Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

56% Positive

Analyzed from 1135 words in the discussion.

Trending Topics

#things#bot#agent#browser#don#web#every#sites#trying#bots

Discussion (46 Comments)Read Original on HackerNews

csnoverabout 2 hours ago
Man, this sucks. I doubt there’s anything that I can say to get people to stop doing things like this, but the eventual outcome here isn’t going to be freedom for you to scrape sites that are trying to avoid being DDoSed by bots, but instead that we all end up in a world where device attestation is required to do practically anything online. And for what?
TrevorFSmithabout 3 hours ago
Is it ethical to scrape when a site has explicitly blocked bots? I know a fair number of people who run small sites who are already considering closing them down because the bots are relentlessly hammering their sites and driving up hosting costs.
lemagedurage41 minutes ago
Use cases range from sending 100s of requests per second just to bring a website down to doing a montly request to a municipality's endpoint to get a local dashboard of when trash is picked up. I don't think you can pass a single judgement of automating web requests in general.
estabout 2 hours ago
> Is it ethical to scrape when a site has explicitly blocked bots

Ethical? ppl get jailed in China for this. "Breaching computer systems" is a felony.

yogorenapanabout 1 hour ago
I know for a fact companies in China do this. One paid me directly for work in this space, and in another, I found my own OSS project in their artifact cache while working there.

I've only ever gotten in trouble in the UK

cr125riderabout 3 hours ago
I think it really depends on how the bot is run. If the bot is replacing me navigating there manually, absolutely. If it’s sucking up content to rip off and make someone else billions of dollars, no.
fooquxabout 2 hours ago
Why do you feel entitled to navigate to a website you neither own nor pay for via a method the owner expressly forbids?
matheusmoreira14 minutes ago
Because I should be able to choose whatever user agent I want. The owner gets to "forbid" things on his computer, not on mine.
theptipabout 2 hours ago
Why do you feel entitled to dictate what user agent I use, if it’s well-behaved?
stronglikedan44 minutes ago
If it's just impersonating me to help me better consume the content as if I were the one driving, then it's perfectly ethical, and not even related to a bot ban. Shades of gray and all...
tadfisherabout 1 hour ago
This page is only viewable in Internet Explorer 5.5. Please switch to a supported browser.
mxkopyabout 1 hour ago
Accessibility, saving time, personal preference. Any number of reasonable things that don’t put undue stress on the host
LoganDarkabout 3 hours ago
It's most definitely unethical.
xnxabout 1 hour ago
> Bot detectors flag automation by reading the browser fingerprint; Fortress corrects that fingerprint inside Chromium's C++, so the browser presents as an ordinary Chrome install.

This does not seem like it would work against anything but the most basic bot protection.

BLKNSLVR43 minutes ago
Does Anubis still work? (against this?)
newaccountman2about 3 hours ago
odd name; shouldn't it be named after something that stealthily infiltrates fortresses?
BLKNSLVR42 minutes ago
Algae
ArmanLuthraabout 3 hours ago
fellow contributor on this.

we thought of it the other way round: your automation is the fortress, and every bot-detector trying to fingerprint it is the siege.

