21 comments

[ 0.27 ms ] story [ 40.2 ms ] thread
Cloudflare's verified bots program is a terrible idea. They want to be the central chokepoint for agents, and they're doing it in shady ways like auto enrolling customers into blocking agents.
Seems like Cloudflare wants to regulate the internet.. they should not have that power.
I disagree with the other top-level comments at the moment: I believe Web Bot Auth is a useful and non-centralized emerging standard for self-identifying bots and agents.

This press release today is a better statement of _why_ this feature exists (as opposed to the submission link, which is nuts-and-bolts of implementing): https://blog.cloudflare.com/signed-agents/

Web Bot Auth is a way for bots to self-identify cryptographically. Unlike the user agent header (which is trivially spoofed) or known IPs (painful to manage), Web Bot Auth uses HTTP Message Signatures using the bot's key, which should be published at some well-known location.

This is a good thing! We want bots to be able to self-identify in a way that can't be impersonated. This gives website operators the power to allow or deny well-behaved bots with precision. It doesn't change anything about bots who try to hide their identity, who are not going to self-identify anyways.

It's worth reading the proposal on the details: https://datatracker.ietf.org/doc/html/draft-meunier-web-bot-... . Nothing about this is limited to Cloudflare.

I'm also working on support for Web Bot Auth for our Agent Identification project at Stytch https://www.isagent.dev . Well-behaved bots benefit from this self-identification because it enables a better Agent Experience: https://stytch.com/blog/introducing-is-agent/

Isn't this somewhat equilivent to ensuring cookies are required?

Obviously this technology is different but the same sort of result.

What's the end game here? All humans end up having to use a unique encryption key to prove their humanness also?

I generally agree it's a good thing. It stacks the incentives so that bots can meaningfully build a good reputation, and be rewarded for behaving well.

That said, I do think it's the whole procedure is more than a bit overcomplicated to the degree where I doubt it will be widely implemented. You could likely achieve almost the full effect with a request signing alone.

> This is a good thing! We want bots to be able to self-identify in a way that can't be impersonated.

Who is we? I absolutely don't want that.

No offense, but screw CloudFlare, screw their captchas for humans, and screw their wedging themselves between web operators and web users.

They can offer what they want for bots. But stop ruining the experience for humans first.

Why use a "web bot" instead of an API? Either can be driven by an AI "agent"...but this just seems like an "API key for a visual api interface", and rather wasteful in cost and resources. If a company could afford to pay a partner for an API key they wouldn't need this. If they can't afford to pay the partner for access -- they'd still be blocked with or without "Web Bot Auth". I don't understand what this is for.

I suspect I'm missing something, what am I missing?

Cloudflare is the last party that should be running this for two reasons.

1. THey have already proven to be a bad faith actor with their "DDoS protection."

2. This is pretty much the typical Cloudflare HN playbook. They release soemthing targeted at the current wave and hide behind an ideological barrier; meanwhile if you try to use them for anything serious they require a call with sales who jumps you with absurdly high pricing.

Do other cloud providers charge high fees for things they have no business charging for? Absolutely. But they typically tell you upfront and don't run ideological narratives.

This is not a company we should be putting much trust in, especially not with their continued plays to become the gatekeepers of the internet.

As much as I understand this is needed it rubs me the wrong way.

The standard looks fine as a distributed protocol until you have to register to pay a rent to Cloudflare, which they say will eventually trickle down into publishers pocket but you know what having a middleman this powerful means to the power dynamics of the market. Publishers have a really bad hand no matter what we do to save them, content as we know it will have to adapt.

Give it a couple more iterations and some MBA will come up with the brilliant idea of introducing an internet toll to humans and selling a content bundle with unlimited access to websites.

Web Bot Auth solves authentication (“who is this bot?”) but not authorization/usage control. We still need a machine-readable policy layer so sites can express “what this bot may do, under which terms” (purpose limits, retention, attribution, optional pricing) at a well-known path, robots.txt-like, but enforceable via signatures.

A practical flow:

1. Bot self-identifies (Web Bot Auth)

2. Fetch policy

3. Accept terms or negotiate (HTTP 402 exists)

4. Present a signed receipt proving consent/payment

5. Origin/CDN verifies receipt and grants access

That keeps things decentralized: identity is transport; policy stays with the site; receipts provide auditability, no single gatekeeper required. There’s ongoing work in this direction (e.g., PEAC using /.well-known/peac.txt) that aims to pair Web Bot Auth with site-controlled terms and verifiable receipts.

Disclosure: I work on PEAC, but the pattern applies regardless of implementation.

Cloudflare is playing both sides: grok.com is served by Cloudflare.
Famously, a lot of DDoS-for-hire providers were served by Cloudflare. CF has a strong interest in making sure you can always get DDoSed.
I like that parsable signature in the http message however I dont quite understand how the system differentiates between human users and an llm agent controlling a browser
(comment deleted)
I will employ every tool in my toolbox in different ways before I bend to this. Especially before I bend to cloudflare.
Web Bot Auth solves a real problem with a real standard. Per-request signatures make automated traffic accountable, and that is the right long-term primitive. In Cloudflare’s hands, the current implementation is built first for bots, not agents. “Signed agents” read like a label added to a bot-centric system, not a first-class agent identity fabric. The design also centers Cloudflare as the arbiter and on-ramp, which is great for reliability inside their network and great for their business moat, but not great for an open, decentralized agentic web.

While it builds on standards as the top poster notes, cloudflare's version is a business moat driven central registry service and nothing what the decentralized internet would/should look.

i wrote a but more about this on my blog if someone care to read https://blog.agentcommunity.org/2025-08-23-web_auth_box_not_...

ActivityPub had sth similar? Maybe just reuse that to identify the source identity, then determine if you want to trust that domain or person/bot?
>3. Register your bot and key directory

Register with CF is the specific part I object to. Of all of the numerous hazards here centralizing the registration with CF is most clearly problematic. This part of the spec could have easily been an additional header linking to key data.

Good news - this part of the spec is literally an additional header linking to key data: https://datatracker.ietf.org/doc/html/draft-meunier-http-mes... .

Cloudflare is doing this registration as part of their "verified" program, which gives special treatment to bots/agents who go through the process. That's a Cloudflare-specific feature, not part of the spec.