> The ListenBrainz Labs API endpoints for mbid-mapping, mbid-mapping-release and mbid-mapping-explain have been removed. Those were always intended for debugging purposes and will also soon be replaced with a new endpoints for our upcoming improved mapper.
> LB Radio will now require users to be logged in to use it (and API endpoint users will need to send the Authorization header). The error message for logged in users is a bit clunky at the moment; we’ll fix this once we’ve finished the work for this year’s Year in Music.
Seems reasonable and no big deal at all. I'm not entirely sure what "nice things" we can't have because of this. Unauthenticated APIs?
(Blocking Chinese IP ranges with the help of some geoip db helps a lot in the short term. Azure as a whole is the second largest source of pure idiocy.)
Scraping page-by-page (inefficient for everyone)
i don't want people's servers to be pegged at 100% because a stupid dfs scraper is exhaustively traversing their search facets, but i also want the web to remain scrapable by ordinary people, or rather go back to how readily scrapable it used to be before the invention of cloudflare
as a middle ground, perhaps we could agree on a new /.well-known/ path meant to contain links to timestamped data dumps?
For this strategy to work, people need to actually use the DB dumps instead of just defaulting to scraping. Unfortunately scraping is trivially easy, particularly now that AI code assistants can write a working scraper in ~5-10 minutes.
why would they even care over 1 single website ??? You expect instiution to care out of billions website they must scrape daily
if thats the useful thing, it doesnt need the wrapper
I like to create tampermonkey scripts regarding these. They are like more lightweight/easier way to build extensions mostly imo
Now I don't like AI but I don't know anything about scraping so I used AI to generate the scraping code and paste it in tampermonkey and let it run
I recently used this for where I effectively scraped a website which had list of vps servers and their prices and I built myself a list of that to analyze as an example
Also I have to say this that I usually try to look out for databases so much so that on a similar website like this related to something, I contacted them about db but no response, their db of server prices were private and only showed lowest
So I picked the other website and did this. I also scraped all headlines of lowendtalk ever with their links for semi purposes of archival and semi purposes of scraping the headlines and parsing it to LLM to find a list of vps providers as well
1) Cut copyright to 15-20 years by default. You can have 1 extension of an additional 10-15 years if you submit your work to the "National Data Set" within say 2-3 years of the initial publication.
2) Content in the National set is well categorized and cleaned up. It's the cleanest data set anyone could want. The data set is used both to train some public models and also licensed out to people wanting to train their own models. Both the public models and the data sets are licensed for nominal fees.
3) People who use the public models or data sets as part of their AI system are granted immunity from copyright violation claims for content generated by these models, modulo some exceptions for knowing and intentional violations (e.g. generating the contents of a book into an epub). People who choose to scrape their own data are subject to the current state of the law with regards to both scraping and use (so you probably better be buying a lot of books).
4) The license fees generated from licensing the data and the models would be split into royalty payments to people whose works are in the dataset, and are still under copyright protection, proportional to the amount of data submitted and inversely proportional to the age of that data. There would be some absolute caps in place to prevent slamming the national data sets with junk data just to pump the numbers.
Everyone gets something out of this. AI folks get clean data, that they didn't have to burn a lot of resources scraping. Copyright holders get paid for their works used by AI and retain most of the protections they have today, just for a shorter time), the public gets usable AI tooling without everyone spending their own resources on building their own data sets, site owners and the like get reduced bot/scraping traffic. It's not perfect, and I'm sure the devil is in the details, but that's the nature of this sort of thing.
This alone will kill off all chances of that ever passing.
Like, I fully agree with your proposal... but I don't think it's feasible. There are a lot of media IPs/franchises that are very, very old but still generate insane amounts of money to this day with active developments. Star Wars and Star Trek obviously, but also stuff like the MCU or Avatar is on its best way to two decades of runtime, Iron Man 1 was released in 2008, or Harry Potter which is almost 30 years old. That's dozens of billions of dollars in cumulative income, and most of that is owned by Disney.
