It's their OAuth token, it's not being stolen. It's just being copied from one place on their computer to another. This is no different than a competing browser importing your localStorage and cookies from Chrome on first launch.

No, the OAuth token is supposed to be used solely with the context of a first-party app only. Clearly, if you need to extract the key by reverse engineering or set up a proxy to spoof requests to a service, you're doing something shady.

By this logic video game companies shouldn't be allowed to ban cheaters.

Most people would agree both that getting rid of cheating is desirable and that the methods of control exerted over users to accomplish it is questionable. It's one of the few freedom/security tradeoffs where people generally agree we have to come down on the side of authoritarian, because otherwise it destroys online gaming as a whole. That scenario doesn't apply here. The world is a complex place.

Technically speaking, they haven’t been able to. There’s really no way of stopping someone using an alternate client if it appears to the server the same way.

The only reason video game cheating is more difficult is because it uses custom protocols and message types, and it needs to be reverse engineered. Usually it’s just easier to reuse the existing game client and patch it to report to the server that everything is normal.

It’s why anticheat runs in the kernel now.

>The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept.

I have no idea what you are talking about. Chrome? Are you sure you are replying to the right thread?

Chrome is an HTTP client that accesses webservers at specified addresses.

Antigravity and OpenClaw are HTTP clients that access webservers at specified addresses.

That's not what stealing is.

"steal" is semantically incorrect here.