- We REALLY need a way to tie identity to agent/requests
- The idea of registering with cloudflare to be able to access a website is bad
- Sites should be able to block whoever they want or make anything they desire a requirement (there are people that has login only with google after all)
We have the right primitives to build something that works for any provider (from cloudflare, to Akamai, to self hosting nginx servers). Let's take that route
We have a way to tie identity to agent/requests. It's called IP address. Every IP address has a provider's identity, and most providers can further specify an individual or business.
It doesn't help. Do you know why it doesn't help? It doesn't help because AI companies just pay people to borrow your identity. Somewhere between $2 and $250 per month to borrow your internet identity - the former for running a program in the background on your computer and the latter for getting an internet contract in your name. Or you can pay developers of free mobile games to put your code in their game, and the user doesn't know about it, and it's not even illegal.
All that will happen if you tighten identity further is that these measures will go further, e.g. farms of real devices with robots giving touch inputs and cameras running OCR. Meanwhile you'll make it more annoying for everyone to use the internet until they quit.
You know what other effect it has? Only big players will be able to afford the workaround measures. Google will have no problem deploying an army of robots with phones (or just faking it since they own the signing keys) meanwhile you just banned every non-Google non-Apple phone from your website, forcing centralisation and monopoly on everyone.
And for what? Saving 3 requests per second of server load?
Tying identity of any thing to this is a road we should not go down. I hear you, but this will get extended to people, which is already under threat in a lot of places.
i don’t doubt that it went through a review process but:
> Authentication for that world isn’t “ask Cloudflare for a hall pass.” It’s verifiable chains of delegation and request-level proof: open, portable, and independent of any one company.
> The pattern is consistent: when the commons defines the interface, innovation compounds; when a vendor hands out permission slips, it stalls.
these are GPT tells. sure they have false positives, but i’m sure if you put this through any of the probabilistic detectors they would tell you this is almost certainly LLM-generated text.
Narrator: but he did put effort...
Anyway, main take aways for you:
- We REALLY need a way to tie identity to agent/requests - The idea of registering with cloudflare to be able to access a website is bad - Sites should be able to block whoever they want or make anything they desire a requirement (there are people that has login only with google after all)
We have the right primitives to build something that works for any provider (from cloudflare, to Akamai, to self hosting nginx servers). Let's take that route
We have a way to tie identity to agent/requests. It's called IP address. Every IP address has a provider's identity, and most providers can further specify an individual or business.
It doesn't help. Do you know why it doesn't help? It doesn't help because AI companies just pay people to borrow your identity. Somewhere between $2 and $250 per month to borrow your internet identity - the former for running a program in the background on your computer and the latter for getting an internet contract in your name. Or you can pay developers of free mobile games to put your code in their game, and the user doesn't know about it, and it's not even illegal.
All that will happen if you tighten identity further is that these measures will go further, e.g. farms of real devices with robots giving touch inputs and cameras running OCR. Meanwhile you'll make it more annoying for everyone to use the internet until they quit.
You know what other effect it has? Only big players will be able to afford the workaround measures. Google will have no problem deploying an army of robots with phones (or just faking it since they own the signing keys) meanwhile you just banned every non-Google non-Apple phone from your website, forcing centralisation and monopoly on everyone.
And for what? Saving 3 requests per second of server load?
Tying identity of any thing to this is a road we should not go down. I hear you, but this will get extended to people, which is already under threat in a lot of places.
I personally reviewed his article, and he later rewrote and addressed many of the points, so maybe you can't really tell ai from human content.
i don’t doubt that it went through a review process but:
> Authentication for that world isn’t “ask Cloudflare for a hall pass.” It’s verifiable chains of delegation and request-level proof: open, portable, and independent of any one company. > The pattern is consistent: when the commons defines the interface, innovation compounds; when a vendor hands out permission slips, it stalls.
these are GPT tells. sure they have false positives, but i’m sure if you put this through any of the probabilistic detectors they would tell you this is almost certainly LLM-generated text.