Comment by afandian
3 years ago
Websites are generally presumed open for business, not get-a-contract-first like a hotel room. A better analogy would be a shop front with an 'open' sign in the window.
An increasing numnber of shops on the street have locks that silently open if you look like the right kind of person, but lock if you don't look right.
And most people look right, so they don't even realise the lock is there.
Most websites are not clear-net. But regardless, people who do not fit social appearance norms are routinely not welcomed in businesses, often legally.
Here's some real-life equivalents to a web application firewall:
https://www.flickr.com/photos/ibran/595450232/
https://www.manythings.org/signs/im/shirt_and_shoes_required...
https://media.istockphoto.com/photos/restaurant-dress-code-p...
Now imagine you meet the dress code and the door still locks, and you're closer to this situation.
And the shop owner just asked for "good security" or is even on default settings.
It's only legal to maintain order, not to discriminate.
If a shop is operating under a license to be a business, it is open to everyone who does not do something wrong.
Choosing to use a different browser is not the same as being nude or so dirty as to be a health risk, or commiting violence or property damage or other disruptive acts.
Even private businesses, at least in the US, are not allowed to mysteriously be out of stock of everything only for the black family. They aren't allowed to have a "dress code" that says "be white".
A dress code for a business can say "you must have shoes". It can even say "you must have appropriate shoes that meet this necessary safety standard" like work boots on a job site. It can not say "you must have Louis Vuitton shoes".
The closest valid analogy to block an http client would be for failing to adhere to agreed standard open protocol specs, ie, not being a functional http client.
I think web services currently just get away with being in the wrong simply because the various legal systems simply haven't caught up with how various established legal principles apply to various on-line things.
Not every digital event has a direct analog in pre-internet reality, but most legal principles are priciples, and there is always some way to apply them, merely that way has not been hashed out yet for most things, because most of the people making the decisions just have very little deep understanding of what all goes on or how everything works, and so they have no way to judge what constitutes reasonable or unreasonable, or where to assign obligation and responsibility in most situations.
To date, it's still simply too easy for any lawyer to say almost anything halfway reasonable sounding, and all the relevant judges, jurors, and politicians just go with it, pretty much based on which lawyer or lobbyist told the better sounding story, or their own personal prejudices and interests.
Everyone has some way to make themselves look like the reasonable victim and someone else the reasonable culprit, but that doesn't mean those situations don't have a definitively correct answer, just that it hasn't been unpacked and hashed out yet by anyone in a position that matters, and to date, a lot of court cases are still arriving at essentially coin flip results, and most cases never even get past the point of a user being annoyed with a faceless web site and just living with it, let alone get decided either the right or the wrong way by some judge.