Comment by Animats

Comment by Animats 11 hours ago

12 replies

View on Hacker News

It's time for a lawyer letter. See the Computer Fraud and Abuse Act prosecution guidelines.[1] In general, the US Justice Department will not consider any access to open servers that's not clearly an attack to be "unauthorized access". But,

"However, when authorizers later expressly revoke authorization—for example, through unambiguous written cease and desist communications that defendants receive and understand—the Department will consider defendants from that point onward not to be authorized."

So, you get a lawyer to write an "unambiguous cease and desist" letter. You have it delivered to Amazon by either registered mail or a process server, as recommended by the lawyer. Probably both, plus email.

Then you wait and see if Amazon stops.

If they don't stop, you can file a criminal complaint. That will get Amazon's attention.

[1] https://www.justice.gov/jm/jm-9-48000-computer-fraud

Reason077 an hour ago

Do we need a "robots must respect robots.txt" law?

Reply View 1 reply
  • WhyNotHugo 23 minutes ago

    If we did, bot authors would comply by just changing their User-Agent to something different that’s not expressly forbidden.

    (Disallowing * isn’t usually an option since it makes you disappear from search engines).

    Reply View 0 replies
Aurornis 9 hours ago

> Then you wait and see if Amazon stops.

That’s if the requests are actually coming from Amazon, which seems very unlikely given some of the details in the post (rotating user agents, residential IPs, seemingly not interpreting robots.txt). The Amazon bot should come from known Amazon IP ranges and respect robots.txt. An Amazon engineer confirmed it in another comment: https://news.ycombinator.com/item?id=42751729

The blog post mentions things like changing user agent strings, ignoring robots.txt, and residential IP blocks. If the only thing that matches Amazon is the “AmazonBot” User Agent string but not the IP ranges or behavior then lighting your money on fire would be just as effective as hiring a lawyer to write a letter to Amazon.

Reply View 1 reply
  • [removed] 8 hours ago
    [deleted]
    Reply View 0 replies
xena 11 hours ago

Honestly, I figure that being on the front page of Hacker News like this is more than shame enough to get a human from the common sense department to read and respond to the email I sent politely asking them to stop scraping my git server. If I don't get a response by next Tuesday, I'm getting a lawyer to write a formal cease and desist letter.

Reply View 7 replies
  • Aurornis 9 hours ago

    Someone from Amazon already responded: https://news.ycombinator.com/item?id=42751729

    > If I don't get a response by next Tuesday, I'm getting a lawyer to write a formal cease and desist letter.

    Given the details, I wouldn’t waste your money on lawyers unless you have some information other than the user agent string.

    Reply View 0 replies
  • amarcheschi 10 hours ago

    It's computer science, nothing changes on corpo side until they get a lawyer letter.

    And even then, it's probably not going to be easy

    Reply View 0 replies
  • gazchop 10 hours ago

    No one gives a fuck in this industry until someone turns up with bigger lawyers. This is behaviour which is written off with no ethical concerns as ok until that bigger fish comes along.

    Really puts me off it.

    Reply View 0 replies
  • DrBenCarson 10 hours ago

    Lol you really think an ephemeral HN ranking will make change?

    Reply View 3 replies