Building on an anti-spam cybersecurity tactic known as tarpitting, he created Nepenthes, malicious software named after a carnivorous plant that will “eat just about anything that finds its way inside.”
Aaron clearly warns users that Nepenthes is aggressive malware. It’s not to be deployed by site owners uncomfortable with trapping AI crawlers and sending them down an “infinite maze” of static files with no exit links, where they “get stuck” and “thrash around” for months, he tells users. Once trapped, the crawlers can be fed gibberish data, aka Markov babble, which is designed to poison AI models. That’s likely an appealing bonus feature for any site owners who, like Aaron, are fed up with paying for AI scraping and just want to watch AI burn.
why bother wasting resources with the infinite maze and just do what the old school .htaccess bot-traps do; ban any IP that hits the nono-zone defined in robots.txt?
That’s the reason for the maze. These companies have multiple IP addresses and bots that communicate with each other.
They can go through multiple entries in the robot.txt file. Once they learn they are banned, they go scrape the old fashioned way with another IP address.
But if you create a maze, they just continually scrape useless data, rather than scraping data you don’t want them to get.
if they are stupid and scrape serially. the AI can have one “thread” caught in the tar while other “threads” continues to steal your content.
with a ban they would have to keep track of what banned them to not hit it again and get yet another of their IP range banned.
Banning IP ranges isn’t going to work. A lot of these companies rent out home IP addresses.
Also the point isn’t just protecting content, it’s data poisoning.
Why would it be only one thread stuck in the tarpit? If the tarpit maze has more than one choice (like a forked road) then the AI would have to spawn another thread to follow that path, yes? Then another thread would be spawned at the next fork in the road. Ad infinitum until the AI stops spawning threads or exhausts the resources of the web server (a DOS).
so they will have threads caught in pit and other threads stealing content. not only did you waste time with a tar pit your content still gets stolen.
any scraper worth its salt, especially with LLMs, would have garbage detection of sorts, so poisoning the model is likely not effective. they likely have more resources than you so a few spinning threads is trivial. all the while your server still has to service all these requests for garbage that is likely ineffective wasting that bandwidth you have to pay for, cycles that can be better served actually doing somehthing, and your content STILL gets stolen.
Revenge
Until somebody sends that link to a user of your website and they get banned.
Could even be done with a hidden image on another website.