also most good burglar names were taken on PyPI

arhamshahrierabout 3 hours ago
in my defence, i did lobby hard for "GuyWhoWavesYouThroughTheGate"
LoganDarkabout 3 hours ago
"Doorman"
LoganDarkabout 3 hours ago
Trojan Horse probably wouldn't make a very good name for a browser.
ButlerianJihadabout 3 hours ago
Since my grade-school mascot/team was "The Trojans" and my adopted hometown is firmly rooted in pre-Christian Greek culture and mythology, I am currently studying the Trojan War, and I may observe that "Trojan" is an extremely perspicacious brand-name for condoms, more than the average guy would expect.
kfhfardinabout 1 hour ago
Trojan Condoms: We will “trick” the defenses 100% of the time. Wait wrong take.
abtonmoyabout 2 hours ago
which is exactly the problem, a condom is famous for stopping things getting through and we do the literal opposite.
xenaabout 2 hours ago
Things like this make me wish that we have to pass ethics courses to work in tech.
m12k39 minutes ago
Reminds me of this old joke: No ethically trained software engineer would ever write a destroyBaghdad function - they’d write a destroyCity function to which you could pass Baghdad as a parameter.
CivBaseabout 1 hour ago
Unconscionable.
dclawabout 1 hour ago
This is really unacceptable folks. There are those of us that have to keep these sites up, and it's seriously been a few years of nightmare scrapers and botnets, and stupid things like this that you are trying to legitimize that will make this worse. If a site doesn't want you, you should go away. There's a reason for it. Not every website is backed by a billion/trillion dollar company with the resources to absorb things.
deckar01about 1 hour ago
Making a network request from a script is not abuse, consuming excess bandwidth is. Scrapers already spoof browser reputation and cycle IPs while abusing bandwidth. Recently I wanted to convert the results of an Autotrader filter into a table so I could supplement it with data they don’t track (towing capacity). It was two pages of results, but requesting it from a script was aggressively blocked by browser fingerprinting. I had to port it to JS and run it in my browser console manually to get the data out, wasting my time.
kfhfardinabout 1 hour ago
I think this is the point that has become a moral dilemma. Increasingly, in this agentic age tasks like research and web exploration that would be done by humans and even buy things from an website is now done through agents. While I sympathize with the main author about Ddos, but blocking every agent regardless of intent seems cruel. This would allow an MCP doing deep research(almost identical to human behavior) to move forward. But there should definitely be more work done system that focus on agent intent(i.e some agent trying to find the best price for vacation or scraper building alternatives to Travel Advisor).
ryandrake39 minutes ago
Ideally, there would be a better way for web hosts to block bandwidth-hogging, but not block bots. I don't think anyone cares if some automated user-agent requests a 1KB file from their web site. They care that automated systems are sucking down TBs per day, all day, every day.
coldbrewed42 minutes ago
Making people actually read content doesn't strike me as cruel. Tedious, sure, but not cruel. What is cruel is seeing all of our collective individuality and artistic expression jammed into an LLM, sold back to us by the token, and forced into our lives by an economy increasingly skewed towards holders of capital.
tadfisherabout 1 hour ago
Why did you need it from a script? Right click -> Save Page As... is still a thing and works quite well in my experience, even with complex React SPAs.
dclawabout 1 hour ago
It's not just excess bandwidth. It's cpu cycles, poor site coding, database issues. Like I said, not everything is backed by a huge company that has the money/hardware/engineering resources to absorb the load.
transcriptaseabout 1 hour ago
That’s the point. For every legitimate though ultimately unimportant use case like yours there are a thousand others who would scrape the results 86,400 times a day to either try to sell or mirror and plaster with their own ads.
coldbrewedabout 1 hour ago
CDN security SWE here. I have functionally zero interest in what individual people do in terms of automation. I automated my gym's class signup forum during COVID so I get the validity of the use case. You want to work around the mitigations to do the same? Go with my blessings.

The killer is that everything that works for individuals trying to get through the day and make the web a bit smoother is immediately used by industrial crawlers strip mining the Internet, and you can't block one without blocking the other. A future where the web is only accessible via device attestation is extremely dystopian but so is an Internet where every drop of content goes into an LLM training set.

Things like this is why all of the worthwhile content is going to drain into balkanized spaces, and we're all the poorer for it.

kfhfardin21 minutes ago
Hmm, I am sure you know more than I do on the topic. At least to me, an amateur in the security space, would the action of the scraper not be closer to repetitive calls to tables instead of, i.e a more inquisitive agent doing research or booking who spends more time looking through, and surely that can be tracked? Again, on the moral side, I agree that if one comes with the other, it is quite dystopian. I myself am an ML Inference Engineer, so I guess interesting problems and interesting solutions always draw me in much like this.
arendtio31 minutes ago
And those bot protection mechanisms and ad-enforcement layers that terrorize humans are okay or what? Yes, I accept that many pages don't want me there and just don't use them anymore, but it sucks.

I am not saying that forks like this are a good idea, but I have enough frustration with said techniques that I sympathize with the effort.

codedokodeabout 1 hour ago
Sites that are backed by a billion dollar company typically have better antibot protection, and lot of expertise in this.

Also, patched browsers have existed since long ago, although they were not open-source.