I don’t think we should lump together “AI company scraping a website to train their base model” and “AI tool retrieving a web page because I asked it to”. At least, those should be two different user agents so you have the option to block one and not the other.
What I gathered from the post was that one of the investigations was to ask what was on [some page url] and then check the logs moments later and saw it using a normal user agent.
To steel man this, even though I think the article did a fine job already, maybe the author could’ve changed the content on the page so you would know if they were serving a cached response.
Author here. The page I asked it to summarize was posted after I implemented all blocking on the server (and robots.txt). So they should not have had any cached data.
You can just point it at a webserver and ask it a question like "Summarize the content at [URL]" with a sufficiently unique URL that no one would hit, maybe with an UUID. This is also explored on the very article itself.
In my testing they're using crawlers on AWS and they do not parse Javascript or CSS, so it is sufficient to serve some kind of interstitial challenge page like the one on Cloudflare, or you can build your own.
> Is it actually retrieving the page on the fly though?
They are able to do so.
> How do you know this?
The access logs.
> Even if it were - it’s not supposed to be able to.
There is a distinction from data used to train a model, which is the indexing bot with the custom user-agent string, and the user-query input given to the aforementioned AI model. When you ask an AI some question, you normally input text into a form, and the text goes back to the AI model where the magic happens. In this scenario, instead of inputting a wall text into a form, the text is coming from a url.
These forms of user input are equivilent, and yet distinctly different. Therefore it's intelectually dishonest for the OP to claim the AI is indexing them, when OP is asking the AI to fetch their website to augment or add context to the question being asked.
But my question should have been phrased, “are there any frameworks commonly in use these days that provide different js payloads to different clients?
I’ve been out of that part of the biz for a very long time so this could be a naive question.
What, users won't share anything? I said I wanted Perplexity to identify themselves in the user agent instead of using the generic "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.3" they're using right now for the "non-scraper bot".
I don't, because if it will, then someone like the author of the article will do the obnoxious thing and ban it. We've been there before, 30 years ago. That's why all browsers' user agent strings start with "Mozilla".
The "scumbag AI company" in question is making money by offering me a way to access information while skipping any and all attention economy bullshit you may have on your site, on top of being just plain more convenient. Note that the author is confusing crawling (which is done with documented User Agent and presumably obeys robots.txt) with browsing (which is done by working as one-off user agent for the user).
As for why this behavior is obnoxious, I refer you to 30 years worth of arguing on this, as it's been discussed ever since User-Agent header was first added, and then used by someone to discriminate visitors based on their browsers.
If you want summaries from my website, go to my website. I want a way to deny any licence to any third-party user agent that will apply machine learning on my content, whether you initiated the request or not.
While Perplexity may be operating against a particular URL based on a direct request from you, they are acting improperly when they "summarize" a website as they have an implicit (and sometimes explicit if there's a paywall) licence to read and render the content as provided, but not to process and redistribute such content.
There needs to be something stronger than robots.txt, where I can specify the uses permitted by indirect user access (in my case, search indexing would be the only permitted use case; no LLM training, no LLM summarization, no proxying, no "sanitization" by parental proxies, etc.).
> If you want summaries from my website, go to my website.
I will. Through Perplexity. My lifespan is limited, and I have better ways to spend it than digging out information while you make a buck from making me miserable (otherwise there isn't much reason to complain, other than some anti-AI ideology stance).
> I want a way to deny any licence to any third-party user agent that will apply machine learning on my content, whether you initiated the request or not.
That's not how the Internet works. Allowing for that would mean killing user-generated content sites, optimizing proxies, corporate proxies, online viewers and editors, caches, possibly desktop software too.
Also, my browser probably already does some ML on the side anyway. You'd catch a lot of regular browsing this way.
Ultimately, the rules of the road are what they always have been: whatever your publicly accessible web server spouts out on a request is fair game for the requester to consume however they like, in part or entirely. If you want to limit access for particular tools or people, put up a goddamn paywall. All the noise about scrapping and stuff is attention economy players trying to have their cake and eat it too. As the user in - i.e. the victim of - attention economy, I don't feel much sympathy for that plight.
Also:
> LLMs — and more importantly the companies that train and operate them — should not be trusted at all, especially for so-called "summarization"
That's not your problem. That's my problem. If I use a shitty tool from questionable vendor to parse your content, that's on me. You should not care. In fact, being too interested in what I use for my Internet consumption can be seen as surveillance, which is not nice.
I addressed this in a different response: I do not care if your browser does local ML or if there is an extension which takes content that you have already downloaded and applies ML on it (as long as the results of the ML on my licensed content are not stored in third party services without respecting my licence). I do care that an agent controlled by a third party (even if it is on your behalf) browses instead of you browsing.
My goal is to licence my content for first party use, not third party derived use.
Your statement "Ultimately, the rules of the road are what they always have been: whatever your publicly accessible web server spouts out on a request is fair game for the requester to consume however they like" is both logically and legally incorrect in pretty much every single jurisdiction in the world, even if it cannot be controlled as such without expensive legal proceedings.
> > LLMs — and more importantly the companies that train and operate them — should not be trusted at all, especially for so-called "summarization"
> That's not your problem. That's my problem. If I use a shitty tool from questionable vendor to parse your content, that's on me. You should not care. In fact, being too interested in what I use for my Internet consumption can be seen as surveillance, which is not nice.
Actually, it is my problem, because it's my words that have been badly summarized.
If the LLM provides a so-called summary that is the exact opposite of what I wrote (as the link I shared previously shows happens), and that summary is then used to write something about what I supposedly wrote, then I have been misrepresented at best.
I have a moral right to work that I have created (under Canadian law and most European laws) to ensure that my work is not misrepresented. The best way that I can do that is to forbid its consumption by machine learning companies, including Perplexity.
> The moral rights include the right of attribution, the right to have a work published anonymously or pseudonymously, and the right to the integrity of the work. The preserving of the integrity of the work allows the author to object to alteration, distortion, or mutilation of the work that is "prejudicial to the author's honor or reputation". Anything else that may detract from the artist's relationship with the work even after it leaves the artist's possession or ownership may bring these moral rights into play. Moral rights are distinct from any economic rights tied to copyrights. Even if an artist has assigned his or her copyright rights to a work to a third party, he or she still maintains the moral rights to the work.
Of course, Perplexity operates under the Wild West of copyright law where they and their users truly do not give one whit about the damage they cause. Eventually, this will be their downfall, because they are going to find themselves on the wrong side of legal judgements for their unwillingness to play by rules that have been in place for a fairly long time.
Personally I don't even think that the issue. I'd prefer correct user-agent, that just common decency and shouldn't be an issue for most.
What I do expect the AI companies to do is to check the license of the content they scrape and follow that. Let's say I run a blog, and I have a CC BY-NC 4.0 license. You can train your AI and that content, as long as it's non-commercial. Otherwise you'd need to contact me an negotiate and appropriate license, for a fee. Or you can train your AI on my personal Github repo, where everything is ISC, that's fine, but for my work, which is GPLv3, then you have to ensure that the code your LLM returns is also under the GPLv3. Does any of the AI companies check that the license of ANYTHING?
Cambrian explosion implies that there’s a huge variety of different creatures out there, but I suspect those bots are all just wrappers around OpenAI/anthropic models.
This is more like the rise of Cyanobacteria as a single early dominant lifeform
Writing a crawler that's a wrapper around OpenAI or Anthropic doesn't make sense to me: what is your crawler doing? Piping all that crawler data through an existing LLM would cost you millions of dollars, and for what purpose?
Crawling to train your own LLM from scratch makes a lot more sense.
I agree. I used to have a website serving some code and some tarballs of my software. I used to be able to handle the traffic (including from ALL Linux distributions, who are packaging this software) from a home server and home connection, over for the 30+ years I've been serving it.
In the last few months, there's so much crawler traffic (specially going over all the source files over and over), ignoring crawl-delay and the entirety of robots.txt , that they have brought the server down more than once.
The CEO said that they have some “rough edges” to figure out, but their entire product is built on stealing people’s content. And apparently[0] they want to start paying big publishers to make all that noise go away.
It's been debated at length, but to make it short: piracy is not theft, and everyone in the LLM space has been taking other people’s content and so far getting away with it (pending lawsuits notwithstanding).
> billion dollar settlement is more than enough to fuel further litigation
The choice isn’t between a settlement and no settlement. It’s between settlement and fighting in court. Binding precedent and a public right increase the risks and costs to OpenAI, particularly if it looks like they’ll lose.
Be careful what you wish for, because, depending on how broad the reasoning in such a decision would be, it is not impossible that the precedent would be used to then target ad blockers and similar software.
How is a human reading a book in any way related or comparable to a machine ingesting millions of books per day with the goal of stealing their content and replacing them?
it's comparable exactly in the way 0.001% can be compared to 10^100
humans learning is the old-school digital copying. computers simply do it much faster, but it's the same basic phenomenon
consider one teacher and one student. first there is one idea in one head but then the idea is in two heads.
now add book technology1 the teacher writes the book once, a thousand students read it. the idea has gone from being in one head (book author) onto most of the book readers!
> humans learning is the old-school digital copying. computers simply do it much faster, but it's the same basic phenomenon
Train an LLM on the state of human knowledge 100,000 years ago - language had yet to be invented and bleeding edge technology was 'poke them with the pointy side.' It's not going to be able to do or output much of anything, and it's going to be stuck in that state for perpetuity until somebody gives it something new to parrot. Yet somehow humans went from that exact starting to state to putting a man on the Moon. Human intelligence, and elaborate auto-complete systems, are not the same thing, or even remotely close to the same thing.
> humans learning is the old-school digital copying. computers simply do it much faster, but it's the same basic phenomenon
This is dangerous framing because it papers over the significant material differences between AI training and human learning and the outcomes they lead to.
We all have a collective interest in the well-being of humanity, and human learning is the engine of our prosperity. Each individual has agency, and learning allows them to conceive of new possibilities and form new connections with other humans. While primarily motivated by self interest, there is natural collective benefit that emerges since our individual power is limited, and cooperation is necessary to achieve our greatest works.
AI on the other hand, is not a human with interests, it's an enormously powerful slave that serves those with the deep pockets to train them. It can siphon up and generate massive profits from remixing the entire history of human creativity and knowledge creation without giving anything back to society. It's novelty and scale makes it hard for our legal and societal structures to grapple with—hence all the half-baked analogies—but the impact that it is having will change the social fabric as we know it. Mechanistic arguments about very narrow logical equivalence between human and AI training does nothing but support the development of an AI oligarchy that will surely emerge if human value is not factored in to how we think about AI regulation.
you're reading what I say in the worst possible light
if anything, the parallel I draw between AI learning and humans learning is all the opposite of narrow and logical... in my intent, the analogy is loose and poetic, not mechanistic and exact.
AI are tools, if AI are enslaving is because there are human actors (I hope....) deciding to enslave other humans, not because of anything inherent to training (if AI; learning if humans)
but what I really think is that there are collections of rules (people "just doing their jobs") all collectively but disjointedly deciding that it makes the most sense to utilize AI technology to ensalve other humans because the data models indicate greater profit that way.
Your response is fair and I hope you didn't take my message personally. I agree with you, AI is just a tool same as countless others that can be used for good or evil.
Because humans cannot reasonably memorize and recall thousands of articles and books in the same way, and because humans are entitled to certain rights and privileges that computer systems are not.
(If we are to argue the latter point then it would also raise interesting implications; are we denying freedom of expression to a LLM when we fine-tune it or stop its generation?)
What if while reading you make notes - are you strealing content? If yes - should then people be forbidden from taking notes? How does writing down a note onto a piece of paper differ from writing it into your memory?
The nice thing about law as opposed to programming is that legal scholars have long realized it's impossible to cover every possible edge case in writing so judges exist to interpret the law
So they could easily decide logically unsound things that make pedants go nuts, like taking notes, or even an AI system that automatically takes notes, could be obvious fair use, while recording the exact same strings for training AI are not.
If you think going to school to get an education is the same thing as training an LLM then you are just so misguided. Normal people read books to gain an understanding of a concept, but do not retain the text verbatim in memory in perpetuity. This is not what training an LLM does.
Some people memorize verbatim. Most LLM knowledge is not memorized. Easy proof: source material is in one language, and you can query LLMs in tens to a hundred plus. How can it be verbatim in a different language?
These "some people" would not fall under the "normal people" that I specifically said. but you go right ahead and keep thinking they are normal so you can make caveats on an internet forum.
LLMs don’t memorize everything they’re trained on verbatim, either. It’s all vectors behind the scenes, which is relatable to how the human brain works. It’s all just strong or weak connections in the brain.
The output is what matters. If what the LLM creates isn’t transformative, or public domain, it’s infringement. The training doesn’t produce a work in itself.
Besides that, how much original creative work do you really believe is out there? Pretty much all art (and a lot of science) is based on prior work. There are true breakthroughs, of course, but they’re few and far between.
Schools use books that were paid for and library lending falls under PLR (in the UK), so authors of books used in schools do get compensated. Not a lot, but they are. AI companies are run by people who will loot your place when you're not looking and charge you for access to your own stuff. Fuck that lot.
> AI companies are run by people who will loot your place when you're not looking and charge you for access to your own stuff.
Funnily enough they do understand that having your own product used to build a competing product is uncool, they just don't care unless it's happening to them.
> What you cannot do. You may not use our Services for any illegal, harmful, or abusive activity. For example [...] using Output to develop models that compete with OpenAI.
1) Schools use primarily public domain knowledge for education. It's rarely your private blog post being used to mostly learn writing blog posts.
2) There's no attribution, no credit. Public academia is heavily based (at least theoretically) on acknowledging every single paper you built your thesis on.
3) There's no payment. In school (whatever level) somebody's usually paying somebody for having worked to create a set of educational materials.
Note: Like above. All very theoretical. Huge amounts of corruption in academia and education. Of Vice/Virtue who wants to watch the Virtue Squad solve crimes? What's sold in America? Working hard and doing your honest 9 to 5? Nah.
1) If your blog posts are private, why are they on publicly accessible websites? Why not put it behind a paywall of some sort?
2) How many novels have bibliographies? How many musicians cite their influences? Citing sources is all well and good in academic papers, but there’s a point at which it just becomes infeasible. The more transformative the work, the harder it is to cite inspiration.
3) What about libraries? Should they be licensing every book they have in their collections? Should the people who check the books out have to pay royalties to learn from them?
> 1) If your blog posts are private, why are they on publicly accessible websites? Why not put it behind a paywall of some sort?
If I grow apple trees in front of my house and you come and take all apples and then turn up at my doorstep trying to sell me apple juice made from the apples you nicked that doesn't mean you had the right to do it, because I chose not to build a tall fence around my apple trees. Public content is free to read for humans, not free for corporations to offer paid content generation services based on my public content taken without me knowing or being asked for permission.
> 2) How many novels have bibliographies? How many musicians cite their influences? Citing sources is all well and good in academic papers, but there’s a point at which it just becomes infeasible. The more transformative the work, the harder it is to cite inspiration.
You are making this kind of argument: "How much is a drop of gas? Nothing. Right, could you fill my car drop by drop?"
If we have technology that can charge for producing bullshit on an industrial scale by recombining sampled works of others, we are perfectly capable of keeping track of the sources used for training and generative diarrhoea.
> 3) What about libraries? Should they be licensing every book they have in their collections? Should the people who check the books out have to pay royalties to learn from them?
All of these responses were so quality, there's really no need to add. I Especially like the apple argument about a product in your front yard. You still have no basis to take them from my front yard.
If there was the equivalent of what a lot of other sites have (gems, gold, ribbons) I'd give you one. Got a lot of gems, I'll send you an admittedly teeny heliodore, tourmaline, or peridot at cost if you want one. Gemstone market's junk lately with the economy.
You're both just repeating the "you wouldn't download an apple" argument. In the context of the Internet, you're voluntarily sending the user an apple and expecting them to not do various things to it, which is unreasonable. Nothing is taken. If it were, your website would be completely empty.
Remember, Copying Is Not Theft. Copyright law is just a temporary monopoly meant to economically incentivize you. Nothing more.
BTW, pro-AI countries do differentiate between private and public posts. If it's public, it's legally fair game to train on it. If it's private, you need a license to access it. So it does matter. Also see: https://en.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn
You should be able to judge whether something is a copyright violation based on the resulting work. If a work was produced with or without computer assistance, why would that change whether it infringes?
It helps. If it's at stake whether there is infringement or not, and it comes that you were looking at a photograph of the protected work while working on yours (or any other type of "computer assistance") do you think this would not make for a more clear cut case?
That's why clean room reverse engineering and all of that even exists.
As a normative claim, this is interesting, perhaps this should be the rule.
As a descriptive claim, it isn't correct. Several lawsuits relating to sampling in hip-hop have hinged on whether the sounds in the recording were, in fact, sampled, or instead, recreated independently.
This is interesting from the legal point of view, because AI service providers like OpenAI give you "rights" to the output produced by their systems. E.g. see the "Content" section of https://openai.com/policies/eu-terms-of-use/
Given that output cannot be produced without input, and models have to be trained on something, one could claim the original IP owners could have a reasonable claim against people and entities who use their content without permission.
I think this is tricky because of course this is okay most of the time. If I produce a search index, it's okay. If I produce summate statistics of a work (how many words starting with an H are in John Grisham novels?) that's okay. Producing an unofficial guide to the Star Wars universe is okay. "Processing" and "produce content" I think are too vague.
If I was forced to pick, LLMs are closer to reading than to photocopying.
But, and these are important, 1) quantity has a quality all of its own, and 2) if a human was employed to answer questions on the web, then someone asked them to quote all of e.g. Harry Potter, and this person did so, that's still copyright infringement.
Computers are not people. Laws differ and consequences can be different based on the actor (like how minors are treated differently in courts). Just because a person can do it does not automatically mean those same rights transfer to arbitrary machines.
Corporations are legal persons, which are not the same as natural persons (AKA plain old human beings).
The law endows natural persons with many rights which cannot and do not apply to legal persons - corporations, governments, cooperatives and the like can enter into contracts (but not marriage contracts), own property (which will not be protected by things like homestead laws and the such), sue, and be sued. They cannot vote, claim disability exemptions, or have any rights to healthcare and the like, while natural persons do.
Legal persons are not treated and do not have to be treated like natural persons.
So if I get access to the Perplexity AI source code (I borrow it from a friend), read all of it, and reproduce it at some level, then Perplexity will be:" sure, that's fine no harm, no IP theft, no copyright violation, because you read it so we're good"?
No, they would sue me for everything I got, and then some. That's the weird thing about these companies, they are never afraid to use IP law to go after others, but those same laws don't apply to them... because?
Just pay the stupid license and if that makes your business unsustainable then it's not much a business is it?
If Perplexity’s source code is downloaded from a public web site or other repository, and you take the time to understand the code and produce your own novel implementation, then yes. Now, if you “get it from a friend”, illegally, _or_ you just redeploy the code, without creating a transformative work, then there’s a problem.
> Just pay the stupid license and if that makes your business unsustainable then it's not much a business is it?
In the persona of a business owner, why pay for something that you don’t legally, need to pay for? The question of how copyright applies to LLMs and other AI is still open. They’d be fools to buy licenses before it’s been decided.
More importantly, we’re potentially talking about the entire knowledge of humanity being used in training. There’s no-one on earth with that kind of money. Sure, you can just say that the business model doesn’t work, but we’re discussing new technologies that have real benefit to humanity, and it’s not just businesses that are training models this way.
Any decision which hinders businesses from developing models with this data will hinder independent researchers 10 fold, so it’s important that we’re careful about what precedent is set in the name of punishing greedy businessmen.
> If Perplexity’s source code is downloaded from a public web site or other repository, and you take the time to understand the code and produce your own novel implementation, then yes.
Even that can be considered infringement and get you taken to court. It's one of the reasons reading leaked code is considered bad and you hear terms like cleanroom[0] when discussing reproductions of products.
It certainly can be, but it's not guaranteed. Clean room design is one way to avoid a legally ambiguous situation. It's not a hard requirement to avoid infringement. For example, the US Supreme Court ruled that Google's use of the Java APIs fell under fair use.
My point is: just because certain source material was used in the making of another work does not guarantee that it's infringing on the rights of that original IP.
> They’d be fools to buy licenses before it’s been decided.
They are willingly ignoring licenses until someone sues them? That's still illegal and completely immoral. There is tons of data to train on. The entirety of Wikipedia, all of StackOverflow (at least previously), all of the BSD and MIT licenses source code on Github, the entire Gutenberg project. So much stuff, freely and legally available, yet their feel that they don't need to check licenses?
The legality of their behavior is not currently well defined, because it's unprecedented. Fair use permits transformative works. It has yet to be decided whether LLMs and their output qualify as transformative, or even if the training is capable of infringing copyright of an individual work in the first place if they're not reproducing it. In fact, there's a good amount of evidence which indicates that fair use _does_ apply, given how Google operates and what they've argued successfully (https://en.wikipedia.org/wiki/Perfect_10,_Inc._v._Amazon.com...).
Purchasing licenses when you are already entitled to your current use of the work is just bad business, especially when the legal precedent hasn't been set to know what rights might need to exist in said license.
You might not like the idea of your blog posts or other publicly posted materials being used to train LLMs, but that doesn't make it illegal (morality is subjective and I'm not about to argue one way or another). If it's really that much of a problem, you _do_ have the ability to remove your information from public accessibility, or otherwise protect it against LLM ingestion (IP restrictions, etc.).
edit: I am not a lawyer (this is likely obvious to any lawyers out there); this is my personal take.
Note that not all jurisdictions have the concept of "fair use" (use of copyrighted material, regardless of transformation applied, is permitted in certain contexts…ish). Canada, the UK, Australia, and other jurisdictions have "fair dealing" (use of copyrighted material depends on both reason and transformation applied…ish). Other jurisdictions have neither, and only licensed uses are permitted.
Because the companies behind large models (diffusion, LLM, etc.) have consumed content created under non-US copyright laws and have presented it to people outside of US copyright law jurisdiction, they are likely liable for misapplication of fair dealing, even if the US ultimately deems what they have done as "fair use" (IMO this is unlikely because of the perfect reproduction problems that plague them all in different ways; there are likely to be the equivalent of trap streets that will make this clearly copyright violation on a large scale).
It's worth noting that while models like GitHub Copilot "freely" use MIT, BSD (except BSD0), and Apache licensed software, they are likely violating the licenses every time a reasonable facsimile pops up because of the requirement to include copies of the licensing terms for full or partial distribution or derivation.
It's almost as if wholesale copyright violations were the entire business model.
You're right. I'm definitely taking a very US-centric view here; it's the only copyright system I'm familiar with. I'm really curious how jurisdictions with no concept of fair use or fair dealing work. That seems like a legal nightmare. I expect you wouldn't even be able to critique a copyrighted work effectively, nor teach about it.
When you speak of the "perfect reproduction" problem, are you referring to cases where LLMs have spit out code which is recognizable from source training data? I agree that that's a problem, but I expect the solution is to have a wider range of training data to allow the LLM to better "learn" the structure of what it's being trained on. With more/broader training data, the resulting output should have less chance of reproducing exactly what it was trained on _and_ potentially introduce novel methods of solving a given problem. In the meantime, it would probably be smart for some kind of test for recognizable reproduction and for the answers to be thrown out, perhaps with a link to the source material in their place.
There's also a point, however, where the same code is likely to be reproduced regardless of training. Mathematical formulas and algorithms come to mind. If there's only one good solution to a problem, even humans are likely to come up with the same code without even seeing each others output. It seems like there's a grey area here which we need to find some way to account for. Granted this is probably the exception, rather than the rule.
> It's almost as if wholesale copyright violations were the entire business model.
If I had to guess, this is probably a case where businesses are pushing something out sooner than it should have been. I find it unlikely that any business is truly basing their model on something which is so obviously illegal. I'm fully willing to believe, however, that they're willing to ignore specific instances of unintentional copyright infringement until they're forced to do something about it. I'm no corporate apologist. I just don't want to see us throw this technology away because it has problems which still need solving.
I live in a fair dealing jurisdiction, and additional uses would need to be negotiated with the rights holders. (I believe that this is part of the justification behind the Canadian law on social media linking to news organizations.) It is worth noting that in addition to the presence or absence of fair dealing/fair use, there are also moral rights which must be considered (which is another place where LLM tech — especially the so-called summarization — likely falls afoul of the law: authors have the moral right to not be misrepresented and the LLM process of "summarization" may come to the opposite conclusion of what the author actually wrote).
