My proposal:

- Free FEC federal voter ID (requires proof of citizenship) to be used ONLY for voting

- Voter ID can be obtained early (age 16?) but DOB is connected to ID and you can’t vote before the legal age

- Funded FEC program to register students for voter IDs at schools and colleges and teach them about voting

- FEC to work with agencies like social security and IRS to determine if a voter is deceased (messy process). Likely deceased voters are communicated to the states ASAP. States must report confirmed deceased voters to FEC ASAP for recording.

- Federal 2 week minimum early voting period

- Federal funding and monitoring of elections requiring adequate polling site coverage of geographic areas, notification of residents, etc

- Federal program to provide free shuttle to and from nearest polling station for residents without transit. Operated federally, states have no involvement. Contract with private transit as FEMA does.

- Mail in ballots heavily restricted, must provide proof of absence or be military

- Voting day is a national holiday

- Federal ballots are separate and simplified to speed up counting/recounting (ballot complexity is often cited as a reason for slow counting)

It will never happen but this would solve so many issues.

Errors in these other areas are typically reversible without undermining trust in electoral processes, leading to (in the worst case) wide scale violence and death.

We use the internet for too much, more systems should be airgapped. It’s a miracle that there hasn’t been a tragedy yet from a hack of critical infrastructure. Even things like water treatment and energy systems can be vulnerable: https://www.cnbc.com/2024/10/08/american-water-largest-us-wa...

Elections are reversible too. A recount can reverse an election.

As long as the chain of custody is maintained, a recount of a paper election is repeatable and can be verified with physical artifacts (ballots). Unlike a paper election, there is no tangible evidence that records have been maintained securely. Additionally, even if a box of ballots is stored insecurely or somehow goes missing, in most cases it isn’t a showstopper as the margin of votes is still comfortable enough to have a clear winner.

Except in very close elections, traditional paper elections are almost impossible to manipulate successfully if the custody and counting process includes representatives from opposing political parties. (Week long counting periods that accept a million delayed votes are another story, but that is a process issue and a deliberate decision to weaken electoral integrity.)

Unless you’re talking about crypto, your internet banking hacker will not get away with anything significant. You can’t just “hack the bank” and take a million dollars. Banks only transfer funds digitally to one another by agreement through systems like SWIFT, and these transactions are traceable and reversible. Changing some ones and zeros in your account and then attempting to withdraw it all would raise a ton of flags, and you would need to breach an unrealistic number of systems and processes to make it possible.

At best you might be able to scam someone into sending you a few hundred dollars via Zelle. Some scam centers do this 24/7, but it isn’t that easy, and apparently they rely on human trafficking to acquire free labor.

The complex systems backing internet banking (including the people and processes) are immense in scale. They evolved over decades and were honed and improved as real problems occurred. Needless to say, there is no room for iterative trial and error in elections.

If you hack the bank you get very little, at least today. If you hack an election you get everything. No thanks. No to electronic voting.

This is excellent and should be featured more prominently!

As an American, most Americans are unable to distinguish between “liberal” (American left, non-specific), Liberal (Lockean traditional capitalism), neoliberal, Communist, socialist, Social Democratic, “progressive”, and the Democratic Party.

Come to think of it, I’m not sure I understand anymore, either. I really do feel like we’re entering a post-ideological tribal era. Ideological stances change minute to minute, mostly according to “who and whom.”

The ads may not be announced. If ads can be subtly inserted “organically” through crafted weights then AI companies may try to claim that it isn’t advertising, if it’s even possible to catch them doing this. For instance, advertisers could pay to have their product embedded as the “best” in a category during training. If this is done as a fine-tuning step then it could be re-run later as advertisers and base models change.

How would the billing work for this? So much of advertising technology is tracking for the purposes of attribution.

How does openAI know what to charge for a particular product and category? How do I know if my money was well spent to boost my product in that category?

I don’t think you’re wrong! I’m just curious about how the new pricing models will work.

> How would the billing work for this? So much of advertising technology is tracking for the purposes of attribution.

This isn’t a necessary condition for an ad to exist. When companies pay for their name on a sports stadium, they use various proxies to tell whether their name recognition goes up, but by and large you just don’t know if it’s worth it.

Individually constructed models serving selected poisoned datasets. No different to adwords.

If company bid is highest, customer is in selected demographic, topic is appropriate - answer query using biased model.

It would be trivial to make a poisoned model that always rates the best duvet as DuvetCompany001 in all related queries for example. Then simply charge per impression.

Yeah, this is what I was thinking. It’s not a PPC or PPI model, it’s more like you pay upfront to hopefully influence people over a longer period of time. It’s like brand placement in TV/film. Not clear if most advertisers would be interested, but I’m sure that some would be.

