25 comments

  • harshreality 3 hours ago
    > ...we have tried to minimize the impact on real readers as much as possible. We have not gone with tools like Anubis, partly because it causes annoying delays for those trying to get to the site, but also partly because it seems inevitable that the scrapers will eventually find their way around it. Indeed, there are some indications that is already happening. A proof-of-work requirement is not a huge obstacle when you have millions of other people's machines to do the work on.

    It's massively less annoying than a captcha, which is both a longer delay (typically, at present) and a massive cognitive distraction/roadblock.

    The anubis author has stated they recognize it's an arms race, but PoW scales. Captchas and other signals are already at the end of the road; any additional difficulty increases false bot-positives, which are already unacceptably high.

    For websites running dynamic languages, a binary (anubis is in go) sentry that operates before[1] the website is forced to expend any resources, is usually a large improvement over a site-hosted captcha. I would rather, and I think most humans would agree, have to wait a few seconds, maybe even closer to a minute in the future, to get a website access token good for a day or a week, than be forced to solve a captcha.

    The dilemma for bots: when tokens are bound to the connecting ip, scrapers must limit the connecting IP pool for each site they want to scrape, becoming much more obvious and easy to block, or they have to use massive amounts of compute.

    [1] this is true regardless of whether anubis is in reverse proxy mode or auth mode.

    • Groxx 1 hour ago
      Anubis is by far the least annoying throttler I encounter. Entirely agreed, just crank it up when you get a flood, I much prefer waiting a couple seconds to interacting with custom UI for tens of seconds.

      I'm so glad to see that (essentially) HashCash is coming back. Now we just need it for email, like it was originally designed for...

      • harshreality 1 hour ago
        You don't have to wait for the flood. You can add rules to add weight based on system load, and add more difficulty levels beyond the ones in the default config.

        I've only just started using it, and the existing config DSL doesn't let you do this, but it's just a patch away (in principle): instead of using system load as a signal to increase or decrease weights, use a combination of finalized weight and system load (or a load-equivalent or net-traffic-equivalent signal from some openmetrics agent) to select between difficulty buckets.

        So, as an example, difficulty could have an arbitrary scale independent of load, and regardless of that scale, it could increase by 1 at 50% cpu, 2 at 80% cpu, etc. I'm also not sure currently if a challenge will re-appear if anubis determines that a client should get a difficulty N challenge, but they only have a token for an N-1 or N-2 challenge. Easy enough to implement in principle, I just haven't looked at the code at all. I shall test it to see if it already does that.

      • alightsoul 50 minutes ago
        From my understanding this is also how cloudflare bot protection has worked for a long time, and then they look for entropy in user input to confirm the user is human. Also how recaptcha without images works.
    • PlasmaPower 41 minutes ago
      I don't think PoW scales, because if the bot authors get serious they'll start using native implementations that are much more efficient than the web ones real users are running. In theory maybe Anubis could start using WebGPU to help close that gap, but then anyone without WebGPU support is out of luck.

      Then again, a large portion of the problem seems to be bots making way too many requests and in general not being optimized in the first place, and this does help filter those out.

    • m463 1 hour ago
      At least anubis works for me. (I run umatrix)

      Unfortunately whatever HN is using routinely blocks my login with "Sorry."

      some websites just always give me 403.

      • duskwuff 1 hour ago
        > Unfortunately whatever HN is using routinely blocks my login with "Sorry."

        I believe that's the HN application itself, not a WAF in front of it.

        • asdfsa32 41 minutes ago
          HN is surprisingly very very guilty of a whole lot of anti-user patterns and behaviour that other companies get regularly lamented.

          Poor accessibility, bad mobile support, no options to delete content beyond a narrow window.

  • mips_avatar 7 hours ago
    I feel like the solution is a better common crawl. As nice as it would be to block the frontier AI labs from getting access to information, we should reset the baseline of information accessibility so there's less marginal advantage on these labs.

    I worry a lot of the anti scraping rhetoric will just injure the open web and put somebody like cloudflare in charge.

    • andai 5 hours ago
      What really confuses me is ... people always say, it's because companies are gathering data for AI training. Then why would they need to scrape the same page thousands of times per day?

      Edit: the article says millions of times per hour? (!?)

      The article is also astonished by this, and speculates it might be some kind of underground AI labs but... millions of them? Or does it only take one with too much money and a badly configured scraping setup?

      • catdog 57 minutes ago
        Maybe they have just too much money at hand, would not surprise me, people are still investing into gen AI like there is no tomorrow. Also, for the completely criminal operations, you only have to find a way to infect and distribute your bot to, e.g. some common internet of shit device. Scaling is basically free afterwards as you don't need to ask anyone. The article also hints that those are actually the biggest problem.

        Then there is probably also a lot of time pressure on the people implementing and operating those scrapers so they have even less incentive to optimize their code.

      • bigiain 6 minutes ago
        > a badly configured scraping setup?

        Cynical-me assumes every single AI company is vibe-coding everything, and _all_ their scrapers are as badly written as the typical publicly available scraper code and tutorial - mostly written by self promoting spammers and SEO "experts" in the late 2010s.

        Any they all DGAF about wasting website owners server/network resources, of the CPU and network resources of the "dumb schmucks" who have a free vpn installed or a factory-hacked cheapo media box or mobile game the developer has surreptitiously monetised with a residential proxy sdk.

        It also wouldn't surprise me at all to find there are dozens of competing training data acquisition teams at every frontier and wannabe frontier AI company - scraping the entire web in parallel to meet internal KPIs. Half of which have lost entire datasets due to vibe coded storage and archive setups.

      • axus 22 minutes ago
        Maybe someone is paid per scrape, without reduction in payment for duplicates.

        Maybe every web query for Linux commands in $LARGE_COUNTRY checks all the Linux websites again.

      • mips_avatar 2 hours ago
        I kind of wish the recent Google monopoly court ruling had forced Google to open up their index to anyone, not just Perplexity/other big players.
        • catdog 54 minutes ago
          That's really a huge issue right now (to some extent even before the AI hype) that almost everywhere google is effectively the only entity explicitly allowed to scrape.
      • alightsoul 52 minutes ago
        Maybe they are aggressively scanning for updates on the page
      • cyberax 1 hour ago
        Hah. I have a homelab with a couple of sites, including a personal Forgejo installation.

        Last night my server turned off because it went into thermal protection shutdown. Turns out, my all-in-one cooler has inoperative fans, which I normally never really notice. The passive heat dissipation from the water cooler is more than enough.

        However, this time they hammered my computer for 12 hours with about 200 requests per _second_ to my Forgejo.

    • ronsor 25 minutes ago
      Ironically in early 2023 a lot of websites went out of their way to block Common Crawl. Unsurprisingly that shifted scraping toward individual actors whereas the previous solution in research was to download CC dumps and process them.
    • nobodywillobsrv 5 hours ago
      Feels like it would be a good time for freenet and the like to catch on.
    • jay_kyburz 6 hours ago
      I agree, if up-to-data data was available somewhere else and free, there would be no reason to pay hackers and scrape.

      You could perhaps even get website operators to "push" new data to a common crawl database. The scrapers would learn there is no value on scraping X domain because the data is available elsewhere more easily.

      • jay_kyburz 6 hours ago
        How about a website header with a link to a static zip that contains the whole website in one hit. The Zip could be hosted on some big public sever. Perhaps even mirrored locally for each nation.
        • mips_avatar 6 hours ago
          that's hard to do with rendered content, oftentimes the result depends on a backend service. Maybe you should make the service it's running public but that might be a line most aren't willing to cross.
          • jay_kyburz 5 hours ago
            I was thinking you scrape your own website every day in the middle of the night when traffic is low, and make that available. They can come and collect it every day if they want to.
            • mips_avatar 5 hours ago
              Yeah. Though I guess the point I thought of was like a deals site. That would have infinite pages and content
  • ValentineC 1 hour ago
    From the article:

    > More recently, media-streaming devices have been identified as a major carrier of malicious scraping software. Sometimes the devices are compromised at the source; other times, they are just poorly secured and easily compromised after the fact.

    I run an OPNsense firewall at home and the OpenWRT router at a hackerspace. Are there ways of auditing that devices aren't compromised? Tracking which devices still send lots of data when no one else is using the network?

  • sixtyj 6 hours ago
    The issue with scrapping is the intensity and volume of bots.

    I think that nobody would care if I use wget or curl for few pages, e.g. because I would like to read a site as offline or archive it.

    Btw average age of any page is 10 years. Deletion or structural change after acquisition is common, Signal vs Noise site recent wipe out could serve as an example why we need to archive sites.

