Will AA be able to find a single customer who has a problem with what TPG does? What is their case then exactly? Would they similarly sue the app if customers were copy pasting data into it, rather than accessing it programmatically?

FYI the title is editorialized. This suit has nothing to do with screen scraping, but just data access in general. Services like these nowadays almost always use private APIs (built for mobile clients and SPAs) rather than parse HTML.

Speculating, but TOS generally say that you're not allowed to share your password with anyone. Assuming that's true for the AA site, AA might argue that TPG is encouraging users to break their TOS ("tortious interference").

Though if app doesn't actually share the password with TPG and just uses it locally there may well be a question of whether entering your password into a third-party app actually counts as sharing it with that party. How exactly would this be different logging in from a web browser? It's just a different kind of user agent. Are Google, Mozilla, Microsoft, and Apple guilty of tortious interference simply because the software they release has access to your passwords on your own machine and could report them back? (For that matter, they even store the synced passwords on their servers, though in principle those are supposed to be private.)

Of course there could also be specific terms in the TOS against accessing the service with unapproved user agents, independent of any prohibition on sharing credentials.

1. Breach of Contract 2. Tortious Interference with a Contract 3. Unfair Competition by Misappropriation 4. Trespass 5. Trademark infringement 6. Dilution 7. Dilution under Texas State Law 8. False Designation of Origin 9. Copyright Infringement 10. CFAA 11. Violation of Texas Harmful Access by Computer Act 12. Unjust Enrichment

AA presents an argument for the ToS binding TPG as a party.

From the AA website: "By logging in, you accept the AAdvantage terms and conditions"

AA provides a number of arguments against that. That's part of the dispute.

They specifically claim it's presenting something that is intentionally confusingly similar to an official AA logon screen using copyrighted and trademarked AA content to harvest customer username and password info, does not prominently note it's nonaffiliation with AA, and directly violates the TOS itself, as well as arguing tortious interference, copyright infringement, trademark infringement, trademark dilution, and violation of the CFAA and the Texas equivalent.

They also note a similar dispute settled with a separate firm owned by the same parent before TPG tried to negotiate a deal with AA for permission to access customer data for this purpose and was turned down.

edit: No it doesn't, brain fart.

Contractual restrictions on speech are enforceable.

That they're stealing AA's opportunity for, ahem, "customer engagement".

They may have a case for tortious interference, I think? It does seem like an uphill climb. The strategy might just be to punish TPG with attorneys' fees and discourage this practice in the future.

In this case an individual customer authorized the access and only their data was affected. This is a pretty common use case for a large category of apps – think Mint, Plaid, all wallet apps which organize and track different accounts.

Edit: typo. I wrote „pwn“ instead of „own“. But then I thought about it and somehow it feels appropriate.

The issue isn’t whether or not it’s what the customers wanted. The issue is that TPG wasn’t the party that entered into the agreement with AA when creating the account.

I’m not suggesting it’s right or wrong, but that’s the issue.

So here we are. It should be fascinating to see where this goes.

Respondeat superior lets you sue the principal for torts of an agent committed in the scope of their agency, but it doesn't eliminate the liability of the agent for their own torts.

You typically want to sue the principal when the agent is less able to pay, less willing to settle, or one of many easily replaceable agents employed by the principal for the same purpose.

When the first and third of those are reversed and the second is unclear (which seems to be the case here), you want to focus on the agent. You could sue the multitude of principals, too, but that's just a lot more cost for little additional benefit (and possibly sympathy backfire in a jury trial.)

“how does filing a lawsuit against this party improve my expected resolution to whatever problem motivated the lawsuit, and is that worth the added cost of pursuing that party” should be part of your calculus. That's not to say the merits of the case don't figure in, but a meritorious case against someone who even the best possible outcome won't do anything to improve your condition is just a way to waste your money and time, and the courts.

As the great Professor Hecker repeated so often in Business Associations - “The tortfeasor is always liable.” E.g. when you get hit by the Dominoes delivery driver, you can sue the delivery driver.

These things get ridiculously specific.

Also, the law around real property including leases is different and more involved than straightforward contractual relationships.

Move Reader to iCloud proxy and I think it becomes almost identical?

