Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As far as I can see he's done absolutely nothing illegal, immoral maybe depending on your view on the matter. It's rather like totally trusting client side javascript for authentication, unless you check that the data being received is accurate then you'll never be able to stop this. It's a simple case of trusting the client. I would imagine that should the submitted have been running an Android Development Image on his system and access via a browser on that the effect would be the same.


Intentionally misrepresenting the situation to get a better deal is called fraud.


UA strings aren't bound to any legal requirements, as far as I know. So how is it fraud if one party has no reasonable expectation of any particular representation of the situation in the first place?


Wellllll, it would be reasonable to expect that 99.99% of people wouldn't change their UA.


Name me one desktop browser which uses a mobile UA string during normal operation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: