I’ve been following the struggle of bearblog developer to manage the current war between bot scrapers and people who are trying to keep a safe and human oriented internet. What is lemmy doing about bot scrapers?
Some context from bearblog dev
The great scrape
https://herman.bearblog.dev/the-great-scrape/
LLMs feed on data. Vast quantities of text are needed to train these models, which are in turn receiving valuations in the billions. This data is scraped from the broader internet, from blogs, websites, and forums, without the author’s permission and all content being opt-in by default.
Needless to say, this is unethical. But as Meta has proven, it’s much easier to ask for forgiveness than permission. It is unlikely they will be ordered to “un-train” their next generation models due to some copyright complaints.
Aggressive bots ruined my weekend
https://herman.bearblog.dev/agressive-bots/
It’s more dangerous than ever to self-host, since simple mistakes in configurations will likely be found and exploited. In the last 24 hours I’ve blocked close to 2 million malicious requests across several hundred blogs.
What’s wild is that these scrapers rotate through thousands of IP addresses during their scrapes, which leads me to suspect that the requests are being tunnelled through apps on mobile devices, since the ASNs tend to be cellular networks. I’m still speculating here, but I think app developers have found another way to monetise their apps by offering them for free, and selling tunnel access to scrapers
As I understand, Anubis doesn’t make the user do anything. Instead, it runs some JavaScript in the client’s browser that does the calculations, and then sends the result back to the server. In order for an LLM to get through Anubis, the LLM would need to be running a real JavaScript engine (since the requested calculation is too complicated for an LLM to do natively), and that would be prohibitively expensive for bot farms at any real scale. Since all real people accessing the site will be doing so through a browser, which has JavaScript built in, and most bots will just download the website and send the source code right into the LLM without being able to execute it, real people will be able to get through Anubis while bots won’t. The total amount of extra energy consumed by adding Anubis isn’t actually that high since bot farms aren’t doing the extra work.
Take that all with a grain of salt; that info is based on a blog post which I read like 6 months ago, and I may be remembering incorrectly.
Your understanding is consistent with mine. It spends a small amount of effort (per user) that makes scaling too expensive (per bot-farm-entity). It also uses an adjustable difficulty that can vary depending on how sus a request appears to be.
The extra work and energy expenditure is being done by every single user using the site. The server wastes everyone else’s resources to provide benefits for it.
Bots can be designed to run javascript too, so if a site’s contents are worth scraping it can still be done.
It is effective at discouraging bots when looking at real world services today, but indeed you have found the primary downside. It does impose costs on users even if the costs are disproportionately placed on bots.
Do you realize how much extra work your browser has to do every time you visit a site that makes money on ads? All the additional scripts being run in the background, it’s astonishing. Trust me, the additional work that users’ machines have to do for this is totally insignificant when viewed in the greater context of what we actually do with computers.
Watching a 10 minute YouTube video, that’s your computer doing more work than it would loading a million text based pages running Anubis.
I have uBlock origin and Ghostery, so very little.
Given that AI trainers are training on YouTube videos too, that sounds like Anubis isn’t going to impose meaningful costs on them.
Well, does it work?
You don’t need to guess about it, you can simply look at traffic records and see how much it changes after installing Anubis. If it works for now, great. Like all things like this, it’s a cat and mouse game.
Also, the way your computer interprets a YouTube video and the way a scraper interprets a YouTube video may well be different. But in general, for a browser, streaming and decoding video is a relatively heavy and high bandwidth operation. Video is much higher bandwidth and has much higher CPU processing requirements than audio, which likewise is heavier and higher higher bandwidth than text. As a result, video and text barely compare, they’re totally different orders of magnitude in bandwidth and processing needs. So does an AI scraper have to do all that decoding? I actually have no idea, but there definitely could be shortcuts, ways to just avoid it. For instance, they may only care about the audio, or perhaps the transcripts are good enough for them.
Many blind people don’t, because for blind people a text-based interface makes a LOT more sense than a graphical user interface. And the text-based browsers don’t precisely excel on JavaScript.
(But, who cares about some blind people anyway?)
I didn’t know that. I had assumed people using screen readers would use the same versions of websites as everyone else.
Off to do some research, to make my own sites more accessible for the blind!
Most Lemmy frontends don’t work without JavaScript.
I may be wrong, but I’m pretty sure most blind people just use regular browsers with a screen reader like JAWS or NVDA.
Most do, many don’t.
Most blind people are not told by anybody that you can use a computer in text form, because most sighted people don’t know you can. The user experience is on a whole another level when you have an interface that is basically tailored to you, instead of using something made for people with wildly different abilities than yours! At least, when I watch my friend browse the web in those two formats, the difference is daunting.
It’s not okay to block them from using an otherwise much better option. Even if not everyone knows about the better way.