Yes, and AA servers, copyrights, and trademarks are all, under the law, it's property, of which it is master.

That's kind of the whole basis of the lawsuit.

They think the data belongs to them. They think they own the consumers and all the data they generate. To them, it's their consumer data, something they abuse to get consumers to log in and look at ads, and they'll be damned if they let some random software have access to it no matter what the user wants.

GDPR makes it clear that personal data belongs to the person, these companies are just middle men who are temporarily processing it. Cases like this perfectly illustrate why such a change in perspective is necessary. Access to this data is a privilege and it can be revoked.

>Let's create a crappy experience that the user has to put up with, to squeeze a few extra cents per year.

    # Default robots file version:2
    User-agent: \*
    Disallow: /calendar/action\* 
    Disallow: /events/action\*
    Allow: /*.css
    Allow: /*.js
    Disallow: /\*?
    Crawl-delay: 3
    Sitemap: https://mccarthygarberlaw.com/sitemap_index.xml

The same issue and battle is playing out for US healthcare as well due to the recent rule forcing hospitals to make prices public.

And those are no brainless. A more skilled surgeon on cosmetic surgery with lower recovery times and or prettier work could easily command a premium because their supply is so low and rich enough people have huge demand.

Although the airline industry can be considered a commodity industry, the airline rewards miles industry is less so. What those miles can get you, can essentially change at any time if the airline says so.

TPG just highlights the shenanigans which puts pressure on airlines to change the value even more frequently. This in turn makes the shenanigans more apparent which might call for regulation.

This lawsuit is attempting to nip this process in the bud before stumbling on regulation. But, fundamentally, the relationship is asymmetric regardless of any data api access.

This ranges from all of those StackOverflow scraping websites in your Google search results to companies that want to scrape Facebook for images and personal info to build a database of everyone.

Basically: Well-behaved and well-intentioned scraping bots are rare. You’d get a lot of users setting update rates to 60 seconds that did a new login every time and creating as much traffic as 1000 users. Then they’d release the script for integration with something people and suddenly you have 1000 people each creating 1000 times as many login requests as a single user.

Another common problem was forgetting to implement reasonable back off for failures. A lot of newbies write scripts that immediately retry on a tight infinite loop whenever something goes wrong, sending a huge stream of requests to your server if the API changes or when it goes down. Again, multiply this by many users sharing a script and it becomes a problem.

Then of course there are people trying to make a business out of extracting your company’s data, such as putting it in some other website where they can serve ads over your content or whatever (think of all of those StackOverflow scraping websites in Google)

Basically, you can’t investigate the motivations of each individual user. You just block them all.

What's illegitimate is that "attempting to ban programmatic access" is on the table as a legal redress.

The only way, from a technical moral standpoint, I could see that being remotely reasonable is if there was 1:1 feature and access parity with an API, then being able to legally force agents to use the API.

But critically that's 1:1 feature - if a user can do it, the API offers a method to do it.

And 1:1 access - if an unauthenticated user can do it, then no mandating an account is required for API use. And if any user can do it, then any user will be approved for an API key.

Otherwise, it's just ceding more power to companies.

You don’t need to scrape stack overflow, you can just download a .zip

That’s one reason why people use it: they can’t just gate you off from the content you’ve created. You and others can (and will/do) have a copy of it all.

https://meta.stackoverflow.com/questions/295508/download-sta...

Why can't you just ignore API requests once it exceeds a threshold rate?

Not to mention, actually malicious traffic will find any non-Sybil criterion you use to enforce rate limits and work around it. "Enforce rate limits per User-Agent?" I'm now 10,000 different applications. "Enforce rate limits per IP address?" I'm now 10,000 different compromised residential IP addresses. At some point, distinguishing between well-behaved, buggy-but-legitimate, and outright malicious automated traffic is either impossible or too time-consuming. Upon which point you throw up your hands and say, "Screw it, everyone but Google or a browser is banned."

Thanks! Why don't malicious actors just spoof browsers?

More generally, I would think that any defense that prevented malicious actors would prevent badly written scrapers, simply because malicious actors can do anything a badly written scraper could do, but can also take more active steps to evade defenses.

