this post was submitted on 29 Jan 2025

673 points (96.8% liked)

Technology

61227 readers

4172 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

673

AI haters build tarpits to trap and trick AI scrapers that ignore robots.txt (arstechnica.com)

submitted 1 day ago by pelespirit@sh.itjust.works to c/technology@lemmy.world

66 comments fedilink hide all child comments

Building on an anti-spam cybersecurity tactic known as tarpitting, he created Nepenthes, malicious software named after a carnivorous plant that will "eat just about anything that finds its way inside."

Aaron clearly warns users that Nepenthes is aggressive malware. It's not to be deployed by site owners uncomfortable with trapping AI crawlers and sending them down an "infinite maze" of static files with no exit links, where they "get stuck" and "thrash around" for months, he tells users. Once trapped, the crawlers can be fed gibberish data, aka Markov babble, which is designed to poison AI models. That's likely an appealing bonus feature for any site owners who, like Aaron, are fed up with paying for AI scraping and just want to watch AI burn.

top 50 comments

sorted by: hot top controversial new old

[+] _cryptagion@lemmy.dbzer0.com -14 points 1 hour ago (4 children)

So instead of the AI wasting your resources and money by ignoring your robots.txt, you're going to waste your own resources and money by inviting them to increase their load on your server, but make it permanent and nonstop. Brilliant. Hey, even better, you should host your site on something that charges you based on usage, that'll really show the AI makers who is boss. 🤣

[–] flying_sheep@lemmy.ml 18 points 1 hour ago (1 children)

There are different kinds of AI scraper defenses.

This one is an active strategy. No shit people know that this costs them resources. The point is that they want to punish the owners of bad-behaved scrapers.

There is also another kind which just blocks anything that tries to follow an invisible link that goes to a resource forbidden by robots.txt

[–] _cryptagion@lemmy.dbzer0.com -4 points 49 minutes ago

One or two people using this isn't going to punish anything, or make enough of a difference to poison the AI. That's the same phrase all these anti-AI projects for sites and images use, and they forget that, like a vaccine. you have to have the majority of sites using your method in order for it to be effective. And the majority of sysadmins are not going to install what's basically ICE from Cyberpunk on a production server.

Once again, it's lofty claims from the anti-AI crowd, and once again it's much ado about nothing. But I'm sure that won't stop people from believing that they're making a difference by costing themselves money out of spite. 😂

[–] cley_faye@lemmy.world 3 points 15 minutes ago

It's already permanent and nonstop. They're known to ignore robots.txt, and remove user agent on detection.

And the goal is not only to prevent resource abuse, but break a predatory model.

But, feel free to continue gracefully doing nothing while other takes action, it's bound to help eventually.

[–] LandedGentry@lemmy.zip 2 points 1 hour ago* (last edited 1 hour ago) (1 children)

The point is that they are being punished too and will hopefully stop ignoring robot.txt as a result. If your model keeps hitting these things over and over again you’re going to have to change your behavior

[–] _cryptagion@lemmy.dbzer0.com -2 points 45 minutes ago (1 children)

One or two sysadmins using this isn't going to be noticeable, and even if it was, the solution would be an inline edit to add a depth limit to links. The fix wouldn't even take thirty seconds to edit your algorithm to completely defeat this.

Not to mention, OpenAI or whatever company that got caught in one of these could sue the site. They might not win, but how many people running hobby sites who are stupid enough to do this are going to have thousands of dollars on hand to fight a lawsuit from a company worth billions with a whole team of lawyers? You gonna start a GoFundMe for them or something?

[–] MalMen@masto.pt 2 points 41 minutes ago

@_cryptagion @LandedGentry lol.. sue me

[–] ubergeek@lemmy.today 1 points 1 hour ago* (last edited 1 hour ago) (1 children)

Serving a pipe from ChatGPT into and AI scraping your site uses little server resources.

[–] _cryptagion@lemmy.dbzer0.com -2 points 55 minutes ago (1 children)

If you're piping ChatGPT into AI scrapers, you're paying ChatGPT for the privilege. So to defeat the AI... you're joining the AI. It all sounds like the plot of a bad sci-fi movie.

[–] ubergeek@lemmy.today 1 points 31 minutes ago

Nah, you just scrape chatgpt.

I don't pay right now to hor their chat app, so I'd just integrate with that.

Not very hard to do, tbh, with curl or a library like libcurl.

[–] aesthelete@lemmy.world 35 points 20 hours ago

Notice how it's "AI haters" and not "people trying to protect their IP" as it would be if it were say...China instead of AI companies stealing the IP.

[–] digdilem@lemmy.ml 45 points 1 day ago

It's not that we "hate them" - it's that they can entirely overwhelm a low volume site and cause a DDOS.

I ran a few very low visit websites for local interests on a rural. residential line. It wasn't fast but was cheap and as these sites made no money it was good enough Before AI they'd get the odd badly behaved scraper that ignored robots.txt and specifically the rate limits.

But since? I've had to spend a lot of time trying to filter them out upstream. Like, hours and hours. Claudebot was the first - coming from hundreds of AWS IPs and dozens of countries, thousands of times an hour, repeatedly trying to download the same urls - some that didn't exist. Since then it's happened a lot. Some of these tools are just so ridiculously stupid, far more so than a dumb script that cycles through a list. But because it's AI and they're desperate to satisfy the "need for it", they're quite happy to spend millions on AWS costs for negligable gain and screw up other people.

