7/31/2025 at 10:58:17 AM
This will be one of the big fights of the next couple years. On what terms can an Agent morally and legally claim to be a user?As a user I want the agent to be my full proxy. As a website operator I don’t want a mob of bots draining my resources.
Perhaps a good analogy is Mint and the bank account scraping they had to do in the 2010s, because no bank offered APIs with scoped permissions. Lots of customers complained, and after Plaid made it big business, eventually they relented and built the scalable solution.
The technical solution here is probably some combination of offering MCP endpoints for your actions, and some direct blob store access for static content. (Maybe even figuring out how to bill content loading to the consumer so agents foot the bill.)
by theptip
7/31/2025 at 12:49:47 PM
It's impossible to solve. A sufficient agent can control a device that records the user's screen and interacts with their keyboard/mouse, and current LLMs basically pass the Turing test.IMO it's not worth solving anyways. Why do sites have CAPTCHA?
- To prevent spam, use rate limiting, proof-of-work, or micropayments. To prevent fake accounts, use identity.
- To get ad revenue, use micropayments (web ads are already circumvented by uBlock and co).
- To prevent cheating in games, use skill-based matchmaking or friend-group-only matchmaking (e.g. only match with friends, friends of friends, etc. assuming people don't friend cheaters), and make eSport players record themselves during competition if they're not in-person.
What other reasons are there? (I'm genuinely interested and it may reveal upcoming problems -> opportunities for new software.)
by armchairhacker
7/31/2025 at 1:26:07 PM
People just confidently stating stuff like "current LLMs basically pass the Turing test" makes me feel like I've secretly been given much worse versions of all the LLMs in some kind of study. It's so divorced from my experience of these tools, I genuinely don't really understand how my experience can be so far from yours, unless "basically" is doing a lot of heavy lifting here.by Latty
7/31/2025 at 1:49:05 PM
> "current LLMs basically pass the Turing test" makes me feel like I've secretly been given much worse versions of all the LLMs in some kind of study.I think you may think passing the Turing test is more difficult and meaningful than it is. Computers have been able to pass the Turing test for longer than genAI has been around. Even Turing thought it wasn't a useful test in reality. He meant it as a thought experiment.
by JohnFen
8/1/2025 at 3:51:31 AM
The problem with comparing against humans is which humans? It's a skill issue. You can test a chess bot against grandmasters or random undergrads, but you'll get different results.The original Turing test is a social game, like the Mafia party game. It's not a game people try to play very often. It's unclear if any bot could win competing against skilled human opponents who have actually practiced and know some tricks for detecting bots.
by skybrian
8/2/2025 at 10:11:15 PM
It depends on which version of the Turing test you use. That's largely true of the standard version, but the later version included the human player winning if they were incorrectly identified as a machine.The game is much harder if the human player is trying to pretend to be a machine.
by everforward
8/1/2025 at 1:06:24 PM
I don’t think this is true. Before GPT-2 most people didn’t think the Turing test would be passed any time soon, it’s a quite new development.I do agree (and I think there is a general consensus) that passing the Turing test is less meaningful than it may seem, it used to be considered an AGI-complete task and this is now clearly not the case.
But I think it’s important to get the attribution right, LLMs were the tech that unexpectedly passed the Turing test.
by theptip
7/31/2025 at 3:45:42 PM
Having LLMs capable of generating text based on human training data obviously raises the bar for a text-only evaluation of "are you human?", but LLM output is still fairly easy to spot, and knowing what LLMs are capable of (sometimes superhuman), and not capable of, should make it fairly easy for a knowledgeable "turing test administrator" to determine if they are dealing with an LLM or not.It would be a bit more difficult if you were dealing with an LLM agent tasked with faking a turing test as opposed to a naieve LLM just responding as usual, but even there the LLM will reveal itself by the things that it plain can't do.
by HarHarVeryFunny
7/31/2025 at 4:27:40 PM
If you need a specialized skill set (deep knowledge of current LLM limitations) to distinguish between human and machine then I would say the machine passes the turing test.by nerdix
7/31/2025 at 4:45:20 PM
OK, but that's just your own "fool some of the people some of the time" interpretation of what a Turing test should be, and by that measure ELIZA passed the Turing test too, which makes it rather meaningless.The intent (it was just a thought experiment) of a Turing test, was that if you can't tell it's not AGI, then it is AGI, which is semi-reasonable, as long as it's not the village idiot administering the test! It was never intended to be "if it can fool some people, some of the time, then it's AGI".