(These are honest questions; I have very little knowledge about this.)

The solution to someone constantly spamming your phone is not too pick up each call and say “call back later” bit to block their number.

The moment I become AWS and need to support millions of those poorly written bots because they’re my customers I’ll bother.

Having a driver’s license does not grant someone acting on your behalf the right to drive on public roads if they don’t have their own license. And more directly it also doesn’t grant you the ability to use your autonomous driving software on public roads either.

but not if you write it yourself, apparently.

Lots of us built our own stacks and attempt to fly under the radar - things have gotten legally gray over the last two years and corporations have no problem sending their legal team to kick your door down for trivial stuff.

My biggest fear/risk was getting noticed and sued by the company, merely for letting users request HTML and display it differently than the company wished. The app is no longer available, so I guess I survived but the idea of $BIGCO crushing me with lawyers was chilling.

except we didn't write this platform, we paid for it. and it is licensed per 100 queries.

so when. a single account starts doing 30k queries every hour, 24/7. the pocketbook was directly hit. and yes, web scraping was in the tos that every account agreed to but never read

> The LinkedIn dispute arose out of hiQ’s use of automated bots to scrape massive amounts of information from publicly available LinkedIn user profiles. Thus far, lower courts have sided with hiQ on grounds that certain information on the site is publicly available and could be accessed by the public without entering a password. [1]

There are similarities, however, different context in that in hiQ's case, information was publicly available, but in TPG's case the owner of that data (the AA customer) is providing them access to the data. The customer could just as well copy / download / screenshot the data, etc, and transfer it to TPG, obviously most people wouldn't bother, so that should be the core of the argument here. Is a user allowed to make their data available to a third-party? Screen-scraping is a means to an end

[1] https://news.bloomberglaw.com/us-law-week/supreme-court-scra...

Would Tech E&O cover something like this, or are there riders that would need to be added?

It seems like something that could be strongly defended, and Red Ventures (TPG owner) is a large conglomerate so I doubt legal funds is an issue.

Screen Scraping is essentially interacting with the DOM extract information. American Airlines can't conceivably attempt to limit programmatic interaction with the DOM because that is a core component of how the web works including accessibility tools such as screen readers, and browser plugins/extensions.

I agree.

My faith would be upon appeal or enforcement, such a ruling would get overturned, or dismissed.

I'm a much bigger fan of https://www.doctorofcredit.com/ for this reason.

This case is about data behind an auth screen, so it may not so easily fall under the definition of public stuff

So not even sure your comment applies here.

In all seriousness, this is the crux of many of the issues on the internet: Data about you, or generated by your activities, is probably not your in a legal sense.

In other words AA gives users a limited license to access AA data, and they are mad that you are allowing TPG to use that license. AA sees this as sharing your Spotify password to give them access to music.

I imagine for you it's more or less impossible to start over now, so it's pretty lucky that they've been good to you so far!

I kind of got tired of traveling so much and stopped doing it, though. Traveling for work (just meeting people in other offices) kept my status until about 2017. Then I stopped doing that, and now I'm just a bum with no status on any airline. That's about when the mileage-based gravy train came to an end anyway, so I'm not that upset about it. It is good to be marked in the system as someone to pay attention to (got many free upgrades on Cathay Pacific for no reason back in the day), but you are still treated well when you buy a first or business class ticket even without status.

Sure sometimes flying entails hassles and inconveniences but not every airline is awful and certainly not every employee lacks compassion.

Another time, I was walking out of the Admirals Club at DFW to board my flight. One of the agents came running out to tell me I was walking in the wrong direction.

But, it's not always great. I had an award ticket in 1st class out of LHR, and they didn't clean the plane at all. The tray table had sticky soda all over it, and the plane was filthy. Miserable flight.

Another time, I had an upgrade to 1st class on a domestic flight, but the TSA didn't like my bags and did an extensive check (I must have been on some list back then, it happened a lot). I arrived way late to the gate, and lost my seat. Ended up flying back home in a middle seat in the last row. It was miserable.

So, it's a mixed bag, but generally good. It's hard for such a large company to offer consistency.

