Beth Washington – Page 39

france-fines-apple-e150m-for-“excessive”-pop-ups-that-let-users-reject-tracking

France fines Apple €150M for “excessive” pop-ups that let users reject tracking

A typical ATT pop-up asks a user whether to allow an app “to track your activity across other companies’ apps and websites,” and says that “your data will be used to deliver personalized ads to you.”

Agency: “Double consent” too cumbersome

The agency said there is an “asymmetry” in which user consent for Apple’s own data collection is obtained with a single pop-up, but other publishers are “required to obtain double consent from users for tracking on third-party sites and applications.” The press release notes that “while advertising tracking only needs to be refused once, the user must always confirm their consent a second time.”

The system was said to be less harmful for big companies like Meta and Google and “particularly harmful for smaller publishers that do not enjoy alternative targeting possibilities, in particular in the absence of sufficient proprietary data.” Although France’s focus is on how ATT affects smaller companies, Apple’s privacy system has also been criticized by Facebook.

The €150 million fine won’t make much of a dent in Apple’s revenue, but Apple will apparently have to make some changes to comply with the French order. The agency’s press release said the problem “could be avoided by marginal modifications to the ATT framework.”

Benoit Coeure, the head of France’s competition authority, “told reporters the regulator had not spelled out how Apple should change its app, but that it was up to the company to make sure it now complied with the ruling,” according to Reuters. “The compliance process could take some time, he added, because Apple was waiting for rulings on regulators in Germany, Italy, Poland and Romania who are also investigating the ATT tool.”

Apple said in a statement that the ATT “prompt is consistent for all developers, including Apple, and we have received strong support for this feature from consumers, privacy advocates, and data protection authorities around the world. While we are disappointed with today’s decision, the French Competition Authority (FCA) has not required any specific changes to ATT.”

France fines Apple €150M for “excessive” pop-ups that let users reject tracking Read More »

FBI raids home of prominent computer scientist who has gone incommunicado

Policy, Science, Security / Beth Washington / March 31, 2025

A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer, Indiana University, and had his homes raided by the FBI. No one knows why.

Xiaofeng Wang has a long list of prestigious titles. He was the associate dean for research at Indiana University’s Luddy School of Informatics, Computing and Engineering, a fellow at the Institute of Electrical and Electronics Engineers and the American Association for the Advancement of Science, and a tenured professor at Indiana University at Bloomington. According to his employer, he has served as principal investigator on research projects totaling nearly $23 million over his 21 years there.

He has also co-authored scores of academic papers on a diverse range of research fields, including cryptography, systems security, and data privacy, including the protection of human genomic data. I have personally spoken to him on three occasions for articles here, here, and here.

“None of this is in any way normal”

In recent weeks, Wang’s email account, phone number, and profile page at the Luddy School were quietly erased by his employer. Over the same time, Indiana University also removed a profile for his wife, Nianli Ma, who was listed as a Lead Systems Analyst and Programmer at the university’s Library Technologies division.

As reported by the Bloomingtonian and later the Herald-Times in Bloomington, a small fleet of unmarked cars driven by government agents descended on the Bloomington home of Wang and Ma on Friday. They spent most of the day going in and out of the house and occasionally transferred boxes from their vehicles. TV station WTHR, meanwhile, reported that a second home owned by Wang and Ma and located in Carmel, Indiana, was also searched. The station said that both a resident and an attorney for the resident were on scene during at least part of the search.

FBI raids home of prominent computer scientist who has gone incommunicado Read More »

Gran Turismo 7 expands its use of AI/ML-trained NPCs with good effect

AI, Cars, gaming, gran turismo 7, GT Sophy / Beth Washington / March 30, 2025

GT Sophy can now race at 19 tracks, up from the nine that were introduced in November 2023. The AI agent is an alternative to the regular, dumber AI in the game’s quick race mode, with easy, medium, and hard settings. But now, at those same tracks, you can also create custom races using GT Sophy, meaning you’re no longer limited to just two or three laps. You can enable things like damage, fuel consumption and tire wear, and penalties, and you can have some control over the cars you race against.

Unlike the time-limited demo, the hardest setting is no longer alien-beating. As a GT7 player, I’m slowing with age, and I find the hard setting to be that—hard, but beatable. (I suspect but need to confirm that the game tailors the hardest setting to your ability based on your results, as, when I create a custom race on hard, only seven of the nine progress bars are filled, and in the screenshot above, only five bars are filled.)

Having realistic competition has always been one of the tougher challenges for a racing game, and one that the GT franchise was never particularly great at during previous console generations. This latest version of GT Sophy does feel different to race against: The AI is opportunistic and aggressive but also provokable into mistakes. If only the developer would add it to more versions of the in-game Nürburgring.

Gran Turismo 7 expands its use of AI/ML-trained NPCs with good effect Read More »

Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII

Biz & IT, Data breaches, oracle, oracle health, Security / Beth Washington / March 29, 2025

Trustwave’s Spider Labs, meanwhile, said the sample of LDAP credentials provided by rose87168 “reveals a substantial amount of sensitive IAM data associated with a user within an Oracle Cloud multi-tenant environment. The data includes personally identifiable information (PII) and administrative role assignments, indicating potential high-value access within the enterprise system.”

Oracle initially denied any such breach had occurred against its cloud infrastructure, telling publications: “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

On Friday, when I asked Oracle for comment, a spokesperson asked if they could provide a statement that couldn’t be attributed to Oracle in any way. After I declined, the spokesperson said Oracle would have no comment.

For the moment, there’s a stand-off between Oracle on the one hand, and researchers and journalists on the other, over whether two serious breaches have exposed sensitive information belonging to its customers. Reporting that Oracle is notifying customers of data compromises in unofficial letterhead sent by outside attorneys is also concerning. This post will be updated if new information becomes available.

Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII Read More »

Rocket Report: Stoke is stoked; sovereignty is the buzzword in Europe

artemis II, european space agency, falcon 9, isar aerospace, launch, NASA, rocket lab, rocket report, Science, Space, space launch system, spacex, united launch alliance / Beth Washington / March 28, 2025

“The idea that we will be able to do it through America… I think is very, very doubtful.”

Stoke Space’s Andromeda upper stage engine is hot-fired on a test stand. Credit: Stoke Space

Welcome to Edition 7.37 of the Rocket Report! It’s been interesting to watch how quickly European officials have embraced ensuring they have a space launch capability independent of other countries. A few years ago, European government satellites regularly launched on Russian Soyuz rockets, and more recently on SpaceX Falcon 9 rockets from the United States. Russia is now non grata in European government circles, and the Trump administration is widening the trans-Atlantic rift. European leaders have cited the Trump administration and its close association with Elon Musk, CEO of SpaceX, as prime reasons to support sovereign access to space, a capability currently offered only by Arianespace. If European nations can reform how they treat their commercial space companies, there’s enough ambition, know-how, and money in Europe to foster a competitive launch industry.

As always, we welcome reader submissions. If you don’t want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

Isar Aerospace aims for weekend launch. A German startup named Isar Aerospace will try to launch its first rocket Saturday, aiming to become the first in a wave of new European launch companies to reach orbit, Ars reports. The Spectrum rocket consists of two stages, stands about 92 feet (28 meters) tall, and can haul payloads up to 1 metric ton (2,200 pounds) into low-Earth orbit. Based in Munich, Isar was founded by three university graduate students in 2018. Isar scrubbed a launch attempt Monday due to unfavorable winds at the launch site in Norway.

From the Arctic … Notably, this will be the first orbital launch attempt from a launch pad in Western Europe. The French-run Guiana Space Center in South America is the primary spaceport for European rockets. Virgin Orbit staged an airborne launch attempt from an airport in the United Kingdom in 2023, and the Plesetsk Cosmodrome is located in European Russia. The launch site for Isar is named Andøya Spaceport, located about 650 miles (1,050 kilometers) north of Oslo, inside the Arctic Circle. (submitted by EllPeaTea)

A chance for competition in Europe. The European Space Agency is inviting proposals to inject competition into the European launch market, an important step toward fostering a dynamic multiplayer industry officials hope one day will mimic that of the United States, Ars reports. The near-term plan for the European Launcher Challenge is for ESA to select companies for service contracts to transport ESA and other European government payloads to orbit from 2026 through 2030. A second component of the challenge is for companies to perform at least one demonstration of an upgraded launch vehicle by 2028. The competition is open to any European company working in the launch business.

Challenging the status quo … This is a major change from how ESA has historically procured launch services. Arianespace has been the only European launch provider available to ESA and other European institutions for more than 40 years. But there are private companies across Europe at various stages of developing their own small launchers, and potentially larger rockets, in the years ahead. With the European Launcher Challenge, ESA will provide each of the winners up to 169 million euros ($182 million), a significant cash infusion that officials hope will shepherd Europe’s nascent private launch industry toward liftoff. Companies like Isar Aerospace, Rocket Factory Augsburg, MaiaSpace, and PLD Space are among the contenders for ESA contracts.

The easiest way to keep up with Eric Berger’s and Stephen Clark’s reporting on all things space is to sign up for our newsletter. We’ll collect their stories and deliver them straight to your inbox.

Sign Me Up!

Rocket Lab launches eight satellites. Rocket Lab launched eight satellites Wednesday for a German company that is expanding its constellation to detect and track wildfires, Space News reports. An Electron rocket lifted off from New Zealand and completed deploying its payload of eight CubeSats for OroraTech about 55 minutes later, placing them into Sun-synchronous orbits at an altitude of about 341 miles (550 kilometers). This was Rocket Lab’s fifth launch of the year, and the third in less than two weeks.

Fire goggles … OroraTech launched three satellites before this mission, fusing data from those satellites and government missions to detect and track wildfires. The new satellites are designed to fill a gap in coverage in the afternoon, a peak time for wildfire formation and spread. OroraTech plans to launch eight more satellites later this year. Wildfire monitoring from space is becoming a new application for satellite technology. Last month, OroraTech partnered with Spire for a contract to build a CubeSat constellation called WildFireSat for the Canadian Space Agency. Google is backing FireSat, another constellation of more than 50 satellites to be deployed in the coming years to detect and track wildfires. (submitted by EllPeaTea)

Should Britain have a sovereign launch capability? A UK House of Lords special inquiry committee has heard from industry experts on the importance of fostering a sovereign launch capability, European Spaceflight reports. On Monday, witnesses from the UK space industry testified that the nation shouldn’t rely on others, particularly the United States, to put satellites into orbit. “The idea that we will be able to do it through America… certainly in today’s, you know, the last 50 days, I think is very, very doubtful. The UK needs access to space,” said Scott Hammond, deputy CEO of SaxaVord Spaceport in Scotland.

Looking inward … A representative from one of the most promising UK launch startups agreed. “Most people who are looking to launch are beholden to the United States solutions or services that are there,” said Alan Thompson, head of government affairs at Skyrora. “Without having our own home-based or UK-based service provider, we risk not having that voice and not being able to undertake all these experiments or be able to manifest ourselves better in space.” The UK is the only nation to abandon an independent launch capability after putting a satellite into orbit. The British government canceled the Black Arrow rocket in the early 1970s, citing financial reasons. A handful of companies, including Skyrora, is working to restore the orbital launch business to the UK.

This rocket engine CEO faces some salacious allegations. The Independent published what it described as an exclusive report Monday describing a lawsuit filed against the CEO of RocketStar, a New York-based company that says its mission is “improving upon the engines that power us to the stars.” Christopher Craddock is accused of plundering investor funds to underwrite pricey jaunts to Europe, jewelry for his wife, child support payments, and, according to the company’s largest investor, “airline tickets for international call girls to join him for clandestine weekends in Miami,” The Independent reports. Craddock established RocketStar in 2014 after financial regulators barred him from working on Wall Street over a raft of alleged violations.

