I wasn't aware companies could, by fiat, declare certain publicly available endpoints private, thereby compelling everyone by force of law to pretend they don't exist.

These are the exact same “private API”s your browser utilizes when visiting chat.openai.com and require your own API keys granted to you by OpenAI.

Calling it illegal is utterly insane. It’s just a different user-agent and they’d prefer people use their official ones. OpenAI literally controls the keys so if they don’t want someone using an alternate mechanism, they can and will just ban the account.

My website is private. If you visit it I will sue you.

If someone bypasses authentication I understand but if your api is open on the public internet on purpose, you don't get to randomly declare what's private and what isn't.

Assuming that those third-party services are ones that the public can access via their own web interfaces, such that the only thing unauthorized is the manner in which the APIs are consumed, this would seem (unless I am missing more specific precedent) to fall out of CFAA coverage as a result of the Van Buren v. United States decision.

I remember when this passed and thinking that it was all the big, incompetent businesses that can afford lawyers on retainer making sure that only big businesses that can afford lawyers on retainer maintain their position of superior power over individuals. Snuffing out any hope that the little guy - who through sheer talent - can do things on this incredible newfangled equalizing innovation called the Internet will finally have some real chance at power.

Bank of America used it to make people who simply changed the account number in their URL bar the criminals instead of them, who were completely incompetent at securing access to their customer's accounts. What previously would have been arguably criminal negligence.

It placed intent above competence - but only for those who can afford lawyers.

And here it is again, being abused the same way.

Hot take: It should be repealed completely.

> Actually, the law says that the Terms of Service is a legally-binding contract unless you can prove any provision is legally considered unconscionable

No, it doesn’t.

It says they can state the terms of a contract if all the requirements of contract formation have been met, which are more than just the absence of unconscionable terms.

I'm assuming the users of Gpt4free haven't signed up to OpenAI's terms and conditions, even if they do contain language prohibiting use of these private APIs. A corporation can't unilaterally impose their TOS on the entire population (or, at least, one would hope they can't).

The situations aren't really comparable. We're talking about sending a request from a computer to a publicly available API endpoint that Open AI would rather you didn't, and then using the data that endpoint sends in response.

(Somewhat tangential, the "networks as a 3D space you travel around in with locations you visit" analogy does more harm than good. It's not what's happening and it results in muddled thinking.)

Is it still trespassing if you ask to be let in, and the butler lets you in when he's not supposed to?

If those are APIs consumed by public sites, then they are APIs the public is authorized to use by way of those sites, and Van Buren v. United States says that if you are authorized to access a system, accessing it a different “manner or circumstances” is not “unauthorized” as that term is used in the CFAA.