Most active commenters
  • nkrisc(3)

←back to thread

AI scrapers request commented scripts

(cryptography.dog)
255 points ColinWright | 11 comments | 31 Oct 25 15:44 UTC | HN request time: 1.36s | source | bottom
Show context
bakql ◴[31 Oct 25 18:41 UTC] No.45775259[source]
>These were scrapers, and they were most likely trying to non-consensually collect content for training LLMs.

"Non-consensually", as if you had to ask for permission to perform a GET request to an open HTTP server.

Yes, I know about weev. That was a travesty.

replies(15): >>45775283 #>>45775392 #>>45775754 #>>45775912 #>>45775998 #>>45776008 #>>45776055 #>>45776210 #>>45776222 #>>45776270 #>>45776765 #>>45776932 #>>45777727 #>>45777934 #>>45778166 #
Calavar ◴[31 Oct 25 18:53 UTC] No.45775392[source]
I agree. It always surprises me when people are indignant about scrapers ignoring robots.txt and throw around words like "theft" and "abuse."

robots.txt is a polite request to please not scrape these pages because it's probably not going to be productive. It was never meant to be a binding agreement, otherwise there would be a stricter protocol around it.

It's kind of like leaving a note for the deliveryman saying please don't leave packages on the porch. It's fine for low stakes situations, but if package security is of utmost importance to you, you should arrange to get it certified or to pick it up at the delivery center. Likewise if enforcing a rule of no scraping is of utmost importance you need to require an API token or some other form of authentication before you serve the pages.

replies(9): >>45775489 #>>45775674 #>>45776143 #>>45776484 #>>45776561 #>>45776927 #>>45777831 #>>45778192 #>>45779259 #
hsbauauvhabzb ◴[31 Oct 25 19:01 UTC] No.45775489[source]
How else do you tell the bot you do not wish to be scraped? Your analogy is lacking - you didn’t order a package, you never wanted a package, and the postman is taking something, not leaving it, and you’ve explicitly left a sign saying ‘you are not welcome here’.
replies(5): >>45775544 #>>45775575 #>>45775693 #>>45775841 #>>45775924 #
1. nkrisc ◴[31 Oct 25 19:36 UTC] No.45775841[source]
Put your content behind authentication if you don’t want it to be requested by just anyone.
replies(1): >>45776712 #
2. kelnos ◴[31 Oct 25 21:07 UTC] No.45776712[source]
But I do want my content accessible to "just anyone", as long as they are humans. I don't want it accessible to bots.

You are free to say "well, there is no mechanism to do that", and I would agree with you. That's the problem!

replies(4): >>45778293 #>>45778316 #>>45778370 #>>45781869 #
3. 1gn15 ◴[01 Nov 25 00:47 UTC] No.45778293[source]
What the hell? That is incredibly discriminatory. Fuck off. I support those that counter those discriminatory mechanisms.
replies(1): >>45780906 #
4. ◴[01 Nov 25 00:51 UTC] No.45778316[source]
5. 9rx ◴[01 Nov 25 01:01 UTC] No.45778370[source]
> as long as they are humans. I don't want it accessible to bots.

A curious position. There isn't a secondary species using the internet. There is only humans. Unless you foresee some kind of alien invasion or earthworm uprising, nothing other than humans will ever access your content. Rejecting the tools humans use to bridge their biological gaps is rather nonsensical.

> You are free to say "well, there is no mechanism to do that", and I would agree with you. That's the problem!

I suppose it would be pretty neat if humans were born with some kind of internet-like telepathy ability, but lacking that mechanism isn't any kind of real problem. Humans are well adept at using tools and have successfully used tools for millennia. The internet itself is a tool! Which, like before, makes rejecting the human use of tools nonsensical.

6. Anamon ◴[01 Nov 25 11:42 UTC] No.45780906{3}[source]
Discriminatory against bots? That doesn't even make any sense.
replies(1): >>45783547 #
7. nkrisc ◴[01 Nov 25 14:23 UTC] No.45781869[source]
Even abusive crawlers and scrapers are acting as agents of real humans, just as your browser is acting as your agent. I don't even know how you could reliably draw a reasonable line in the sand between the two without putting some group of people on the wrong side of the line.

I suppose the ultimate solution would be browsers and operating systems and hardware manufacturers co-operating to implement some system that somehow cryptographically signs HTTP requests which attests that it was triggered by an actual, physical interaction with a computing device by a human.

Though you don't have to think for very long to come up with all kinds of collateral damage that would cause and how bad actors could circumvent it anyway.

All in all, this whole issue seems more like a legal problem than a technical one.

replies(1): >>45783535 #
8. bigbuppo ◴[01 Nov 25 17:33 UTC] No.45783535{3}[source]
Or the AI people could just stop being abusive jerks. That's an even easier solution.
replies(2): >>45784066 #>>45784705 #
9. bigbuppo ◴[01 Nov 25 17:34 UTC] No.45783547{4}[source]
They probably have stock options.
10. 9rx ◴[01 Nov 25 18:31 UTC] No.45784066{4}[source]
While that is probably good advice in general, the earlier commenter wanted even the abusive jerks to have access to his content.

He just doesn't want tools humans use to access content to be used in association with his content.

What he failed to realize is that if you eliminate the tools, the human cannot access the content anyway. They don't have the proper biological interfaces. Had he realized that, he'd have come to notice that simply turning off his server fully satisfies the constraints.

11. nkrisc ◴[01 Nov 25 19:47 UTC] No.45784705{4}[source]
That would be easier. Too bad it won't ever happen.