intervention. I'm not sure it's even a market.
EDIT: but you removed your critique of "resonable" which lessens my
reply. All said, your right... its not a market.
But in a sense the truly-self respecting position is unashamedly
"unreasonable" by definition. It's "selfish" and often blinded by it.
It says, "reasonableness" is over-rated. :)
Indeed there's always a tension between self-regarding and
other-regarding values. Take markets, they do it to us too. A company
can be very confident and bullish about its value but the market says
otherwise can set it into downward spiral. And as you say governments,
taxes and legal impositions do the same.
And yet there's always the possibility for bloody mindedness, or
Churchillian "doggedness". Not to deny reality, but to resist it with
every fibre and see a longer term picture. From the outside what is
obstinate, unyielding looks ugly, even childish. But internally
perseverance, resoluteness and tenacity can feel amazing, and so often
triumph in the end.
I'd say many of the most successful business people are completely
"unreasonable", as are political figures like Nelson Mandela for whom
27 years in prison is just part of the journey.
It comes down to that George Bernard Shaw quote;
"" The reasonable man adapts himself to the world; the unreasonable
one persists in trying to adapt the world to himself. Therefore,
all progress depends on the unreasonable man. ""
Anti Money Laundering and Know Your Customer legislation that certain businesses and entities under financial oversight must adhere to in order to prevent funding of state sanctioned entities.
Having been a victim of DMCA abuse, sometimes it's just easier to shut shop if you're not feeling it to be worth your time and effort to counterclaim and partake of legal battles. This is especially the case if you never bothered to form a legal entity in the first place (which is an indicator that the product/project was not worth such extra effort).
In this sense I think the prevalence of such DMCA notices has made the internet a bit of a hostile place, just this month we were reading about it here. [0]
I hate to say it, but under the CFAA this is absolutely a circumvention of an access control displayed on connection to the computer system. Bypassing that access control, no matter how weak it is, no matter that they already gave you the data, as long as that data comes with an access restriction that explicitly informs you that accessing the obfuscated data is a circumvention of their poorly designed access control - it's a CFAA felony violation.
Reform is the answer. Repeal the CFAA and introduce better legislation aligned with the reality we live in today instead of the barely understood beauty of the baud that informed the creation of the Computer Fraud and Abuse Act of the 80s.
This is a fully busted law that harms every single entity it interacts with besides the budget of the FBI and the courts. Oh and the for profit prison system.
> I hate to say it, but under the CFAA this is absolutely a circumvention of an access control displayed on connection to the computer system.
No. The information has been sent to my computer. I can view it in the browser inspector. There is no real access control here - only styling that hides content when rendered by the browser.
I agree, was there not a case recently where all the information was being posted on the government webpage, and depending on your info it only show a select view. It was found that if you viewed the source it showed all the info for all users. The judge upheld that it was not hacking as the governor had stated.
"Cole County Prosecutor Locke Thompson declined to press charges, saying that if any crime was committed it was both unintentional and based on a law so broad and vague it essentially criminalizes “using a computer to look up someone’s information."
These projects really need to start distributing a torrent seed with each release, otherwise you're at the full whims of (usually American) tech companies to nuke at any time
"If the vision for the creation of the web included a day one feature that could restrict access to content, people working on their own specialist topics, catering to their own niche audiences, would’ve happily pressed the button."
And the assertion itself is unsupported nonsense:
"A hundred or a thousand thriving communities, small utopias in their own right, with no connection to each other, would’ve been seen as a feature, not the failure of the internet we otherwise see today."
If only dmca notices were being sent to microsoft and open AI for their wide scale intellectual property laundering theft, but when its in big corp interest the laws bend to them.
False equivalency, dmca notices get immediately enforced, meanwhile big AI continues to steal and launder millions of stolen works while the courts slowly grind out an outcome that will surely benefit everyone but the individuals whose life's work were stolen.
I have not looked at BPC but I have an idea what’s going on: Many “paywalls” operate by letting you download the full content of an article but covering it up with an overlay imposed via JavaScript code.