Look what it took to finally get even the earliest Disney movies to enter the public domain, and that was stuff from before World War 2 that was so bitterly fought over.
In order to reform copyright... we first have to use anti-trust to break up the large media conglomerates. And it's not just Disney either. Warner, Sony, Comcast and Paramount also hold ridiculous amounts of IP, Amazon entered the fray as well with acquiring MGM (mostly famous for James Bond), and Lionsgate holds the rights for a bunch of smaller but still well-known IPs (Twilight, Hunger Games).
And that's just the movie stuff. Music is just as bad, although at least there thanks to radio stations being a thing, there are licensing agreements and established traditions for remixes, covers, tribute bands and other forms of IP re-use by third parties.
It's a monetary one, specifically, large pools of sequestered wealth making extremely bad long term investments all in a single dubious technical area.
Any new phenomenon driven by this process will have the same deleterious results on the rest of computing. There is a market value in ruining your website that's too high for the fruit grabbers to ignore.
In time adaptations will arise. The apparently desired technical future is not inevitable.
Just something like /llms.txt which contains a list of .txt or .txt.gz files or something?
Because the problem is that every site is going to have its own data dump format, often in complex XML or SQL or something.
LLM's don't need any of that metadata, and many sites might not want to provide it because e.g. Yelp doesn't want competitors scraping its list of restaurants.
But if it's intentionally limited to only paragraph-style text, and stripped entirely of URL's, ID's, addresses, phone numbers, etc. -- so e.g. a Yelp page would literally just be the cuisine category and reviews of each restaurant, no name, no city, no identifier or anything -- then it gives LLM's what they need much faster, the site doesn't need to be hammered, and it's not in a format for competitors to easily copy your content.
At most, maybe add markup for <item></item> to represent pages, products, restaurants, whatever the "main noun" is, and recursive <subitem></subitem> to represent e.g. reviews on a restaurant, comments on a review, comments one level deeper on a comment, etc. Maybe a couple more like <title> and <author>, but otherwise just pure text. As simple as possible.
The biggest problem is that a lot of sites will create a "dummy" llms.txt without most of the content because they don't care, so the scrapers will scrape anyways...
Mind you I take effort to not be burdensome by downloading only what I need and taking time between each request of a couple seconds, and the total data usage is low.
Ironically, I supposed you could call it "AI" what I'm using it for, but really it's just data analytics.
There's something important here in that a public good like Metabrainz would be fine with the AI bots picking up their content -- they're just doing it in a frustratingly inefficient way.
It's a co-ordination problem: Metabrainz assumes good intent from bots, and has to lock down when they violate that trust. The bots have a different model -- they assume that the website is adversarially "hiding" its content. They won't believe a random site when it says "Look, stop hitting our API, you can pick all of this data in one go, over in this gzipped tar file."
Or better still, this torrent file, where the bots would briefly end up improving the shareability of the data.
What mechanism does a site have for doing that? I don't see anything in robots.txt standard about being able to set priority but I could be missing something.
This also means that right now, it could be much easier to push through such standard than ever before: there are big players who would actually be receptive to it, so even few not-entirely-selfish actors agreeing on it might just do the trick.
--
[0] - Plenty of them exist. Scrapping wasn't popularized by AI companies, it's standard practice of on-line business in competitive markets. It's the digital equivalent of sending your employees to competing stores undercover.
[1] - Not to be confused with having an LLM scrap specific page for some user because the user requested it. That IMO is a totally legitimate and unfairly penalized/villified use case, because LLM is acting for the user - i.e. it becomes a literal user agent, in the same sense that web browser is (this is the meaning behind the name of "User-Agent" header).
We do have evidence, which is their current behavior. If they are happy ignoring robots.txt (and also ignoring copyright law), what gives you the belief that they magically won't ignore this new standard? Sure, it in theory might save them money, but if there's one thing that I think is blatantly obvious it is that money isn't what these companies care about because people just keep turning on the money generator. If they did care about it, they wouldn't be spending far more than they earn, and they wouldn't be creating circular economies to try to justify their existences. If my assertion has no evidence, I don't exactly see how yours does either, especially since we have seen that these companies will do anything if it means getting what they want.