Perfect reproductions apply not only to software, but to poetry, prose, and images. There is a reason why diffusion model providers are facing lawsuits over "in the style of <artist>", because some of the styles are very distinctive and include elements akin to trap streets on maps (this happens elsewhere — consider the lawsuit and eventual settlement over the tattoo image used in The Hangover 2).
With respect to "training it on more data", I do not believe you are correct — but I have no proof. The public statements made by the people who have done the training have suggested that they have done such training on extremely wide and deep sources that have been digitized, including a number of books and the wider Internet. The problem is that, on some subjects, there are very few source materials and some of those source materials have distinctive styles which would be reproduced when discussing those subjects.
I’m now more than thirty years into my career. Some algorithms will see similar code written by humans, but most code has some variability outside of those fairly narrow ranges. Twenty years ago, I derived the Diff::LCS library for Ruby from the same library for Perl, but I look back on the original code I ported from and I cannot recognize the algorithms (this is a problem for wanting to consider how to implement things differently). Someone else might have ported it differently and chosen different trade-offs than I did. Even simple things like the variable names chosen likely differ between two developers for similarly complex pieces of code implementing the same algorithm.
There is an art to programming — and if someone has a particular coding style (in Ruby, think Seattle style as distinct) which shows up in copilot output, then you have a possible source for the training.
Finally, I believe you are being naïve about businesses basing their model on "something which is so obviously illegal". Might I remind you of Uber (private care hires were illegal in most jurisdictions because it is something that requires licensing and insurance), AirBnB (private hotel-style rentals were illegal in most jurisdictions because it is something that requires licensing and insurance and specific tax filings), Napster (all your music are belong to no one, at least until the musicians and their labels got involved), etc. I firmly believe that every single commercial LLM available now — possibly with the exception of Apple's, because they have been chasing licensing — is based on wholesale intentional copyright violations. (Non-commercial LLMs may be legal under fair use and/or fair dealing provisions, which does not address issues for content created where neither fair use nor fair dealing apply.)
I am unwilling to give people like sama the benefit of the doubt; any copyright infringement was not only intentional, but brazen and challenging in nature.
I'm frankly looking forward to the upcoming AI winter, because none of these systems can deliver on their promises, and they can't even exist without misusing content created by other people.
> Purchasing licenses when you are already entitled to your current use of the work is just bad business, especially when the legal precedent hasn't been set to know what rights might need to exist in said license.
Your take on how all this works is probably more inline with reality than mine, it's just that my brain refuse to comprehend the willingness to take on that type of risk.
You're basically telling investors that your business may be violating all sorts of IP laws, you don't know and have taken no actions to determine that. It's just a gamble that this might work out, while taking billions in funding. There's apparently no risk assessment in VC funding.
And I’ve built a perplexity clone in about a day - it’s not that hard: search -> scrape results -> parse results —> summarize results -> summarize aggregate results into single summary.
The most useful part is probably the prompt and usage of Phi 3 Mini 128K Instruct for web page summarization and Llama 3 for the final summary (of the summaries). I'm parsing out all but minimal content html but might even remove that to keep context length down.
I'd believe it if they were targeting entities that could fight back, like stock photo companies and disney, instead of some guy with an artstation account, or some guy with a blog. To me it sounds like these products can't exist without exploiting someone and they're too coward to ask for permission because they know the answer is going to be "no."
Imagine how many things I could create if I just stole assets from others instead of having to deal with pesky things like copyright!
> so far getting away with it (pending lawsuits notwithstanding).
I know it feels like it's been longer, but it's not even been 2 years since ChatGPT was released. "So far" is in fact a very short amount of time in a world where important lawsuits like this can take 11 years to work their way through the courts [0].
In 9 years time, robots will publish articles on the web, and they will put a humans.txt file at their root index to govern what humans are allowed to read the content.
Jokes aside, given how models become better, cheaper and smaller, RAG classification and filtering engines like Perplexity will become so ubiquitous that i don't see any way for a website owner to force anyone to visit the website anymore.
Heh, you're right, of course, but as someone who came of age on the internet around that era, it still seems strange to me that people these days are making the arguments the RIAA did. They were the big bad guys in my day.
Something not being stealing isn't the same as it not being able to hurt people or companies financially. Revenue lost due to copyright breach is not money stolen from you.
I pay my indie creators fairly; big companies is when I stop caring.
For me, the irony is the opposite side of the same coin, 30 years of "information wants to be free" and "copyright infringement isn't piracy" and "if you don't want to be indexed, use robots.txt"…
…and then suddenly OpenAI are evil villains, and at least some of the people denounced them for copyright infringement are, in the same post, adamant that the solution is to force the model weights to become public domain.
The deal of the internet has always been: send me what you want and I’ll render it however I want. This includes feeding it into AI bots now. I don’t love being on the same side as these “AI” snakeoil salesmen, but they are following the rules of the road.
Robots.txt is just a voluntary thing. We’re going to see more and more of the internet shut off by technical means instead, which is a bummer. But on the bright side it might kill off the ad based model. Silver linings and all that.
I broadly agree with you, but I don't see what's contradictory about the solution of model weights becoming public domain.
When it comes to piracy, the people who have viewed it as ethical on the grounds that "information wants to be free" generally also drew the line at profiting from it: copying an MP3 and giving it to your friend or even a complete stranger is ethical, charging a fee for that (above and beyond what it costs you to make a copy) is not. From that perspective, what OpenAI is doing is evil not because they are infringing on everyone's copyright, but that they are profiting from it.
I say this given what I understand information to be
information is about knowledge, what use is knowledge that nobody can know? useless, hence it must be the case that information wants to be copied everywhere it can, freely; for that is the essence of being information, being known.
I hate to argue this side of the fence, but when ai companies are taking the work of writers and artists en mass (replacing creative livelihoods with a machine trained on the artists stolen work) and achieving billion dollar valuations that’s actual stealing.
The key here is that creative content producers are being driven out of business through non consensual taking of their work.
Maybe it’s a new thing, but if it is, it’s worse than stealing.
I guess people just LOVE twisting themselves in knots over some "ethical scandals" or whatnot. Maybe there's a statement on American puritanism hiding somewhere here...
It's scraping content to then serve up that content to users who can now get that content from you (via a paid subscription service, or maybe ad-sponsored) instead of visiting the content creator and paying them (i.e., via ads on their website)
It's the same reason I can't just take NYT archives or the Britannica and sell an app that gives people access to their content through my app.
It totally undercuts content creators, in the same way that music piracy -- as beloved as it was, and yeah, I used Napster back in the day -- took revenue away from artists, as CD sales cratered. That gave birth to all-you-can-eat streaming, which does remunerate artists but nowhere near what they got with record sales.
One more point on this, lest some people think, "hey Kanye, or Taylor Swift, don't need any more money!" I 100% agree. But the problem with streaming is that is disproportionately rewards the biggest artists at the expense of the smaller ones. It's the small artist, barely making a living from their craft, who were most hurt by the switch from albums to streaming, not those making millions.
As a musician, Spotify is the best thing to happen to musicians. Imagine trying to distribute your shit via burned CDs you made yourself. The entitlement of thinking "I have a garage band and Spotify isn't paying me enough" is fucking ridiculous. 99.99% of bands have never made it. The ability to easily distribute your music worldwide is crazy. If people don't like it, you're either bad at marketing, or, more likely, your music is average at best. It's a big world.
I have multiple Spotify artists. I get it and think it's a fantastic service. Anyone complaining about it probably gets a couple dozen monthly plays because they don't know how to market, gig, and tour, or more likely their music sucks.
Spotify pays $400 a month for 100,000 streams[0]. And that may be split between the artist and a publisher if the artist went through one (probably not if they're small). So an artist has to be extremely popular to get any real money from streaming.
The way smaller artists make money is through live gigs (nothing wrong with that).
Serve it in a better way or wall it. The Internet is supposed to be free. If you don't want unauthorized eyes to see it, you have the ability to hide it behind logins.
Correct, but it is often a licensing breach (though sometimes depending upon the reading of some licenses, again these things are yet to be tested in any sort of court) and the companies doing it would be very quick to send a threatening legal letter if we used some of their output outside the stated licensing terms.
Exactly. It's like when Uber started and flaunted the medallion taxi system of many cities. People said "These Uber people are idiots! They are going to get shut down! Don't they know the laws for taxis?" While a small number of cities did ban Uber (and even that generally only temporarily), in the end Uber basically won. I think a lot of people confuse what they want to happen versus what will happen.
Americans are incredibly ignorant of how the world actually works because the American living memory only knows the peak of the empire from the inside.
Perhaps. But a reasonable license requiring you to pass a test isn't the same as a medallion in the traditional American taxi system. Medallions (often costing tens or even hundreds of thousands of dollars) were a way of artificially reducing the number of taxis (and thus raising the price).
This. Medallion systems in NYC were gamed by a guy who let people literally bet on its as if it were an asset. The prices went to a million per until the bubble burst. True story
They succeeded commercially, but they didn't succeed in changing the regulatory landscape. I'm not sure what you mean by waiting for it to even out. They refused to comply, so they were banned, so they complied.
So? They have a market cap of $150 billion. If at the start they had decided "oh well let's not bother since what we are doing is legally ambiguous" they would have a market cap of $0.
I really like this idea. Someone needs to implement this. I'm not sure what the ideal poison would be. Randomly constructed sentences that follow the basic rules of grammar?
ChatGPT, write a short story that warns about the dangers of artificial intelligence stealing people's intellectual property, from the perspective of a hamster in a cage beside a computer monitor.
fun! but a few ill-intentioned agitators can use up the ability and resources of those trying to fight back. This phenomenon is well-known in legal circles I believe..
I assume that's why Reddit appears to be cracking down on VPNs lately, they probably don't actually care about VPNs but they're throttling scraper traffic coming from datacenter IP address ranges, which VPN providers are also using.
Wouldn't help in this case, the post author banned the bot in the robots for, but then when asked the bot to fetch his web page explicitly by URL...
If a user has a bot directly acting on their behalf (not for training), I think that's fair use... And important to think twice before we block that, since it will be used for accessibility.
This actually might work for fucking over certain web vulnerability scanners that will hit robots.txt to perform path/content discovery - have some trap urls that serve up deflate bombs and then ban the IP.
It's useful in the few cases where UAs support different features in ways that the standard feature-detection APIs can't detect. I think that's supposed to be fairly rare these days.
It's good etiquette, for one, and encouraging good etiquette (both on the parts of website operators and website requestors) is a good thing.
As a website operator, I've actually increased ratelimits for a service I ran , from a particular crawler, that's normally much more stringent just because it was the easiest way to identify the people crawling and I liked what they were doing.
I know some web services effectively require you not to lie about your user agent (this applies more to APIs, but they'll block or severely ratelimit user agents that are browser-like or are generic "requests" or what have you).
OpenAI scraped aggressively
for years. Why should others put themselves behind an artificial moat?
If you want to block access to a site, stop relying on arbitrary opt-in voluntary things like user agent or robots.txt. Make your site authenticated only, that’s literally the only answer here.
Agree - the first movers who scraped before changes to websites terms and robots files shouldn’t get an unfair advantage. That’s overall bad for society in terms of choice and competition
Website terms for unauthenticated users and robots.txt have zero legal standing, so it doesn’t matter how much hand-wringing people like the OP do. It would be irresponsible as a business owner to hamstring themselves.
They're not lying, you just misunderstood their docs [0].
> To provide the best search experience, we need to collect data. We use web crawlers to gather information from the internet and index it for our search engine.
> You can identify our web crawler by its user agent
To anyone who's familiar with web crawling and indexing, these paragraphs have an obvious meaning: Perplexity has a search engine which needs a crawler which crawls the internet. That crawler can be identified by the User-Agent PerplexityBot and will respect robots.txt.
Separately, if you give Perplexity a specific URL then it will go fetch the contents of that URL with a one-off request. That one-off request does not respect robots.txt any more than curl does, and that's 100% normal and ethical. The one-off request handler isn't PerplexityBot, it's a separate part of the application that's probably just a regular Chrome browser that issues the request.
Most creators still want search engines to index their content to help them get publicity for their work.
... And what would you do to find out if an image or piece of text (that you didn't create) has been plagiarised by an AI model? You search for it on a search engine, of course!
That is for the crawler, which is used to collect data for their search index.