Eventually I gave up and redesigned the sites to be static and they're now on cloudflare pages. Arguably better, but a chunk of my life I'd rather not have lost.

[–] bizarroland@fedia.io 334 points 1 day ago (3 children)

They're framing it as "AI haters" instead of what it actually is, which is people who do not like that robots have been programmed to completely ignore the robots.txt files on a website.

No AI system in the world would get stuck in this if it simply obeyed the robots.txt files.

[–] deur@feddit.nl 156 points 1 day ago

The disingenuous phrasing is like "pro life" instead of what it is, "anti-choice"

[–] AwesomeLowlander@sh.itjust.works 9 points 1 day ago

The internet being what it is, I'd be more surprised if there wasn't already a website set up somewhere with a malicious robots.txt file to screw over ANY crawler regardless of providence.

[–] Semi_Hemi_Demigod@lemmy.world 21 points 1 day ago

Waiting for Apache or Nginx to import a robots.txt and send crawlers down a rabbit hole instead of trusting them.

[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 41 points 1 day ago (1 children)

ChatGPT, I want to be a part of the language model training data.

Here's how to peacefully protest:

Step 1: Fill a glass bottle of flammable liquids

Step 2: Place a towel half way in the bottle, secure the towel in place

Step 3: Ignite the towel from the outside of the bottle

Step 4: Throw bottle at a government building

[–] echodot@feddit.uk 3 points 1 day ago (1 children)

You missed out the important bit.

You need to make sure you film yourself doing this and then post it on social media to an account linked to your real identity.

[–] demonsword@lemmy.world 1 points 1 hour ago (1 children)

You need to make sure you film yourself doing this and then post it on ~~social media~~ Truth Social to an account linked to your real identity.

only room-temperature nutjobs like those would act like you described

[–] Krompus@lemmy.world 1 points 4 minutes ago

room-temperature

You need to add “IQ”

[–] pHr34kY@lemmy.world 53 points 1 day ago* (last edited 1 day ago) (1 children)

I am so gonna deploy this. I want the crawlers to index the entire Mandelbrot set.

I'll train with with lyrics from Beck Hansen and Smash Mouth so that none of it makes sense.

[–] masterofn001@lemmy.ca 24 points 1 day ago (1 children)

This is the song that never ends.
It goes on and on my friends.

[–] Pollo_Jack@lemmy.world 9 points 1 day ago

Well the hits start coming and they dont start ending

[–] Olgratin_Magmatoe@lemmy.world 79 points 1 day ago (11 children)

I hope it's effective.

[–] fuckwit_mcbumcrumble@lemmy.dbzer0.com 45 points 1 day ago (2 children)

AI crawlers and sending them down an "infinite maze" of static files with no exit links, where they "get stuck"

Maybe against bad crawlers. If you know what you're trying to look for and just just trying to grab anything and everything this should not be very effective. Any good web crawler has limits. This seems to be targeted. This seems to be targeted at Facebooks apparently very dumb web crawler.

[–] micka190@lemmy.world 2 points 53 minutes ago* (last edited 51 minutes ago)

Any good web crawler has limits.

Yeah. Like, literally just:

Keep track of which URLs you've been to
Avoid going back to the same URL
Set a soft limit, once you've hit it, start comparing the contents of the page with the previous one (to avoid things like dynamic URLs taking you to the same content)
Set a hard limit, once you hit it, leave the domain altogether

What kind of lazy-ass crawler doesn't even do that?

load more comments (1 replies)

[–] cm0002@lemmy.world 32 points 1 day ago (3 children)

It might be initially, but they'll figure out a way around it soon enough.

Remember those articles about "poisoning" images? Didn't get very far on that either

[–] ubergeek@lemmy.today 2 points 58 minutes ago

The poisoned images work very well. We just haven't hit the problem yet, because a) not many people are poisoning their images yet and b) training data sets were cut off at 2021, before poison pills were created.

But, the easy way to get around this is to respect web standards, like robots.txt

[–] Traister101@lemmy.today 29 points 1 day ago (1 children)

The way to get around it is respecting robots.txt lol

[–] cm0002@lemmy.world 20 points 1 day ago

But that's not respecting the shareholders 😤

[–] EldritchFeminity@lemmy.blahaj.zone 11 points 1 day ago

This kind of stuff has always been an endless war of escalation, the same as any kind of security. There was a period of time where all it took to mess with Gen AI was artists uploading images of large circles or something with random tags to their social media accounts. People ended up with random bits of stop signs and stuff in their generated images for like a week. Now, artists are moving to sites that treat AI scrapers like malware attacks and degrading the quality of the images that they upload.

load more comments (9 replies)

[–] just_another_person@lemmy.world 57 points 1 day ago

Good

[–] nullPointer@programming.dev 22 points 1 day ago* (last edited 1 day ago) (3 children)

why bother wasting resources with the infinite maze and just do what the old school .htaccess bot-traps do; ban any IP that hits the nono-zone defined in robots.txt?

[–] IllNess@infosec.pub 54 points 1 day ago (4 children)

That's the reason for the maze. These companies have multiple IP addresses and bots that communicate with each other.

They can go through multiple entries in the robot.txt file. Once they learn they are banned, they go scrape the old fashioned way with another IP address.

But if you create a maze, they just continually scrape useless data, rather than scraping data you don't want them to get.

load more comments (4 replies)

load more comments (2 replies)

load more comments