"A pseudonymous coder has created and released an open source “tar pit” to indefinitely trap AI training web crawlers in an infinitely, randomly-generating series of pages to waste their time and computing power. The program, called Nepenthes after the genus of carnivorous pitcher plants which trap and consume their prey, can be deployed by webpage owners to protect their own content from being scraped or can be deployed “offensively” as a honeypot trap to waste AI companies’ resources.
“It’s less like flypaper and more an infinite maze holding a minotaur, except the crawler is the minotaur that cannot get out. The typical web crawler doesn’t appear to have a lot of logic. It downloads a URL, and if it sees links to other URLs, it downloads those too. Nepenthes generates random links that always point back to itself - the crawler downloads those new links. Nepenthes happily just returns more and more lists of links pointing back to itself,” Aaron B, the creator of Nepenthes, told 404 Media.
“Of course, these crawlers are massively scaled, and are downloading links from large swathes of the internet at any given time,” they added. “But they are still consuming resources, spinning around doing nothing helpful, unless they find a way to detect that they are stuck in this loop.”"
https://www.404media.co/developer-creates-infinite-maze-to-trap-ai-crawlers-in/
#AI #GenerativeAI #AITraining #WebCrawling #CyberSecurity
Assuming they choose not to easily patch this with a simple depth limit, this is a good way to just waste your server resources and cost yourself money while impacting site performance for everyone else, ensuring that the only people visiting your site are the bots. So far all these “anti-AI” projects are either nothing-burgers or self-imposed malware.
@remixtures@tldr.nettime.org that’s great, some days ago i saw some people on r/selfhosting discussing how to stop AI crawlers that don’t respect robots.txt (so all of them) and there were a lot of people basically reinventing the tarpit idea, having a dedicated tool for that is great, combined with a simple logging of all ip ranges falling for it to get blacklisted we might get a fighting chance, there were even people serving zip bombs to ai bots, but i don’t believe they would bother to open it
@remixtures@tldr.nettime.org they seem to repeatedly and endlessly hammer certain pages on sites, too, for no reason. Some of the stories on here are horrendous - openAI &tc effectively DDOSing entire sites!
I’m betting this, alongside rampant advertising, is a big part of why the Internet seems so much slower than a decade and a half ago, in spite of speeds of home Internet being many times what they were then
@laurelraven We had cable internet, 30 years ago in Preston. 30mbps and it was far faster than the 750mbps we have now!
A few years ago the average webpage was larger than the whole of Doom. What they are now, who even knows?
I guess just adding something like a link depth limit would already counter that
Not sure, if that would reduce the gathered information on legitim sites much, but I don’t think soYeah, this sounds like something I tackled when mirroring webcomics, twenty years ago. Dynamic webpages with a “Next” button are not new.
The interesting part is the detection of AI crawlers and selectively feeding them markov chain nonsense
People used to do something similar to email-harvesting bots.
Nepenthe! Nepenthe! And forget this lost Lenore
Quoth the raven,
@remixtures@tldr.nettime.org interesting, the hackernews thread linked in that article has someone talking about similar tools
https://news.ycombinator.com/item?id=42726426