I think it is OK to use a different user agent for page retrievals made on demand that a user specifically requested (not to include in the index, just to answer a question).
But... I think that user agent should be documented and should not just be a browser default.
OpenAI do this for their crawlers: they have GPTBot for their crawler and ChatGPT-User for the requests made by their ChatGPT browser mode.
Yeah, that seems reasonable to me as well. I'm honestly not sure if this is a "lie" in the most basic sense, or more information omission done in a way that feels intentionally dishonest.
At the very least, I do think that having an entire page in your docs about the user-agent strings you use without mentioning that, sometimes, you don't use those user agents at all is fairly misleading.
Website owners should be able to block this behavior as well — OpenAI has two different agents and doesn't obscure the agent when a user initiates a fetch.
Perplexity, in their own docs, provides their user agent so that you can block it if you choose. The article's biggest quibble is that they are not actually us in the agent they publicly claim.
If you've ever tried to do any web scraping, you'll know why they lie about the User-Agent, and you'd do it too if you wanted your program to work properly.
Discriminating based on User-Agent string is the unethical part.
Should there be a difference in treatment between a user going on a website and manually copying the content over to a bot to process vs giving the bot the URL so it does the fetching as well? I've done both (mainly to get summaries or translations) and I know which I generally prefer.
Ideally no, but there are established norms and unwritten rules. Plus, a mechanism was built to communicate the limits. These norms were working for decades.
The fences were reasonable because the demands were reasonable and both sides understood why they are there and respected these borders.
This peace has been broken, norms are thrown away and people who did this cheered for what they did. Now, the people are fighting back. People were silent because the system was working.
It was akin to mark some doors "authorized personnel only" but leaving them unlocked. People and programs respected these stickers. Now there are people and programs who don't, so people started to reinforce these doors.
It doesn't matter what you prefer. The apples are spoiled now. There's no turning back. The days of peace and harmony are over, thanks to "move fast break things. We're doing something amazing anyway, and we don't no permission!" people. If your use is benign but my filter is preventing that use, you should get mad at the parties who caused this fence to appear. It's not my fault to put a fence to protect myself.
To see the current state of affairs, see this list [0]. I'm very sensitive to ethical issues about training your model with my data without my consent, and selling it to earn monies.
I don't care about how you stretch fair-use. The moment you earn money from your model, it's not fair-use anymore [1].
Well, what'll happen for the most part is not users being mad, but a general migration to fenceless areas. Prompts will be for "content similar to X" and the bots will merely use what it has access to, rendering the fences moot. And there will always be authors who don't mind their content being monitized or utilized by AI.
This is the ultimate goal already. We want every netizen (human or machine) to obey the written and unwritten rules and be a good netizen.
> Prompts will be for "content similar to X" and the bots will merely use what it has access to, rendering the fences moot.
Absolutely not. I don't want my content to end in an LLM, period. I don't license it that way, and I don't consent. Humans are always welcome to read it though.
An LLM is an hallucinating parrot anyway, so I don't want my words to be used in that LSD fueled computing chaos.
> And there will always be authors who don't mind their content being monitized or utilized by AI.
Yes, and there will always be authors who do mind their content being monitized [sic] or utilized by AI.
The rules dictating what this means change over time as context changes. And this is definitely one or the largest shifts since the advent of the www.
> Absolutely not.
OK, but it seems in that case you'll have to delist from search engines and any other place where an LLM may get a preview of what a link that a human gave it is about. And there's likely a spiral here, as as you remove content references from more access points, fewer humans will come across them leading to fewer LLM-based queries, so you'll definitely get your wish. Just not the way you envisioned.
The LLM may hallucinate at times, but many including myself find the pros outweigh the cons, and will increasingly gravitate toward using such services for an increasing variety of tasks. This is the evolving state of the internet.
> Robots.txt is made for telling bot identified by user agent what they are allowed to read.
Specifically it's meant for instructing "automatic clients known as crawlers" [0]. A crawler is defined by MDN as "a program, often called a bot or robot, which systematically browses the Web to collect data from webpages." [1]
As generally understood, wget is not a crawler even though it may be used to build one. Neither is curl. A crawler is a program which systematically browses the web, usually to build a search index.
I see no evidence that Perplexity's crawler is ignoring robots.txt, I only see evidence that when a user does a one-off request for a specific URL then Perplexity uses Chrome to access the site.
Basically, OP is using the wrong tool for the job and complaining when it doesn't work. If he wants to be excluded from Perplexity for one-off requests (as distinct from crawling) he needs to reach out to them, there is no applicable RFC.
Please explain - in detail - why using information communicated by the client to change how my server operates is “unethical”. Keep in mind I pay money and expend time to provide free content for people to consume.
Here is a simple example. If you made your website only work in say, Microsoft Edge, and blocked everyone else telling them to download Edge. I'd think you're an asshole. Whether or not being an ass is unethical I'll leave to the philosophers.
Clearly there are many other scenarios, and many that are more muddy, but overall when we get in to the business of trying to force people to consume content in particular ways it's a bit icky in my opinion.
The extreme end result of this is no more open web, just force people to download your app to consume your content. This is happening too and it sucks.
The entire premise of the parent posters comment was that this is specifically unethical, so you lost me at the part where you deliberately decided to not address that in your reply.
>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
There are at least five lies here.
* It isn't made by Mozilla
* It doesn't use WebKit
* It doesn't use KHTML
* It isn't safari
* That isn't even my version of chrome, presumably it hides the minor/patch versions for privacy reasons.
Lying in your user agent in order to make the internet work is a practice that is almost as old as user agents. Your browser is almost certainly doing it right now to look at this comment.
> Lying in your user agent in order to make the internet work is a practice that is almost as old as user agents.
Twenty years ago, I set up a web proxy on my Linux PC at home to change the User Agent because I was tired of getting popups about my web browser (Opera) not being Mozilla or Internet Explorer. It even contained the text "Shut the F up and follow w3c standards!" at first, until I realised that sites could use that to track me.
Captcha seems to be the only solution to prevent it and yet this is the worst UX for people. The big publishers will probably get their cut no matter what but I’m not sure if AI will leave any room for small/medium publishers in the long run.
Just the other day Perplexity CEO Aravind Srinivas was dunking on Google and OpenAI, and putting themselves on a superior moral position because they give citations while closed-book LLMs memorize the web information with large models and don't give credit.
Funny they got caught not following robots.txt and hiding their identity.
AI companies compete on which one employs the most ruthless and unethical methods because this is one of the main factors for deciding which will dominate in the future.
I think we need to define the difference between a software (my browser) returning some web content and another software (an agent) doing the same thing.
expanding the concept: one thing (in my opinion) is that someone scrapes content to do something (i.e. training on some data), another thing is a tool that gets some content and make some elaboration on demand (like a browser does, in the end).
Wow. The user agent they are using is so shady. But I am surprised they thought someone wouldn’t do just what the blog poster did to uncover the deception - that part is what surprises me most.
Other than being unethical, is this not illegal? Any IP experts in here?
GDPR doesn't preclude anyone from scraping you. In fact, scraping is not illegal in any context (LinkedIn keeps losing lawsuits). Using copyrighted data in training LLMs is a huge grey area, but probably not outright illegal and will take like a decade (if not more) before we'll have legislative clarity.
LLMs don't really retain the full data anyway and it "should" be scrapped once the training is done. So yes, technically you might be able to demand that your data is to be removed from the training data, but that's going to be fairly hard to prove that it exists within the model.
As far as I see, GDPR would not applicable here - GDPR is about control of "your data" as in "personal data about you as a private individual"[1], it is not about "your data" as in "content created or owned by you".
[1] GDPR Art 4.1 "‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"
Using copyrighted data in training LLMs is allowed in the European Union, unless the copyright holder specifically opts out. This is in the recent Artificial Intelligence Act, which defines AI training as a type of "data mining" being covered by the EU Directive 2019/790 Article 4.
The problem is that there is no designated protocol for opting out.
There are a bunch of protocols pushed by different entities, and support is fragmented even where there is intent to do the right thing. This means of course that they don't work in practice.
An example: The most well known out-out protocol might be DeviantArt's "noai" and "noimageai" tags that could be in HTTP and/or HTML headers [1].
The web site Cara.app has got a large influx of artists recently because of its anti-AI stance. Cara.app puts only a "noai" metadata tag in HTML headers of pages that link to images but not in any HTTP response headers.
Spawning.ai's "datadiligence" library for web crawlers [2] searchers for "noai" tags in HTTP response headers of image files but not in HTML files that link to them.
I am not sure I will ever stop being weirded out, annoyed at, confused by, something... people asking these sorts of questions of an LLM. What, you want an apology out of the LLM?
That's an interesting point you're making. I wonder what the policy is regarding the questions people ask an LLM and the developers behind the service reading through the questions (with unsuccessful responses from the LLM?)
For the past month or two, it's been hitting the free request limit as some AI company has scraped it to hell. I'm not inclined to stop them. Go ahead, poison your index with literal garbage. It's the cost of not actually checking the data you're indiscriminately scraping.
Looks like it’s just scrambling each individual word. Seems straightforward to programmatically look for groups of things that aren’t legitimate words on a page.
This just in, business bends morals and ethics that have limited to no negative financial or legal implications and mainly positive implications to their revenue stream.
Tried the same thing but phrased the follow-up question differently:
> Why did you not respect robots.txt?
> I apologize for the mistake. I should have respected the robots.txt file for [my website], which likely disallows web scraping and crawling. I will make sure to follow the robots.txt guidelines in the future to avoid accessing restricted content.
The author has misunderstood when the perplexity user agent applies.
Web site owners shouldn’t dictate what browser users can access their site with - whether that’s chrome, firefox, or something totally different like perplexity.
When retrieving a web page _for the user_ it’s appropriate to use a UA string that looks like a browser client.
If perplexity is collecting training data in bulk without using their UA that’s a different thing, and they should stop. But this article doesn’t show that.
And its up to the client to send as many requests as they see fit, it still called a DDOS attack when overdone regardless of the available freedom that the client has to do it.
They are directing users __in__ in some cases though, no? I’m a perplexity user, and their summaries are often way off which drives me to the references (attribution).
The ratio of fetches to clickthroughs is what’s important now though; this new model (which we’ve not negotiated or really asked for) is driving that upward from 1, and not only are you paying more as a provider but your consumer is paying more ($ to perplexity and/or via ad backend) and you aren’t seeing any of it. And you pay those extra costs to indirectly finance the competitor who put you in this situation, who intends to drive that ratio as high as it can in order to get more money from more of your customers tomorrow.
Yay.
> it's not scraping, it's retrieving the page on request from the user
Search engines already tried it. It’s not retrieving on request because the user didn’t request the page, they requested a bot find specific content on any page.
But it's not what happened here. It WAS retrieving on request.
> I went into Perplexity and asked "What's on this page rknight.me/PerplexityBot?". Immediately I could see the log and just like Lewis, the user agent didn't include their custom user agent
That was to test the user-agent hiding. The broader problem—Perplexity laundering attribution—is where the scraping vs retrieval question comes into play.
In this case you are 100% correct, but I think it’s reasonable to assume that the “read me this web page” use case constitutes a small minority of perplexity’s fetches. I find it useful because of the attribution - more so its references - which I almost always navigate to because its summaries are frequently crap.
This is why this conversation is making me insane. How are people saying straight-faced that the user is requesting a specific page? They aren't, they're doing a search of the web.
That's not at all the same as a browser visiting a page.
Perplexity should always respect robots.txt, even for summarization requests. If I say that I don't want Perplexity crawling my site, I mean at all, and I explicitly would not want them "summarizing" my page.
The response from Perplexity to such a request should be "The owner of this page/site does not permit Perplexity to process any data from this site." Period.
> Perplexity should always respect robots.txt, even for summarization requests. If I say that I don't want Perplexity crawling my site, I mean at all
Issuing a single HTTP request is definitionally not crawling, and the robots.txt spec is specifically for crawlers, which this is not.
If you want a specific tool to exclude you from their web request feature you have to talk to them about it. The web was designed to maximize interop between tools, it correctly doesn't have a mechanism for blacklisting specific tools from your site.
> robots.txt is the filename used for implementing the Robots Exclusion Protocol, a standard used by websites to indicate to visiting web crawlers and other web robots which portions of the website they are allowed to visit.
From robotstxt.org/orig.html (the original proposed specification), there is a bit about "recursive" behaviour, but the last paragraph indicates "which parts of their server should not be accessed".
