1. If they are using residential IPs, each byte of network bandwidth is probably costing them a lot more than it's costing you. Win.
2. More importantly, if this became a thing that a large fraction of all websites do, the economic incentive for AI scrapers would greatly shrink. (They don't care if 0.02% of their scraping is garbage; they care a lot if 80% is.) And the only move I think they would have in this arms race would be... to use an LLM to decide whether a page is garbage or not! And now the cost of scraping a page is really starting to increase for them, even if they only run a local LLM.
The cost of being critical of source material might make some AI companies tank, but that seems inevitable.
Yes, instead of doing just a HTTP request, do a HTTP request with authentication, trivial really. Probably the reason they "can't" do that now is because they haven't came across "public content behind Basic Auth with known correct credentials", so the behavior hasn't been added. But it's literally loading http://username:password@example.com instead of http://example.com to use Basic Auth, couldn't be simpler :)
Or if you make it clear that they’re allowed, I’m not sure you can stop the bots then.
The (theoretical) scenario is: There is a website (example.com) that publishes the correct credentials, and tells users to go to example.com/authenticate and put those there.
At no point is a user (or bot) bypassing anything that was meant to stop them, they're following what the website is telling them publicly.
Similar to OPs article, trying to find a technical solution here is very inefficient and just a bandaid. The people running our society are on the whole corrupt and evil. Much simpler (not easier) and more powerful to remove them.
If you're doing something alike to cracking then yeah. But if the credentials are right there on the landing page, and visible to the public, it's not really cracking anymore since you already know the right password before you try it, and the website that put up the basic auth is freely sharing the password, so you aren't really bypassing anything, just using the same access methods as everyone else.
Again, if you're stumbling upon basic auth and you try to crack them, I agree it's at least borderline illegal, but this was not the context in the parent comment.
I agree, but if someone has a website that says "This isn't the real page, go to /real.html and when authentication pops up, enter user:password", then I'd argue that is no longer "gaining access to content you're not authorized to see", the author of the page shared the credentials themselves, and acknowledged they aren't trying to hide anything, just providing a non-typical way of accessing the (for all intents and purposes, public) content.
It doesn't have to be so free. It can be shared with the stipulation that it's not used in a bot.
https://www.law.cornell.edu/uscode/text/17/1201
(a) Violations Regarding Circumvention of Technological Measures.—
(1)
(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
If you are only authorized to access it under certain conditions, trying to access it outside those conditions is illegal (in the US, minimally). Gaining knowledge of a password does not grant permission to use it.
Thanks for adding the additional context!
But running that costs money, which is a disincentive. (How strong of a disincentive depends on how much it costs vs. the estimated value of a scraped page, but I think it would 100x the per-page cost at least.)
And if they would today, it seems like a trivial think to fix - just don't click on incorrect/suspicious links?
And another "classic" solution is to use white link text on white background, or a font with zero width characters, all stuff which is rather unlikely to be analysed by a scraper interested primarily in text.
2. You need to send the data for the Markov chain generator to the client, along with the code. This is probably bigger than the response you'd be sending anyway. (And good luck getting a bot to cache JavaScript)
3. As the author said, each request uses microseconds of CPU and just over a megabyte of RAM. This isn't taxing for anyone.
Anyone crawling at scale would try to limit the per-request memory and CPU bounds, no? Surely you'd try to minimize resource contention at least a little bit?
"A glass is not impossible to make the file and so deepen the original cut. Now heat a small spot on the glass, and a candle flame to a clear singing note.
— context_length = 2. The source material is a book on glassblowing."
For reference, I picked Frankenstein, Alice in wonderland and Moby dick as sources and I think they might be larger than necessary as they take some time to load. But they still work fine.
There also seems to be a bug in babble.c in the thread handling? I did "fix" it as gcc suggested by changing pthread_detach(&thread) to pthread_detach(thread).. I probably broke something but it compiles and runs now :)
I want to redirect all LLM-crawlers to that site.
Same as any other consumer using Meta products. You sell out because it’s easier to network that way.
I am the son of a farmer.
Edit: added disclosure at the bottom and clarified as agricultural farming
https://www.farmkind.giving/the-small-farm-myth-debunked
Tldr; the concept of farmers as small family farms has not been rooted in truth for a very long time in America
In general though, the easy rule of living and eating non-mega farmed food and sustainable living is to “eat aware”:
My other advice is a one-size-fits-all food equation, which is, simply, to know where it came from. If you can't place it, trace it, or grow it/raise it/catch it yourself, don't eat it. Eat aware. Know your food. Don't wait on waiters or institutions to come up with ways to publicize it, meet your small fishmonger and chat him or her up at the farmer's market yourself. [0]
[0] https://www.huffpost.com/entry/the-pescatores-dilemma_b_2463...
Eh? That's the speed of an old-school spinning hard disk.
A single site doing this does nothing. But many sites doing this has a severe negative impact on the utility of AI scrapers - at least, until a countermeasure is developed.
If you can't fight them, flood them. If they want to open a window, pull down the whole house.
For example, say I have an AD&D website, how does AI tell whether a piece of FR history is canon or not? Yeah I know it's a bit extreme, but you get the idea.
Off the top of my head, I don't think this is true for training data. I could be wrong, but it seems very fallible to let GPT-5 be the source of ground truth for GPT-6.
On my site, I serve them a subset of Emergent Misalignment dataset, randomly perturbed by substituting some words with synonyms.
It should make the LLMs trained on it behave like dicks according to this research https://www.emergent-misalignment.com/
Do they do any harm? They do provide source for material if users asks for it. (I frequently do because I don't trust them, so I check sources).
You still need to pay for the traffic, and serving static content (like text on that website) is way less CPU/disk expensive than generating anything.
because as infinite site that has appeared out of nowhere will quickly be noticed and blocked
start it off small, and grow it by a few pages every day
and the existing pages should stay 99% the same between crawls to gain reputation
https://www.cloudflare.com/press/press-releases/2025/cloudfl...
https://ih879.requestcatcher.com/test
to each of the nonsense pages, so we can see an endless flood of funny requests at
https://ih879.requestcatcher.com
?
I'm not sure requestcatcher is a good one, it's just the first one that came up when I googled. But I guess there are many such services, or one could also use some link shortener service with public logs.
Surely the bots are still hitting the pages they were hitting before but now they also hit the garbage pages too?
But yes, all bots start out on an actual page.
Clever
fainpul•2h ago
https://maurycyz.com/projects/trap_bots/
isoprophlex•59m ago