You’d be surprised how many so-called paywalls stop working when you turn off JavaScript. Presumably at least part of how BPC works is simply blocking the JavaScript from covering up the content already transmitted to you.
So this is what passes for circumvention these days: A publisher sends you the full content of an article in a web page, but you decline to run hostile code that would like to hide most of the content you have already downloaded.
We are a long, long way from DeCSS. At least that involved decryption. This essentially criminalizes “view source.”
I often browse without JavaScript, and often find myself bumping into paywalled sites don’t send the article in the first place. Of course, it is hard to distinguish between that, and a page that is just broken without JavaScript.
If a paywalled site doesn't send the article in the first place unless you have a valid, paid account that you've logged in with, then what exactly is the problem with BPC? BPC can't hack into accounts like that.
Guessing from the interface it exposes, BPC seems to work by making a ruleset matching sites with a battery of possible changes, including resetting cookies (to reset freebie-counters), fetching from Google cache, disabling javascript (for purely client-side paywalls) and by finding exceptions for the paywall (user-agent, referer, IP).
The last one is probably the one that is closest to being a breach of some law. If the plugin did not ship with rules for a lot of sites, it would probably be considered harmless, but shipping a list of the magic user-agents etc. that circumvents paywalls seems risky, legality-wise.
Although, it seems really weird, user-agents are generally thought of as an authentication mechanism, right?
I’m 0% sympathetic to sites that for which this works. The reason they accept these user agents is to mislead Google, right? I think it is fine for a site to not send content to me if I have ads or JavaScript disabled, or if I don’t have a subscription. But it is wrong to falsely advertise that the content is available.
For some reason I assumed this had some automatic archive integration or something like that—actually circumventing real account mechanisms by copying out the content to some third party host. Because otherwise, taking them down seems pretty dumb. But then, I should not have assumed, the world is a pretty dumb place.
If we want journalists to be able to do their jobs, we are going to have to pay them. And when I talk about “journalism” I’m not talking about reporting on sports scores. I’m talking about identifying a problem and asking tough questions to people who don’t want to answer them. Keeping the public informed.
Democracy is a pesky thing. It works when people know what’s actually going on so they can make informed decisions. If we want to live in a democracy we need journalists.
And it’s not just a matter of, maybe the paper will make it up next year. Once a newspaper closes up, it’s gone. That town no longer has a newspaper. Or maybe it gets bought by some newspaper conglomerate.
I don’t know what the solution is. Ads are unsustainable and in many cases even malware. Paywalls kind of work. Maybe something like Apple News+ but platform independent.
I'd really want to know if GitLab is overreacting here. I don't recall reading about GitLab behaving this way before.
> In fact, the URL where the repo could be previously found returns only a 404 error; there’s no indication that a DMCA complaint was even received, let alone who sent it and what it said.
> This user is blocked.
> There’s no information close to hand on GitLab that attempts to explain why magnolia1234 is ‘blocked’ and no reason supplied on the developer’s account on X either. Responses from BPC users are limited to those who @Magnolia1234B specifically mentions, so discussion is somewhat limited.
> More than One Type of DMCA Notice
> The developer’s earlier comment, “another day another DMCA takedown notice” tends to suggest receipt of two, three or potentially more DMCA notices. On which platforms they were received isn’t specified but if those all relate to GitLab, it raises the question of whether a ‘repeat infringer’ policy came into play. That could explain the ‘blocked’ account status but since details aren’t being made available, it’s difficult to say for sure.
I'm curious. For anybody here: when was the last time a paywall news article improved your QOL, and in what way? I have been doing just fine without this stuff for years now, am I missing out?
IMO, there needs to be shift in understanding. They sent their information to my computer. Whatever I do with what they sent is my business, not theirs. It's on my computer. And yet they want it to stop.
IMO, if you want it to stop, don't be lazy; don't send it in the first place.
Then a bypass might have CFAA behind it.
These are the same people who want to use my bandwidth and CPU capacity to track me everywhere I go on the web. If they can make legal claims about what I do with the information they send to my computer, I should be able to make legal claims for them using my own computer against me without my consent.
Of course, I'm also more than a little drunk at the moment, so what do I know?