Daniel Barabander
@dbarabander
With the rise of agents that heavily interact with Web2 applications, primitives that help users unchain their Web2 data will become increasingly important. These primitives include account encumbrance using TEEs, zkTLS to prove something about a user account, etc. These primitives allow crypto companies to offer products/services that empower users to unlock their data without giving these companies access to users' credentials. Examples include Flashbot's Teleport (account encumbrance) and Pluto's Web Proofs (zkTLS).
1 reply
3 recasts
13 reactions
Daniel Barabander
@dbarabander
Obviously, Web2 companies do not like users controlling their own data. One of their favorite legal hammers to stop this is the Computer Fraud and Abuse Act (CFAA), which provides a private right of action against a person who “intentionally accesses a computer without authorization.” Specifically, Web2 companies love to sue products/services that empower users to export their data under the CFAA. Here's an example of X doing this against a scraping company: https://natlawreview.com/article/x-corp-lawsuits-target-data-scraping.
1 reply
0 recast
4 reactions
Daniel Barabander
@dbarabander
I wrote a long article about the CFAA back in August. In that article, I focus on a court case called BrandTotal (and test it against influential precedent). The TLDR of that article is that I believe that products/services that empower users to unchain their data from a Web2 platform without accessing their credentials have a strong argument that they do not violate the CFAA.
1 reply
0 recast
1 reaction
Daniel Barabander
@dbarabander
Let’s quickly review the BrandTotal case to see why. BrandTotal was an analytics company that collected Facebook ad data using browser extensions used by end users and its own scraping services. Facebook really did not like this. It used contractual (TOS, cease and desist) and technical (CAPTCHAs, account bans) methods to block BrandTotal, but BrandTotal kept on collecting anyway. Facebook sued BrandTotal under the CFAA. In analyzing the claim, the court made key distinctions between different BrandTotal products/services. These products/services varied in whether they had access to user credentials. From the court’s reasoning, we can see a pattern emerge: whether BrandTotal violated the CFAA came down to whether it had access to user credentials. Here’s a summary table depicting this:
2 replies
0 recast
1 reaction