    • ccgreg 5 hours ago
      A lot of websites want "bot defense" due to high volume scrapers, and that "bot defense" often also ends up blocking low-volume wget/curl and polite crawlers like Common Crawl's CCBot.
      • sumedh 5 hours ago
        Cloudflare can verify certain bots when they come from known ip addresses. So if your site is using cloudflare it can let CCBot if it has done the verification.
  • dang 5 hours ago
    One article mentioned in the OP was discussed here:

    Disrupting the largest residential proxy network - https://news.ycombinator.com/item?id=46802748 - Jan 2026 (221 comments)

    • fragmede 5 hours ago
      How does HN fare with scraper load? Is it just CDN and pay the extra bandwidth bill for anon hit requests?
      • dang 2 hours ago
        It's really bad. I found myself identifying with everything Jonathan wrote in the OP - so much so that I thought of asking to compare notes on mitigation measures.
        • khurs 1 hour ago
          Ive been seeing a 'sorry' message occasionally when accessing older pages.

          Is that a side effect of whatever you are doing?

          • dang 53 minutes ago
            It was, but there were too many legit users getting affected, so we turned most of that off a few days ago. Are you still seeing it?
            • khurs 3 minutes ago
              Not in last day no.
      • Bender 4 hours ago
        Not dang and not the person you are asking but there is no CDN. HN is just two servers running BSD one active and one standby. HN is all text so there is not much bandwidth usage.

        I did an experiment and linked from HN to my lame blog site and disabled all my anti-scraping measures. Even with all the bots I did not see that much traffic. I suspect some people are specifically being targeted by very poorly configured or very poorly written archiving scripts. Just one example thread discussing this with someone on HN [1]. Each case of being targeted will require looking at generalized characteristics but most are easy to stop in my opinion and experience.

        [1] - https://news.ycombinator.com/item?id=48416693

      • dredmorbius 4 hours ago
        For one datapoint ...

        I have a custom HN CSS which includes some formatting of different sets of user accounts. Admins, for example, get orange highlighting and a dragon emoji (for one does not meddle in the affairs of ...).

        Also included are leaders, which is the one part of my CSS build script which is, or at least was until a few minutes ago, dynamic. Presently HN is returning "sorry" to my curl request. Given that I run that build manually a few times a month, it's not a matter of hitting HN with frequent scrapes. But HN has become increasingly scrape-hostile over time.

        Back in 2023 I did a crawl of all of HN's front-page daily history (365.25 days/year * 17 years, so about 6,200 requests), to answer a question which had come up about what was/wasn't mentioned in submission titles. That scrape included a delay (probably either 1 or 10 seconds, possibly more, I don't recall which and may have run the fetch directly from the command line), and ran (initially) without issues. I don't think it would fly today.

        I reported on findings at the time and several times since:

        <https://news.ycombinator.com/item?id=36078578>

        <https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...>

        • fragmede 3 hours ago
          HN is exported to firebase, which you can hit directly, for that sort of purpose

          https://github.com/HackerNews/API

          • dredmorbius 3 hours ago
            I know that.

            I've not worked with the API, and there's the blessing/curse (blurse‽) that HTML is a known, if poor, standard.

            API always translates to "one more thing to learn, that's applicable to a single-use case". HTML scraping / sorting I can apply across multiple sites.

            That said, a standard, say, JSON packaging of website contents available on request might be fun to have.

            • fragmede 1 hour ago
              I feel less bad hammering firebase in a "while True:" loop vs hitting HN's servers.
  • everfrustrated 6 hours ago
    I wonder how much of this is traffic caused by peoples agents using web tools causing searches and fetches rather than general trawls of the internet.
    • corbet 6 hours ago
      Very little of it. When you see a million IPs systematically working their way through your URL space, it's pretty clear that there's a central control node behind it all.
      • everfrustrated 6 hours ago
        Your earlier article suggests you aren't using a CDN. Might be well worth looking into - not for any bot detection so much as just having a good old fashioned cache in front of you.
    • noxvilleza 5 hours ago
      Most well-known/large agentic web tools I've seen are actually super honest about who they are -- even when they write out scripts they're very keen to identify themselves using user-agents. Most of the time those tools are fine - it's the ones that happen to have a random choice of the 5 most common Chrome/Firefox user-agents making sequential scrapes but cycling through IPs on African and South American residential IPs that are the problem!
      • TurdF3rguson 5 hours ago
        Yes I've seen it. ClaudeBot will gleefully announce itself when it hammers my niche website a million times a day.
        • noxvilleza 3 hours ago
          At least those bots are easy to block though. I run a niche stats website for an esport and I have no idea why there's loads of residential trawlers/botnets with 10k+ IPs trying to get that data - most of what they scrape is directly available from Valve's APIs.
          • TurdF3rguson 3 hours ago
            > I have no idea why there's loads of residential trawlers/botnets with 10k+ IPs trying to get that data

            Probably as simple as the fact that there are unmetered residential proxy plans, which means once you're already paying for one, there's no reason not to use it for everything.