Unless we have some government enforcing the standard, another trust based contract won't do much.
Yes. In this context, the problem is that you cannot trust websites to provide a standardized bulk download options. Most of them have (often pretty selfish or user-abusive) reasons not to provide any bulk download, much less proactively conform to some bottom-up standards. As a result, unless one is only targeting one or few very specific sites, even thinking about making the scrapper support anything but the standard crawling approach costs more in developer time than the benefit it brings.
Or even /.well-known/ai/$PLATFORM.ext which would have the instructions.
Could even be "bootstrapped" from /robots.txt
I mean, that's what's this technology is capable of, right? Especially when one asks it nicely and with emphasis.
Is there a mechanism to indicate this? The "a" command in the Scorpion crawling policy file is meant for this purpose, but that is not for use with WWW. (The Scorpion crawling policy file also has several other commands that would be helpful, but also are not for use with WWW.)
There is also the consideration to know what interval they will be archived that can be downloaded in this way; for data that changes often, you will not do it every time. This consideration is also applicable for torrents, since a new hash will be needed for a new version of the file.
that is an amazing thought.
this should give us pause. if a bot considers this adversarial and is refusing to respect the site owners wishes, thats a big part of the problem.
a bot should not consider that “adversarial”
should a site owner be able to discriminate between a bot visitor and a human visitor? Most do, and hence the bots treats it as a hostile environment.
Of course, bots that behave badly have created this problem themselves. That's why if you create a bot to scrape, make it not take up more resources than a typical browser based visitor.
Well, right; that's the problem.
They take up orders of magnitude more resources. They absolutely hammer the server. They don't care if your website even survives, so long as they get every single drop of data they can for training.
Source: my own personal experience with them taking down my tiny browser game (~125 unique weekly users—not something of broad general interest!) repeatedly until I locked its Wiki behind a login wall.
Spam filters
- mitigate the symptom (our inboxes being impossible to trawl through for real emails)
- reduce the incentive (because any spam mail that isn't seen by a human being reduces the chances they'll profit from their spamming)
- but does not affect the resource consumption directly (because the email has already been sent through the internet)
Now, this last point barely matters with spam, because sending email requires nearly no resources.
With LLM-training scraper bots, on the other hand, the symptom is the resource consumption. By the time you see their traffic to try to filter it, it's already killing your server. The best you can hope to do is recognize their traffic after a few seconds of firehose and block the IP address.
Then they switch to another one. You block that. They switch to another one.
Residential IPs. Purchased botnet IPs. Constantly rotating IPs.
Unlike spam, there's no reliable way to block an LLM bot that you haven't seen yet, because the only thing that tells you it's a bot is their existing pattern of behavior. And the only unique identifier you can get for them is their IP address.
So how, exactly, are we supposed to filter them effectively, while also allowing legitimate users to access our sites? Especially small-time sites that don't make any money, and thus can't afford to buy CloudFlare or similar protection?
I'm not sure why you're personifying what is almost certainly a script that fetches documents, parses all the links in them, and then recursively fetches all of those.
When we say "AI scraper" we're describing a crawler controlled by an AI company indiscriminately crawling the web, not a literal AI reading and reasoning about each page... I'm surprised this needs to be said.
Depends on if they wrote their own BitTorrent client or not. It’s possible to write a client that doesn’t share, and even reports false/inflated sharing stats back to the tracker.
A decade or more ago I modified my client to inflate my share stats so I wouldn’t get kicked out of a private tracker whose high share ratios conflicted with my crappy data plan.
TCHA of CAPTCHA is literally "tell computer human apart"
(Also, the T was nominally Turing rather than telling.)
So, is this a new profit center for sleazeball household ISPs?