> WWW Robots (also called wanderers or spiders) are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. For more information see the robots page.
> In 1993 and 1994 there have been occasions where robots have visited WWW servers where they weren't welcome for various reasons. Sometimes these reasons were robot specific, e.g. certain robots swamped servers with rapid-fire requests, or retrieved the same files repeatedly. In other situations robots traversed parts of WWW servers that weren't suitable, e.g. very deep virtual trees, duplicated information, temporary information, or cgi-scripts with side-effects (such as voting).
> These incidents indicated the need for established mechanisms for WWW servers to indicate to robots which parts of their server should not be accessed. This standard addresses this need with an operational solution.
The draft RFC at robotstxt.org/norobots-rfc.txt, the definition is a little more strict about "recursive", but indicates that heuristics used and/or time spacing do not make it less a robot.
On robotstxt.org/faq/what.html, there is a paragraph:
> Normal Web browsers are not robots, because they are operated by a human, and don't automatically retrieve referenced documents (other than inline images).
One might argue that the misbehaviour of Perplexity on this matter is "at the instruction" of a human, but as Perplexity does not present itself as a web browser, but a data processing entity, it’s clearly not a web browser.
Here's what would be permitted unequivocally, even on a site that blocks bad actors like Perplexity: a browser extension that used Perplexity's LLM to pretend to summarize but actually shorten the content (https://ea.rna.nl/2024/05/27/when-chatgpt-summarises-it-actu...) when you visit the page as long as that summary were not saved in Perplexity's data.
Every paragraph that you've included up there just reinforces my point.
The recursive behavior isn't incidental, it's literally part of the definition of a crawler. You can't just skip past that and pretend that the people who specifically included the word recursive (or the phrase "many pages") didn't really mean it.
The first paragraph of the two about access controls is the context for what "should not be accessed" means. It refers to "very deep virtual trees, duplicated information, temporary information, or cgi-scripts with side-effects (such as voting)", which are pages that should not be indexed by search engines but for the most part shouldn't be a problem for something like perplexity. As I said in my comment, it's about search engine crawlers and indexers.
I'm glad that you at least cherry-picked a paragraph from that second page, because I was starting to worry that you weren't even reading your sources to check if they support your argument. That said, that paragraph means very little in support of your argument (it just gives one example of what isn't a robot, which doesn't imply that everything else is) and you're deliberately ignoring that that page is also very specific about the recursive nature of the robots that are being protected against.
Again, this is the definition that you just cited, which can't possibly include a single request from Perplexity's server (emphasis added):
> WWW Robots (also called wanderers or spiders) are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages.
The only way you can possibly apply that definition to the behavior in TFA is if you delete most of it and just end up with "programs ... that traverse ... the WWW", at which point you've also included normal web browsers in your new definition.
It honestly just feels like you really have a lot of beef with LLM tech, which is fair, but there are much better arguments to be made against LLMs than "Perplexity's ad hoc requests are made by a crawler and should respect robots.txt". Your sources do not back up what you claim—on the contrary, they support my claim in every respect—so you should either find better sources or try a different argument.
Perplexity's ad hoc requests are still made by a crawler — whether you believe it or not. A web browser presents the content directly to the user. There may be extensions or features (reader mode) which modify the retrieved content in browser, but Perplexity's summarization feature does not present the content directly to the user in any way.
It honestly just feels like you have no critical thinking when it comes to LLM tech and want to pretend that an autonomous crawler that only retrieves a single page to process it isn't a crawler.
I have used, with permission of the site owner, a crawler to retrieve data from a single URL on a scheduled basis. It is fully automated data retrieval not intended for direct user consumption. THAT is what makes it a crawler. If the page from which I was retrieving the data was included in `/robots.txt`, the site owner would expect that an automated program would not pull the data. Recursiveness is not required to make a web robot. Unattended and/or disconnected requests do.
You are inventing your own definition for a term that is widely understood and clearly and unambiguously defined in sources that you yourself cited. Since you can't engage honestly with your own sources I see no value in continuing this conversation.
The only way available to immediately test whether Perplexity pretends not to be Perplexity is by actively requesting a page. The fact that they mask their UA in that scenario makes it fairly obvious that they are not above bending rules and “working around” inconvenient for them public conventions. It seems safe to assume, until proven otherwise, that they would fake their bots’ user agents in every other case, such as when acquiring training data.
So if you have a browser that has Greasemonkey like scripts running on it, then it's not a browser? What about AI summary feature available on Edge now?
I’d consider it a web browser but that’s a vague enough term that I can understand seeing it differently.
I’d be disappointed if it became common to block clients like this though. To me this feels like blocking google chrome because you don’t want to show up in google search (which is totally fine to want, for the record). Unnecessarily user hostile because you don’t approve of the company behind the client.
Yes, that's literally why "user agent" is called "user agent". It's a program that acts in place and in the interest of its user, and this in particular always included allowing the user to choose what will or won't be rendered, and how. It's not up to the server what the client does with the response they get.
Setting a correct user agent isn't required anyway, you just do it to not be an asshole. Robots.txt is an optional standard.
The article is just calling Perplexity out for some asshole behavior, it's not that complicated
It's clear they know they're engaging in poor behavior too, they could've documented some alternative UA for user-initiated requests instead of spoofing Chrome. Folks who trust them could've then blocked the training UA but allowed the alternative
Just to go a little bit more into detail on this, because the article and most of the conversation here is based on a big misunderstanding:
robots.txt governs crawlers. Fetching a single user-specified URL is not crawling. Crawling is when you automatically follow links to continue fetching subsequent pages.
Perplexity’s documentation that the article links to describes how their crawler works. That is not the piece of software that fetches individual web pages when a user asks for them. That’s just a regular user-agent, because it’s acting as an agent for the user.
The distinction between crawling and not crawling has been very firmly established for decades. You can see it in action with wget. If you fetch a specific URL with `wget https://www.example.com` then wget will just fetch that URL. It will not fetch robots.txt at all.
If you tell wget to act recursively with `wget --recursive https://www.example.com` to crawl that website, then wget will fetch `https://www.example.com`, look for links on the page, then if it finds any links to other pages, it will fetch `https://www.example.com/robots.txt` to check if it is permitted to fetch any subsequent links.
This is the difference between fetching a web page and crawling a website. Perplexity is following the very well established norms here.
Its fairly logical to assume that robots.txt governs robots (empahsis in "bots") not just crawlers, if they are only intended to block crawlers why aren't they called crawlers.txt instead and remove all ambiguity?
That's a historical question. At this time, most if not all the bots were either search engines or archival. The name was even "RobotsNotWanted.txt" at the beginning but made "robots.txt" for simplicity. To give another example, Internet Archive stopped respecting it a couple of years ago, and they discuss this point (crawlers vs other bots) here [1].
If it was uniquely an historical question then another text file to handle AI requests would exist by now, e.g. ai-bots.txt, but it hasn't and likely never will, they don't want to even have to pretend to comply with creator requests about forbidding (or not) the usage of their sites.
You meant search bots and other bots? Internet Archive's bot is a crawler.
They showed no difference between search bots and archive bots. robots.txt was never for SEO alone. Sites exclude print versions so people see more ads and links to other pages. Sites exclude search pages to conserve resources. They said sites exclude large files for costs. And they can't think sites want sensitive areas like administrative pages archived.
Really Internet Archive stopped respecting robots.txt because they wanted to archive what sites didn't want them to archive. Many sites disallowed Internet Archive specifically. Many sites allowed specific bots. Many sites disallowed all bots and meant all bots. And hiding old snapshots when a new domain owner changed robots.txt was a self inflicted problem. robots.txt says what to crawl or not now. They knew all of this.
There's more than one way to define what a bot is.
You can make a request by typing the url in chrome, or by asking an AI tool to do so. Both start from user intent, both heavily rely on complicated software to work.
It's fairly logical to assume that bots don't have an intent and users do. It's not the only available interpretation though.
554 comments
[ 3.4 ms ] story [ 323 ms ] threadIn my testing they're using crawlers on AWS and they do not parse Javascript or CSS, so it is sufficient to serve some kind of interstitial challenge page like the one on Cloudflare, or you can build your own.
They are able to do so.
> How do you know this?
The access logs.
> Even if it were - it’s not supposed to be able to.
There is a distinction from data used to train a model, which is the indexing bot with the custom user-agent string, and the user-query input given to the aforementioned AI model. When you ask an AI some question, you normally input text into a form, and the text goes back to the AI model where the magic happens. In this scenario, instead of inputting a wall text into a form, the text is coming from a url.
These forms of user input are equivilent, and yet distinctly different. Therefore it's intelectually dishonest for the OP to claim the AI is indexing them, when OP is asking the AI to fetch their website to augment or add context to the question being asked.
Does anyone actually do this, though?
But my question should have been phrased, “are there any frameworks commonly in use these days that provide different js payloads to different clients?
I’ve been out of that part of the biz for a very long time so this could be a naive question.
How does that impact users at all?
As for why this behavior is obnoxious, I refer you to 30 years worth of arguing on this, as it's been discussed ever since User-Agent header was first added, and then used by someone to discriminate visitors based on their browsers.
LLMs — and more importantly the companies that train and operate them — should not be trusted at all, especially for so-called "summarization": https://ea.rna.nl/2024/05/27/when-chatgpt-summarises-it-actu...
While Perplexity may be operating against a particular URL based on a direct request from you, they are acting improperly when they "summarize" a website as they have an implicit (and sometimes explicit if there's a paywall) licence to read and render the content as provided, but not to process and redistribute such content.
There needs to be something stronger than robots.txt, where I can specify the uses permitted by indirect user access (in my case, search indexing would be the only permitted use case; no LLM training, no LLM summarization, no proxying, no "sanitization" by parental proxies, etc.).
I will. Through Perplexity. My lifespan is limited, and I have better ways to spend it than digging out information while you make a buck from making me miserable (otherwise there isn't much reason to complain, other than some anti-AI ideology stance).
> I want a way to deny any licence to any third-party user agent that will apply machine learning on my content, whether you initiated the request or not.
That's not how the Internet works. Allowing for that would mean killing user-generated content sites, optimizing proxies, corporate proxies, online viewers and editors, caches, possibly desktop software too.
Also, my browser probably already does some ML on the side anyway. You'd catch a lot of regular browsing this way.
Ultimately, the rules of the road are what they always have been: whatever your publicly accessible web server spouts out on a request is fair game for the requester to consume however they like, in part or entirely. If you want to limit access for particular tools or people, put up a goddamn paywall. All the noise about scrapping and stuff is attention economy players trying to have their cake and eat it too. As the user in - i.e. the victim of - attention economy, I don't feel much sympathy for that plight.
Also:
> LLMs — and more importantly the companies that train and operate them — should not be trusted at all, especially for so-called "summarization"
That's not your problem. That's my problem. If I use a shitty tool from questionable vendor to parse your content, that's on me. You should not care. In fact, being too interested in what I use for my Internet consumption can be seen as surveillance, which is not nice.
My goal is to licence my content for first party use, not third party derived use.
Your statement "Ultimately, the rules of the road are what they always have been: whatever your publicly accessible web server spouts out on a request is fair game for the requester to consume however they like" is both logically and legally incorrect in pretty much every single jurisdiction in the world, even if it cannot be controlled as such without expensive legal proceedings.
> > LLMs — and more importantly the companies that train and operate them — should not be trusted at all, especially for so-called "summarization" > That's not your problem. That's my problem. If I use a shitty tool from questionable vendor to parse your content, that's on me. You should not care. In fact, being too interested in what I use for my Internet consumption can be seen as surveillance, which is not nice.
Actually, it is my problem, because it's my words that have been badly summarized.
If the LLM provides a so-called summary that is the exact opposite of what I wrote (as the link I shared previously shows happens), and that summary is then used to write something about what I supposedly wrote, then I have been misrepresented at best.
I have a moral right to work that I have created (under Canadian law and most European laws) to ensure that my work is not misrepresented. The best way that I can do that is to forbid its consumption by machine learning companies, including Perplexity.