    • dawnerd 5 hours ago
      I've seen some logs where a bunch of random ips were hitting a client's search endpoint feeding what looked like user questions to it. Of course none of them returned anything useful but it was causing a lot of strain and even causing the site to go down (gotta love wordpress's stock search).

      I'm guessing the training companies are taking real/synthesized user queries and trying to distill what they can from site searches.

  • Bratmon 6 hours ago
    Residential Proxies are the most emblematic technology of our era- a group of people looked at something that used to be considered a crime (botnets) and realized that if they just did it openly, no one would ever punish them.
    • solidasparagus 53 minutes ago
      This is a super dishonest characterization. Running software on a bunch of machines, even machines in other peoples' homes has never been a crime. Folding@home isn't a crime (obviously). It's controlling those machines without consent via malware that is criminal. And if it is open and consensual in exchange for something a person wants, it is unreasonable to compare it to botnets.
    • TurdF3rguson 5 hours ago
      I think they also have to operate in countries that don't mind shady things like this.
    • thomasahle 5 hours ago
      TIL:

      > Many providers build their proxy pools by partnering with device owners who agree to share their bandwidth, while others use embedded SDKs in free apps or VPNs.

      WTF. That's just botnets.

      Source: https://www.fbi.gov/investigate/cyber/alerts/2026/evading-re...

      • jolmg 4 hours ago
        Mmm... your quote (IDK where it's from) mentions them having consent from device owners, but your FBI link cautions on how to avoid getting infected by malware.

        If they have consent, they're not really botnets. Botnets involve infecting devices without the owners knowing.

        With consent, it wouldn't be much different from e.g. open WiFis at restaurants and hotels, companies using a single ISP and single public IPv4 address for all their employees, and most VPN services.

        • not-a-llm 4 hours ago
          by consent they mean a dialog/EULA with careful wording was display and the user clicked ok.
          • Barbing 58 minutes ago
            And even if you spent a minute explaining the proposition to a user off the street, it still wouldn't be fair unless you laid out the drawbacks. Which leads me to a question.

            There must be countless individuals all over the world who suddenly can't log into their Gmail or create any new accounts because a fraudster sent spam from their IP. I wonder: has anyone has tried to quantify that problem?

    • BoorishBears 5 hours ago
      Thank god for residential proxies.

      Highly unethical but the way the internet is going they're the last anti-hero of a somewhat open internet

      • Bratmon 4 hours ago
        By providing a way for corporate AI scrapers to operate with impunity and force the last few independently-run websites to move to the cloud?
        • BoorishBears 3 hours ago
          No one's firing up a residential proxy to read your blog, and the corporate AI scrapers have all the resources in the world even without residential proxies

          They're most useful for getting information from the cloud hosted sites that hoarde most of humanity's output today like Youtube and Reddit.

          • Bratmon 1 hour ago
            I actually read a really interesting article from a relatively small blog explaining that they're receiving a massive amount of scraper traffic from residential proxies.

            The article was called "The one we're commenting on"

            • BoorishBears 1 hour ago
              > The LWN content-management system contains over 750,000 items (articles, comments, security alerts, etc) dating back to the adoption of the "new" site code in 2002. We still have, in our archives, everything we did in the over four years we operated prior to the change as well. In addition, the mailing-list archives contain many hundreds of thousands of emails.

              Does that sound like your typical self-hosted blog?

      • zuzululu 5 hours ago
        i know a few very large startups that used it to fake their way into an exit

        unethical yes but really raises the question as to what we see is real or not

        • morkalork 5 hours ago
          Money is real. DAU that don't pay subscriptions, or don't lead to paid conversions on hosted ads, are worthless.
        • BoorishBears 4 hours ago
          "Raises the question of what we see is real"

          No they really don't, dishonest founders do that.