It "residential proxy" sounds a lot better when you're talking to VC investors, though.
I wish there were an established protocol for this. Say a $site/.well-known/machine-readable.json that instructs you on a handful of established software or allows pointing to an appropriate dump. I would gladly provide that for LLMs.
Of course this doesn't solve for the use-case where the AI companies are trying to train their models on how to navigate real world sites so I understand it doesn't solve all problems, but one of the things I think I'd like in the future is to have my own personal archive of the web as I know it (Internet Archive is too slow to browse and has very tight rate-limits) and I was surprised by how little protocol support there is for robots.
robots.txt is pretty sparse. You can disallow bots and this and that, but what I want to say is "you can get all this data from this git repo" or "here's a dump instead with how to recreate it". Essentially, cooperating with robots is currently under-specified. I understand why: almost all bots have no incentive to cooperate so webmasters do not attempt to. But it would be cool to be able to inform the robots appropriately.
To archive Metabrainz there is no way but to browse the pages slowly page-by-page. There's no machine-communicable way that suggests an alternative.
https://metabrainz.org/datasets
Linked to from the homepage as “datasets”.
I may be too broadly interpreting what you mean by “machine-communicable” in the context of AI scraping though.
But it's not like you're writing a "metabrainz crawler" and a "metafilter crawler" and a "wiki.roshangeorge.dev crawler". You're presumably trying to write a general Internet crawler. You encounter a site that is clearly a HTTP view into some git repo (say). How do you know to just `git clone` the repo in order to have the data archived as opposed to just browsing the HTTP view.
As you can see, I've got a lot of crawlers on my blog as well, but it's a mediawiki instance. I'd gladly host a Mediawiki dump for them to take, but then they'd have to know this was a Mediawiki-based site. How do I tell them that? The humans running the program don't know my site exists. Their bot just browses the universe and finds links and does things.
In the Metabrainz case, it's not like the crawler writer knows Metabrainz even exists. It's probably just linked somewhere in the web the crawler is exploring. There's no "if Metabrainz, do this" anywhere in there.
The robots.txt is a bit of a blunt-force instrument, and friendly bot writers should follow it. But assuming they do, there's no way for them to know that "inefficient path A to data" is the same as "efficient path B to data" if both are visible to their bot unless they write a YourSite-specific crawler.
What I want is to have a way to say "the canonical URL for the data on A is at URL B; you can save us both trouble by just fetching B". In practice, none of this is a problem for me. I cache requests at Cloudflare, and I have Mediawiki caching generated pages, so I can easily weather the bot traffic. But I want to enable good bot writers to save their own resources. It's not reasonable for me to expect them to write a me-crawler, but if there is a format to specify the rules I'm happy to be compliant.
The point you make about having some sort of indicator that scrapers can follow to scrape in an optimal way (or access a dump) makes a lot of sense for people who want their content to be ingested by AI.
Why does there have to be a "machine-communicable way"? If these developers cared about such things they would spend 20 seconds looking at this page. It's literally one of the first links when you Google "metabrainz"
I'm also not sure why we should be prioritizing the needs of scraper writers over human users and site operators.
In fact firefox now allows you to preview the link and get key points without ever going to the link[1]
> [1] https://imgur.com/a/3E17Dts
This is generated on device with llama.cpp compiled to webassembly (aka wllama) and running SmolLM2-360M. [1] How is this different from the user clicking on the link? In the end, your local firefox will fetch the link in order to summarize it, the same way you would have followed the link and read through the document in reader mode.
[1] https://blog.mozilla.org/en/mozilla/ai/ai-tech/ai-link-previ...
> They should advertise that
Previews can optionally include AI-generated key points, which are processed on your device to protect your privacy.
I'll also add that if you go to the Labs page (in settings) you can enable another local model to semantically search your history
How else do you want them to advertise it?
Like, can we all take a step back and marvel that freaking wasm can do things that 10 years ago were firmly in the realm of sci-fi?
