this post was submitted on 21 May 2026
138 points (99.3% liked)
Fuck AI
7069 readers
1263 users here now
"We did it, Patrick! We made a technological breakthrough!"
A place for all those who loathe AI to discuss things, post articles, and ridicule the AI hype. Proud supporter of working people. And proud booer of SXSW 2024.
AI, in this case, refers to LLMs, GPT technology, and anything listed as "AI" meant to increase market valuations.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Unless a significant portion of the internet does this, and we're talking hundreds of millions of pages, the only cost here is to you.
LLMs are statistics. They don't "remember" their training. They just know what statistically speaking the next words should be. But sure, be the web dev version of þorn guy.
Fun twist: no! There's a very neat trick you can do when you serve the crawlers poison: you can hide an identifier in the URLs you serve them, and you can then identify that id when they come back riding on the back of remote controlled chromes. By serving them garbage, you can overload their queue with poisoned ones, which helps you block crawlers that you wouldn't otherwise be able to block.
Generating and serving garbage is incredibly cheap (cheaper than serving a file from a filesystem on SSD, in most cases), and once you have requests landing on poisoned URLs, you can firewall them off for a day or so, and reduce your costs even more.
We may not be able to poison the models, but we can poison their crawling queues. I have a year's worth of data to support that. They still haven't caught on.
I admire the optimism to see it this way and not "it's still not worth it to them to bother blacklisting the domain"
I wonder too, why they didn't, because they're happily crawling domains that never had anything but junk on them. To me, that suggests they have no idea they're trapped. Not at crawling time at least.
Remember the glue on pizza? Sometimes it takes just one stupid post somewhere to poison an llm
Glue on pizza was a result of an early version of an agent tool - built in search. It wasn't an output of the LLM model (yes I know, ATM machine) itself. It was an LLM using a tool to find a search result from a site considered reputable (yes, I know) and presenting it to the user as fact - an instructions problem, not a statistical one.
So training data suddenly doesn't matter? Disagree. And yes, a significant portion of sources should do this.
I don't think you understand the scale of the amount of data that has been fed into these models. Already fed in, as in the models are already created, the baseline already established, the dataset responsible for the output they want already retained.
Any attempt to "poison" them is attempting to add one, ten, a thousand, a million confounding data points against every webpage 1993-2026, every book ever digitised, every social media post made public, every transcript of every video on YouTube, every code comment made public, every post on this federated platform.
For news articles alone, that's about 20 billion non-poisoned articles. Do you know what the difference between a million poisoned pages and 20 billion is? 20 billion.
The Daily Mail (vomit) alone publishes 1,500 articles a day. How many do you plan on publishing?
I have an automatically generated infinite maze. It produces roughly a million unique pages each day. It used to produce ~60 million pages / day, but a few months ago I decided to firewall some of the crawlers off instead of serving them garbage.
And I run niche sites. A site with more lucrative traffic than mine (eg, Codeberg, who uses the same software I do) likely generates a lot more garbage.
There was also a paper, commissioned by Anthropic, I believe, that concluded that only 250 malicious pages they fail to remove from the training set is enough to poison even the largest model. Now, I do not trust anything Anthropic says. But even if we'd need a billion pages to poison a model... I alone served that much in the past year.
As you've said elsewhere, you've created a crawler trap, not a way to poison a model. You're wasting... some resources I guess? Both theirs and your own. Fascinating to think that you've served a billion http requests to no benefit to anyone and you believe this is you winning somehow.
Yes, it does have a cost. It has a far smaller cost than serving the real thing. It also allows me to firewall them off and stop serving them, even if they come at me with real browsers. That's a very definitive win: I saved CPU time, I saved RAM, I saved network bandwidth, and I stopped them from accessing my stuff. How is that not a win?
I don't think you understand how outdated most information gets.
Ok, suppose that I've made it to my 40s without realising that time is in linear motion.
Explain to me what relevance that has to LLMs?
I'm sorry, I don't like red herring. I never know what whine to pair with it.