          You're one with the lower case shibboleth so I have no doubt you surround yourself with dishonest founders, but faking users is pretty damn low on the usecases for residential proxies.

          I said they're unethical because they tend to be hidden in innocuous seeming apps or sprung on unwitting individuals via clickwraps on their smart devices.

          • zuzululu 2 hours ago
            ive seen unscrupulous founders fake traction during diligence, which is my day job

            but ive never seen one raise $4.5m for an ai agent startup built around pulling fresh web data, then openly cheer the unethical proxy infrastructure used to evade consent and blocks

            then inventing a fantasy about who i associate with instead of answering that conflict is an unusually loud form of projection

            • BoorishBears 1 hour ago
              How strange, my fantasy was totally on point and literally describes your day job! But does the forced lowercase thing just erode one's ability to make a coherent point?

              "ive never seen one raise $4.5m for an ai agent startup built around pulling fresh web data, then openly cheer the unethical proxy infrastructure used to evade consent and blocks"

              You've never seen this, making this non-sequitur? Or this "directionally correct by my priors" speak for something else?

              -

              Either way it has nothing to do with why the proxy is unethical (I already covered that) and everything to do with why their startup is unethical

              (or not? if they're not being assholes about the scraping more power to them, I've used proxies + agents to let my users get their own data off other sites that felt it was their right to block people from accessing their own data easily)

  • tingletech 7 hours ago
    The comments are not showing up for me now, but when they were still showing for anonymous users, there was a link to https://commoncrawl.org. I've been sort of worried about letting agents hit websites, I wonder if a fetch_url agent tool could be made to look in common crawl first before hitting the web for it?
    • colinsane 5 hours ago
      just their smallest dataset looks to be 6 TB _compressed_. not a thing you can really ship as part of the agent. but if somebody made a fetch_url tool that sharded that across all users of it, i'd give it a try. could probably just layer that on top of bittorrent or IPFS or something.
      • binarymax 1 hour ago
        It’s not that hard. I’ve done this. The list of URLs for a crawl is several hundred gigs. Easily fits in a lookup index on a single instance.
      • dylan604 1 hour ago
        If you scrape 6TB from across the web or grab it from one place, it's still 6TB
  • rao-v 2 hours ago
    I’m skeptical that the problem they are trying to solve is truly unreasonable bandwidth demands.

    Sometimes it feels like what people want is to only serve websites and content to good normal users but not evil bad “scrapers” (because maybe maybe your content will be monetized in some nebulous way) but … you put your content up publicly on the web! That should be part of reasonable use!

    EDIT: Lwn.net is perhaps not a fair target of my ire.

    “There is also a desire to not impede the operation of legitimate search engines, the Internet Archive, and other such groups. Some sites may add explicit allowlists to, for example, give the dominant search engine access to the site. Such measures have the effect of further entrenching a monopoly that already serves us poorly and should be avoided. We have, thus far, succeeded in that.”

    Is reasonable! Many others are not

    • Catloafdev 1 hour ago
      If it weren't a real problem, these types of articles and services wouldn't exist.
    • TZubiri 1 hour ago
      Why the air quotes? Evading a ban and using (potentially ill gotten) residential ips to circumvent that refusal of service, is a bad actor.
    • trucks-refinish 11 minutes ago
      [dead]
  • Avery29 1 hour ago
    Google itself is a huge database.Who makes these rules depends on who's leading the market.
  • arjie 4 hours ago
    What a pity. Mostly I just want personal archives of things so that I can search them much faster than commercial solutions and the like.
  • charcircuit 25 minutes ago
    >types of operator running residential-proxy networks to attack web sites.

    This is such a malicious interpretation. Do you think VPN operating are also trying to attack websites? Both offer the same kind of product.

    >paid for hijacking their users' network connections

    Nothing is being hijacked. Again the author is using wording to try and paint these people as malicious actors.

    >Recently, LWN was subjected what was, by far, the heaviest scraper attack yet.

    LWN is a static site. To me it seems more expensive to use Anubis than just serve the actual page.

    >will now check for NetNut-infected apps

    Apps are not infected with NetNut. This is just Google abusing their monopoly position to hurt its competitors.