Go big or go home … The $6 million lawsuit filed by former CEO Michael Mojtahedi alleges RocketStar “is nothing more than a Ponzi scheme… [that] has been predicated on Craddock’s ability to con new people each time the company has run out of money.” On its website, RocketStar says its work focuses on aerospike rocket engines and a “FireStar Fusion Drive, the world’s first electric propulsion device enhanced with nuclear fusion.” These are tantalizing technologies that have proven elusive for other rocket companies. RocketStar’s attorney told The Independent: “The company denies the allegations and looks forward to vindicating itself in court.”

Another record for SpaceX. Last Thursday, SpaceX launched a batch of clandestine SpaceX-built surveillance satellites for the National Reconnaissance Office from Vandenberg Space Force Base in California, Spaceflight Now reports. This was the latest in a series of flights populating the NRO’s constellation of low-Earth orbit reconnaissance satellites. What was unique about this mission was its use of a Falcon 9 first stage booster that flew to space just nine days prior with a NASA astronomy satellite. The successful launch broke the record for the shortest span between flights of the same Falcon 9 booster, besting a 13.5-day turnaround in November 2024.

A mind-boggling number of launches … This flight also marked the 450th launch of a Falcon 9 rocket since its debut in 2010, and the 139th within a 365-day period, despite suffering its first mission failure in nearly 10 years and a handful of other glitches. SpaceX’s launch pace is unprecedented in the history of the space industry. No one else is even close. In the last Rocket Report I authored, I wrote that SpaceX’s steamroller no longer seems to be rolling downhill. That may be the case as the growth in the Falcon 9 launch cadence has slowed, but it’s hard for me to see anyone else matching SpaceX’s launch rate until at least the 2030s.

Rocket Lab and Stoke Space find an on-ramp. Space Systems Command announced Thursday that it selected Rocket Lab and Stoke Space to join the Space Force’s National Security Space Launch (NSSL) program. The contracts have a maximum value of $5.6 billion, and the Space Force will dole out “task orders” for individual missions as they near launch. Rocket Lab and Stoke Space join SpaceX, ULA, and Blue Origin as eligible launch providers for lower-priority national security satellites, a segment of missions known as Phase 3 Lane 1 in the parlance of the Space Force. For these missions, the Space Force won’t require certification of the rockets, as the military does for higher-value missions in the so-called “Lane 2” segment. However, Rocket Lab and Stoke Space must complete at least one successful flight of their new Neutron and Nova rockets before they are cleared to launch national security payloads.

Stoked at Stoke … This is a big win for Rocket Lab and Stoke. For Rocket Lab, it bolsters the business case for the medium-class Neutron rocket it is developing for flights from Wallops Island, Virginia. Neutron will be partially reusable with a recoverable first stage. But Rocket Lab already has a proven track record with its smaller Electron launch vehicle. Stoke hasn’t launched anything, and it has lofty ambitions for a fully reusable two-stage rocket called Nova. This is a huge vote of confidence in Stoke. When the Space Force released its invitation for an on-ramp to the NSSL program last year, it said bidders must show a “credible plan for a first launch by December 2025.” Smart money is that neither company will launch its rockets by the end of this year, but I’d love to be proven wrong.

Falcon 9 deploys spy satellite. Monday afternoon, a SpaceX Falcon 9 took flight from Florida’s Space Coast and delivered a national security payload designed, built, and operated by the National Reconnaissance Office into orbit, Florida Today reports. Like almost all NRO missions, details about the payload are classified. The mission codename was NROL-69, and the launch came three-and-a-half days after SpaceX launched another NRO mission from California. While we have some idea of what SpaceX launched from California last week, the payload for the NROL-69 mission is a mystery.

Space sleuthing … There’s an online community of dedicated skywatchers who regularly track satellites as they sail overhead around dawn and dusk. The US government doesn’t publish the exact orbital parameters for its classified spy satellites (they used to), but civilian trackers coordinate with one another, and through a series of observations, they can produce a pretty good estimate of a spacecraft’s orbit. Marco Langbroek, a Dutch archeologist and university lecturer on space situational awareness, is one of the best at this, using publicly available information about the flight path of a launch to estimate when the satellite will fly overhead. He and three other observers in Europe managed to locate the NROL-69 payload just two days after the launch, plotting the object in an orbit between 700 and 1,500 kilometers at an inclination of 64.1 degrees to the equator. Analysts speculated this mission might carry a pair of naval surveillance spacecraft, but this orbit doesn’t match up well with any known constellations of NRO satellites.

NASA continues with Artemis II preps. Late Saturday night, technicians at Kennedy Space Center in Florida moved the core stage for NASA’s second Space Launch System rocket into position between the vehicle’s two solid-fueled boosters, Ars reports. Working inside the iconic 52-story-tall Vehicle Assembly Building, ground teams used heavy-duty cranes to first lift the butterscotch orange core stage from its cradle, then rotate it to a vertical orientation and lift it into a high bay, where it was lowered into position on a mobile launch platform. The 212-foot-tall (65-meter) core stage is the largest single hardware element for the Artemis II mission, which will send a team of four astronauts around the far side of the Moon and back to Earth as soon as next year.

Looking like a go … With this milestone, the slow march toward launch continues. A few months ago, some well-informed people in the space community thought there was a real possibility the Trump administration could quickly cancel NASA’s Space Launch System, the high-priced heavy-lifter designed to send astronauts from the Earth to the Moon. The most immediate possibility involved terminating the SLS program before it flies with Artemis II. This possibility appears to have been overcome by circumstances. The rockets most often mentioned as stand-ins for the Space Launch System—SpaceX’s Starship and Blue Origin’s New Glenn—aren’t likely to be cleared for crew missions for at least several years. The long-term future of the Space Launch System remains in doubt.

