Here the analogy breaks down. Sit ins are nominally illegal. DDoS is also a crime. And whereas a sit-in doesn't involve any special equipment and happens outside someone's home the equipment and the act itself of a DDoS happens in the home, so using strong probable cause to obtain a warrant and collect evidence is perfectly legitimate I think.

As far as sit-ins vs. DDoS, it's patently ridiculous to say that scale is irrelevant. If I steal a single penny that is a much different crime than if I were to steal a penny from everyone in America. And if I stage a sit-in at a place of business and deny one or a handful of customers the opportunity to do business that's incomparable to if I deny a thousand or a million people.

One of the core reasons why sit-ins are a respected form of civil disobedience is because it preserves an important aspect of scale. One person one seat. The more popular a cause is and the more people are dedicated to fighting for it the more effective the sit-in can be. But unpopular causes will find it tough to use a sit-in to advance their agenda. The public will ignore their cause and turn a deaf ear to their arrests. And no one will take their place at the sit-in once they're gone. That sense of scale is important. In contrast, a DoS becomes very much more akin to a bomb threat or breaking windows. Because a far smaller and less popular group can effectively disrupt the business activities of a very large number of people. That is not in any way a good thing.

I like your breakdown of the DDoS vs the sit-in. The requirement of many people vs a few does make an important distinction when considering the effectiveness as a form of protest.

But I think the analogy to a bomb threat or breaking windows is a bad one, primarily because it's likely to be misunderstood. I'll agree that those are more similar in the sense of scale, but that's about the only similarity. Bombs and stones damage both property and individual human lives in ways that are likely to be traumatic and irrevocable. A DDoS is peaceful, causing only a temporary financial effect on a business.

This kid didn't control a botnet. He sent a handful of megabytes of data down his residential connection.

He had the functional impact of a single person at a sit in. No, realistically even less.

If he had gone to say the paypal homepage and diddled around all day then he would have had the same impact as a sit-in. Instead he simulated the traffic of thousands of people. That's not comparable to a sit-in.

Bullshit. The entire idea behind a sit in is a number of people consuming disproportionate resources of an establishment. You don't participate in a sit in by using the amount of resources that a single person might normally reasonably use.

I suggest you read this article, since I am beginning to suspect you are operating under a very very distorted definition of the term: http://en.wikipedia.org/wiki/Sit-in