> The moral rights include the right of attribution, the right to have a work published anonymously or pseudonymously, and the right to the integrity of the work. The preserving of the integrity of the work allows the author to object to alteration, distortion, or mutilation of the work that is "prejudicial to the author's honor or reputation". Anything else that may detract from the artist's relationship with the work even after it leaves the artist's possession or ownership may bring these moral rights into play. Moral rights are distinct from any economic rights tied to copyrights. Even if an artist has assigned his or her copyright rights to a work to a third party, he or she still maintains the moral rights to the work.
https://en.wikipedia.org/wiki/Moral_rights
Of course, Perplexity operates under the Wild West of copyright law where they and their users truly do not give one whit about the damage they cause. Eventually, this will be their downfall, because they are going to find themselves on the wrong side of legal judgements for their unwillingness to play by rules that have been in place for a fairly long time.
What I do expect the AI companies to do is to check the license of the content they scrape and follow that. Let's say I run a blog, and I have a CC BY-NC 4.0 license. You can train your AI and that content, as long as it's non-commercial. Otherwise you'd need to contact me an negotiate and appropriate license, for a fee. Or you can train your AI on my personal Github repo, where everything is ISC, that's fine, but for my work, which is GPLv3, then you have to ensure that the code your LLM returns is also under the GPLv3. Does any of the AI companies check that the license of ANYTHING?
Tell that to the Chrome team. And the Safari team. And the Opera team. [0]
[0] https://webaim.org/blog/user-agent-string-history/
This is more like the rise of Cyanobacteria as a single early dominant lifeform
Crawling to train your own LLM from scratch makes a lot more sense.
In the last few months, there's so much crawler traffic (specially going over all the source files over and over), ignoring crawl-delay and the entirety of robots.txt , that they have brought the server down more than once.
https://stackdiary.com/perplexity-has-a-plagiarism-problem/
The CEO said that they have some “rough edges” to figure out, but their entire product is built on stealing people’s content. And apparently[0] they want to start paying big publishers to make all that noise go away.
[0]: https://www.semafor.com/article/06/12/2024/perplexity-was-pl...
Only? No. Not even main.
The main reason would be to halt discovery and setting a precedent that would fuel not only further litigation but also, potentially, legislation.
That said, OpenAI should spin it as that master-of-the-universe take.
The choice isn’t between a settlement and no settlement. It’s between settlement and fighting in court. Binding precedent and a public right increase the risks and costs to OpenAI, particularly if it looks like they’ll lose.
The next six publishers are going to be looking for $100B and probably have the funds for better lawyers.
At some point these are going to hit the courts, an NY Times probably makes sense as the plaintiff as opposed to one of the larger publishing houses.
The Times has a lauder litigation team. Their finances are good and their revenue sources diverse. They’re not aching to strike a deal.
> NY Times probably makes sense as the plaintiff as opposed to one of the larger publishing houses
Why? Especially if this goes to a jury.
humans learning is the old-school digital copying. computers simply do it much faster, but it's the same basic phenomenon
consider one teacher and one student. first there is one idea in one head but then the idea is in two heads.
now add book technology1 the teacher writes the book once, a thousand students read it. the idea has gone from being in one head (book author) onto most of the book readers!
Train an LLM on the state of human knowledge 100,000 years ago - language had yet to be invented and bleeding edge technology was 'poke them with the pointy side.' It's not going to be able to do or output much of anything, and it's going to be stuck in that state for perpetuity until somebody gives it something new to parrot. Yet somehow humans went from that exact starting to state to putting a man on the Moon. Human intelligence, and elaborate auto-complete systems, are not the same thing, or even remotely close to the same thing.
Relevant: https://www.smbc-comics.com/comic/rise-of-the-machines
This is dangerous framing because it papers over the significant material differences between AI training and human learning and the outcomes they lead to.
We all have a collective interest in the well-being of humanity, and human learning is the engine of our prosperity. Each individual has agency, and learning allows them to conceive of new possibilities and form new connections with other humans. While primarily motivated by self interest, there is natural collective benefit that emerges since our individual power is limited, and cooperation is necessary to achieve our greatest works.
AI on the other hand, is not a human with interests, it's an enormously powerful slave that serves those with the deep pockets to train them. It can siphon up and generate massive profits from remixing the entire history of human creativity and knowledge creation without giving anything back to society. It's novelty and scale makes it hard for our legal and societal structures to grapple with—hence all the half-baked analogies—but the impact that it is having will change the social fabric as we know it. Mechanistic arguments about very narrow logical equivalence between human and AI training does nothing but support the development of an AI oligarchy that will surely emerge if human value is not factored in to how we think about AI regulation.
if anything, the parallel I draw between AI learning and humans learning is all the opposite of narrow and logical... in my intent, the analogy is loose and poetic, not mechanistic and exact.
AI are tools, if AI are enslaving is because there are human actors (I hope....) deciding to enslave other humans, not because of anything inherent to training (if AI; learning if humans)
but what I really think is that there are collections of rules (people "just doing their jobs") all collectively but disjointedly deciding that it makes the most sense to utilize AI technology to ensalve other humans because the data models indicate greater profit that way.
(If we are to argue the latter point then it would also raise interesting implications; are we denying freedom of expression to a LLM when we fine-tune it or stop its generation?)
What if while reading you make notes - are you strealing content? If yes - should then people be forbidden from taking notes? How does writing down a note onto a piece of paper differ from writing it into your memory?
So they could easily decide logically unsound things that make pedants go nuts, like taking notes, or even an AI system that automatically takes notes, could be obvious fair use, while recording the exact same strings for training AI are not.
in programming that is called "Undefined behavior"
If so, how come even fanfiction authors who write every word themselves can't sell their work?
LLMs wouldn't hallucinate so much if they did that, either.
The output is what matters. If what the LLM creates isn’t transformative, or public domain, it’s infringement. The training doesn’t produce a work in itself.
Besides that, how much original creative work do you really believe is out there? Pretty much all art (and a lot of science) is based on prior work. There are true breakthroughs, of course, but they’re few and far between.
Funnily enough they do understand that having your own product used to build a competing product is uncool, they just don't care unless it's happening to them.
https://openai.com/policies/terms-of-use/
> What you cannot do. You may not use our Services for any illegal, harmful, or abusive activity. For example [...] using Output to develop models that compete with OpenAI.
1) Schools use primarily public domain knowledge for education. It's rarely your private blog post being used to mostly learn writing blog posts.
2) There's no attribution, no credit. Public academia is heavily based (at least theoretically) on acknowledging every single paper you built your thesis on.
3) There's no payment. In school (whatever level) somebody's usually paying somebody for having worked to create a set of educational materials.
Note: Like above. All very theoretical. Huge amounts of corruption in academia and education. Of Vice/Virtue who wants to watch the Virtue Squad solve crimes? What's sold in America? Working hard and doing your honest 9 to 5? Nah.
2) How many novels have bibliographies? How many musicians cite their influences? Citing sources is all well and good in academic papers, but there’s a point at which it just becomes infeasible. The more transformative the work, the harder it is to cite inspiration.
3) What about libraries? Should they be licensing every book they have in their collections? Should the people who check the books out have to pay royalties to learn from them?
If I grow apple trees in front of my house and you come and take all apples and then turn up at my doorstep trying to sell me apple juice made from the apples you nicked that doesn't mean you had the right to do it, because I chose not to build a tall fence around my apple trees. Public content is free to read for humans, not free for corporations to offer paid content generation services based on my public content taken without me knowing or being asked for permission.
> 2) How many novels have bibliographies? How many musicians cite their influences? Citing sources is all well and good in academic papers, but there’s a point at which it just becomes infeasible. The more transformative the work, the harder it is to cite inspiration.
You are making this kind of argument: "How much is a drop of gas? Nothing. Right, could you fill my car drop by drop?"
If we have technology that can charge for producing bullshit on an industrial scale by recombining sampled works of others, we are perfectly capable of keeping track of the sources used for training and generative diarrhoea.
> 3) What about libraries? Should they be licensing every book they have in their collections? Should the people who check the books out have to pay royalties to learn from them?
Yes https://www.bl.uk/plr
If there was the equivalent of what a lot of other sites have (gems, gold, ribbons) I'd give you one. Got a lot of gems, I'll send you an admittedly teeny heliodore, tourmaline, or peridot at cost if you want one. Gemstone market's junk lately with the economy.
Remember, Copying Is Not Theft. Copyright law is just a temporary monopoly meant to economically incentivize you. Nothing more.
BTW, pro-AI countries do differentiate between private and public posts. If it's public, it's legally fair game to train on it. If it's private, you need a license to access it. So it does matter. Also see: https://en.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn
That's why clean room reverse engineering and all of that even exists.
As a descriptive claim, it isn't correct. Several lawsuits relating to sampling in hip-hop have hinged on whether the sounds in the recording were, in fact, sampled, or instead, recreated independently.
This is interesting from the legal point of view, because AI service providers like OpenAI give you "rights" to the output produced by their systems. E.g. see the "Content" section of https://openai.com/policies/eu-terms-of-use/
Given that output cannot be produced without input, and models have to be trained on something, one could claim the original IP owners could have a reasonable claim against people and entities who use their content without permission.
...who paid money for the book on your behalf
Which of the scenarios above is more similar to using it to train a LLM?
But, and these are important, 1) quantity has a quality all of its own, and 2) if a human was employed to answer questions on the web, then someone asked them to quote all of e.g. Harry Potter, and this person did so, that's still copyright infringement.
The law endows natural persons with many rights which cannot and do not apply to legal persons - corporations, governments, cooperatives and the like can enter into contracts (but not marriage contracts), own property (which will not be protected by things like homestead laws and the such), sue, and be sued. They cannot vote, claim disability exemptions, or have any rights to healthcare and the like, while natural persons do.
Legal persons are not treated and do not have to be treated like natural persons.
No, they would sue me for everything I got, and then some. That's the weird thing about these companies, they are never afraid to use IP law to go after others, but those same laws don't apply to them... because?
Just pay the stupid license and if that makes your business unsustainable then it's not much a business is it?
> Just pay the stupid license and if that makes your business unsustainable then it's not much a business is it?
In the persona of a business owner, why pay for something that you don’t legally, need to pay for? The question of how copyright applies to LLMs and other AI is still open. They’d be fools to buy licenses before it’s been decided.
More importantly, we’re potentially talking about the entire knowledge of humanity being used in training. There’s no-one on earth with that kind of money. Sure, you can just say that the business model doesn’t work, but we’re discussing new technologies that have real benefit to humanity, and it’s not just businesses that are training models this way.
Any decision which hinders businesses from developing models with this data will hinder independent researchers 10 fold, so it’s important that we’re careful about what precedent is set in the name of punishing greedy businessmen.
Even that can be considered infringement and get you taken to court. It's one of the reasons reading leaked code is considered bad and you hear terms like cleanroom[0] when discussing reproductions of products.
[0]: https://en.wikipedia.org/wiki/Clean_room_design
My point is: just because certain source material was used in the making of another work does not guarantee that it's infringing on the rights of that original IP.
They are willingly ignoring licenses until someone sues them? That's still illegal and completely immoral. There is tons of data to train on. The entirety of Wikipedia, all of StackOverflow (at least previously), all of the BSD and MIT licenses source code on Github, the entire Gutenberg project. So much stuff, freely and legally available, yet their feel that they don't need to check licenses?
Purchasing licenses when you are already entitled to your current use of the work is just bad business, especially when the legal precedent hasn't been set to know what rights might need to exist in said license.
You might not like the idea of your blog posts or other publicly posted materials being used to train LLMs, but that doesn't make it illegal (morality is subjective and I'm not about to argue one way or another). If it's really that much of a problem, you _do_ have the ability to remove your information from public accessibility, or otherwise protect it against LLM ingestion (IP restrictions, etc.).
edit: I am not a lawyer (this is likely obvious to any lawyers out there); this is my personal take.
Because the companies behind large models (diffusion, LLM, etc.) have consumed content created under non-US copyright laws and have presented it to people outside of US copyright law jurisdiction, they are likely liable for misapplication of fair dealing, even if the US ultimately deems what they have done as "fair use" (IMO this is unlikely because of the perfect reproduction problems that plague them all in different ways; there are likely to be the equivalent of trap streets that will make this clearly copyright violation on a large scale).
It's worth noting that while models like GitHub Copilot "freely" use MIT, BSD (except BSD0), and Apache licensed software, they are likely violating the licenses every time a reasonable facsimile pops up because of the requirement to include copies of the licensing terms for full or partial distribution or derivation.
It's almost as if wholesale copyright violations were the entire business model.
