← back to blog

What the hiQ vs LinkedIn ruling means for mobile proxy users in 2026

hiq-v-linkedin scraping-law mobile-proxy compliance public-data linkedin legal-risk

The most common mistake people make with hiQ is turning it into a slogan. “Public data scraping is legal” is catchy, but it is a bad operating doctrine, and mobile proxies do not improve it.

what hiQ actually said, and what happened after

The core hiQ fight was about LinkedIn trying to block hiQ from scraping public LinkedIn profile pages. The Ninth Circuit said hiQ had raised serious questions about whether the CFAA could be used to stop access to publicly available profiles, and after the Supreme Court sent the case back in light of Van Buren, the Ninth Circuit reaffirmed that preliminary view in April 2022.

That is the part everyone quotes. The part they skip is what happened next. In November 2022, the district court held that LinkedIn’s user agreement unambiguously prohibited hiQ’s scraping and related conduct. The case later settled, with hiQ agreeing to stop scraping LinkedIn and pay damages. So the lasting lesson is narrower than the myth.

hiQ is important because it limits one aggressive CFAA theory around public pages in the Ninth Circuit context. It is not a universal “scrape anything public” permission slip. Contract claims, trespass theories, state law claims, anti-bot enforcement, and platform terms still matter.

If you want the adjacent CFAA angle, read mobile proxies and the CFAA in 2026. If your use case is practical browser automation, mobile proxies with Playwright helps on the technical side without confusing technical success with legal safety.

public versus authenticated still changes everything

The cleanest reading of hiQ is that public accessibility matters. A public page available to any ordinary browser visitor is not the same as a logged-in area, an account-only feed, or an interface protected by credentials and technical gates.

That means your risk posture changes fast when you move from:

access pattern rough legal and platform posture
public page, no login, normal retrieval lowest relative risk, but still not zero
public page after cease-and-desist or active blocking materially riskier
logged-in collection against explicit terms much riskier
fake accounts, credential sharing, or evasion workflows bad facts almost everywhere

Mobile proxy users need to understand this because the temptation is obvious. If one IP gets challenged, rotate to another. If a page gets blocked, switch networks. But that changes your facts in a direction that courts and platforms may view as worse, not better.

In other words, the presence of a Singapore or US mobile IP says very little about whether your access theory is lawful or contract-safe. The proxy may help you reproduce a real user environment. It does not rewrite the underlying relationship with the site.

A mobile proxy can change how your traffic is scored. It can reduce false positives from datacenter reputation. It can make geo-sensitive testing more realistic. It can keep your researcher from exposing a corporate IP. All of that is operationally real.

What it does not do is convert restricted access into permitted access. That is the central compliance point.

This distinction is important because technical teams often inherit legal assumptions from anti-bot folklore. They hear that a mobile IP is “safer” and silently translate that into “more defensible.” Those are not the same claim. Safer may mean fewer blocks. Defensible depends on access conditions, terms, notice, and conduct.

Here is a simple compliance-oriented checklist we give teams before they automate a target:

  1. identify whether the data is genuinely public without authentication
  2. read the target terms and any robots or anti-automation language
  3. decide whether you have authorization, a defensible public-interest basis, or neither
  4. scope collection narrowly and document business purpose
  5. stop if the workflow starts depending on evasion rather than normal access

That last point is where teams usually drift. They begin with low-rate public access, then add account creation, then add forced rotation, then add captcha solving, then claim they are still “just doing hiQ-style scraping.” No, they are not.

For analysts working public-source investigations, mobile proxies for OSINT analysts is useful because it shows how to preserve researcher safety without conflating that with a right to bypass platform limits.

the post-2022 lesson is mostly about contracts and bad facts

The November 2022 district court ruling and later settlement matter because they remind operators that contract theories can do a lot of work even where CFAA claims are weaker. If your workflow requires agreeing to terms that prohibit scraping, using false accounts, or misusing data at scale, those facts matter.

A realistic curl test may be technically simple:

curl --proxy http://USER:PASS@sg.smp.example:30121 \
  --user-agent "Mozilla/5.0 (Linux; Android 14)" \
  https://example.com/public-directory

But the technical simplicity does not answer the legal question. The answer depends on the target, the access conditions, the surrounding terms, and your conduct after notice.

This is also why provider marketing that implies “mobile proxies keep you compliant” should be treated as a red flag. No serious operator can promise that. At best, the provider can give you a more authentic network path and cleaner attribution controls.

If you are comparing vendor claims, SMP vs Bright Data may help frame the infrastructure question. It will not make the legal question go away.

use hiQ as a narrow precedent, not a business model

The sophisticated way to use hiQ in 2026 is as one input in a limited legal analysis. It supports the idea that access to genuinely public pages may not fit one broad CFAA theory in some contexts. It does not erase contractual restrictions, platform defenses, or the practical consequences of being the wrong kind of scraper with the wrong facts.

If your collection depends on authenticated access, fake accounts, or continuing after explicit revocation, hiQ is weak shelter. If your collection is genuinely public, low-impact, and part of a documented business or public-interest workflow, hiQ is more relevant, but still only one piece.

The operational consequence is that teams should write their collection memo before they write their scraper. State what is public, why it is needed, what the terms appear to say, what limits will be honored, and who can stop the project if the facts change. That discipline sounds legalistic, but it is one of the fastest ways to prevent technical drift into a much harder case.

Bottom line

hiQ matters, but less broadly than the internet says. Public versus authenticated access still matters. Post-notice conduct still matters. Contract claims still matter. And mobile proxies do not change any of those fundamentals.

Use mobile proxies for realism, attribution control, and research safety where appropriate. Do not use them as a substitute for legal analysis or as a story you tell yourself after the workflow has already drifted into evasion.

ready to try Singapore mobile proxies?

2-hour free trial. no credit card required.

start free trial
message me on telegram