The original promise of client/server services was that the server would provide data on a universal open data format, and the USER AGENT (initially a web browser, but other kinds were expected) would process it in a format to the liking of the user, and satisfying their needs.

Compare this to the current situation where the industry standard is that the servers do indeed provide data through somewhat standardized APIs, but the browser or native app is developed by the same vendor and serves their commercial interests, not those of the user as a customer. The only standard customization recognized to users is light theme / dark theme, and it has only started a few months ago.

When it was built by geeks, it was difficult to use but it was meant to serve people. Sellers turned "serving people" into that other meaning.

Why would any company provide data in a standard API so that users can use that data in a standard way? If there was an API for banking, Bank of America wouldn't be able to showcase a professional-esque design and Sofi wouldn't be able to showcase a cartoonish modern design to strengthen their image and attract customers. How do they then attract customers? Only by features and lower margins, which is the opposite of what would make them money.

The idea was to have computers support users, not customers. These words have become synonyms but they have quite different implications. The stated goal was to augment the human intellect, for which you need a well organized corpus of knowledge (think Wikipedia, whose spectacular growth and supporting community came from not being a commercial initiative).

But nowadays the whole industry is focused around building products and services that can be packaged and sold, to the point that its professionals can't even think of any other possibilities when discussing the characteristics of the ecosystem.

Incentives are completely different; it's no wonder that interests of industry are misaligned with actual needs of the final users.

Unlike every other OECD country, the US does not have the English Rule.

https://en.wikipedia.org/wiki/English_rule_%28attorney%27s_f...

My understanding is that screen scraping is taking a picture of the rendered website and using an OCR or some other sort of recognition tools to extract the data.

If it is just scraping - it should be perfectly legal right?

> A Settlement has been proposed in class action litigation against Plaid Inc. (“Plaid”). Plaid enables connections between a user’s financial account(s) and approximately 5,000 mobile and web-based applications (“apps”). This class action alleges Plaid took certain improper actions in connection with this process. The allegations include that Plaid: (1) obtained more financial data than was needed by a user's app, and (2) obtained log-in credentials (username and password) through its interface, known as Plaid Link, which the litigation alleges had the look and feel of the user’s own bank account login screen, when users were actually providing their login credentials directly to Plaid. Plaid denies these allegations and any wrongdoing and maintains that it adequately disclosed and maintained transparency about its practices to consumers.

Streaming services insert ads for other original content when you hit play.

The grocery store has audio and video advertisements for prepare meals playing on loop you can not avoid if you walk past the meat department.

The problem is a race to the bottom on the pricing consumers perceive, and then recovering that money by squeezing every possible touch point.

People have to have enough options to choose a company that doesn’t have to make these compromises.

https://news.ycombinator.com/item?id=29989927

Plaid could file a friend-of-the-court brief here, since they have (presumably!) strong legal grounds to assert that they are legally within their rights to scrape bank websites, as they're doing so as an authorized user-agent, and since browsers are just user-agents, etc.

American Airlines is alleging 12 legal claims:

1. Breach of Contract 2. Tortious Interference with a Contract 3. Unfair Competition by Misappropriation 4. Trespass 5. Trademark infringement 6. Dilution 7. Dilution under Texas State Law 8. False Designation of Origin 9. Copyright Infringement 10. CFAA 11. Violation of Texas Harmful Access by Computer Act 12. Unjust Enrichment

All of my Amazon order emails now only tell me the order number and the total cost, with zero information on what products are included.

Capital One has a tool called "Paribus" that, if you connect your email, will monitor and get refunds if prices drop or the item doesn't arrive on time. They used to do it with Amazon; they'd tell you something didn't come in the Prime two day shipping window and give you a pre-prepared complaint to get a free month of Prime as compensation.

I can't imagine Amazon liked it much.

Y'all, think of the poor servers! They can't handle the traffic!!! /s

It seems like so many problems, annoyances and inconvenience in modern society are artificially created/maintained just to enable this disgusting industry. Imagine how more efficient things could be if this cancer was eradicated once and for all.

> Imagine how more efficient things could be if this cancer was eradicated once and for all.

Yes!! What I wouldn't give to see this entire industry banned from existence. It would solve so many problems it's ridiculous.

