By that same line of reasoning, one could argue that changing your url parameter in that twitter chatroom website is a privilege escalation attack that allows users to access protected information.
Absence of authentication means all access is authorized, otherwise just typing in random urls is a crime.
The case referenced by the top-level comment of this chain (the one about 'weev') is a case where someone was prosecuted and imprisoned specifically because changing URL parameters was seen as an attack allowing access to protected information.
Absence of authentication means all access is authorized, otherwise just typing in random urls is a crime.