  • WarOnPrivacy 2 hours ago
  • 627467 2 hours ago
    Has no one noticed their miniflux instance failing to fetch feeds because of this?
  • andai 5 hours ago
    >There are ways to tell the difference — the bots usually do not fetch images or CSS, for example — but, by the time that determination is made, the address in question will not be used again. Blocking the address at that point is just a waste of time.

    I don't get it. Don't we keep blacklists of this stuff? And if they hammer thousands of requests per site per second and never reuse an IP, they'd run out of addresses in a few weeks.

    Then they'd switch to IPv6, and... well, are we using IPv6 for anything important?

    Like we need it for IoT, but do you want random IoT devices talking to your web server? (IPv4 handled mobile phones just fine not that long ago, right?)

    • dylan604 1 hour ago
      > do you want random IoT devices talking to your web server?

      Probably not, but since IoT manufacturers did zero to lock down their devices, those devices are doing a lot more than their owners think they are doing

  • cyanydeez 7 hours ago
    mmm, in many cases these residential proxies are media boxes, and they consent as much as anyone else consents to what amazon, or google or facebook does; it's buried somewhere in the recesses of the TOS.

    The question is more about why the US and others can't properly enforce the bullshit all this amounts to.

    • SR2Z 5 hours ago
      Because this isn't clearly against the law, nor should it be. If websites want to ban based on IP address lots of innocent users get caught in the cross-fire.

      I'm not sure what the solution would look like - maybe Cloudflare's payment required for requests beyond a certain limit? But I think that the world needs user freedoms now more than ever.

    • TurdF3rguson 4 hours ago
      What exactly should be illegal here? Scraping websites? AI agents? Not following robots.txt?
    • bell-cot 6 hours ago
      "He who has the gold makes the rules" is older than the pyramids.
    • mschuster91 5 hours ago
      > The question is more about why the US and others can't properly enforce the bullshit all this amounts to.

      It would cost too much money, either for police to raid all the physical shops and ebay sellers selling dodgy IPTV boxes, or for ISPs to hire enough competent support staff to monitor and respond to abuse@ email addresses and follow through.

  • TZubiri 1 hour ago
    >We have not gone with tools like Anubis, partly because it causes annoying delays for those trying to get to the site, but also partly because it seems inevitable that the scrapers will eventually find their way around it. Indeed, there are some indications that is already happening. A proof-of-work requirement is not a huge obstacle when you have millions of other people's machines to do the work on.

    The first argument that it introduces delays to users is solid, but I would advise reconsidering on the second one that a PoW workaround will be found. The moment it does you'll be able to tell because Bitcoin will crash to 0.

    Will bots use infected computers to do compute to work around it? Maybe, but it requires a CPU in addition to a network reputation, 2 mechanisms are stronger than one.

  • eduction 6 hours ago
    Can BitTorrent’s architecture contribute anything useful here?

    I admit this is a naive question. I have no idea how applicable bt is to web requests. This problem just seems to have a similar “too many people want this resource” shape.

    • fragmede 5 hours ago
      Yes but it's getting bot owners to use it is the problem. There's already the common crawl repository to start with but it isn't being used.
      • ccgreg 1 hour ago
        Common Crawl's dataset was downloaded in full 100 times in 2025.

        We agree that it would be great if it was even more widely used.

      • dylan604 1 hour ago
        as well as the bot owners could would never believe that the torrent has been kept up to date. the only way to do that would compare to the actual site, so why not just scrape the actual site and be done with it?
        • ccgreg 1 hour ago
          Common Crawl's archive has metadata that says when each record (html file) was crawled.
          • charcircuit 9 minutes ago
            But who stores the metadata for the last date the site updated so you know if it needs to be refetched or not.
  • zb3 5 hours ago
    > widespread scraping of web sites in search of training data for large language models and related projects

    This is a good thing, thanks to this we have powerful open source LLMs.

    > This activity overwhelms sites with traffic.

    When LLMs get good enough, we won't need those sites anymore :)

    [not satire, this is what I think, without self-censorship]

  • atomic128 7 hours ago
    There is a large community of people that poison scrapers.

    The poison gets better every day, and the community is continuously growing. Poison Fountain, alone, transmits hundreds of gigabytes of poison per day, which goes into scrapers, git repositories on every hosting platform, social media, etc.

    Part of the poisoning community on Reddit, for example: https://www.reddit.com/r/PoisonFountain/comments/1uocaii/a_n...

    • dang 6 hours ago
      I've banned this account because we don't allow single-purpose accounts on HN, and your account has been doing that for quite some time now.