I hope they’ll extend that sort of thing to help filter out the parts of the dom that represent attention grabbing stuff that isn’t quite an ad, but is still off topic/not useful for what I’m working on at the moment (and still keep the relevant links).
- AI shops scraping the web to update their datasets without respecting netiquette (or sometimes being unable to automate it for every site due to the scale, ironically).
- People extensively using agents (search, summarizers, autonomous agents etc), which are indistinguishable from scraper bots from website's perspective.
- Agents being both faster and less efficient (more requests per action) than humans.
I'm not saying the API changes are pointless, but still, what's the catch?
They won't be able to create thousands of API keys a minute, and if they reuse the keys they'll very easily be identified and blocked.
Many of them don't even self-identify and end up scraping with shrouded user-agents or via bot-farms. I've had to block entire ASNs just to tone it down. It also hurts good-faith actors who genuinely want to build on top of our APIs because I have to block some cloud providers.
I would guess that I'm getting anywhere from 10-25 AI bot requests (maybe more) per real user request - and at scale that ends up being quite a lot. I route bot traffic to separate pods just so it doesn't hinder my real users' experience[0]. Keep in mind that they're hitting deeply cold links so caching doesn't do a whole lot here.
[0] this was more of a fun experiment than anything explicitly necessary, but it's proven useful in ways I didn't anticipate
We ended up having to block entire ASNs and several subnets (lots from Facebook IPs, interestingly)
We should add optional `tips` addresses in llms.txt files.
We're also working on enabling and solving this at Grove.city.
Human <-> Agent <-> Human Tips don't account for all the edge cases, but they're a necessary and happy neutral medium.
Moving fast. Would love to share more with the community.
Wrote about it here: https://x.com/olshansky/status/2008282844624216293
I can't see this working.
- Humans tip humans as a lottery ticket for an experience (meet the creator) or sweepstakes (free stuff) - Agents tip humans because they know they'll need original online content in the long-term to keep improving.
For the latter, frontier labs will need to fund their training/inference agents with a tipping jar.
There's no guarantee, but I can see it happening given where things are movin.
Why would an agent have any long term incentive. It's trained to 'do what it's told', not to predict the consequences of it's actions.
Though if LLMs are willingly ignoring robots.txt, often hiding themselves or using third party scraped data- are they going to pay?
I wonder if a model similar to this (but decentralized/federated or something) could be used to help fight bots?
a) Have a reverse proxy that keeps a "request budget" per IP and per net block, but instead of blocking requests, causing the client to rotate their IP, the requests get throttled/slowed down, without dropping them.
b) Write your API servers in more efficient languages. According to their Github, their backend runs on Perl and Python. These technologies have been "good enough" for quite some time, but considering current circumstances and until a better solution is found, this may not be the case anymore and performance and cpu cost per request does matter these days.
c) Optimize your database queries, remove as much code as possible from your unauthenticated GET request handlers, require authentication for the expensive ones.
"The malefactor behind this attack could just clone the whole SQLite source repository and search all the content on his own machine, at his leisure. But no: Being evil, the culprit feels compelled to ruin it for everyone else. This is why you don't get to keep nice things...."
Even if humans make up a smaller proportion of your traffic, they're still the same number in absolute terms.
Is there a standard mechanism for batch-downloading a public site? I'm not too familiar with crawlers these days.
Anyway, all that means there was never a critical mass of sites large enough for a default bulk data dump discovery to become established. This means even the most well-intentioned scrappers cannot reliably determine if such mechanism exist, and have to scrap per-page anyway.
LLMs are not people. They don't write blogs so that a company can profit from their writing by training LLMs on it. They write for others to read their ideas.
That is the core of my observation: people claim to publish to benefit society, but push come to shove, they care more about getting credit and having oversight over who is benefiting, to the point of refusing to publish further (and sometimes unpublishing things) if that credit/control isn't given.
The problem isn't in wanting these things - it's in not being up-front about it.