Space Force says Vulcan is good to go. The US Space Force on Wednesday announced that it has certified United Launch Alliance’s Vulcan rocket to conduct national security missions, Ars reports. “Assured access to space is a core function of the Space Force and a critical element of national security,” said Brig. Gen. Kristin Panzenhagen, program executive officer for Assured Access to Space, in a news release. “Vulcan certification adds launch capacity, resiliency, and flexibility needed by our nation’s most critical space-based systems.” The formal announcement closes a yearslong process that has seen multiple delays in the development of the Vulcan rocket, as well as two anomalies in recent years that were a further setback to certification.

Multiple options … This certification allows ULA’s Vulcan to launch the military’s most sensitive national security missions, a separate lot from those Rocket Lab and Stoke Space are now eligible for (as we report in a separate Rocket Report entry). It elevates Vulcan to launch these missions alongside SpaceX’s Falcon 9 and Falcon Heavy rockets. Vulcan will not be the next rocket that the company launches, however. First up is one of the company’s remaining Atlas V boosters, carrying Project Kuiper broadband satellites for Amazon. This launch could occur in April, although ULA has not set a date. This will be followed by the first Vulcan national security launch, which the Space Force says could occur during the coming “summer.”

Next three launches

March 29: Spectrum | “Going Full Spectrum” | Andøya Spaceport, Norway | 11: 30 UTC

March 29: Long March 7A | Unknown Payload | Wenchang Space Launch Site, China | 16: 05 UTC

March 30: Alpha | LM-400 | Vandenberg Space Force Base, California | 13: 37 UTC

Stephen Clark is a space reporter at Ars Technica, covering private space companies and the world’s space agencies. Stephen writes about the nexus of technology, science, policy, and business on and off the planet.

Rocket Report: Stoke is stoked; sovereignty is the buzzword in Europe Read More »

Trump can’t fire us, FTC Democrats tell court after being ejected from office

ftc democrats, Policy, president trump / Beth Washington / March 28, 2025

Two Democratic members of the Federal Trade Commission who were fired by President Trump sued him today, saying their removals are “in direct violation of a century of federal law and Supreme Court precedent.”

“Plaintiffs bring this action to vindicate their right to serve the remainder of their respective terms, to defend the integrity of the Commission, and to continue their work for the American people,” said the lawsuit filed by Rebecca Kelly Slaughter and Alvaro Bedoya in US District Court for the District of Columbia.

Trump last week sent Slaughter and Bedoya notices that said, “I am writing to inform you that you have been removed from the Federal Trade Commission, effective immediately.” They were then cut off from their FTC email addresses, asked to return electronic devices, and denied access to their offices.

There are legal restrictions on the president’s authority to remove FTC commissioners. US law says any FTC commissioner “may be removed by the President for inefficiency, neglect of duty, or malfeasance in office.”

The Supreme Court unanimously held in a 1935 case, Humphrey’s Executor v. United States, that “Congress intended to restrict the power of removal to one or more of those causes.” The case involved President Franklin Roosevelt’s firing of Commissioner William Humphrey.

Trump’s Department of Justice has argued the ruling was incorrect, but it is still in effect. “Congress has continually relied on Humphrey’s Executor, and the Supreme Court has repeatedly refused to upset this landmark precedent,” the Slaughter/Bedoya lawsuit said. “As Humphrey’s Executor recognized, providing some protection from removal at the President’s whim is essential to ensuring that agency officials can exercise their own judgment.”

The lawsuit continued:

In short, it is bedrock, binding precedent that a President cannot remove an FTC Commissioner without cause. And yet that is precisely what has happened here: President Trump has purported to terminate Plaintiffs as FTC Commissioners, not because they were inefficient, neglectful of their duties, or engaged in malfeasance, but simply because their “continued service on the FTC is” supposedly “inconsistent with [his] Administration’s priorities.”

“Indefensible under governing law”

In addition to Trump, the lawsuit’s defendants include FTC Chairman Andrew Ferguson, FTC Commissioner Melissa Holyoak, and FTC Executive Director David Robbins. The Democratic commissioners asked the court to “declare the President’s attempted removals unlawful and ineffective,” and “permanently enjoin the FTC Chairman, Commissioner Holyoak, and the FTC Executive Director from taking any action that would prevent Plaintiffs from fulfilling their duties as Commissioners and serving out the remainder of their terms.”

Trump can’t fire us, FTC Democrats tell court after being ejected from office Read More »

Pillars of Eternity is getting turn-based combat, all but demanding replays

crpg, deadfire, gaming, obsidian, Obsidian Entertainment, pillars of eternity, pillars of eternity II, real-time-with-pause, RPG, turn-based / Beth Washington / March 28, 2025

More than just rolling for initiative

Obsidian added a turn-based mode to Pillars of Eternity II: Deadfire in patch 4.1, roughly eight months after the game’s initial release. Designer Josh Sawyer, who worked on Baldur’s Gate II and directed both PoE games, said in a 2023 interview with Touch Arcade that the real-time systems in the PoE games were largely a concession to the old-school CRPG fans that crowdfunded both games.

Turn-based was Sawyer’s stated preference, and he thinks Baldur’s Gate 3 largely put an end to the debate in modern times:

I just think it’s easier to design more intricate combats. I like games with a lot of stats, obviously. (He laughs). But the problem with real time with pause is that it’s honestly very difficult for people to actually parse all of that information, and one of the things I’ve heard a lot from people who’ve played Deadfire in turn based, is that there were things about the game like the affliction and inspiration system that they didn’t really understand very clearly until they played it in turn based.

But both Pillars games were designed with real-time combat in mind, such that, even with his appreciation for the turn-based addition to PoE 2, Sawyer knows “the game wasn’t designed for it,” he told Touch Arcade. This is almost certainly going to be the case, too, for the original PoE, but there could be lessons learned from PoE 2‘s transformation to apply. Other games from that era might also lure folks like me back, though perhaps they, too, have a density of encounters and maps that just can’t cut it for turn-based.