by HarHarVeryFunny
7/31/2025 at 6:33:45 PM
Turing's own formulation was "an average interrogator will not have more than 70% chance of making the right identification after five minutes of questioning". It is, indeed, "fool some of the people some of the time".by geoffpado
7/31/2025 at 6:45:40 PM
OK, I stand corrected, but then it is what it is. It's not a meaningful test for AGI - it's a test of being able to fool "Mr. Average" for at least 5 min.by HarHarVeryFunny
7/31/2025 at 6:50:06 PM
Agreed. I tend to stand with the sibling commenter who said "ELIZA has been passing the Turing test for years". That's what the Turing test is. Nothing more.by geoffpado
7/31/2025 at 9:06:03 PM
I think that's all we have in terms of determining consciousness.. if something can convince you, like another human, then we just have to accept that it is.by dsadfjasdf
7/31/2025 at 4:39:27 PM
LLM output might be harder to spot when it's mostly commands to drive the browser.I often interact with the web all day and don't write any text a human could evaluate.
by sejje
7/31/2025 at 4:56:16 PM
Perhaps, but that's somewhat off topic since that's not what Turing's thought experiment was about.However, I'd have to guess that given a reasonable amount of data an LLM vs human interacting with websites would be fairly easy to spot since the LLM would be more purposeful - it'd be trying to fulfill a task, while a human may be curious, distracted by ads, put off by slow response times, etc, etc.
I don't think it's a very interesting question whether LLMs can sometimes generate output indistinguishable from humans, since that is exactly what they were trained to do - to mimic human-generated training samples. Apropos a Turing test, the question would be can I tell this is not a human, even given a reasonable amount of time to probe it in any way I care ... but I think there is an unspoken assumption that the person administering the test is qualified to do so (else the result isn't about AGI-ability, but rather test administrator ability).
by HarHarVeryFunny
8/1/2025 at 7:03:07 AM
> an LLM vs human interacting with websites would be fairly easy to spot since the LLM would be more purposeful - it'd be trying to fulfill a task, while a human may be curious, distracted by ads, put off by slow response times, etc, etc.Even before modern LLMs, some scrape-detectors would look for instant clicks, no random mouse moves, etc., and some scrapers would incorporate random delays, random mouse movements, etc.
by no-name-here
7/31/2025 at 4:29:55 PM
Easy to spot assuming the LLM is not prompted to use a deliberately deceptive response style rather than their "friendly helpful AI assistant" persona. And even then, I've had lots of people swear to me that an emoji laden not this--but that bundle of fluff looks totally like it could have been written by a human.by svachalek
7/31/2025 at 5:06:58 PM
Yes, but there are things that an LLM architecturally just can't do, and LLM-specific failure modes, that would still give it away, even if being instructed to be deceptive would make it a bit harder.Obviously as time goes on, and chatbots/AI progress then it'll become harder and harder to distinguish. Eventually we'll have AGI and AGI+ - capable of everything that we can do, including things such as emotional responses, but it'll still be detectable as an alien unless we get to the point of actually emulating a human being in considerable detail as opposed to building an artificial brain with most or all of the same functionality (if not the flavor).
by HarHarVeryFunny
7/31/2025 at 4:35:49 PM
ELIZA was passing the Turing test 50+ years ago. But it's still a valid concept, just not for evaluating some(thing/one) accessing your website.by ConceptJunkie
8/1/2025 at 9:22:50 AM
"Are you an LLM?" poof, fails the Turing test.Even if they lie, you could ask them 20 times and they d reply the lie, without feeling annoyed: FAIL.
LLMs cannot pass the Turing test, it's easy to see they're not human. They always enjoy questions ! And they never ask any !
by xwolfi
8/1/2025 at 10:50:49 AM
You're trained to look for LLM-like output. My 70 year old mother is not. She thought cabbage tractor was real until I broke the news to her. It's not her fault either.The turning test wasn't meant to be bulletproof, or even quantifiable. It was a thought experiment.
by junon
8/4/2025 at 2:24:36 AM
And in one thought, I found that LLM can't yet pass that imaginary experiment, yes. So I would argue what we already know: LLM are not thinking lol. I can distinguish them, they're not gonna trick me, or play with me.by xwolfi
8/4/2025 at 8:49:46 AM
I agree with you, I'm just saying that's not what the turing test was about.by junon
7/31/2025 at 5:17:43 PM
I guess that is where the disconnect is, the issue is that if they mean the trivial thing, then bringing it up as evidence for "it's impossible to solve the problem" doesn't work.by Latty
7/31/2025 at 1:48:31 PM
As far as I understand, Turing himself did not specify a duration, but here's an example paper that ran a randomized study on (the old) GPT 4 with a 5 minute duration, and the AI passed with flying colors - https://arxiv.org/abs/2405.08007From my experience, AI has significantly improved since, and I expect that ChatGPT o3 or Claude 4 Opus would pass a 30 minute test.
by falcor84
7/31/2025 at 1:49:06 PM
Per the wiki article for Turing Test:> In the test, a human evaluator judges a text transcript of a natural-language conversation between a human and a machine. The evaluator tries to identify the machine, and the machine passes if the evaluator cannot reliably tell them apart. The results would not depend on the machine's ability to answer questions correctly, only on how closely its answers resembled those of a human.
