AI bots are destroying Open Access

AI bots are destroying Open Access(go-to-hellman.blogspot.com)

99 points by dhacks 1 year ago | 49 comments

kazinator 1 year ago |

> The old style bots were rarely a problem. They respected robot exclusions and "nofollow" warnings.

What year are they reminiscing about here, 1999? Nothing has respected robots.txt in over twenty years.

Nofollow isn't an anti-bot measure; it's supposed to inform search engines that you don't vouch for the linked content (don't wish to boost its rank). Nofollow doesn't mean "you must not follow this if you're a crawler".

kragen 1 year ago |

Sheesh, just use BitTorrent. That's what open access licensing is for! BitTorrent's tit-for-tat approach limits the harm selfish actors can do, only greatly rewarding those whose behavior benefits others, and has been shown to be very robust against active disruption attempts for decades now. Moreover, it also confers some resistance to falsification of the published record, to linkrot, and to publishing companies going bankrupt.

Sooner or later we need to take back the legitimate internet from surveillance capitalism. Capitalism is great (it shares many of BitTorrent's virtues, not coincidentally) but surveillance capitalism is not.

quectophoton 1 year ago | |

As much as I like BitTorrent, people (usually) don't want to provide open access to information; what they (usually) want is to be an "open" gateway to that information, as long as they are the centralized point of distribution whose name appears in the URL bar, and as long as they control when they can remove access to that information.

Creating a torrent is not showy enough, because the credit is "just" another file and/or a comment in the torrent metadata.

Granted, they usually do that because they want to "kindly" advertise a way to donate to them (EDIT: or to track you, or other similar goals), and there's nothing wrong with trying to get donations, but there's clearly a conflict of interest at play here.

kragen 1 year ago | | |

It doesn't matter what people usually want. It's sufficient for someone to want to torrent the open-access articles, even if everyone else is playing the exploitative games you're describing. The Berlin Declaration that defined "open access" https://openaccess.mpg.de/Berlin-Declaration requires specifically

> The author(s) and right holder(s) of such contributions grant(s) to all users a free, irrevocable, worldwide, right of access to, and a license to copy, use, distribute, transmit and display the work publicly and to make and distribute derivative works, in any digital medium for any responsible purpose, subject to proper attribution of authorship (community standards, will continue to provide the mechanism for enforcement of proper attribution and responsible use of the published work, as they do now), as well as the right to make small numbers of printed copies for their personal use.

This guarantees that such torrents are legal unless the original authors are infringing copyright.

So there is no danger of AI bots destroying open access.

dijksterhuis 1 year ago | |

torrents work fine for immutable artefacts. linux distro ISOs etc are not getting modified after release. that's a new version. same with films (piracy). once a film is released, that's it released. any later versions are just that, a new version.

torrents are a problem for mutable artefacts because you are reliant on your peers having the latest up to date copy, which is not guaranteed. the peers you download from might have just switched their machine on after 5 months, so their copy of the mutable artefact is 5 months out of date. as ever with distributed systems, requiring consistency introduces complexity.

"open gateways" (term used by a sibling comment) provide much simpler mutability. which makes sense when there's like a simple typo in a PDF document that requires the document's replacement. just replace the document on the web server. bam! everyone now has access to the latest corrected version immediately.

also, most of the general population doesn't know how to use torrents. just because there's a part-way technical solution, doesn't mean it makes sense to switch everything over to some fancy new proposal (not the underlying tech, which is old now).

if users would struggle to use the implementation, why do it? what benefits are there except for a seemingly more technically perfect solution?

kragen 1 year ago | | |

Published papers, just like accounting records, are immutable artifacts. People need to be able to say, "In Arneson & Dijksterhuis 2014, the figure given for the solanine concentration in eggplants is an order of magnitude too high because of a typographical error," or, "In Arneson & Dijksterhuis 2014, the figure given for the solanine concentration in eggplants is correct to within 25% and does not contain a typographical error," and for other people to be able to verify that. "Just replac[ing] the document on the web server" is considered serious academic misconduct, among other things because you might be introducing errors into previously correct published work that others had referenced. For this case, torrents' immutability is a feature, not a bug.

In 01994 the general population didn't know how to use the internet, but it was already very useful for researchers. Software improved over time to simplify using it.

What benefit would there be? The benefit would be that it prevents AI bots from destroying Open Access.

xnx 1 year ago |

Why are "AI" bots generating so much fuss. Is it because there are so many of them? Is it because AI companies are each writing their own (bad) crawlers instead of using existing ones?

pickledoyster 1 year ago |

>large blocks of IP addresses

This could be at least partially solved by starting legal and cybersec (bulk blocks, flagging SDKs as malware) action against botnets for rent[0], forcing their SDKs out of app stores[1].