Beyond this notably big “patch” coming to the original PoE, the 10th anniversary patch should make it easier for Mac and Linux (through Proton) users to stay up to date on bug fixes, and for players on GOG and Epic to get Kickstarter rewards and achievements. Lots of audio and visual effects were fixed up, along with a whole heap of mechanical and combat fixes.

Pillars of Eternity is getting turn-based combat, all but demanding replays Read More »

As NASA faces cuts, China reveals ambitious plans for planetary exploration

china, NASA, Planetary exploration, Space / Beth Washington / March 28, 2025

All of these grand Chinese plans come as NASA faces budget cuts. Although nothing is final, Ars reported earlier this year that some officials in the Trump administration want to cut science programs at the US space agency by as much as 50 percent, and that would include significant reductions for planetary science. Such cuts, one planetary officials told Ars, would represent an “extinction level” event for space science and exploration in the United States.

This raises the prospect that the United States could cede the lead in space exploration to China in the coming decades.

So what will happen?

To date, the majority of China’s space science objectives have been successful, bringing credibility to a government that sees space exploration as a projection of its soft power. By becoming a major actor in space and surpassing the United States in some areas, China can both please its own population and become a more attractive partner to other countries around the world.

However, if there are high-profile (and to some in China’s leadership, embarrassing) failures, would China be so willing to fund such an ambitious program? With the objectives listed above, China would be attempting some unprecedented and technically demanding missions. Some of them, certainly, will face setbacks.

Additionally, China is also investing in a human lunar program, seeking to land its own astronauts on the surface of the Moon by 2030. Simultaneously funding ambitious human and robotic programs would very likely require significantly more resources than the government has invested to date. How deep are China’s pockets?

It’s probably safe to say, therefore, that some of these mission concepts and time frames are aspirational.

At the same time, the US Congress is likely to block some of the deepest cuts in planetary exploration, should they be proposed by the Trump administration. So NASA still has a meaningful future in planetary exploration. And if companies like K2 are successful in lowering the cost of satellite buses, the combination of lower-cost launch and planetary missions would allow NASA to do more with less in deep space.

The future, therefore, has yet to be won. But when it comes to deep space planetary exploration, NASA, for the first time since the 1960s, has a credible challenger.

As NASA faces cuts, China reveals ambitious plans for planetary exploration Read More »

After 50 million miles, Waymos crash a lot less than human drivers

AI, Cars, Features, self driving cars, waymo / Beth Washington / March 27, 2025

Waymo has been in dozens of crashes. Most were not Waymo’s fault.

A driverless Waymo in Los Angeles. Credit: P_Wei via Getty

The first ever fatal crash involving a fully driverless vehicle occurred in San Francisco on January 19. The driverless vehicle belonged to Waymo, but the crash was not Waymo’s fault.

Here’s what happened: A Waymo with no driver or passengers stopped for a red light. Another car stopped behind the Waymo. Then, according to Waymo, a human-driven SUV rear-ended the other vehicles at high speed, causing a six-car pileup that killed one person and injured five others. Someone’s dog also died in the crash.

Another major Waymo crash occurred in October in San Francisco. Once again, a driverless Waymo was stopped for a red light. According to Waymo, a vehicle traveling in the opposite direction crossed the double yellow line and crashed into an SUV that was stopped to the Waymo’s left. The force of the impact shoved the SUV into the Waymo. One person was seriously injured.

These two incidents produced worse injuries than any other Waymo crash in the last nine months. But in other respects, they were typical Waymo crashes. Most Waymo crashes involve a Waymo vehicle scrupulously following the rules while a human driver flouts them, speeding, running red lights, careening out of their lanes, and so forth.

Waymo’s service will only grow in the coming months and years. So Waymo will inevitably be involved in more crashes—including some crashes that cause serious injuries and even death.

But as this happens, it’s crucial to keep the denominator in mind. Since 2020, Waymo has reported roughly 60 crashes serious enough to trigger an airbag or cause an injury. But those crashes occurred over more than 50 million miles of driverless operations. If you randomly selected 50 million miles of human driving—that’s roughly 70 lifetimes behind the wheel—you would likely see far more serious crashes than Waymo has experienced to date.

Federal regulations require Waymo to report all significant crashes, whether or not the Waymo vehicle was at fault—indeed, whether or not the Waymo is even moving at the time of the crash. I’ve spent the last few days poring over Waymo’s crash reports from the last nine months. Let’s dig in.

Last September, I analyzed Waymo crashes through June 2024. So this section will focus on crashes between July 2024 and February 2025. During that period, Waymo reported 38 crashes that were serious enough to either cause an (alleged) injury or an airbag deployment.

In my view, only one of these crashes was clearly Waymo’s fault. Waymo may have been responsible for three other crashes—there wasn’t enough information to say for certain. The remaining 34 crashes seemed to be mostly or entirely the fault of others:

The two serious crashes I mentioned at the start of this article are among 16 crashes where another vehicle crashed into a stationary Waymo (or caused a multi-car pileup involving a stationary Waymo). This included 10 rear-end crashes, three side-swipe crashes, and three crashes where a vehicle coming from the opposite direction crossed the center line.
Another eight crashes involved another car (or in one case a bicycle) rear-ending a moving Waymo.
A further five crashes involved another vehicle veering into a Waymo’s right of way. This included a car running a red light, a scooter running a red light, and a car running a stop sign.
Three crashes occurred while Waymo was dropping a passenger off. The passenger opened the door and hit a passing car or bicycle. Waymo has a “Safe Exit” program to alert passengers and prevent this kind of crash, but it’s not foolproof.