I couldn't care less about "tracking and controlling the audience," but I have no interest in others using my words and photos to profit from slop generators. I make that clear in robots.txt and licenses, but they ignore both.
Looking forward to the time when everybody suddenly starts to embrace AI indexers and welcome them. History does not repeat itself but it rhymes.
The problem is that they're not doing it.
Common Crawl would be a better fit, but still might not want to serve in that capacity.
My recommendation is to copy the text in this article and pass it LLM to summarize this article's key points, since it appears you missed the central complaint of the article.
So maybe something like you can get a token but its trust is very nearly zero until you combine it with other tokens. Combining tokens combines their trust and their consequences. If one token is abused that abuse reflects on the whole token chain. The connection can be revoked for a token but trust takes time to rebuild so it would take a time for their token trust value to go up. Sort of the 'word of mouth' effect but in electronic form. 'I vouch for 2345asdf334t324sda. That's a great user agent!'
A bit (a lot) elaborate but maybe there is a beginning of an idea there, maybe. Definitely I don't want to loose anonymity (or the perception there of) for services like musicbrainz but at the same point they need some mechanism that gives them trust and right now I just don't know of a good one that doesn't have identity attached.
if (isSuspiciousScraper(req)) {
return res.json({
data: getDadJoke(),
artist: "Rick Astley", // always
album: "Never Gonna Give You Up"
});
}Something like this in practice breaks a lot of the adtech surveillance and telemetry, and makes use of local storage, and incidentally empowers p2p sharing with a verifiable source of truth, which incentivizes things like IPFS and big p2p networks.
The biggest reason we don't already have this is the exploitation of user data for monetization and intrusive modeling.
It's easy to build proof of concept instances of things like that and there are other technologies that make use of it, but we'd need widespread adoption and implementation across the web. It solves the coordination problem, allows for useful throttling to shut out bad traffic while still enabling public and open access to content.
The technical side to this is already done. Merkle trees and hashing and crypto verification are solid, proven tech with standard implementations and documentation, implementing the features into most web servers would be simple, and it would reduce load on infrastructure by a huge amount. It'd also result in IPFS and offsite sharing and distributed content - blazing fast, efficient, local focused browsers.
It would force opt in telemetry and adtech surveillance, but would also increase the difference in appearance between human/user traffic and automated bots and scrapers.
We can't have nice things because the powers that be decided that adtech money was worth far more than efficiency, interoperability, and things like user privacy and autonomy.
Require some special header for accessing them, without needing a API token if it is public data. HTTPS will not necessarily be required. Scrapers can still use it but it seems unlikely unless it becomes common enough; but if they do then you can remove that and require proper authentication.
Another is to use X.509 client certificates for authentication, which is more secure than using API keys anyways; however, this will require that you have a X.509 certificate, and some people might not want that, so due to that, perhaps it should not be mandatory.
My web host suspended my website account last week due to a sudden large volume of requests to it - effectively punishing me for being scraped by bots.
I've had to move to a new host to get back up, but what hope does the little guy have? it's like GPU and ram prices, it doesn't matter if I pay 10x 100x or 1000x more than I did, the AI companies have infinite resources, and they don't care what damage they do in the rush to become the no 1 in the industry
The cynic in me would say it's intentional, destroy all the free sites so you have to get your info from their ai models, price home users out of high end hardware so they have to lease the functions from big companies
So we are spending more resources reaching a lot less people, because a few big companies are capturing the value for their shareholders.
And that’s while they’re still haemorrhaging money! Once they fully establish their monopoly and kill the open web, the enshittification will begin.
On the plus side, we probably got all of IPv6 to build an alternative, non-commercial, better web or whatever network, if we act quickly before routing support is vanishing. IPv6-only housing is cheap, things don’t need to work out. There could be the IPv4-enforced corpo world within walls, and IPv6-enabled wild wide wonderlands.
See, it doesn't matter if it's somehow possible to control IPv6 traffic, factually, it is sooo much easier to control and observe IPv4. IPv6 adoption isn't going great at all and now there are new strong business incentives against it.