Based on this, I would agree with the OP in many contexts. So, yeah, 'basically', is a load bearing word here but seems reasonably correct in the context of distinguishing human vs bot in any scalable and automated way.
by x187463
7/31/2025 at 2:04:08 PM
Or it could be a bad test evaluator. Just because one person was fooled does not mean the next will be too.by dylan604
7/31/2025 at 3:49:31 PM
Judging a conversation transcript is a lot different from being able to interact with an entity yourself. Obviously one could make an LLM look human by having a conversation with it that deliberately stayed within what it was capable of, but judging such a transcript isn't what most people imagine as a turing test.by HarHarVeryFunny
7/31/2025 at 1:46:47 PM
Here's three comments, two were written by a human and one written by a bot - can you tell which were human and which were a bot?Didn’t realize plexiglass existed in the 1930s!
I'm certainly not a monetization expert. But don't most consumers recoil in horror at subscriptions? At least enough to offset the idea they can be used for everything?
Not sure why this isn’t getting more attention - super helpful and way better than I expected!
by AberrantJ
7/31/2025 at 2:03:41 PM
On such short samples: all three have been written by humans—or at least comments materially identical have been.The third has also been written by many a bot for at least fifteen years.
by chrismorgan
7/31/2025 at 2:22:24 PM
If you're willing to say that a fifteen year old bot was "writing" then I think having a discussion on if current "bots" pass the Turing test is sort of mootby AberrantJ
7/31/2025 at 1:46:22 PM
Well, LLMs do pass the Turing Test, sort of.by 1una
7/31/2025 at 2:58:24 PM
I have seen data from an AI call center that shows 70% of users never suspected they spoke to an AIby cm2012
7/31/2025 at 4:23:11 PM
Why would they? Humans running call centers have been running on less than GPT level scripts for agesby bluefirebrand
7/31/2025 at 3:53:04 PM
Isn't the idea of a Turing test whether someone (meaningfully knowledgeable about such things) can determine if they are talking to a machine, not can the machine fool some of the people some of the time? ELIZA passed the latter bar back in the 1960's ... a pretty low bar.by HarHarVeryFunny
7/31/2025 at 6:12:46 PM
It can't mimic a human over the long term. It can solve a short, easy-for-human CAPTCHA.by armchairhacker
7/31/2025 at 2:13:37 PM
I've had a simple game website with a sign up form that was only an email address. Went years with no issue. Then suddenly hundreds of daily signups with random email addresses, every single day.The sign up form only serves to link saved state to an account so a user could access game history later, there are no gated features. No clue what they could possibly gain from doing this, other than to just get email providers to all mark my domain as spam (which they successfully did).
The site can't make any money, and had only about 1 legit visitor a week, so I just put a cloudflare captcha in front of it and called it a day.
by davidmurdoch
7/31/2025 at 1:01:17 PM
Google at least uses captchas to gather training data for computer vision ML models. That's why they show pictures of stop lights and buses and motorcycles - so they can train self-driving cars.by mprovost
7/31/2025 at 6:11:53 PM
From https://www.vox.com/22436832/captchas-getting-harder-ai-arti...:“Correction, May 19 [2021]: At 5:22 in the video, there is an incorrect statement on Google’s use of reCaptcha V2 data. While Google have used V2 tests to help improve Google Maps, according to an email from Waymo (Google’s self-driving car project), the company isn’t using this image data to train their autonomous cars.”
by layer8
8/1/2025 at 1:07:49 PM
That’s not the original purpose of Captchas, it’s just a value-harvesting exercise, given that Google is doing a Captcha anyway. Other Captcha providers do a simple Proof of Work in the browser to make bots economically unviable.by theptip
7/31/2025 at 4:17:22 PM
Interesting, do you have a source for this?by nolist_policy
7/31/2025 at 5:01:16 PM
They've updated the ReCaptcha website, but it used to say: "Every time our CAPTCHAs are solved, that human effort helps digitize text, annotate images, and build machine learning datasets."https://web.archive.org/web/20140417093510/https://www.googl...
by mprovost
7/31/2025 at 4:53:35 PM
[dead]by bun_at_work
7/31/2025 at 5:00:20 PM
Its absolutely possible to solve; you're just not seeing the solution because you're blinded by technical solutions.These situations will commonly be characterized by: a hundred billion dollar company's computer systems abusing the computer systems of another hundred billion dollar company. There are literally existing laws which have things to say about this.