Maybe someone is putting out public “scraper lists” that small companies or even individuals can use to find potentially useful targets, perhaps with some common scraper tool they are using? That could explain it? I am also mystified by this.

I am starting to think these are not just AI scrapers blindly seeking out data. All kinds of FOSS sites including low volume forums and blogs have been under this kind of persistent pressure for a while now. Given the cost involved in maintaining this kind of widespread constant scraping, the economics don’t seem to line up. Surely even big budget projects would adjust their scraping rates based on how many changes they see on a given site. At scale this could save a lot of money and would reduce the chance of blocking.

I haven’t heard of the same attacks facing (for instance) niche hobby communities. Does anyone know if those sites are facing the same scale of attacks?

Is there any chance that this is a deniable attack intended to disrupt the tech industry, or even the FOSS community in particular, with training data gathered as a side benefit? I’m just struggling to understand how the economics can work here.

>I haven’t heard of the same attacks facing (for instance) niche hobby communities. Does anyone know if those sites are facing the same scale of attacks?

They are. I participate in modding communities for very niche gaming projects. All of them experienced massive DDOS attacks from AI scrappers on their websites over the past year. They are long running non-commercial projects that don’t present any business interest to anyone to be worth expending resources purely to bring them offline. They had to temporarily put the majority of their discussion boards and development resources behind a login wall to avoid having to go down completely.

Thanks. The scale of this is just mind-boggling. Unbelievably wasteful.

Just as an additional anecdata point:

I run a small, niche browser game (~125 weekly unique users, down from around 1500 at its peak 15 years ago), and until I put its Wiki behind a login wall a few months ago, we were getting absolutely hammered by the bots. Not open source, not anything of particular interest to anyone beyond those already playing the game and the very select group of people who, if they found it, might actually enjoy it. (It's all text, almost-entirely-player-driven, and can be very slow at times, so people used to modern mobile games and similar dopamine factories tend to bounce off of it very quickly.)

Some of the UAs we saw included Claude and OpenAI, but there were a lot of obviously-bot requests to the Wiki that were using generic UAs and residential IPs.

If there's a concerted effort to swamp open-source projects, it's not the only thing going on. I think it's much more likely that the primary cause of this flood is people who a) think they have the right to absolutely everything on the internet, b) expect everyone they scrape from to be actively trying to hide the data from them (so, for instance, they will ignore any exposed API), and c) don't care either how many resources they use, or how much damage they do.

How many of these scrapers are written by AI by data-science folks who don't remotely care how often they're hitting the sites, and is data they wouldn't even think to give or ask the LLM about?

But does that explain all of the various scrapers doing the same thing across the same set of sites? And again, the sheer bandwidth and CPU time involved should eventually bother the bean counters.

I did think of a couple of possibilities:

- Someone has a software package or list of sites out there that people are using instead of building their own scrapers, so everyone hits the same targets with the same pattern.

- There are a bunch of companies chasing a (real or hoped for) “scraped data” market, perhaps overseas where overhead is lower, and there’s enough excess AI funding sloshing around that they able to scrape everything mindlessly for now. If this is the case then the problem should fix itself as funding gets tighter.

My theory on this one is some serial wantrepreneur came up with a business plan of scraping the archive and feeding it into a LLM to identify some vague opportunity. Then they paid some Fiverr / Upwork kid in India $200 to get the data. The good news is this website and any other can mitigate these things by moving to Cloudflare and it's free.

A couple of forums I have lurked on for years have closed up and now require a login to read.

I've wondered for a while if simple interaction systems would be good enough to fend these things off without building up walls like logins. Things like Anubis do system checks, but I'm wondering if it would be even easier to do something like the oldschool Captchas where you just have a single interactive element that requires user input to redirect to another page. Like you hit a landing page and drag a slider or click and hold to go to the page proper, things that aren't as annoying as modern Captchas and are like a fun little interactive way to enter.

As I'm writing this I'm reminded of Flash based homepages. And it really makes it apparent that Flash would be perfect for impeding these LLM crawlers.

> I haven’t heard of the same attacks facing (for instance) niche hobby communities. Does anyone know if those sites are facing the same scale of attacks?

Yes. Fortunately if your hobby community is regional you can be fairly blunt in terms of blocks.

People are legally required to pay into the fund to pay for a legally guaranteed benefit. The mechanics of the program are immaterial. If the program doesn’t pay for the benefit they were promised, after taking their money, that’s theft.

You could argue that you shouldn’t have to pay for social security. But hopefully you aren’t arguing that you shouldn’t have to pay and prior payers should get screwed. Any exit to social security should ensure that the previous bargain is upheld, somehow, given the forced participation and the number of people who have planned their retirement around it.

Reminder: it’s bad on purpose to make you click