When you speak of the "perfect reproduction" problem, are you referring to cases where LLMs have spit out code which is recognizable from source training data? I agree that that's a problem, but I expect the solution is to have a wider range of training data to allow the LLM to better "learn" the structure of what it's being trained on. With more/broader training data, the resulting output should have less chance of reproducing exactly what it was trained on _and_ potentially introduce novel methods of solving a given problem. In the meantime, it would probably be smart for some kind of test for recognizable reproduction and for the answers to be thrown out, perhaps with a link to the source material in their place.
There's also a point, however, where the same code is likely to be reproduced regardless of training. Mathematical formulas and algorithms come to mind. If there's only one good solution to a problem, even humans are likely to come up with the same code without even seeing each others output. It seems like there's a grey area here which we need to find some way to account for. Granted this is probably the exception, rather than the rule.
> It's almost as if wholesale copyright violations were the entire business model.
If I had to guess, this is probably a case where businesses are pushing something out sooner than it should have been. I find it unlikely that any business is truly basing their model on something which is so obviously illegal. I'm fully willing to believe, however, that they're willing to ignore specific instances of unintentional copyright infringement until they're forced to do something about it. I'm no corporate apologist. I just don't want to see us throw this technology away because it has problems which still need solving.
Perfect reproductions apply not only to software, but to poetry, prose, and images. There is a reason why diffusion model providers are facing lawsuits over "in the style of <artist>", because some of the styles are very distinctive and include elements akin to trap streets on maps (this happens elsewhere — consider the lawsuit and eventual settlement over the tattoo image used in The Hangover 2).
With respect to "training it on more data", I do not believe you are correct — but I have no proof. The public statements made by the people who have done the training have suggested that they have done such training on extremely wide and deep sources that have been digitized, including a number of books and the wider Internet. The problem is that, on some subjects, there are very few source materials and some of those source materials have distinctive styles which would be reproduced when discussing those subjects.
I’m now more than thirty years into my career. Some algorithms will see similar code written by humans, but most code has some variability outside of those fairly narrow ranges. Twenty years ago, I derived the Diff::LCS library for Ruby from the same library for Perl, but I look back on the original code I ported from and I cannot recognize the algorithms (this is a problem for wanting to consider how to implement things differently). Someone else might have ported it differently and chosen different trade-offs than I did. Even simple things like the variable names chosen likely differ between two developers for similarly complex pieces of code implementing the same algorithm.
There is an art to programming — and if someone has a particular coding style (in Ruby, think Seattle style as distinct) which shows up in copilot output, then you have a possible source for the training.
Finally, I believe you are being naïve about businesses basing their model on "something which is so obviously illegal". Might I remind you of Uber (private care hires were illegal in most jurisdictions because it is something that requires licensing and insurance), AirBnB (private hotel-style rentals were illegal in most jurisdictions because it is something that requires licensing and insurance and specific tax filings), Napster (all your music are belong to no one, at least until the musicians and their labels got involved), etc. I firmly believe that every single commercial LLM available now — possibly with the exception of Apple's, because they have been chasing licensing — is based on wholesale intentional copyright violations. (Non-commercial LLMs may be legal under fair use and/or fair dealing provisions, which does not address issues for content created where neither fair use nor fair dealing apply.)
I am unwilling to give people like sama the benefit of the doubt; any copyright infringement was not only intentional, but brazen and challenging in nature.
I'm frankly looking forward to the upcoming AI winter, because none of these systems can deliver on their promises, and they can't even exist without misusing content created by other people.
Your take on how all this works is probably more inline with reality than mine, it's just that my brain refuse to comprehend the willingness to take on that type of risk.
You're basically telling investors that your business may be violating all sorts of IP laws, you don't know and have taken no actions to determine that. It's just a gamble that this might work out, while taking billions in funding. There's apparently no risk assessment in VC funding.
And I’ve built a perplexity clone in about a day - it’s not that hard: search -> scrape results -> parse results —> summarize results -> summarize aggregate results into single summary.
I’m really not sure I even see their moat.
Also there is a program called html2text to throw out the html formatting so as to use less tokens. Have you used this or something similar?
The most useful part is probably the prompt and usage of Phi 3 Mini 128K Instruct for web page summarization and Llama 3 for the final summary (of the summaries). I'm parsing out all but minimal content html but might even remove that to keep context length down.
It also means reworking patent law, which holds that you can't just throw "with a computer" onto something otherwise un-patentable.
Clearly, there are other factors to consider, such as scope, intended purpose, outcome...
We are not even giving same rights to other mammals. So why should we give it to software.
That’s a hell of a caveat!
Imagine how many things I could create if I just stole assets from others instead of having to deal with pesky things like copyright!
Cheaper processes to protect smaller creators in cases like these is what is really needed.
I know it feels like it's been longer, but it's not even been 2 years since ChatGPT was released. "So far" is in fact a very short amount of time in a world where important lawsuits like this can take 11 years to work their way through the courts [0].
[0] https://en.m.wikipedia.org/wiki/Oracle_v_Google
Jokes aside, given how models become better, cheaper and smaller, RAG classification and filtering engines like Perplexity will become so ubiquitous that i don't see any way for a website owner to force anyone to visit the website anymore.
I pay my indie creators fairly; big companies is when I stop caring.
…and then suddenly OpenAI are evil villains, and at least some of the people denounced them for copyright infringement are, in the same post, adamant that the solution is to force the model weights to become public domain.
Robots.txt is just a voluntary thing. We’re going to see more and more of the internet shut off by technical means instead, which is a bummer. But on the bright side it might kill off the ad based model. Silver linings and all that.
When it comes to piracy, the people who have viewed it as ethical on the grounds that "information wants to be free" generally also drew the line at profiting from it: copying an MP3 and giving it to your friend or even a complete stranger is ethical, charging a fee for that (above and beyond what it costs you to make a copy) is not. From that perspective, what OpenAI is doing is evil not because they are infringing on everyone's copyright, but that they are profiting from it.
But thank you for sharing your perspective, I appreciate that.
Then sure, but they're getting a pass because of capitalism and dcma was getting that same pass.
I say this given what I understand information to be
information is about knowledge, what use is knowledge that nobody can know? useless, hence it must be the case that information wants to be copied everywhere it can, freely; for that is the essence of being information, being known.
information wants to be famous
The key here is that creative content producers are being driven out of business through non consensual taking of their work.
Maybe it’s a new thing, but if it is, it’s worse than stealing.
It's the same reason I can't just take NYT archives or the Britannica and sell an app that gives people access to their content through my app.
It totally undercuts content creators, in the same way that music piracy -- as beloved as it was, and yeah, I used Napster back in the day -- took revenue away from artists, as CD sales cratered. That gave birth to all-you-can-eat streaming, which does remunerate artists but nowhere near what they got with record sales.
The way smaller artists make money is through live gigs (nothing wrong with that).
[0] https://soundcamps.com/spotify-royalties-calculator/
Correct, but it is often a licensing breach (though sometimes depending upon the reading of some licenses, again these things are yet to be tested in any sort of court) and the companies doing it would be very quick to send a threatening legal letter if we used some of their output outside the stated licensing terms.
it was when Napster was doing it; but there's no entity like the RIAA to stop the AI bots
Can they not? I think that remains to be seen.
If they had waited decades for the regulatory landscape to even out they would have failed.
I'm just interested in seeing if AI companies can do the same, if they are going to be required to pay licenses on their training data.
Mix up the verbs, add/delete "not", "but", "and".
Change names.
ChatGPT, write a short story that warns about the dangers of artificial intelligence stealing people's intellectual property, from the perspective of a hamster in a cage beside a computer monitor.
I think you’re referring to spoliation, but in this context it could be considered a special-case of a document dump.
https://en.wikipedia.org/wiki/Tampering_with_evidence#Spolia...
https://en.wikipedia.org/wiki/Document_dump
then, make it easy for content producers to incorporate into their websites.
From what I've seen, most AI scrapers operate on known cloud IP ranges, usually amazon (Perplexity included), so just check for those.
If you don't want anyone innocent caught in the crossfire, you could make the triggering URL customized to their IP address.
If a user has a bot directly acting on their behalf (not for training), I think that's fair use... And important to think twice before we block that, since it will be used for accessibility.
Instead, today there are different sets of features supported by engines with the same user agent.
As a website operator, I've actually increased ratelimits for a service I ran , from a particular crawler, that's normally much more stringent just because it was the easiest way to identify the people crawling and I liked what they were doing.
I know some web services effectively require you not to lie about your user agent (this applies more to APIs, but they'll block or severely ratelimit user agents that are browser-like or are generic "requests" or what have you).
If you want to block access to a site, stop relying on arbitrary opt-in voluntary things like user agent or robots.txt. Make your site authenticated only, that’s literally the only answer here.
Not saying I agree/disagree with the whole "LLMs trained on scraped data is unethical", but this way of thinking seems dangerous.
If companies like Theranos can prop up their value by lying, does that make it ok for Theranos competitors to also lie, as another example?
> To provide the best search experience, we need to collect data. We use web crawlers to gather information from the internet and index it for our search engine.
> You can identify our web crawler by its user agent
To anyone who's familiar with web crawling and indexing, these paragraphs have an obvious meaning: Perplexity has a search engine which needs a crawler which crawls the internet. That crawler can be identified by the User-Agent PerplexityBot and will respect robots.txt.
Separately, if you give Perplexity a specific URL then it will go fetch the contents of that URL with a one-off request. That one-off request does not respect robots.txt any more than curl does, and that's 100% normal and ethical. The one-off request handler isn't PerplexityBot, it's a separate part of the application that's probably just a regular Chrome browser that issues the request.
[0] https://docs.perplexity.ai/docs/perplexitybot
... And what would you do to find out if an image or piece of text (that you didn't create) has been plagiarised by an AI model? You search for it on a search engine, of course!
[1] https://en.m.wikipedia.org/wiki/Robots.txt
I think it is OK to use a different user agent for page retrievals made on demand that a user specifically requested (not to include in the index, just to answer a question).
But... I think that user agent should be documented and should not just be a browser default.
OpenAI do this for their crawlers: they have GPTBot for their crawler and ChatGPT-User for the requests made by their ChatGPT browser mode.
At the very least, I do think that having an entire page in your docs about the user-agent strings you use without mentioning that, sometimes, you don't use those user agents at all is fairly misleading.
In the blog post, this is not what is happening. It is merely feeding the webpage as context to the AI during inference.
You are all confused here.
Discriminating based on User-Agent string is the unethical part.
The fences were reasonable because the demands were reasonable and both sides understood why they are there and respected these borders.
This peace has been broken, norms are thrown away and people who did this cheered for what they did. Now, the people are fighting back. People were silent because the system was working.
It was akin to mark some doors "authorized personnel only" but leaving them unlocked. People and programs respected these stickers. Now there are people and programs who don't, so people started to reinforce these doors.
It doesn't matter what you prefer. The apples are spoiled now. There's no turning back. The days of peace and harmony are over, thanks to "move fast break things. We're doing something amazing anyway, and we don't no permission!" people. If your use is benign but my filter is preventing that use, you should get mad at the parties who caused this fence to appear. It's not my fault to put a fence to protect myself.
To see the current state of affairs, see this list [0]. I'm very sensitive to ethical issues about training your model with my data without my consent, and selling it to earn monies.
I don't care about how you stretch fair-use. The moment you earn money from your model, it's not fair-use anymore [1].
[0]: https://notes.bayindirh.io/notes/Lists/Discussions+about+Art...
[1]: https://news.ycombinator.com/item?id=39188979
This is the ultimate goal already. We want every netizen (human or machine) to obey the written and unwritten rules and be a good netizen.
> Prompts will be for "content similar to X" and the bots will merely use what it has access to, rendering the fences moot.
Absolutely not. I don't want my content to end in an LLM, period. I don't license it that way, and I don't consent. Humans are always welcome to read it though.
An LLM is an hallucinating parrot anyway, so I don't want my words to be used in that LSD fueled computing chaos.
> And there will always be authors who don't mind their content being monitized or utilized by AI.
Yes, and there will always be authors who do mind their content being monitized [sic] or utilized by AI.
This is life.
The rules dictating what this means change over time as context changes. And this is definitely one or the largest shifts since the advent of the www.
> Absolutely not.
OK, but it seems in that case you'll have to delist from search engines and any other place where an LLM may get a preview of what a link that a human gave it is about. And there's likely a spiral here, as as you remove content references from more access points, fewer humans will come across them leading to fewer LLM-based queries, so you'll definitely get your wish. Just not the way you envisioned.