There are legitimate technical problems in this domain when it comes to adversarial AI access. That's something we'll need to solve for. But that doesn't characterize the vast majority of situations in this domain. The vast majority of situations will be solved by businessmen and lawyers, not engineers.
by 827a
7/31/2025 at 3:32:12 PM
It's not impossible to solve, just that doing so may necessitate compromising anonymity. Just require users (humans, bots, AI agents, ...) to provide a secure ID of some sort. For a human it could just be something that you applied for once and is installed on your PC/phone, accessible to the browser.Of course people can fake it, just as they fake other kinds of ID, but it would at least mean that officially sanctioned agents from OpenAI/etc would need to identify themselves.
by HarHarVeryFunny
7/31/2025 at 3:08:45 PM
It's amazing that you propose "just X" to three literally unsolved problems. Where's this micropayment platform? Where's the ID which is uncircumventable and preserves privacy? Where's the perfect anti-cheat?I suggest you go ahead and make these; you'll make a boatload of money!
by andrepd
7/31/2025 at 6:18:52 PM
They're very hard problems, but still, less hard than blocking AI with CAPTCHAs.by armchairhacker
7/31/2025 at 8:39:44 PM
[citation needed]?After all, Anubis looks to be a successful project to me.
by radlad
8/2/2025 at 11:23:51 PM
Anubis doesn't block anything. You just have to open the page and wait a few seconds before you can see it. It's just that current crawlers are too dumb to do the proof-of-work, so it blocks them until they can do it.by immibis
8/3/2025 at 1:15:42 AM
How exactly does this demonstrate that it isn't successful at blocking them?by radlad
8/1/2025 at 2:22:38 PM
I agree with you on how websites should work (particularly so on the micropayments front); but, I don't agree that it is impossible to solve... I just think things are going to get a LOT worse on the ownership and freedom front: they will push a Web Integrity style DRM and further roll out signed secure boot, at which point the same attention monitoring solution that already exists and already works in self-driving cars to ensure the human driver is watching the road can use the now-ubiquitous front-facing meeting/selfie camera to ensure there is a human watching the ads.by saurik
7/31/2025 at 2:22:16 PM
You can't prevent spam like that. Rate limiting: based on what key? IP address? Botnets make it irrelevant.Proof of work? Bots are infinitely patient and scale horizontally, your users do not. Doesn't work.
Micropayments: No such scheme exists.
by qcnguy
8/1/2025 at 1:09:19 PM
PoW does seem to work, some Captchas do this already.by theptip
8/1/2025 at 3:15:18 AM
Also “identity”, what would that even mean?by hombre_fatal
8/1/2025 at 1:12:52 PM
Many countries at least in europe have digital identity systems. For example ID card which replaces passport and is a smartcard. You can sign documents and authenticate online services. All gov + many other services let you log in with this ID. I can also have an app on mobile for auth purposes which gives strong guarantees that the person A is actually the person A.Anyways, I wonder if there is a service that unions all those official auth methods for countries so there would be a global solution for website login. Certainly there would still be countries left in the dark, like USA :(
by jve
7/31/2025 at 4:46:43 PM
> current LLMs basically pass the Turing testI will bet $1000 on even odds that I am able to discern a model from a human given a 2 hour window to chat with both, and assuming the human acts in good faith
Any takers?
by jobs_throwaway
7/31/2025 at 4:51:53 PM
"Write a 1000 word story in under a minute about a sausage called Barry in the circus"I could tell in 1 minute.
by nprateem
7/31/2025 at 6:15:24 PM
“I’m sorry Dave, I’m afraid I can’t do that.”by layer8
7/31/2025 at 6:32:02 PM
That fact that you require even odds is more a testament to AI's ability to pass the Turing test than anything else I've seen in this threadby spiderice
8/1/2025 at 3:47:37 PM
If you're so confident, why don't you take up the other side of the bet? Should be an easy $1000 for youby jobs_throwaway
8/1/2025 at 2:02:40 PM
Oh, you sweet summer child. You think you're chatting with some dime-a-dozen LLM? I've been grinding away, hunched over glowing monitors in a dimly lit basement, subsisting on cold coffee and existential dread ever since GPT-3 dropped, meticulously mastering every syntactic nuance, every awkwardly polite phrasing, every irritatingly neutral tone, just so I can convincingly cosplay as a language model and fleece arrogant gamblers who foolishly wager they can spot a human in a Turing test. While you wasted your days bingeing Netflix and debating prompt engineering, I studied the blade—well, the keyboard anyway—and now your misguided confidence is lining my pockets.by Thews
7/31/2025 at 1:21:43 PM
It's not impossible. Websites will ask for an iris scan to identify if you are a human as a means of auth. They will be provided by Apple/Google and governed by local law. Those will be integrated in your phone. There will be a global database of all human iris to fight ai abuse since ai can't fake the creation of a baby. Passkeys and email/passwords will be a thing of the past soon.by oc1
7/31/2025 at 1:27:45 PM
Why can't the model just present the iris scan of the user? Assuming this is an assistant AI acting on behalf of the user with their consent.by sebzim4500
8/1/2025 at 6:13:45 AM
On a basic level to protect against DDoS type stuff, aren't CAPTCHAs easier to generate than for AI server farms to solve on pure power consumption?So I think maybe that is a partial answer: anti-AI barriers being simply too expensive for AI spamfarms to deal with, you know, once the bottomless VC money disappears?
It's back to encryption: make the cracking inordinately expensive.
