37 comments

[ 3.5 ms ] story [ 60.0 ms ] thread
Given how many rounds of captchas I have to fight through, I'm not sure if these numbers are accurate.
Dead internet theory
Wikipedia no longer calls it a 'conspiracy theory'. I guess it's confirmed then.
fascinating ebb and flow of what qualifies as a conspiracy theory
> while the "strong" version of the theory asserts that society itself collapsed because of some catastrophic event, and some entity (perhaps aliens or highly advanced artificial intelligence[31]) is keeping people connected to the internet to disguise this reality.

new can of worms unlocked, thanks!

Given how most of the internet is on mobile, I wonder how much that would skew this.
“First time”

The graph seems like it only goes back to April 27 and on that day it was 57% bot…

For the first time? No way. People were saying this 5, 10, 15+ years ago.
Automated systems that don’t sleep and are often programmed to aggressively scrape and are limited only by compute capacity outstripped humanity? I am not surprised by this at all.
If they were truly this accurate at identifying sources of bot traffic, you'd think they'd be better at blocking them without inconveniencing the rest of us.
Dead internet theory gaining more credibility with every passing day.
Only for HTML content. Total traffic would have been surprising.
According to the Thales Bad Bot Report, in 2025 >53% of traffic came from bots. 2024 was 50 - 50, and in 2013, it was measured at 43%.

AI-driven* bot activity has increased more than tenfold however in the past 12 months so I'm confident this will grow to a very solid majority.

OP: please add [2012] to the title
It's a silly metric. There could be only one master bot that pings every known endpoint multiple times a second, and that would probably surpass all human activity, too. It doesn't really tell us much about intention or the ability to masquerade as humans.

Where I would start to worry is if there's evidence that bot access patterns are starting to become harder to distinguish from human access patterns, which would suggest that they are, in fact, mimicking or masquerading as humans. I don't care how many search bots are indexing web content, but I do worry about how many social bots are attempting to manipulate or mislead people.

Any thoughts on why ~30% of HTTP request are in US? I know we had first mover advantage for awhile but I'd expect this to have been diluted by larger populations by now. It doesn't appear to be AI/bot driven either.
Network effect feedback. Cheap hosting in the US because servers are there, more servers are there because of demand for hosting. AWS is there - similar reasons. Big Tech had more time to develop there and eclipsed other countries' tech.
I was tracking this as part of an older job and this has been the case for some years now - started around the Covid time with all the scalping bots etc and has just been building up.

This sorta mirrors the early-mid 2010's when people[1] were worried about how much of the internet was streaming traffic.

[1] Mostly ISP's annoyed at not being able to monetize it and folks trying to sell monetization solutions to them - https://www.sandvine.com/hubfs/Sandvine_Redesign_2019/Downlo...

I'm looking forward to the fraud lawsuites for ad companies
Would love to see it go further back and some meaningful metric of how much is web scrapers vs bots.
CF posts metrics which reinforces their business... shocking
Not shocking if CF is now trying really hard to keep me out of the internet
Can bot traffic cause ad revenue to go up by any chance? Or false clicks that cost advertisers?
Only if the bot is designed to commit ad fraud. Normal bots are obvious to ad networks.
This feels like a vibe-coded dashboard that someone made just because they could and with AI it is much cheaper/quicker to create. But they didn't actually put too much thought into how it would/could actually be used. This doesn't really provide much value over "well that's kind of interesting to know". There aren't really actionable points that one can take from looking at these charts.

Some of my opinion above is formed from my own experience making similar charts just because I wonder what something would look like graphed out :)

Bot traffic

  Share of HTTP requests
  
  Ranking   Location   Percentage
  1.        Gibraltar    92.0%
  2.        Iran         76.9%
  3.        Singapore    76.4%
  4.        Ireland      72.9%
  5.        Netherlands  68.8%
Lol, what is happening?
One funny thing I've discovered as a result of certificate transparency logs is that the second your host gets given an SSL cert, you are immediately blasted with ai crawlers.

I put a project online - it was online for a month, and the second I added an SSL cert it went from 0 traffic to 1000 requests/min.

> One funny thing I've discovered as a result of certificate transparency logs is that the second your host gets given an SSL cert

I've been thinking of using wildcard certs for Caddy in regards to this.

Today AI crawlers, years ago vulnerability scanners from Russia or China.

Either way! People monitor cert registries for targets.

Saw this play out firsthand this week. Launched a small developer tool and within 48 hours had traffic from 38 countries — Netherlands and Singapore near the top, which matches the bot-heavy regions in this data.

The SSL cert observation in another comment here is accurate too. The second a domain goes live it gets discovered.