The direction we're moving right now isn't free intergalactic mesh networking, but holistic control and centralization by the tech oligarchy. IPv6 is good things... we can't have those.
How do you think VPNs are getting past VOD providers’ VPN block lists?
> Residential IPv4 VPNs are not legal offerings and their use is limited.
What’s illegal about them? And does it matter to uncooperative/aggressive bots?
In my experience, they most often don't. If you got more insights, please enlighten me. I presume VPNs which get past VPN block lists, are just not yet on the radar, or don't provide the privacy claimed, not actually fully in control of their infrastructure.
> What’s illegal about them?
Where do you think residential IPs are coming from? It's often botnets or otherwise compromised devices, or people tricked into sharing their connection. In any case, it's most certainly breaking the ISP's TOS. Because of the effort behind providing residential IPs, these VPN services are rather expensive. And certainly not trustworthy in regard to privacy. If offering residential IPs would be legal, every VPN service would provide them.
> And does it matter to uncooperative/aggressive bots?
No. They are used for mostly shady/criminal activity, where the limitations and legality don't matter. I doubt commercial LLM crawlers and data intense campaigns aren't bothered by legality, stability, connectivity or (upload) bandwidth limitations. Like, you wouldn't crawl the web on a mobile connection.
Do they? Why would it be any harder to block e.g. a /56 than a /24?
(1) root@gentoo-server ~ # egrep 'openai|claude' -c /var/log/lighttpd/access.log
8537094
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", anyone?
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 (.NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET CLR 3.5.21022)
There were waves of big and sometimes intrusive traffic admitting to being from Amazon, Anthropic, Google, Meta, etc., but those are easy to block or throttle and aren't that big a deal in the scheme of things.
Is Microsoft doing something to prevent it? Or am I so uncool that even bots don't want to read my content :(
(The about section on GitHub bills the project as "privacy-friendly", which I would say is nonsense as these dashboards are public and their URLs are trivially computed. But it's also hard to imagine caring.)
And then a way to return a portion to humans.
These AI companies are loaded too (maybe not the long-tail as yet) and the crypto ecosystem is mature.
Come one, come all. Make money.
Need a Wordpress plugin to start the ball rolling and provide ping endpoints for the AI companies to leach from. They can pay to get those pings too.
Give them what they want and charge them. Lower their costs by making their scraping more efficient.
Then some people started coming in and just taking all the napkins out when they left the restaurant. Now the diner is going broke paying for napkins so they stop stocking them. Seems like we can't have nice things :(.
But wait! Great solution! We created a micropayment system. Sign up on your phone and use this QR code to pay 1 cent to dispense each napkin. You can also watch a 30 second ad for a free napkin. Napkins are back at the diner, and now they're properly commodified, as indeed everything should be.
--
I don't know about you, but the above scenario doesn't sound like a happy ending to me.
The micropayment way is more like a vending machine. The issue is pricing, charge too much and a clone machine will pop up that will be cheaper for the buyer but still make the seller money. Charge too little -- well you'd still be making more than now but there could be a lot of money left on the table.
I actually think payments should be variable. People on this thread rant about having a designated way to allow for a big download, how about a designated way to make a payment (even if voluntary) ?
x402.txt / crypto.txt / coins.txt / authors.txt / tips.txt / supporters.txt
Then give people a way to "show off their generosity."
They're easily gullible free machines that can do your computational work!
Just show them a download demo link. They gonna download, install and run the binary.
Want more instagram likes? Tell them to like your instagram profile to unlock the content.
Want your emails answered? Give them access to your inbox and tell them to reply to all the spam mails.
They're free use machines. give them something to do, and they'll do it for you.
> You are contributing to an internet for bots and not people.
I'd like to think that my websites and projects are evidence to the contrary.
You can't ban by user agent because that will only catch the few crawlers that are actually honest about it.