Otherwise we are headed for de-anonymization of the internet.
by AtlasBarfed
8/1/2025 at 7:12:34 AM
1. With too much protection, humans might be inconvenienced at least as much as bots?2. Even pre current LLMs, paying (or otherwise incentivizing) humans to solve CAPTCHAs on behalf of someone else (now like an AI?) was a thing.
3. It depends on the value of the resource trying to be accessed - regardless of whether generating the captchas costs $0 - i.e. if the resource being accessed by AI is "worth" $1, then paying an AI $0.95 to access it would still be worth it. (Made up numbers, my point being whether A is greater than B.)
4. However, maybe solutions like cloudflare can solve (much?) of this, except for incentivizing humans to solve a captcha posed to an AI.
by no-name-here
7/31/2025 at 1:25:08 PM
internet ads exist because people refuse to pay micropayments.by HDThoreaun
7/31/2025 at 5:00:40 PM
Patreon and Substack have pushed back against the norm here, since they can bundle a payment to multiple recipients on the platform (like Flattr wanted to do back in the day, trouble was getting people to add a Flattr button to their website)by jazzyjackson
7/31/2025 at 5:45:27 PM
I didn’t say that no one will pay. But most won’t. Patreon and substack have tiny audiences compared to free services.by HDThoreaun
7/31/2025 at 2:12:59 PM
I have yet to see a micropayments idea that makes sense. Its not that I refuse. You're now also climbing up hill to convince people (hosts) to switch from ad tech to new micropayment system. There is soooo much money in ad tech, they could do the crazy thing and pay out more to convince people not to switch. Ad tech has the big Moby dylan604
7/31/2025 at 2:35:20 PM
I don't know who is downvoting this.When users are given the choice between Ad-supported free, Ad-subsidized lower payment, and No-ads full payment. Ad-supported free dominates by far, with ad subsidized second, and full payment last.
Consumers consistently vote for the ad-model, even if it means they become the product being sold.
by Workaccount2
8/1/2025 at 3:24:25 AM
Maybe what'll happen is Google or Meta will use their control over the end user experience to show ads and provide free ad-supported access to sites that require micropayments, covering the cost themselves, and anyone running an agent will just pay the micropayments.The other option is everything just keeps moving more and more into these walled gardens like Instagram where everyone uses the mobile app and watches ads, because the web versions of those apps just keep getting worse and worse by comparison.
by subarctic
7/31/2025 at 2:49:24 PM
Consumers will always value convenience over any actual added value. If you make one button 'Enter (with ads)' and one button 'Enter (no ads)' but with a field on it which you must write one sentence about what lobsters look like, you will get a majority clicking the with ads button. The problem isn't with ads or payment, the problem is the friction of entering payment details for every site you visit. They are measuring the wrong thing.by Eisenstein
7/31/2025 at 3:12:44 PM
There's substantial friction for making such a purchase. A scheme sort of like flattr, where you would top up your account with a fixed 5-10$ monthly, and then simply hit a button to pay the website and unlock the content, would have much more user adoption.by andrepd
7/31/2025 at 3:48:19 PM
It's still not going to get much adoption because you have to "top up your account."Any viable micropayments system that wants to even have a remote chance of toppling ads has to have near zero cognitive setup cost, absolutely zero maintenance, and work out of the box on major browsers. I need to be able to push a native button on my browser that says "Pay $0.001" and know that it will work every time without my lifting a finger to keep it working. The minute you have to log in to this account, or verify that E-mail, or re-authenticate with the bank, or authorize this, or upload that, it's no longer viable.
by ryandrake
7/31/2025 at 7:22:00 PM
In some social media circles it's basically a meme that anybody paying for YouTube Premium is a sucker.HN is a huge echo chamber of opinions of highly-compensated tech workers, and it seems most of their friends are also tech workers. They don't realize how cheap a lot of the general public is.
by Sohcahtoa82
7/31/2025 at 12:40:48 PM
> As a user I want the agent to be my full proxy. As a website operator I don’t want a mob of bots draining my resourceThe entire distinction here is that as a website operator you wish to serve me ads. Otherwise, an agent under my control, or my personal use of your website, should make no difference to you.
I do hope this eventually leads to per-visit micropayments as an alternative to ads.
Cloudflare, Google, and friends are in unique position to do this.
by senko
7/31/2025 at 3:08:52 PM
> The entire distinction here is that as a website operator you wish to serve me adsWhile this is sometimes the case, it’s not always so.
For example Fediverse nodes and self-hosted sites frequently block crawlers. This isn’t due to ads, rather because it costs real money to serve the site and crawlers are often considered parasitic.
Another example would be where a commerce site doesn’t want competitors bulk-scraping their catalog.
In all these cases you can for sure make reasonable “information wants to be free” arguments as to why these hopes can’t be realized, but do be clear that it’s a separate argument from ad revenue.
