I'd like to login to a 3rd party site to determine that their DOM structure hasn't changed - because I develop an extension that interacts with it.
It's great when you can get a test account for this, but often companies will simply tell you "create a throw away account and test there" (ex: google does this).
That's not malicious - I'm well within my terms of service - I'm not doing anything with the service other than ensuring that behavior that is not contractually guaranteed still works (because unlike an API, most sites change their DOM often and with no warning).
It's not something I can fake with self-hosted content or mocks, because my version won't change when their DOM does.
---
I've investigated captcha solutions for this exact reason. Not to mention ways to automate 2fa. I understand the overlap with malicious intent here, but just because there is overlap does not imply that OP was malicious.
It's great when you can get a test account for this, but often companies will simply tell you "create a throw away account and test there" (ex: google does this).
That's not malicious - I'm well within my terms of service - I'm not doing anything with the service other than ensuring that behavior that is not contractually guaranteed still works (because unlike an API, most sites change their DOM often and with no warning).
It's not something I can fake with self-hosted content or mocks, because my version won't change when their DOM does.
---
I've investigated captcha solutions for this exact reason. Not to mention ways to automate 2fa. I understand the overlap with malicious intent here, but just because there is overlap does not imply that OP was malicious.