The industry has grown out of this human behavior, not vv.

[edit] Humans have a limited capacity for making purchasing decisions. This is why in 20+ years nobody has made a successful micropayments based product or platform. Further, simply paywalling software or services means 99% of people will not use it. People also are uncomfortable with a system that just withdraws money from their account to pay people - and a universal subscription model isn't particularly tenable due to the competing interests of market participants.

If you can solve this problem with something other than ads, I will be your first investor because you're going to be the richest human on earth.

It's easy to say "ads bad" - ok, but the real question is what are we going to replace them with?

I don't know and at this point I don't think it even matters. Every single time I discuss ads here on HN I learn new reasons to hate it. Some days ago I read a story about a politician who deliberately slowed down traffic so people would be forced to "contemplate" this garbage. The sheer audacity of these people never fails to impress me.

It's irredeemable and the fact that there's currently no alternative is no reason not to get rid of it. We really should just do it and let the chips fall where they may. People will figure out a way to make money. They have to, because the alternative is to go bankrupt. Maybe they'll make less money and that's absolutely fine.

How would you explain the fact that people paid for cable and premium cable channels (e.g. HBO) in the past when free network TV has always been an option?

The issue you're failing to separate out is that you're talking about entertainment with television. Websites are largely not comparable in entertainment value, and most are not entertaining at all. People will pay a lot for entertainment. That's why blogs are worth $... today and Netflix is worth $226 billion. If people would pay so much for eg blogs (or, again, any other comparable content), there'd be a $100 billion company extracting that monthly payment for producing volumes of written content on websites. Some blog network would have actually succeeded and become a global content juggernaut.

Most of the content online is not of high quality and people will not pay for it, or they'll pay so little for it as to be a sad joke.

Which website compares to the joy and value people extracted from Friends, Seinfeld, MASH, Fresh Prince, I Love Lucy, and dozens of other prominent TV shows from the past ~50 years. Much less the even higher production shows like Sopranos or Game of Thrones. There may be a select few and they're billion dollar services like Reddit with huge volumes of low value content. Do millions of people still talk lovingly about some websites from 2006 like they do decades later about I Love Lucy? Hell no they don't, only a tiny niche group of people does that.

People go back and watch movies over and over again for decades. They listen to the same songs/bands/albums regularly for decades.

Does the average person go back and dig up long dead websites and go through them start to finish on Archive.org, like they do old TV shows they enjoyed (Quantum Leap, ALF, Golden Girls, whatever). Hell no they don't, again, only a very very tiny group of people would do such a thing.

Most online text content is not very entertaining, even in the best case scenarios, that's the difference between the concepts.

Is there lots of funny, amusing, entertaining text content on eg Reddit? You bet. And people will pay pennies for it - if at all - because it's of low value compared to high quality, higher production value entertainment. They'll pay what it's worth, a pittance.

I think advertising dollars paying for services that users use is a convenient excuse that companies use to justify it, but it isn't an imperative for why it should exist.

If you can't get people to pay for your service when they know the real price maybe your service shouldn't exist, or shouldn't exist at the scale it does now.

That being said your main point that the industry grew organically based on human behavior certainly seems true. Banning advertising (like banning lobbying or corporate contributions to elected officials) is an impossible game of whack-a-mole. It can't be defined tightly enough to be outright banned (are you going to ban telling people you sell something they might like?) and the value derived from it is large enough that people will get creative when you ban the outcomes.

That being said I do think the most egregious versions should be regulated. Ads to kids, deceptive mail or email ads that look like invoices or bills, ads that are obviously lying about features or benefits, but enforcement is incredibly difficult. I'm not especially optimistic.

The GDPR, though having a massive enforcement problem, disallows targeted ads and all the privacy violations typically associated with them.

You could make websites liable for the ads they display, automatically killing the "bottom of the barrel" of advertising such as chumboxes (Outbrain/Taboola/etc) and similar low-quality trash because the cost to review & audit these ads would outweigh any potential profits.

You could revoke Section 230 protection for social media companies that manipulate the reach of content to increase engagement (which is why every social platform switched from a chronological feed to an algorithmic one) as to discourage the practice and prevent them from profiting off intentionally pushing harmful or even illegal content to increase engagement.