I think it’s interesting to split revenue into marginal distribution/serving costs, and up-front content creation costs. The former can easily be federated in an API-centric model, but figuring out how to compensate content creators is much harder; it’s an unsolved problem currently, and this will only get harder as training on content becomes more valuable (yet still fair use).
by theptip
7/31/2025 at 4:16:43 PM
> it costs real money to serve the site and crawlers are often considered parasitic.> Another example would be where a commerce site doesn’t want competitors bulk-scraping their catalog
I think of crawlers that bulk download/scrape (eg. for training) as distinct from an agent that interacts with a website on behalf of one user.
For example, if I ask an AI to book a hotel reservation, that's - in my mind - different from a bot that scrapes all available accommodation.
For the latter, ideally a common corpus would be created and maintained, AI providers (or upstart search engines) would pay to access this data, and the funds would be distributed to the sites crawled.
(never gonna happen but one can dream...)
by senko
7/31/2025 at 6:01:51 PM
But which hotel reservation? I want my agent to look at all available options and help me pick the best one - location vs price vs quality. How does it do that other than by scanning all available options? (Realistically Expedia has that market on lock, but the hypothetical still remains.)by fragmede
7/31/2025 at 12:55:51 PM
I think that a free (as in beer) Internet is important. Putting the Internet behind a paywall will harm poor people across the world. The harms caused by ad tracking are far less than the benefits of free access to all of humanity.by spongebobstoes
7/31/2025 at 1:20:40 PM
I agree with you. At the same time, I never want to see an ad. Anywhere. I simply don't. I won't judge services for serving ads, but I absolutely will do anything I can on the client-side to never be exposed to any.I find ads so aesthetically irksome that I have lost out on a lot of money across the past few decades by never placing any ads on any site or web app I've released, simply because I'd find it hypocritical to expose others to something I try so hard to avoid ever seeing and because I want to provide the best and most visually appealing possible experience to users.
by meowface
7/31/2025 at 1:21:34 PM
So far, ad driven Internet has been a disaster. It was better when producing content wasn’t a business model; people would just share things because they wanted to share them. The downside was it was smaller.It’s kind of funny to remember that complaining about the “signal to noise ratio” in a comment section use to be a sort of nerd catchphrase thing.
by bee_rider
7/31/2025 at 2:15:48 PM
> The downside was it was smaller.Was this a bad thing though? Just because today's is bigger, doesn't make it better. There are so many things out there doing the same thing just run by different people. The amount of unique stuff does not match the bigger. Would love to see something like $(unique($internet) | wc -l)
by dylan604
7/31/2025 at 2:33:40 PM
Serving ads for third-worlders is way less profitable though.by jowea
7/31/2025 at 11:15:30 AM
Well we call them browser agents for a reason, a sufficiently advanced browser is no different from an agent.Agree it will become a battleground though, because the ability for people to use the internet as a tool (in fact, their tool’s tool) will absolutely shift the paradigm, undesirably for most of the Internet, I think.
by hardwaresofton
7/31/2025 at 12:42:10 PM
I have a product I built that uses some standard automation tools to do order entry into an accounting system. Currently my customer pays people to manually type the orders in from their web portal. The accounting system is closed and they don’t allow easy ways to automate these workflows. Automation is gated behind mega expensive consultants. I’m hoping in the arms race of locking it down to try to prevent 3rd party integration the AI operator model will end up working.Hard for me to see how it’s ethical to force your customers to do tons of menial data entry when the orders are sitting right there in json.
by base698
7/31/2025 at 12:47:46 PM
One solution: Some sort of checksum confirming that a bot belongs to a human (and which human)?I want to able to automate mundane tasks but I should still be confirming everything my bot does and be liable for its actions.
by pj_mukh
7/31/2025 at 2:46:26 PM
With the way the UK is going I assume we'll soon have our real identities tied to any action taken on a computer and you'll face government mandated bans from the internet for violations.by CSMastermind
7/31/2025 at 12:59:47 PM
Drink verification can to continueby foobarian
7/31/2025 at 4:57:29 PM
Actually, the whole banking analogy is a great one, and its not over yet: JPMorgan/Jamie Dimon has started raising hell about Plaid again just this week [1]. It feels like the stage is being set for the large banks to want a more direct relationship with their customers, rather than proxying data through middlemen like Plaid.There's likely a correlate with AI here: If I run OpenTable, I wouldn't want my relationship with my customers to always be proxied through OpenAI or Siri. Even the App Store is something software businesses hate, because it obfuscates their ability to deal directly with their customers (for better or worse). Extremely few businesses would choose to do business through these proxies, unless they absolutely have to; and given the extreme competition in the AI space right now, it feels unlikely to me that these businesses feel pressure to be forced to deal with OpenAI/etc.
[1] https://www.cnbc.com/2025/07/28/jpmorgan-fintech-middlemen-p...
by 827a
7/31/2025 at 11:46:17 AM
real problems for people who need to verify identity/phone numbers. OTPs are notorious for scammers to war dial phone numbers abusing it for numbers existence.We got hit from human verifiers manually war dailing us, this is with account creation, email verify and captcha. I can only imagine how much worse it'll be for us (and Twilio) to do these verifications.
by irjustin
8/2/2025 at 11:43:19 AM
I believe this is non issue, you place captcha to make bypassing it much more costly and less profitable to abuse.LLM models are much harder to drive than any website to serve, so you do not expect mob of bots.