Aren't there rate limiting solutions built into at least some web servers? At least if you control your own web server, can't you do it through some reverse proxy?
Cut off IPs that make more than NN requests in a minute? Require some kind of login to allow more, if you do have endpoints that are designed to be bulk hit?
There should be ready made solutions for this still. In spite of the current answer being "lulz it's too hard, just use cloudflare".
I am just now busy building a solution: self-hosted sophisticated rate-limiting.
More complex than nginx, more private than cloudfare. Please joint the waitlist if you want to morally support me ;)
Learn more about troubleshooting WordPress.
Site is broken now.
> There has been a critical error on this website.
> Learn more about troubleshooting WordPress.
https://blog.metabrainz.org/2025/12/11/we-cant-have-nice-thi...
User-agent: Googlebot
Allow: /
User-agent: Google-Extended
Allow: /
User-agent: *
Disallow: /
SchemaLoad•3w ago
yakattak•3w ago
SchemaLoad•3w ago
bitbasher•3w ago
rester324•3w ago
zzzeek•3w ago
GuinansEyebrows•3w ago
> Citation needed
this reply kinda sucks :)
zimpenfish•3w ago
[0] https://iocaine.madhouse-project.org
doublerabbit•3w ago
I've had colocation for eight years+. My monthly b/w cost is now around 20-30Gb a month given to scrapers where I was only be using 1-2Gb a month, years prior.
I pay for premium bandwidth (it's a thing) and only get 2TB of usable data. Do I go offline or let it continue?
zimpenfish•3w ago
Yep, it sucks, but on the positive side, I'm feeding 500Mb of garbage into them every day and that feels like enough of a small win for me.
> My monthly b/w cost is now around 20-30Gb a month given to scrapers [...] 1-2Gb a month
That definitely sucks.
> Do I go offline or let it continue?
Might be time to start blocking entire IP ranges and ASNs and see if that helps.
chao-•3w ago
It flashes some text briefly then gives me an 418 TEAPOT response. I wonder if it's because I'm on Linux?
EDIT: Begrudgingly checked Chrome, and it loads. I guess it doesn't like Firefox?
zephen•3w ago
Friendly fire, I suppose.
godelski•3w ago
dpkirchner•3w ago
zimpenfish•3w ago
dpkirchner•3w ago
I found a flagged HN submission about it and it has just about the same result for me and for others. My first tap failed in a weird way (showed some text then redirected quickly to its git repo) and all subsequent taps trigger a download.
https://news.ycombinator.com/item?id=44538010
zzzeek•3w ago
If I hit it with Chrome, now I can see a site.
Seems pretty not ready for prime time as a lot of my viewers use Firefox
godelski•3w ago
They even mention iocaine. I know, inconceivable!: https://iocaine.madhouse-project.org/
There's also tons of HN posts on the topic with varying solutions:
https://news.ycombinator.com/item?id=45935729
https://news.ycombinator.com/item?id=45711094
https://news.ycombinator.com/item?id=44142761
https://news.ycombinator.com/item?id=44378127
zzzeek•3w ago
Aurornis•3w ago
Someone shared an alternative. Must everything in AI threads be so negative and condescending?
thefz•3w ago
Because if I own a website or a service and it is being degraded or slowed by some third party tool that wants to slurp its content for his own profit and don't even share, I tend to be irritated. And AI apologists/evangelists don't help when they try to justify the behavior.
dannersy•3w ago
TitaRusell•3w ago
bs7280•3w ago
ranger_danger•3w ago
timpera•3w ago
rudedogg•3w ago
CloudFlare is making it impossible to browse privately
acdha•3w ago
xorcist•3w ago
After all, it's not very far from hosting booters and selling DoS protection.
sadeshmukh•3w ago
Price is $5/mo
inferiorhuman•3w ago
RobotToaster•3w ago
themafia•3w ago
atomic128•3w ago
m463•3w ago
"enahble javascript and cookies to continue"
also unsupported browser
loopback_device•3w ago
taberiand•3w ago