There were two incidents where it seems like no crash happened at all:

In one incident, Waymo says that its vehicle “slowed and moved slightly to the left within its lane, preparing to change lanes due to a stopped truck ahead.” This apparently spooked an SUV driver in the next lane, who jerked the wheel to the left and ran into the opposite curb. Waymo says its vehicle never left its lane or made contact with the SUV.
In another incident, a pedestrian walked in front of a stopped Waymo. The Waymo began moving after the pedestrian had passed, but then the pedestrian “turned around and approached the Waymo AV.” According to Waymo, the pedestrian “may have made contact with the driver side of the Waymo AV” and “later claimed to have a minor injury.” Waymo’s report stops just short of calling this pedestrian a liar.

So that’s a total of 34 crashes. I don’t want to make categorical statements about these crashes because in most cases, I only have Waymo’s side of the story. But it doesn’t seem like Waymo was at fault in any of them.

There was one crash where Waymo clearly seemed to be at fault: In December, a Waymo in Los Angeles ran into a plastic crate, pushing it into the path of a scooter in the next lane. The scooterist hit the crate and fell down. Waymo doesn’t know whether the person riding the scooter was injured.

I had trouble judging the final three crashes, all of which involved another vehicle making an unprotected left turn across a Waymo’s lane of travel. In two of these cases, Waymo says its vehicle slammed on the brakes but couldn’t stop in time to avoid a crash. In the third case, the other vehicle hit the Waymo from the side. Waymo’s summaries make it sound like the other car was at fault in all three cases, but I don’t feel like I have enough information to make a definite judgment.

Even if we assume all three of these crashes were Waymo’s fault, that would still mean that a large majority of the 38 serious crashes were not Waymo’s fault. And as we’ll see, Waymo vehicles are involved in many fewer serious crashes than human-driven vehicles.

Another way to evaluate the safety of Waymo vehicles is by comparing their per-mile crash rate to human drivers. Waymo has been regularly publishing data about this over the last couple of years. Its most recent release came last week, when Waymo updated its safety data hub to cover crashes through the end of 2024.

Waymo knows exactly how many times its vehicles have crashed. What’s tricky is figuring out the appropriate human baseline, since human drivers don’t necessarily report every crash. Waymo has tried to address this by estimating human crash rates in its two biggest markets—Phoenix and San Francisco. Waymo’s analysis focused on the 44 million miles Waymo had driven in these cities through December, ignoring its smaller operations in Los Angeles and Austin.

Using human crash data, Waymo estimated that human drivers on the same roads would get into 78 crashes serious enough to trigger an airbag. By comparison, Waymo’s driverless vehicles only got into 13 airbag crashes. That represents an 83 percent reduction in airbag crashes relative to typical human drivers.

This is slightly worse than last September, when Waymo estimated an 84 percent reduction in airbag crashes over Waymo’s first 21 million miles.

Over the same 44 million miles, Waymo estimates that human drivers would get into 190 crashes serious enough to cause an injury. Instead, Waymo only got in 36 injury-causing crashes across San Francisco or Phoenix. That’s an 81 percent reduction in injury-causing crashes.

This is a significant improvement over last September, when Waymo estimated its cars had 73 percent fewer injury-causing crashes over its first 21 million driverless miles.

The above analysis counts all crashes, whether or not Waymo’s technology was at fault. Things look even better for Waymo if we focus on crashes where Waymo was determined to be responsible for a crash.

To assess this, Waymo co-authored a study in December with the insurance giant Swiss Re. It focused on crashes that led to successful insurance claims against Waymo. This data seems particularly credible because third parties, not Waymo, decide when a crash is serious enough to file an insurance claim. And claims adjusters, not Waymo, decide whether to hold Waymo responsible for a crash.

But one downside is that it takes a few months for insurance claims to be filed. So the December report focused on crashes that occurred through July 2024.

Waymo had completed 25 million driverless miles by July 2024. And by the end of November 2024, Waymo had faced only two potentially successful claims for bodily injury. Both claims are pending, which means they could still be resolved in Waymo’s favor.

One of them was this crash that I described at the beginning of my September article about Waymo’s safety record:

On a Friday evening last November, police chased a silver sedan across the San Francisco Bay Bridge. The fleeing vehicle entered San Francisco and went careening through the city’s crowded streets. At the intersection of 11th and Folsom streets, it sideswiped the fronts of two other vehicles, veered onto a sidewalk, and hit two pedestrians.

According to a local news story, both pedestrians were taken to the hospital, with one suffering major injuries. The driver of the silver sedan was injured, as was a passenger in one of the other vehicles. No one was injured in the third car, a driverless Waymo robotaxi.

It seems unlikely that an insurance adjuster will ultimately hold Waymo responsible for these injuries.

The other pending injury claim doesn’t seem like a slam dunk, either. In that case, another vehicle steered into a bike lane before crashing into a Waymo as it was making a left turn.

But let’s assume that both crashes are judged to be Waymo’s fault. That would still be a strong overall safety record.

Based on insurance industry records, Waymo and Swiss Re estimate that human drivers in San Francisco and Phoenix would generate about 26 successful bodily injury claims over 25 million miles of driving. So even if both of the pending claims against Waymo succeed, two injuries represent a more than 90 percent reduction in successful injury claims relative to typical human drivers.

The reduction in property damage claims is almost as dramatic. Waymo’s vehicles generated nine successful or pending property damage claims over its first 25 million miles. Waymo and Swiss Re estimate that human drivers in the same geographic areas would have generated 78 property damage claims. So Waymo generated 88 percent fewer property damage claims than typical human drivers.

Timothy B. Lee was on staff at Ars Technica from 2017 to 2021. Today he writes Understanding AI, a newsletter that explores how AI works and how it’s changing our world. You can subscribe here.

Timothy is a senior reporter covering tech policy and the future of transportation. He lives in Washington DC.

