I'm unclear on how people rationalize blowing past technical TOS enforcement measures on a web app. Where, exactly, do you propose drawing the line? Because I think I speak for everyone in the room that makes a living doing application pentesting: there are very, very few technical countermeasures you will come up with that a consulting-week or two won't blow past.
What I fail to understand is how a website knows if you have "agreed" to the TOS. I mean, a contract is physically signed, sometimes with a notary. FAFSA is "signed" by a multiple step process including a SSN, DOB, receiving mail including a pin#, and entering all of it with "agree" in box to assert information is true.<p>Where, and how can a website claim that an "agree" button is legally enough? Or perhaps, the TOS is just nonexistent(ala 404). Or, what are these "bypassing technical barriers"? Does that count reading the URL and changing it? Greasemonkey? Filtering/data modifying router? Post injection?<p>This suggesting is creating more confusion than it solves.