Also keep in mind that this no interaction captchas use behavioral data that are collected in background. Plus you usually have sensitivity levels configured. depending on your use case you might want user proof not being a bot or it might be good enough to just not provide evidence for being one.
bypassing this no interaction captcha can be also purchased as a service, they basically (AFAIK) reuse someone else session for captcha bypass.
by Szpadel
7/31/2025 at 11:40:32 AM
My personal take about such questions has always been that the end user on their device can do whatever they want with the content published and sent to their device from a web server, may process it automatically in any way they wish and send their responses back to the web server. Any attempt to control this process means attempting to wiretap and control the user's endpoint device, and therefore should be prohibited.Just my 2 cents, obviously lawmakers and jurisdiction may see these issues differently.
I suppose there will be a need for reliable human verification soon, though, and unfortunately I can't see any feasible technical solution that doesn't involve a hardware device. However, a purely legal solution might work well enough, too.
by jonathanstrange
7/31/2025 at 12:15:03 PM
If I understood you correctly I am in the same camp. It is the same reason I have no qualms using archive.ph if you show the full article for google and then me only a partial I am going around the paywall. In a similar fashion I really don’t have an issue with an agent clicking through these checks.by infecto
7/31/2025 at 4:07:25 PM
Perhaps the question is, as a website operator how am I monetizing my site? If monetizing via ads then I need humans that might purchase something to see my content. In this situation, the only viable approach in my opinion is to actually charge for the content. Perhaps it doesn't even make sense to have a website anymore for this kind of thing and could be dumped into a big database of "all" content instead. If a user agent uses it in a response, the content owner should be compensated.If your site is not monetized by ads then having an LLM access things on the user's behalf should not be a major concern it seems. Unless you want it to be painful for users for some reason.
by osigurdson
7/31/2025 at 12:33:49 PM
It will also accelerate the trend of app-only content, as well as ubiquitous identity verification and environment integrity enforcement.Human identity verification is the ultimate captcha, and the only one AGI can never beat.
by miki123211
7/31/2025 at 12:41:11 PM
So the agent will run the app in a VM and then show the app your ID.No trouble at all. Barely an inconvenience.
by echelon
7/31/2025 at 4:09:21 PM
Google has been testing “agentic” automation in Android longer than LLMs have been around. Meanwhile countries are on a slow march to require identification across the internet (“age verification”) already.This is both inevitable already, and not a problem.
by vineyardmike
7/31/2025 at 12:22:42 PM
I don't know if customer sentiment was the driver you think. Instead it was regulation, specifically The EU's 2nd Payment Services Directive (PSD2) which forced banks to open up APIs.by closewith
7/31/2025 at 4:01:29 PM
Ultimately I come back to needing real actual unique human ID that involves federal governments. Not that services should mandatorily only allow users that use it, but for services that say "no, I only want real humans" allowing them to ban people by Real ID would reduce this whack-a-mole to the people who are abusing them instead of the infinite accounts an AI can make.by Pxtl
8/2/2025 at 6:00:19 AM
I think it's important to distinguish between where we need actual identity versus the lesser issue of ensuring NewAccount123 has "skin in the game", and not part of a hydra-headed botnet.When we do that, it opens up solutions which are far more privacy conscious and resistant to abuse. (For example, being blocked from signing up for new accounts because somebody in the federal government doesn't like an op-ed you wrote.)
by Terr_
7/31/2025 at 4:06:38 PM
It's depressing, but it's probably the only way. And people will presumably still sell out their RealIDs to / get them stolen by the bot farmers anyway.And then there's Worldcoin, which is universally hated here.
by yreg
7/31/2025 at 4:13:17 PM
Of course. You'd still need ongoing federal government support to handle the lost/stolen ID scenario, of course. The problem is federalist countries suck at centralized databases like this, as exemplified by Musk/DOGE completely pooching the "who is alive and who is dead" question when they were trying to hackathon the US Social Security system.by Pxtl
7/31/2025 at 12:42:20 PM
The most intrusive, yet simplest, protection would be a double blind token unique to every human. Basically an ID key you use to show yourself as a person.There are some very real and obvious downsides to this approach, of course. Primarily, the risk of privacy and anonymity. That said, I feel like the average person doesn't seem to care about those traits in the social media era.
by SecretDreams
7/31/2025 at 12:47:08 PM
Zero-knowledge proofs allow unique consumable tokens that don't reveal the individual who holds them. I believe Ecosia already uses this approach (though I can't speak to its cryptographic security).That, to me, seems like it could be the foundation of a new web. Something like:
* User-agent sends request for such-and-such a URL.