After 50 million miles, Waymos crash a lot less than human drivers Read More »

Gemini 2.5 Pro is here with bigger numbers and great vibes

AI, Artificial Intelligence, Google, Google Gemini / Beth Washington / March 27, 2025

Just a few months after releasing its first Gemini 2.0 AI models, Google is upgrading again. The company says the new Gemini 2.5 Pro Experimental is its “most intelligent” model yet, offering a massive context window, multimodality, and reasoning capabilities. Google points to a raft of benchmarks that show the new Gemini clobbering other large language models (LLMs), and our testing seems to back that up—Gemini 2.5 Pro is one of the most impressive generative AI models we’ve seen.

Gemini 2.5, like all Google’s models going forward, has reasoning built in. The AI essentially fact-checks itself along the way to generating an output. We like to call this “simulated reasoning,” as there’s no evidence that this process is akin to human reasoning. However, it can go a long way to improving LLM outputs. Google specifically cites the model’s “agentic” coding capabilities as a beneficiary of this process. Gemini 2.5 Pro Experimental can, for example, generate a full working video game from a single prompt. We’ve tested this, and it works with the publicly available version of the model.

Gemini 2.5 Pro builds a game in one step.

Google says a lot of things about Gemini 2.5 Pro; it’s smarter, it’s context-aware, it thinks—but it’s hard to quantify what constitutes improvement in generative AI bots. There are some clear technical upsides, though. Gemini 2.5 Pro comes with a 1 million token context window, which is common for the big Gemini models but massive compared to competing models like OpenAI GPT or Anthropic Claude. You could feed multiple very long books to Gemini 2.5 Pro in a single prompt, and the output maxes out at 64,000 tokens. That’s the same as Flash 2.0, but it’s still objectively a lot of tokens compared to other LLMs.

Naturally, Google has run Gemini 2.5 Experimental through a battery of benchmarks, in which it scores a bit higher than other AI systems. For example, it squeaks past OpenAI’s o3-mini in GPQA and AIME 2025, which measure how well the AI answers complex questions about science and math, respectively. It also set a new record in the Humanity’s Last Exam benchmark, which consists of 3,000 questions curated by domain experts. Google’s new AI managed a score of 18.8 percent to OpenAI’s 14 percent.

Gemini 2.5 Pro is here with bigger numbers and great vibes Read More »

ESA finally has a commercial launch strategy, but will member states pay?

Commercial space, Europe, european space agency, launch, Science, Space / Beth Washington / March 26, 2025

Late this year, European governments will have the opportunity to pay up or shut up.

The European Space Agency is inviting proposals to inject competition into the European launch market, an important step toward fostering a dynamic multiplayer industry officials hope, one day, will mimic that of the United States.

The near-term plan for the European Launcher Challenge is for ESA to select companies for service contracts to transport ESA and other European government payloads to orbit from 2026 through 2030. A second component of the challenge is for companies to perform at least one demonstration of an upgraded launch vehicle by 2028. The competition is open to any European company working in the launch business.

“What we expect is that these companies will make a step in improving and upgrading their capacity with respect to what they’re presently working on,” said Toni Tolker-Nielsen, ESA’s acting director of space transportation. “In terms of economics and physics, it’s better to have a bigger launcher than a smaller launcher in terms of price per kilogram to orbit.”

“The ultimate goal is, we should be establishing privately developed competitive launch services in Europe, which will allow us to procure launch services in open competition,” Tolker-Nielsen said in an interview with Ars.

From one to many?

ESA and other European institutions currently have just one European provider, Arianespace, to award launch contracts for the continent’s scientific, Earth observation, navigation, and military satellites. Arianespace operates the Ariane 6 and Vega C rockets. Vega C operations will soon be taken over by Italian aerospace company Avio. Both rockets were developed with ESA funding.

The launcher challenge is modeled on NASA’s use of commercial contracting methods beginning nearly 20 years ago with the agency’s commercial cargo program, which kickstarted the development of SpaceX’s Dragon and Northrop Grumman’s Cygnus resupply freighters for the International Space Station. NASA later applied the same model to commercial crew, and most recently for commercial lunar landers.

Uncharacteristically for ESA, the agency is taking a hands-off approach for the launcher challenge. One of the few major requirements is that the winners should offer a “European launch service” that flies from European territory, which includes the French-run Guiana Space Center in South America.

Europe’s second Ariane 6 rocket lifted off March 6 with a French military spy satellite. Credit: European Space Agency

“We are trying something different, where they are completely free to organize themselves,” Tolker-Nielsen said. “We are not pushing anything. We are in a complete service-oriented model here. That’s the principal difference between the new approach and the old approach.”

ESA also isn’t setting requirements on launcher performance, reusability, or the exact number of companies it will select in the challenge. But ESA would like to limit the number of challengers “to a minimum” to ensure the agency’s support is meaningful, without spreading its funding too thin, Tolker-Nielsen said.

“For the ESA-developed launchers, which are Ariane 6 and Vega C, we own the launch system,” Tolker-Nielsen said. “We finished the development, and the deliverables were the launch systems that we own at ESA, and we make it available to an operator—Arianespace, and Avio soon for Vega C—to exploit.”

These ESA-led launcher projects were expensive. The development of Ariane 6 cost European governments more than $4 billion. Ariane 6 is now flying, but none of the up-and-coming European alternatives is operational.

Next steps

It has taken a while to set up the European Launcher Challenge, which won preliminary approval from ESA’s 23 member states at a ministerial-level meeting in 2023. ESA released an “invitation to tender,” soliciting proposals from European launch companies Monday, with submissions due by May 5. This summer, ESA expects to select the top proposals and prepare a funding package for consideration by its member states at the next ministerial meeting in November.

The top factors ESA will consider in this first phase of the challenge are each proposer’s business plan, technical credibility, and financial credibility.

In a statement, ESA said it has allotted up to 169 million euros ($182 million at today’s exchange rates) per challenger. This is significant funding for Europe’s crop of cash-hungry launch startups, each of which has raised no more than a few hundred million euros. But this allotment comes with a catch. ESA’s leaders and the winners of the launch challenge must persuade their home governments to pay up.

