This does not seem legal. Stealing an access token to bypass access controls is illegal and I suspect these people didn't get permission to just scrape anything they want.
It in illegal in most jurisdictions to access data which you are unauthorized to.
>Either way, you'd surely agree its a noble pursuit?
Considering it hurts Twitter's profitability by not showing ads, hurts Twitter's metrics by not having people sign in or sign up, hurts users who were accidently signed out from signing in to twitter and having a better user experience, and hurts content creators because nitter doesn't allow you to like or retweet posts. I do not see it as a noble pursuit.
More people need to remember that freedom works both ways. Twitter has the freedom to put up walls on its own property, and other people have the freedom to put up ladders on theirs so they can see over the walls. Although law enforcement always seems to end up biased towards the billionaires, it's not an automatic process and they have to go through some contortions to find an excuse, because the law says you and Elon Musk are equal.
There's the CFAA, which is a blatantly unfair law targeting any computer activity billionaires don't like. I hear it hasn't been used in this way for a while, and not many times ever, but if it does get used on you you'll wish you were dead, but some people seem to be okay with low-probability high-impact risks. You might even be found innocent if you convince the judge you are authorized to access public tweets. It's not like you're running an SQL injection.
There's the DMCA's anti-circumvention clause, but that's written by Hollywood billionaires for Hollywood-bought judges to abuse. Elon Musk can have a fun time trying to convince them his platform is equivalent to Disney to get a favourably corrupt judgement.
Other than that, what's stopping you from sending any request you like to access public data? You can say your user agent is Snoopy the Dog, you can say you would prefer to accept MIME type ascii/emojipoo, you can pass the server 1000 IDs at once even though it won't give you that many, and you can tell it you're the Twitter app on Android.
Remember: I am not a lawyer and this is not legal advice.
Saying that if you ignore the law then it is legal is not a useful point.
Even if the tweets are public that doesn't mean you can steal an authorization token to use an API to query for them. If you hacked into so server and downloaded /usr/bin/bash you still accessed data you were not authorized to even though it was a public binary.
Twitter's terms of service makes it clear that you aren't allowed to reverse engineer the android app to take its token and start scraping twitter.