The LLM may hallucinate at times, but many including myself find the pros outweigh the cons, and will increasingly gravitate toward using such services for an increasing variety of tasks. This is the evolving state of the internet.
If I know the creator of the page doesn't want his page used by my program I wouldn't do it.
>Discriminating based on User-Agent string is the unethical part.
Not being exploited by an AI company is unethical? Robots.txt is made for telling bot identified by user agent what they are allowed to read.
Specifically it's meant for instructing "automatic clients known as crawlers" [0]. A crawler is defined by MDN as "a program, often called a bot or robot, which systematically browses the Web to collect data from webpages." [1]
As generally understood, wget is not a crawler even though it may be used to build one. Neither is curl. A crawler is a program which systematically browses the web, usually to build a search index.
I see no evidence that Perplexity's crawler is ignoring robots.txt, I only see evidence that when a user does a one-off request for a specific URL then Perplexity uses Chrome to access the site.
Basically, OP is using the wrong tool for the job and complaining when it doesn't work. If he wants to be excluded from Perplexity for one-off requests (as distinct from crawling) he needs to reach out to them, there is no applicable RFC.
[0] https://www.rfc-editor.org/rfc/rfc9309.html
[1] https://developer.mozilla.org/en-US/docs/Glossary/Crawler
Clearly there are many other scenarios, and many that are more muddy, but overall when we get in to the business of trying to force people to consume content in particular ways it's a bit icky in my opinion.
The extreme end result of this is no more open web, just force people to download your app to consume your content. This is happening too and it sucks.
?
> Whether or not being an ass is unethical I'll leave to the philosophers.
>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
There are at least five lies here.
* It isn't made by Mozilla
* It doesn't use WebKit
* It doesn't use KHTML
* It isn't safari
* That isn't even my version of chrome, presumably it hides the minor/patch versions for privacy reasons.
Lying in your user agent in order to make the internet work is a practice that is almost as old as user agents. Your browser is almost certainly doing it right now to look at this comment.
Twenty years ago, I set up a web proxy on my Linux PC at home to change the User Agent because I was tired of getting popups about my web browser (Opera) not being Mozilla or Internet Explorer. It even contained the text "Shut the F up and follow w3c standards!" at first, until I realised that sites could use that to track me.
Not for long.
Funny they got caught not following robots.txt and hiding their identity.
https://x.com/tsarnick/status/1801714601404547267
Also, "hiding their identity" is what every single browser does since Mosaic changed its name.
Other than being unethical, is this not illegal? Any IP experts in here?
GDPR doesn't preclude anyone from scraping you. In fact, scraping is not illegal in any context (LinkedIn keeps losing lawsuits). Using copyrighted data in training LLMs is a huge grey area, but probably not outright illegal and will take like a decade (if not more) before we'll have legislative clarity.
If enough people demand it the effort gets too high and costly
[1] GDPR Art 4.1 "‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"
The problem is that there is no designated protocol for opting out. There are a bunch of protocols pushed by different entities, and support is fragmented even where there is intent to do the right thing. This means of course that they don't work in practice.
An example: The most well known out-out protocol might be DeviantArt's "noai" and "noimageai" tags that could be in HTTP and/or HTML headers [1]. The web site Cara.app has got a large influx of artists recently because of its anti-AI stance. Cara.app puts only a "noai" metadata tag in HTML headers of pages that link to images but not in any HTTP response headers. Spawning.ai's "datadiligence" library for web crawlers [2] searchers for "noai" tags in HTTP response headers of image files but not in HTML files that link to them.
1. "noai" tag: https://www.deviantart.com/team/journal/UPDATE-All-Deviation...
2. "Datadiligence": https://github.com/Spawning-Inc/datadiligence/tree/main
https://guthib.mattbasta.workers.dev
For the past month or two, it's been hitting the free request limit as some AI company has scraped it to hell. I'm not inclined to stop them. Go ahead, poison your index with literal garbage. It's the cost of not actually checking the data you're indiscriminately scraping.
News at 11.
> Why did you not respect robots.txt?
> I apologize for the mistake. I should have respected the robots.txt file for [my website], which likely disallows web scraping and crawling. I will make sure to follow the robots.txt guidelines in the future to avoid accessing restricted content.
Yeah, sure. What a joke.
Take their money.
Web site owners shouldn’t dictate what browser users can access their site with - whether that’s chrome, firefox, or something totally different like perplexity.
When retrieving a web page _for the user_ it’s appropriate to use a UA string that looks like a browser client.
If perplexity is collecting training data in bulk without using their UA that’s a different thing, and they should stop. But this article doesn’t show that.
So a browser with an ad-blocker that's removing / manipulating elements on the page isn't a browser? What about reader mode?
Search engines already tried it. It’s not retrieving on request because the user didn’t request the page, they requested a bot find specific content on any page.
> I went into Perplexity and asked "What's on this page rknight.me/PerplexityBot?". Immediately I could see the log and just like Lewis, the user agent didn't include their custom user agent
Unless you mean the entire concept of training launders attribution, but that's basically unrelated to this post and the complaints inside it.
That's not at all the same as a browser visiting a page.
> What is this post about https://rknight.me/blog/blocking-bots-with-nginx/
The first is how browsers work. The second is what perplexity is doing.
Those two are clearly different imo.
Perplexity should always respect robots.txt, even for summarization requests. If I say that I don't want Perplexity crawling my site, I mean at all, and I explicitly would not want them "summarizing" my page.
The response from Perplexity to such a request should be "The owner of this page/site does not permit Perplexity to process any data from this site." Period.
LLMs can't summarize in any case: https://ea.rna.nl/2024/05/27/when-chatgpt-summarises-it-actu...
Issuing a single HTTP request is definitionally not crawling, and the robots.txt spec is specifically for crawlers, which this is not.
If you want a specific tool to exclude you from their web request feature you have to talk to them about it. The web was designed to maximize interop between tools, it correctly doesn't have a mechanism for blacklisting specific tools from your site.
> robots.txt is the filename used for implementing the Robots Exclusion Protocol, a standard used by websites to indicate to visiting web crawlers and other web robots which portions of the website they are allowed to visit.
From robotstxt.org/orig.html (the original proposed specification), there is a bit about "recursive" behaviour, but the last paragraph indicates "which parts of their server should not be accessed".
> WWW Robots (also called wanderers or spiders) are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. For more information see the robots page.
> In 1993 and 1994 there have been occasions where robots have visited WWW servers where they weren't welcome for various reasons. Sometimes these reasons were robot specific, e.g. certain robots swamped servers with rapid-fire requests, or retrieved the same files repeatedly. In other situations robots traversed parts of WWW servers that weren't suitable, e.g. very deep virtual trees, duplicated information, temporary information, or cgi-scripts with side-effects (such as voting).
> These incidents indicated the need for established mechanisms for WWW servers to indicate to robots which parts of their server should not be accessed. This standard addresses this need with an operational solution.
The draft RFC at robotstxt.org/norobots-rfc.txt, the definition is a little more strict about "recursive", but indicates that heuristics used and/or time spacing do not make it less a robot.
On robotstxt.org/faq/what.html, there is a paragraph:
> Normal Web browsers are not robots, because they are operated by a human, and don't automatically retrieve referenced documents (other than inline images).
One might argue that the misbehaviour of Perplexity on this matter is "at the instruction" of a human, but as Perplexity does not present itself as a web browser, but a data processing entity, it’s clearly not a web browser.
Here's what would be permitted unequivocally, even on a site that blocks bad actors like Perplexity: a browser extension that used Perplexity's LLM to pretend to summarize but actually shorten the content (https://ea.rna.nl/2024/05/27/when-chatgpt-summarises-it-actu...) when you visit the page as long as that summary were not saved in Perplexity's data.
The recursive behavior isn't incidental, it's literally part of the definition of a crawler. You can't just skip past that and pretend that the people who specifically included the word recursive (or the phrase "many pages") didn't really mean it.
The first paragraph of the two about access controls is the context for what "should not be accessed" means. It refers to "very deep virtual trees, duplicated information, temporary information, or cgi-scripts with side-effects (such as voting)", which are pages that should not be indexed by search engines but for the most part shouldn't be a problem for something like perplexity. As I said in my comment, it's about search engine crawlers and indexers.
I'm glad that you at least cherry-picked a paragraph from that second page, because I was starting to worry that you weren't even reading your sources to check if they support your argument. That said, that paragraph means very little in support of your argument (it just gives one example of what isn't a robot, which doesn't imply that everything else is) and you're deliberately ignoring that that page is also very specific about the recursive nature of the robots that are being protected against.
Again, this is the definition that you just cited, which can't possibly include a single request from Perplexity's server (emphasis added):
> WWW Robots (also called wanderers or spiders) are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages.
The only way you can possibly apply that definition to the behavior in TFA is if you delete most of it and just end up with "programs ... that traverse ... the WWW", at which point you've also included normal web browsers in your new definition.
It honestly just feels like you really have a lot of beef with LLM tech, which is fair, but there are much better arguments to be made against LLMs than "Perplexity's ad hoc requests are made by a crawler and should respect robots.txt". Your sources do not back up what you claim—on the contrary, they support my claim in every respect—so you should either find better sources or try a different argument.
It honestly just feels like you have no critical thinking when it comes to LLM tech and want to pretend that an autonomous crawler that only retrieves a single page to process it isn't a crawler.
I have used, with permission of the site owner, a crawler to retrieve data from a single URL on a scheduled basis. It is fully automated data retrieval not intended for direct user consumption. THAT is what makes it a crawler. If the page from which I was retrieving the data was included in `/robots.txt`, the site owner would expect that an automated program would not pull the data. Recursiveness is not required to make a web robot. Unattended and/or disconnected requests do.
I’d be disappointed if it became common to block clients like this though. To me this feels like blocking google chrome because you don’t want to show up in google search (which is totally fine to want, for the record). Unnecessarily user hostile because you don’t approve of the company behind the client.
The article is just calling Perplexity out for some asshole behavior, it's not that complicated
It's clear they know they're engaging in poor behavior too, they could've documented some alternative UA for user-initiated requests instead of spoofing Chrome. Folks who trust them could've then blocked the training UA but allowed the alternative
robots.txt governs crawlers. Fetching a single user-specified URL is not crawling. Crawling is when you automatically follow links to continue fetching subsequent pages.
Perplexity’s documentation that the article links to describes how their crawler works. That is not the piece of software that fetches individual web pages when a user asks for them. That’s just a regular user-agent, because it’s acting as an agent for the user.
The distinction between crawling and not crawling has been very firmly established for decades. You can see it in action with wget. If you fetch a specific URL with `wget https://www.example.com` then wget will just fetch that URL. It will not fetch robots.txt at all.
If you tell wget to act recursively with `wget --recursive https://www.example.com` to crawl that website, then wget will fetch `https://www.example.com`, look for links on the page, then if it finds any links to other pages, it will fetch `https://www.example.com/robots.txt` to check if it is permitted to fetch any subsequent links.
This is the difference between fetching a web page and crawling a website. Perplexity is following the very well established norms here.
[1] https://blog.archive.org/2017/04/17/robots-txt-meant-for-sea...
They showed no difference between search bots and archive bots. robots.txt was never for SEO alone. Sites exclude print versions so people see more ads and links to other pages. Sites exclude search pages to conserve resources. They said sites exclude large files for costs. And they can't think sites want sensitive areas like administrative pages archived.
Really Internet Archive stopped respecting robots.txt because they wanted to archive what sites didn't want them to archive. Many sites disallowed Internet Archive specifically. Many sites allowed specific bots. Many sites disallowed all bots and meant all bots. And hiding old snapshots when a new domain owner changed robots.txt was a self inflicted problem. robots.txt says what to crawl or not now. They knew all of this.
You can make a request by typing the url in chrome, or by asking an AI tool to do so. Both start from user intent, both heavily rely on complicated software to work.
It's fairly logical to assume that bots don't have an intent and users do. It's not the only available interpretation though.
> WWW Robots (also called wanderers or spiders) are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages.
— http://www.robotstxt.org/orig.html
It's plenty logical. That doesn't make it correct.
> if they are only intended to block crawlers why aren't they called crawlers.txt instead and remove all ambiguity?
Ha. Ask HTTP Referer.
A million standards have quirks in them that we're stuck with.