There's a certain amount of nuance I'd like to clarify. The truth is always somewhere in the middle, particularly when your case was covered as far and wide as mine was.

This page explains the legal side of what happened—what I was charged with, why, and how those charges fit (or didn't fit) the reality of what HeheStreams actually was.

If you're here from Hacker News: yes, this is the "sports streaming site guy" case.

What were you charged with?

Why "fraud"?

The service authenticated through accounts with each league's streaming platform. So technically, it used their infrastructure and their CDNs.

The fraud charge boiled down to the idea that I "accessed a computer without authorization." Which is a phrase broad enough to describe everything from SQL injection to checking your ex's Spotify.

Why "wire fraud"?

Because I used the internet. That's really it.

Every email, every API request, every login crossed a state line somewhere—and that's enough to invoke the "wire" part of wire fraud.

Why "interstate threats" and "extortion"?

This was the weirdest part.

I found and reported a few security bugs to Major League Baseball. These bugs had absolutely nothing to do with streaming; they were just garden-variety web issues. I fully disclosed them responsibly and I wanted to blog about them—not to sell them, not to ransom them.

Someone from MLB asked what I "valued" the bugs at, and—being me, you know, autistic—I tried to be methodical. I referenced Shopify's bug bounty calculator, which spat out something like $150k per bug. I immediately said that was ridiculous, since I'd spent maybe ten minutes finding them.

But nuance doesn't survive email threads. The conversation got read as a demand. The FBI was already involved. Congratulations: I was now "extorting" a gajillion-dollar sports league.

The autism meant there was an increased likelihood that I missed every bit of corporate subtext. That's not an excuse—just a debugging note about the operating systems involved.

Why "illicit digital transmission"?

Ha, this one is easy: I transmitted digital content that I wasn't licensed to transmit. No footnotes, no irony—I absolutely did it.

When a bug bounty becomes a criminal case

There are plenty of these in the world and there needs to be some sort of protections for bug reporters as there are with whistleblowers. A fine line needs to be established.

Where was this whole thing covered?

Pretty much everywhere you would otherwise want your sports streaming startup featured, just in a completely different context.

I have been featured ins I was covered by:

And a handful of other outlets that mostly copied those articles. Shout out to TorrentFreak for making the effort to report accurately.

Thoughts on how the case was covered?

I mostly wish the coverage focused less on the "extortion" narrative and more on the streaming part—the technical side, the product design, the absurdity of how it all played out, the impact that leagues have on their fans, and what ultimately drives them to piracy.

But I get it. "Guy makes a better version the platforms" doesn't headline as well as "Hacker extorts baseball." That's the sport I was forced to play.