The analogy is going up to a house and checking all the doors and windows to see if they are locked. That's rather like port scanning, a form of 'poking'. If you go to a state government web site and do that, even if you don't exfiltrate data or load it up with ransomware, it's definitely very shady behavior, although it seems there are no laws against it in the USA (some ISPs will ban users caught doing this however).
Obviously if you broke into someone's house and then asked them to pay you for your 'vuln discovery', err...
However, I think looking at HTML code on a public facing web page is not that. If you hang naked pictures of yourself on your front door, you don't get to complain when people take pictures of them.
The data was send to my browser. The more fitting analogy to me is that I get a letter and a huge pile of documents in a giant binder. Some of the documents are referenced in the letter. Now the sender gets upset because I started looking at the documents in the binder that weren't referenced in their cover letter.
Obviously if you broke into someone's house and then asked them to pay you for your 'vuln discovery', err...
However, I think looking at HTML code on a public facing web page is not that. If you hang naked pictures of yourself on your front door, you don't get to complain when people take pictures of them.
1. https://www.calyptix.com/top-threats/port-scanning-legal-ans...