0 – https://spur.us/residential-proxies-the-legal-botnet-that-no... 1 – https://datadome.co/bot-management-protection/how-proxy-prov...

zzo38computer 1 year ago |

I have temporarily disabled my HTTP server for now. (I set up port knocking for a day, but I got rid of it due to a kernel panic.)

My issue is not to prevent anyone from obtaining a copy if they want to do, and I want to ensure that users can use curl, Lynx, and other programs; I do not want to require JavaScripts, CSS, Firefox, Google, etc.

My problem is that these LLM scraping bots are badly behaved, making many requests and repeating them even though there is no good reason to do so, and potentially overloading the servers. These things are mentioned in the article. Some bots are not so badly behaved, and those are not the problem.

paulddraper 1 year ago | |

How can you tell they are LLM bots?

zzo38computer 1 year ago | | |

I do not know for sure, but they are accessing with many different IP addresses, and with many different user-agent values that all include "Mozilla". I had read elsewhere that apparently they are botnets for LLM scraping.

musicale 1 year ago |

I guess the problem of throttling connections to human rates is that the bots rapidly eat up all of the connections.

Can we at least get rid of CAPTCHAs now since they clearly don't work?

jrochkind1 1 year ago | |

I don't mean to be marketting for them, but the CloudFlare Turnstile "captcha alternative" (Similar to Google ReCaptcha and others) has been working for me. it's the only thing that has of what I tried so far (rate-limiting IPs, fail2ban, etc -- their IPs are just too distributed).

It doesn't make the user do a puzzle, it's the kind that either works entirely automatically or in some cases asks the user to tick a checkbox. You have probably seen it proliferating across the internet in your personal use becuase, well, see above.

musicale 1 year ago | | |

Rate limiting individual addresses seems like a possibly useful, if not perfect, idea since it forces the bots to spread out over more addresses. It does penalize humans behind NAT however.

josefritzishere 1 year ago |

AI is a scourge. It provides next to nothing useful but wrecks havok. As passing fads go it's heavy on the distruption but light on the utility.

elzbardico 1 year ago |

Looks like they vibe-coded the scrappers

skeledrew 1 year ago |

The way I see it, there may be pain now, but this is just the chaos before the web eventually becomes the semantic web, as mostly conceived by Berners-Lee[0]. Make all data available for true, easy, permanent open access instead of throwing up roadblocks to be circumvented, so all organizations wanting to train AI models can access, and thus properly democratize the ecosystem. It's that or end up with a handful of players with pockets deep enough to do what it takes to get the data, and then gatekeep the results for their own profit.

Also, eventually I see most people filtering their queries through something like Perplexity anyway instead of going to individual sites, so those putting up barriers will lose out on human traffic in any case. Let's ensure that the results people are able to access via AI continually improves so the "slop" term disappears that much faster.

[0] https://en.m.wikipedia.org/wiki/Semantic_Web

data_maan 1 year ago |

Uhmm.... Just use harder Catpchas?

I can't really understand the outrage here, this problem of scraping to the point of being DDOSed, which is what the author seems to contend, has existed since forever.

eesmith 1 year ago | |

Who is developing, deploying, and profiting from these harder captchas? Apparently not Cloudflare.

> They are using commercial services such as Cloudflare to outsource their bot-blocking and captchas, without knowing for sure what these services are blocking, how they're doing it, or whether user privacy and accessibility is being flushed down the toilet. But nothing seems to offer anything but temporary relief.

Also:

> The current generation of bots is mindless. They use as many connections as you have room for. If you add capacity, they just ramp up their requests. They use randomly generated user-agent strings. They come from large blocks of IP addresses. They get trapped in endless hallways. I observed one bot asking for 200,000 nofollow redirect links pointing at Onedrive, Google Drive and Dropbox. (which of course didn't work, but Onedrive decided to stop serving our Canadian human users). They use up server resources - one speaker at Code4lib described a bug where software they were running was using 32 bit integers for session identifiers, and it ran out!

data_maan 1 year ago | | |

Google is typically developing Captchas, but you can develop your own if you like.

nathanaldensr 1 year ago |

The only way--the only way--to solve these issues is with web servers requiring that all clients authenticate with a credential that is provably tied to a real-world entity--person or corporate entity--so that legal recourse is available to the server owner when abuse occurs. The internet is no longer high-trust; we're running web servers the same way we'd run an honor-system store where people just come in and steal, anonymously, and with no recourse.