top | item 46017103

(no title)

dminuoso | 3 months ago

If I infiltrate someone else’s computer, secretly run code in order to to exfiltrate data I risk prison time because objectively it seems to satisfy criminal laws over where I live.

How do prosecutors in any modern country/state not charge this behavior when done by a website owner?

discuss

gruez|3 months ago

The difference is that there's implied consent to run arbitrary (albeit sandboxed) code when you visit a website. Moreover it's not the website causing the code to be executed, it's your browser. Otherwise if the bar is "code is being run but the user doesn't know about it", it would lead to either any type of web pages with javascript being illegal (or maybe without javascript, given that CSS turing complete), or a cookie banner type situation where site asks for consent and everyone just blindly accepts.

bandrami|3 months ago

> any type of web pages with javascript being illegal

Inshallah

mh-|3 months ago

> if the bar is "code is being run but the user doesn't know about it",

.. would lead to all modern electronics being illegal, not just web pages with javascript.

geocar|3 months ago

I suppose it depends on what you mean by "modern"

In Europe we have the GDPR which does exactly this

dminuoso|3 months ago

The GPDR is not criminal law. But ignoring that, regulators barely pursue GPDR violations.

Consider the swaths of dark patterns surrounding cookie terror banners. The GPDR language is extremely clear that none of them are legal, but virtually nobody is ever punished.