An Update on the scraper situation

(lwn.net)

49 points | by chmaynard 2 hours ago

11 comments

  • Bratmon 1 hour ago
    Residential Proxies are the most emblematic technology of our era- a group of people looked at something that used to be considered a crime (botnets) and realized that if they just did it openly, no one would ever punish them.
    • BoorishBears 15 minutes ago
      Thank god for residential proxies.

      Highly unethical but the way the internet is going they're the last anti-hero of a somewhat open internet

  • mips_avatar 2 hours ago
    I feel like the solution is a better common crawl. As nice as it would be to block the frontier AI labs from getting access to information, we should reset the baseline of information accessibility so there's less marginal advantage on these labs.

    I worry a lot of the anti scraping rhetoric will just injure the open web and put somebody like cloudflare in charge.

    • jay_kyburz 1 hour ago
      I agree, if up-to-data data was available somewhere else and free, there would be no reason to pay hackers and scrape.

      You could perhaps even get website operators to "push" new data to a common crawl database. The scrapers would learn there is no value on scraping X domain because the data is available elsewhere more easily.

      • jay_kyburz 59 minutes ago
        How about a website header with a link to a static zip that contains the whole website in one hit. The Zip could be hosted on some big public sever. Perhaps even mirrored locally for each nation.
        • mips_avatar 45 minutes ago
          that's hard to do with rendered content, oftentimes the result depends on a backend service. Maybe you should make the service it's running public but that might be a line most aren't willing to cross.
          • jay_kyburz 16 minutes ago
            I was thinking you scrape your own website every day in the middle of the night when traffic is low, and make that available. They can come and collect it every day if they want to.
  • cdrnsf 5 minutes ago
    I maintain a long robots.txt and also 403 the user agents there when they request anything but robots.txt. I've blocked traffic from a few countries altogether and also block anything on SpamHaus' DNSBL.
  • everfrustrated 1 hour ago
    I wonder how much of this is traffic caused by peoples agents using web tools causing searches and fetches rather than general trawls of the internet.
    • noxvilleza 1 minute ago
      Most well-known/large agentic web tools I've seen are actually super honest about who they are -- even when they write out scripts they're very keen to identify themselves using user-agents. Most of the time those tools are fine - it's the ones that happen to have a random choice of the 5 most common Chrome/Firefox user-agents making sequential scrapes but cycling through IPs on African and South American residential IPs that are the problem!
    • corbet 1 hour ago
      Very little of it. When you see a million IPs systematically working their way through your URL space, it's pretty clear that there's a central control node behind it all.
      • everfrustrated 1 hour ago
        Your earlier article suggests you aren't using a CDN. Might be well worth looking into - not for any bot detection so much as just having a good old fashioned cache in front of you.
    • dawnerd 31 minutes ago
      I've seen some logs where a bunch of random ips were hitting a client's search endpoint feeding what looked like user questions to it. Of course none of them returned anything useful but it was causing a lot of strain and even causing the site to go down (gotta love wordpress's stock search).

      I'm guessing the training companies are taking real/synthesized user queries and trying to distill what they can from site searches.

  • tingletech 2 hours ago
    The comments are not showing up for me now, but when they were still showing for anonymous users, there was a link to https://commoncrawl.org. I've been sort of worried about letting agents hit websites, I wonder if a fetch_url agent tool could be made to look in common crawl first before hitting the web for it?
  • sixtyj 1 hour ago
    The issue with scrapping is the intensity and volume of bots.

    I think that nobody would care if I use wget or curl for few pages, e.g. because I would like to read a site as offline or archive it.

    Btw average age of any page is 10 years. Deletion or structural change after acquisition is common, Signal vs Noise site recent wipe out could serve as an example why we need to archive sites.

    • ccgreg 17 minutes ago
      A lot of websites want "bot defense" due to high volume scrapers, and that "bot defense" often also ends up blocking low-volume wget/curl and polite crawlers like Common Crawl's CCBot.
  • cyanydeez 2 hours ago
    mmm, in many cases these residential proxies are media boxes, and they consent as much as anyone else consents to what amazon, or google or facebook does; it's buried somewhere in the recesses of the TOS.

    The question is more about why the US and others can't properly enforce the bullshit all this amounts to.

    • bell-cot 1 hour ago
      "He who has the gold makes the rules" is older than the pyramids.
  • eduction 54 minutes ago
    Can BitTorrent’s architecture contribute anything useful here?

    I admit this is a naive question. I have no idea how applicable bt is to web requests. This problem just seems to have a similar “too many people want this resource” shape.

  • atomic128 2 hours ago
    There is a large community of people that poison scrapers.

    The poison gets better every day, and the community is continuously growing. Poison Fountain, alone, transmits hundreds of gigabytes of poison per day, which goes into scrapers, git repositories on every hosting platform, social media, etc.

    Part of the poisoning community on Reddit, for example: https://www.reddit.com/r/PoisonFountain/comments/1uocaii/a_n...

    • dang 48 minutes ago
      I've banned this account because we don't allow single-purpose accounts on HN, and your account has been doing that for quite some time now.

      We ban such accounts regardless of what the single purpose happens to be. Pre-existing agendas are not what HN is for and destroy the curious conversation that it is supposed to be for.

      https://news.ycombinator.com/newsguidelines.html

      • nekusar 26 minutes ago
        This is a strong positive sign that poison fountain works.

        I wasn't aware of this project. Thanks for the heads up.

    • logancbrown 1 hour ago
      People think this is causing issues for data collection for LLMs, but in reality it's not and there are several very trivial mechanisms to employ in data collection to bypass the "poison data" issue. The internet landscape was already poisoned with fake data, fringe conspiracies, and text before this Poison Fountain initiative.
      • zuzululu 1 minute ago
        exactly i took a look at that subreddit and doesnt look like theres any professionals just bunch of anti-AI users who thinks they are smarter

        its very easy to detect and bypass poison type of tools largely because of the fact that there are far more outlets for truthful info so unless you can get everyone to buy in (with real legal liabilities) its not effective

        also its possible to poison the poisoners with a certain pill that would have very real consequences for those maintaining whatever github repo/communities

  • stefantalpalaru 1 hour ago
    [dead]
  • tiahura 33 minutes ago
    Again, why do we allow China on the Internet?

    Backbone operators should not be allowed to knowingly maintain connections to networks that allow connections from China or Russia.