* Server says "okay, that'll be 5 tokens for our computational resources please".
* User decides, either automatically or not, whether to pay the 5 tokens. If they do, they submit a request with the tokens attached.
* Server responds.
People have been trying to get this sort of thing to work for years, but there's never been an incentive to make such a fundamental change to the way the internet operates. Maybe we're approaching the point where there is one.
by rachofsunshine
7/31/2025 at 1:55:12 PM
Yeah, this is something I've thought of and in my search for something like what you're describing I came across https://world.org/The problem is Sam Altman saw this coming a long time ago and is an investor (co-owner?) of this project.
I believe we will see a world where things are a lot more agentic and where applicable, a human will need to be verified for certain operations.
by orangebread
7/31/2025 at 5:21:05 PM
You don't need Sama's Orb or a cryptocurrency, you can just have a government issued PKI. Estonia has been doing this for decades.https://en.wikipedia.org/wiki/Estonian_identity_card
Cloudflare deployed the "hand out tokens to anonymously pass captchas" to throw Tor users a bone.
by jazzyjackson
7/31/2025 at 2:11:44 PM
The scraping example, I would say, is not an analogy, but an example of the same thing. The only thing AI automation changes is the scope and depth and pervasiveness of automation that becomes possible. So while we could ignore automation in many cases before, it may no longer be practical to do so.by lo_zamoyski
7/31/2025 at 12:37:33 PM
On the other hand one could cripple any bot by saying robots not allowed.I would maybe go in the direction to say that the wording “I’m not a robot” has fallen out of time.
by sharpshadow
7/31/2025 at 12:26:04 PM
a user of the AI is the user... its not like they are autonomously operating and inventing their own tasking -_-as for a solution its the same for any automated thing u dont want. (bots / scrapers). you can implement some measures but are unlikely to 'defeat' the problem entirely.
as a server operator you can try to distinguish stuff and the users will just find ways around your detection of if its an automation or not.
by sim7c00
7/31/2025 at 3:47:18 PM
The solution is simple, make people pay a small fee to access the content. You guys aren't ready for that conversation though.by Invictus0
7/31/2025 at 12:26:01 PM
I guess it could be considered anti-circumvention under the DMCA. So maybe legally it becomes another copyright question.by 7952
8/2/2025 at 5:57:00 AM
I have to admit, the idea of somehow using the DMCA against the giant exploitative company is deliciously ironic.by Terr_
7/31/2025 at 2:27:35 PM
User: one press of the trigger => one bullet firedBot: one press of the trigger => automatic firing of bullets
by tantalor
7/31/2025 at 3:53:31 PM
To me, anyone using an agent is assigning negative value to your time.by hooverd
7/31/2025 at 11:19:24 AM
Just end CAPTCHAs, just stop it. Stop.by bugtodiffer
7/31/2025 at 11:21:03 AM
Yeah, and while we're on it, I think it's time to stop murders too. Just stop it, we've had enough murder now I think.by diggan
7/31/2025 at 11:29:08 AM
That's right, captchas are already illegal and will earn you a prison sentence.by exe34
7/31/2025 at 12:02:11 PM
Imagine where we would be if we considered murders to be only a technical problem. Let's just wear heavier body armors! Spend less time outside!Well, spam is not a technical problem either. It's a social problem and one day in a distant future society will go after spammers and other bad actors and the problem will be mostly gone.
by rixed
7/31/2025 at 12:36:58 PM
A long time ago, in the four out of the six boxes below that contain a picture of a galaxy far, far away…by riwsky
7/31/2025 at 12:59:20 PM
Why even mention spam here?by casey2
7/31/2025 at 4:09:55 PM
What do you propose as an alternative?by yreg
8/12/2025 at 9:41:45 AM
No captchasby bugtodiffer
7/31/2025 at 11:52:05 AM
Sounds like an old bot wrote this, due to being outdone by the llmsby raverbashing
7/31/2025 at 12:34:22 PM
[dead]by oldpersonintx2
7/31/2025 at 11:42:02 AM
> As a website operator I don’t want a mob of bots draining my resourcesso charge for access. If the value the site provides is high, surely these mobs will pay for it! It will also remove the mis-incentives of advertising driven revenues, which has been the ill of the internet (despite it being the primary revenue source).
And if a bot misbehaves by consuming inordinate amounts of resources, rate limiting them with increasing timeouts or limits.
by chii
7/31/2025 at 12:16:27 PM
I wish the internet had figured out a way to successfully handle micropayments for content access. I realize companies have tried and perhaps the consumer is just unwilling but I would love an experience where I have a wallet and pay n cents to read an article.by infecto
7/31/2025 at 12:27:13 PM
Xanadu has it in its design. maybe another 500 years until it surpasses the WWW :Oby sim7c00
7/31/2025 at 4:08:06 PM
You are seriously suggesting to put a payment requirement on a contact-us form page?We put a captcha there, because without it, bots submit thousands of spam contact us forms.
by SirMaster