> People would rather trade their attention for free stuff than their money for priced goods and services.

No, I don’t think this is true. I think this is something people in adtech tell themselves to sleep better at night. There’s lots of money in ads and free stuff, but there are many companies doing quite well by having customers pay for stuff.

Netflix is worth $200B plus, more than the ad tv networks. Those networks said for years that customers won’t pay and need ads. They were wrong. And I’d also add that they wanted more. They charged for cable channels and still sold ads.

People want choices and don’t mind paying for value.

Ads are bad for people.

Even in the 2000s I remember newspapers not costing more than a dollar or two. I would personally prefer a one-off payment of some small amount to get the website for the day or X amount of articles instead of some god-awful subscription that has to be cancelled via some shitty call center process where they try to stop you twenty times.

Hopefully their return on investment will approach zero and they will stop putting ads on everything.

music piracy is basically over thanks to spotify, apple music, youtube, bandcamp, etc

hardly anyone i know torrents movies anymore due to netflix, hbo, hulu

everyone has a phone plan instead of hopping around on free wifi constantly

people pay for lyft/uber instead of just skipping fare on the train

there exist social networks and communities that are effectively fee-supported. somethingawful and metafilter are some siloed examples, but there's the fediverse and stuff like mastodon where essentially people either join a specific community/clique that's funded by members or host their own instance.

i'm convinced what keeps most people on the main advertiser-controlled networks is they are run by huge corporations with service monopolies and network effect. remember, whatsapp got big on a dollar per year subscription

Democracy be damned, there’s money to be made on dietary supplements!

Most people put the value of Google search on the order of thousands of dollars per year [1]. Imagine Google was a paid service: think of the academic disparity between the children of wealthy students who had access to Google and poorer students who do not.

1. https://www.economist.com/graphic-detail/2018/04/25/how-much...

They are very much part of the problem. Google search? It's bad and gets worse every day because of advertising -- Google has stopped trying to fight SEO spammers.

Mix the ads inside the content so that the ad delivery mechanisms don't get in the way.

Advertising is mind hacking. Mind malware. It's about infecting people's minds with ideas nobody asked for. Why is it bad when some spammer does it but fine when advertisers turn our societies into a literal cyberpunk hell? Why does their "commercial interests" somehow legitimitize their industry? Nobody consented to it. Why do they think they can violate our minds without our consent?

So yea, I have the next billion dollar idea. The gas gauge app. $3.99 a month to know how much farther you can travel. Also, we remove the gauge from inside the car.

But yet even in 2022 the best we can do is "service engine soon" and getting more information than that requires an expensive visit to the dealership.

Do you mean we should build a starship, Ark B, put all marketers into it, and send them all to a very distant planet?

HBO was a great example of this in the pre-streaming days.

"Want to see great shows and movies with no commercials, pay the extra for cable + HBO and you won't have to seem them again.!"

This default, "it's all free BUT you have to see ads and there are no alternatives" seems to be the problem. The apps described in the article are effectively recognizing this consumer surplus/need and acting on it.

So the service needs to charge even more, which makes paying customers even more valuable in a feedback loop. The usual result is that eventually the service can’t help themselves and starts showing paying customers “a few” ads. Then the definition of a few gets larger and larger.

I can see this being true, but I'm curious why. Is this because the advertisers know the paying customers have the cash to pay for the service?

The more you pay in general, the more they want you to pay them specifically.

The only way would be if regulation either mandates a reasonably-priced ad-free tier (priced at the average revenue from an ad-viewing user) or other restrictions (GDPR but actually enforced, the website being liable for the ads it shows, etc) that would make advertising completely unprofitable.

> The apps described in the article are effectively recognizing this consumer surplus/need and acting on it.

Presumably, AA is pissed off because the people that value their time enough and have the skills to set up and use an alternative are people they'd very much want looking at their ads, much more so than the plebs who already use the website and see the ads.

"Industry could not benefit from its increased productivity without a substantial increase in consumer spending. This contributed to the development of mass marketing designed to influence the population's economic behavior on a larger scale.[24] "

https://en.wikipedia.org/wiki/Advertising#20th_century