Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

AFAIK, reverse engineering APIs isn’t illegal. [1]

There are some (VC backed) start ups that are open about doing it. Teller API is an example. [2]

[1] “Reverse engineering generally doesn't violate trade secret law because it is a fair and independent means of learning information, not a misappropriation. Once the information is discovered in a fair and honest way, it also can be reported without violating trade secret law.“ https://www.eff.org/issues/coders/reverse-engineering-faq

[2] “We reverse engineer these apps to discover their secret API contracts and then implement clients for them.” https://teller.io/



> AFAIK, reverse engineering APIs isn’t illegal. [1]

No, but unauthorized access to a remote server can be. Just because something is unsecured doesn't give one the right to access it. Anyway I would not take that gamble personally and risking indicted federally for computer fraud.

https://criminal.findlaw.com/criminal-charges/hacking-laws-a...

I'm not a lawyer and neither are you.


In some jurisdictions I think they basically have a blank cheque to get you on any misuse (https://www.legislation.gov.uk/ukpga/1990/18/contents)


What in the world is Teller? Are they an actual company with an actual product? The authentication demo on their website is the exact same as Plaid Link, down to the wording. There isn't even a sign up link or pricing page, but they've somehow raised 4 million dollars [1].

https://techcrunch.com/2020/01/27/teller/


The biggest problem, presumably just like Plaid, is that its institutionalized phishing tricking users into giving their online banking details to some 3rd party.


This. Plaid is very convenient in what it does, but please, just let me OAuth with my bank like literally any other organization.


I've known about Teller for some time now but I have always thought that they seem shady... I don't have an issue with them reverse engineering bank APIs, I just don't get why, how and to whom they would want to sell that.

Any small change in any of these APIs completely ruins it for all of their clients. Not even sure if they have a product or service either but again, also not sure who would want that.


Placing bogus orders using a reverse-engineered API, however, is likely illegal. Especially at the speed and scale at which he is purportedly doing it.


> AFAIK, reverse engineering APIs isn’t illegal

It doesn't matter whether or not it is illegal. What really matters is whether some prosecutor somewhere thinks it is illegal, and dislikes you sufficiently to prosecute you–or sees enough political benefit from it to make it worth their while. "Hacker indicted for sending McDonald's $18,752 of fake orders every minute". It might be misleading (or even just plain false) but it makes a great headline. Even if they end up losing the case, they can still make your life hell for months on end with their criminal charges.

As the saying goes, "You might beat the rap, but you can't beat the ride"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: