The line is crystal clear.

You can do whatever you want with your computer.

But when you use your computer to access a remote service you need to comply with their terms of service.

If their terms of service say “thou shalt not reverse-engineer”, and I want to connect my Facebook to my Friendica, UK law says that I'm allowed to do so, and Facebook is not allowed to have a problem with it – any clause in a contract that says otherwise is to simply be deleted.¹

¹: Technically, I think “ignored” is more accurate; if you're prohibited from reverse-engineering in general, the general prohibition would still apply even though it has a specific exemption. I'm not a lawyer, though.

Similar situation here. I also have certain rights that Facebook tries to deny me through their contract clauses. I consulted a lawyer and was told those could be ignored.

Apparently it's a thing in the US. People can sign their rights away to these companies. Needless to say, those counter-rights clauses have become standard in every contract. Read one of these abusive contracts and you've read them all. "We reserve all possible rights while you promise not use any of yours" summarizes every terms of service out there.

That depends on the terms - not everything goes. For example, they don't get to say that you must only use Facebook while naked.

And in this case, I would argue that this is a case where they should not have the ability to restrict this kind of interaction. If the law disagrees, then the law needs to be changed (and in the meantime, ignored to the extent possible).

> But when you use your computer to access a remote service you need to comply with their terms of service.

The only moral obligation is to not crack the server and take control of it. We won't make the server's processor execute our code. That's the line. Your computer runs your code, my computer runs my code.

Anything else is fair game. Server responds to my HTTP requests, so obviously anything I can do with HTTP requests is allowed. It doesn't matter what I use as user agent since it's the company's own code that's handling those requests.

Ironically, taking over control is exactly what big tech is doing with our computers. They take control away from us and give it to the copyright industry, to the advertisers, to everyone who would very much prefer that we users remain mere passive consumers just like in the days of television. Our computers are slowly becoming appliances.

And this is in no way transgressing their terms of service since it's doing the exact same thing any HTTP agent would do. They don't get to choose which agent I use.

In other words, either the action is disallowed completely or it's allowed regardless of my choice of user agent.

It's irrelevant how you violate their Terms of Service only that you do.

If I attempt XSS or SQL Injection against a website it is still illegal regardless of whether the HTTP request uses the same user-agent or is similar to other requests.

You're missing a crucial point, which is that an XSS or SQL injection requests are different requests from those made during regular use. The intent of sending such a request is also different.

In this case, we are dealing with the same requests with the same intent, just made with a different browser. As stated previously, you cannot force my choice of browser.

Now please tell me which (real or imaginary) ToS clause this violates and how it could possibly violate it, even hypothetically.

I never read ToS. Not being a lawyer, I have no way to know which clauses are enforcible, and which aren't. For the same reason, I am not capable of putting a correct interpretation on many of the clauses.

So I never read them. I don't consider them to mean anything. If you operate a public website, that's like erecting a billboard. You can attach ToS to your billboard, but nobody's going to read your ToS; they'll just read your billboard.

I'd like a plugin that can auto-click ToS popups. Like, click any button that says "Accept" (or "So sue me, sucker!")