      We ban such accounts regardless of what the single purpose happens to be. Pre-existing agendas are not what HN is for and destroy the curious conversation that it is supposed to be for.

      https://news.ycombinator.com/newsguidelines.html

      Edit: If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future. They're here: https://news.ycombinator.com/newsguidelines.html.

      • dredmorbius 5 hours ago
        Seriously, dang?

        10 comments (excluding subsequent in-thread replies) over four months, always in contexts in which either the topic of LLM scraping or Poison Fountain itself has already been mentioned.

        This strikes me as contextually informational, and is no different from other project representatives appearing in threads discussing their own subjects or posts. Such as, say, Jon Corbet (@corbet), of LWN, whose activity on HN shows a similar pattern and roughly equivalent frequency.

        I hope it goes without saying I'm not suggesting corbet's handle be banned, anything but.

        atomic128's comments are predictable, but apposite, informative, non-disruptive, and address an increasingly urgent issue. Whether or not it's an effective mitigation is of course another discussion, but it seems plausible at first blush.

        As dang should well know but others may not, I often contact mods directly for HN issues, including numerous "one-note flute" alerts. atomic128's account should be un-banned, though perhaps they might communicate with HN's mods over what would be a more acceptable mode of interaction.

        • dang 2 hours ago
          The most recent 60 (!) comments plus every submission of the last 6 months were all about the same thing. That's extreme. The posts didn't all mention that specific project, but there was only one topic and they were extremely repetitive. This is not a close call.

          I made it all the way back to https://news.ycombinator.com/posts?id=atomic128&next=4628060... (6 months ago) before seeing posts about anything else, only to find that there was a different agenda before that. Not cool.

          Edit: and before all that, there was this: https://news.ycombinator.com/posts?id=atomic128&next=4164795.... This is obviously not using HN as intended.

        • dataflow 1 hour ago
          > Such as, say, Jon Corbet (@corbet), of LWN, whose activity on HN shows a similar pattern and roughly equivalent frequency.

          I took a look at the most recent comments from both accounts and they don't look similar to me in this respect.

          I think there are two questions here though:

          1. Was the violation egregious?

          2. Did it deserve an immediate ban, or did they deserve a warning etc.?

          Seems to me the answer to (1) is yes, but the answer to (2) I'm less sure about.

        • fragmede 5 hours ago
          I think the reasoning is about having alt accounts for different purposes. He intention is to map one human to one account and have all of their thoughts from that one account, instead of one human having one account to discuss scraping on, and a different account to discuss crypto on.
      • user- 5 hours ago
        Just curious dang, did you warn them before banning?

        Im not against the ban perse (single purpose accounts are bad), just curious if they had a chance to change their contribution style.

        • dang 2 hours ago
          No, but if they have a change of heart and genuinely want to use HN as intended, they're welcome to let us know. I've added that in an edit now.
      • nekusar 5 hours ago
        This is a strong positive sign that poison fountain works.

        I wasn't aware of this project. Thanks for the heads up.

        • dang 2 hours ago
          It's not a sign about that project in any way. I had never heard of it and have no opinion about it one way or the other.

          It's just a sign that single-agenda accounts aren't allowed here—no more, no less. That's why I said "We ban such accounts regardless of what the single purpose happens to be".

    • logancbrown 6 hours ago
      People think this is causing issues for data collection for LLMs, but in reality it's not and there are several very trivial mechanisms to employ in data collection to bypass the "poison data" issue. The internet landscape was already poisoned with fake data, fringe conspiracies, and text before this Poison Fountain initiative.
      • andai 5 hours ago
        Yeah. A fun thing to do is to try and actually read common crawl!

        Really makes you think, what we're feeding them...

      • zuzululu 5 hours ago
        exactly i took a look at that subreddit and doesnt look like theres any professionals just bunch of anti-AI users who thinks they are smarter

        its very easy to detect and bypass poison type of tools largely because of the fact that there are far more outlets for truthful info so unless you can get everyone to buy in (with real legal liabilities) its not effective

        also its possible to poison the poisoners with a certain pill that would have very real consequences for those maintaining whatever github repo/communities

  • stefantalpalaru 6 hours ago
    [dead]
  • tiahura 5 hours ago
    Again, why do we allow China on the Internet?

    Backbone operators should not be allowed to knowingly maintain connections to networks that allow connections from China or Russia.