(Gonna expand on a comment I whipped out yesterday - feel free to read it for more context)


At this point, its already well known AI bros are crawling up everyone’s ass and scraping whatever shit they can find - robots.txt, honesty and basic decency be damned.

The good news is that services have started popping up to actively cockblock AI bros’ digital smash-and-grabs - Cloudflare made waves when they began offering blocking services for their customers, but Spawning AI’s recently put out a beta for an auto-blocking service of their own called Kudurru.

(Sidenote: Pretty clever of them to call it Kudurru.)

I do feel like active anti-scraping measures could go somewhat further, though - the obvious route in my eyes would be to try to actively feed complete garbage to scrapers instead - whether by sticking a bunch of garbage on webpages to mislead scrapers or by trying to prompt inject the shit out of the AIs themselves.

The main advantage I can see is subtlety - it’ll be obvious to AI corps if their scrapers are given a 403 Forbidden and told to fuck off, but the chance of them noticing that their scrapers are getting fed complete bullshit isn’t that high - especially considering AI bros aren’t the brightest bulbs in the shed.

Arguably, AI art generators are already getting sabotaged this way to a strong extent - Glaze and Nightshade aside, ChatGPT et al’s slop-nami has provided a lot of opportunities for AI-generated garbage (text, music, art, etcetera) to get scraped and poison AI datasets in the process.

How effective this will be against the “summarise this shit for me” chatbots which inspired this high-length shitpost I’m not 100% sure, but between one proven case of prompt injection and AI’s dogshit security record, I expect effectiveness will be pretty high.

  • imadabouzu@awful.systems
    link
    fedilink
    arrow-up
    2
    ·
    5 months ago

    It absolutely is effective – but there’s economics at play. You can’t 100% close the whole on anything. Scrappers can themselves employee expensive techniques to try to sort or clean content pre-training.

    But altering the economics is meaningful, even if it won’t give you strong guarantees. Big, maximalist systems fall from a million paper cuts. They live or die on the economics of the smaller parts.

  • V0ldek@awful.systems
    link
    fedilink
    arrow-up
    1
    ·
    5 months ago

    How about honeypotting? What’s the chance the crawlers are written smart enough to avoid a neverending HTTP stream?

    So this is an idea from SSH: you make a server that listens at port 22 and responds to any connections with a valid, but extremely long message slowly fed to the source byte by byte. Automated bots that look for open SSH ports or vulns get trapped there, and they have to keep consuming resources to service the connection.

    Also what happens if you try to feed it an infinite HTML file very quickly? Like just spam the stream with <div><div><div>...?

  • mountainriver@awful.systems
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    LLMs just train on which words follow which, right?

    So if the version of the text changes every other word, it should mess with them. And if you change every other word to “communism” it should learn that the word “communism” follows logically after most words.

    Just spitballing here, but I would find making the robots they intend to replace workers with into communist agitators rather funny.

    • YourNetworkIsHaunted@awful.systems
      link
      fedilink
      arrow-up
      2
      ·
      5 months ago

      Or you identify which company is scraping you and feed their GET request into their own model to make the resulting training data as incestuous as possible.