Let’s take a moment to compare Europe’s launch industry with that of the United States.

There are multiple viable US commercial launch companies. In the United States, it’s easier to attract venture capital, the government has been a more reliable proponent of commercial spaceflight, and billionaires are part of the launch landscape. SpaceX, led by Elon Musk, dominates the market. Jeff Bezos’s space company, Blue Origin, and United Launch Alliance are also big players with heavy-lift rockets.

Rocket Lab and Firefly Aerospace fly smaller, privately developed launchers. Northrop Grumman’s medium-class launch division is currently in between rockets, although it still occasionally launches small US military satellites on Minotaur rockets derived from decommissioned ICBMs.

Of course, it’s not surprising the sum of US launch companies is higher than in Europe. According to the World Bank, the US economy is about 50 percent larger than the European Union’s. But six American companies with operational orbital rockets, compared to one in Europe today? That is woefully out of proportion.

European officials would like to regain a leading position in the global commercial launch market. With SpaceX’s dominance, that’s a tall hill to climb. At the very least, European politicians don’t want to rely on other countries for access to space. In the last three years, they’ve seen their access to Russian launchers dry up after Russia’s invasion of Ukraine, and after signing a few launch contracts with SpaceX to bridge the gap before the first flight of Ariane 6, they now view the US government and Elon Musk as unreliable partners.

Open your checkbook, please

ESA’s governance structure isn’t favorable for taking quick action. On one hand, ESA member states approve the agency’s budget in multiyear increments, giving its projects a sense of stability over time. However, it takes time to get new projects approved, and ESA’s member states expect to receive benefits—jobs, investment, and infrastructure—commensurate with their spending on European space programs. This policy is known as geographical return, or geo-return.

For example, France has placed a high strategic importance on fielding an independent European launch capability for more than 60 years. The administration of French President Charles de Gaulle made this determination during the Cold War, around the same time he decided France should have a nuclear deterrent fully independent of the United States and NATO.

In order to match this policy, France has been more willing than other European nations to invest in launchers. This means the Ariane rocket family, developed and funded through ESA contracts, has been largely a French enterprise since the first Ariane launch in 1979.

This model is becoming antiquated in the era of commercial spaceflight. Startups across Europe, primarily in France, Germany, the United Kingdom, and Spain, are developing small launchers designed to carry up to 1.5 metric tons of payload to low-Earth orbit. This is too small to directly compete with the Ariane 6 rocket, but eventually, these companies would like to develop larger launchers.

Some European officials, including the former head of the French space agency, blamed geo-return as a reason the Ariane 6 rocket missed its price target.

Toni Tolker-Nielsen, ESA’s acting director of space transportation, speaks at an event in 2021. Credit: ESA/V. Stefanelli

With the European Launcher Challenge, ESA will experiment with a new funding model for the first time. This new “fair contribution” approach will see ESA leadership put forward a plan to its member states at the next big ministerial conference in November. The space agency will ask the countries that benefit most from the winners of the launcher challenge to provide the bulk of the funding for the challengers’ contracts.

So, let’s say Isar Aerospace, which is set to launch its first rocket as soon as this week, is one of the challenge winners. Isar is headquartered in Munich, and its current launch site is in Norway. In this case, expect ESA to ask the governments of Germany and Norway to contribute the most money to pay for Isar’s contract.

MaiaSpace, a French subsidiary of ArianeGroup, the parent company of Arianespace, is also a contender in the launcher challenge. MaiaSpace plans to launch from French Guiana. Therefore, if MaiaSpace gets a contract, France would be on the hook for the lion’s share of the deal’s funding.

Tolker-Nielsen said he anticipates a “number” of the launch challengers will win the backing of their home countries in November, but “maybe not all.”

“So, first there is this criteria that they have to be eligible, and then they have to be funded as well,” he said. “We don’t want to propose funding for companies that we don’t see as credible.”

Assuming the challengers’ contracts get funded, ESA will then work with the European Commission to assign specific satellites to launch on the new commercial rockets.

“The way I look at this is we are not going to choose winners,” Tolker-Nielsen said. “The challenge is not the competition we are doing right now. It is to deliver on the contract. That’s the challenge.”

ESA finally has a commercial launch strategy, but will member states pay? Read More »

Open Source devs say AI crawlers dominate traffic, forcing blocks on entire countries

AI, Biz & IT, DDoS, machine learning / Beth Washington / March 26, 2025

AI bots hungry for data are taking down FOSS sites by accident, but humans are fighting back.

Software developer Xe Iaso reached a breaking point earlier this year when aggressive AI crawler traffic from Amazon overwhelmed their Git repository service, repeatedly causing instability and downtime. Despite configuring standard defensive measures—adjusting robots.txt, blocking known crawler user-agents, and filtering suspicious traffic—Iaso found that AI crawlers continued evading all attempts to stop them, spoofing user-agents and cycling through residential IP addresses as proxies.

Desperate for a solution, Iaso eventually resorted to moving their server behind a VPN and creating “Anubis,” a custom-built proof-of-work challenge system that forces web browsers to solve computational puzzles before accessing the site. “It’s futile to block AI crawler bots because they lie, change their user agent, use residential IP addresses as proxies, and more,” Iaso wrote in a blog post titled “a desperate cry for help.” “I don’t want to have to close off my Gitea server to the public, but I will if I have to.”

Iaso’s story highlights a broader crisis rapidly spreading across the open source community, as what appear to be aggressive AI crawlers increasingly overload community-maintained infrastructure, causing what amounts to persistent distributed denial-of-service (DDoS) attacks on vital public resources. According to a comprehensive recent report from LibreNews, some open source projects now see as much as 97 percent of their traffic originating from AI companies’ bots, dramatically increasing bandwidth costs, service instability, and burdening already stretched-thin maintainers.

Kevin Fenzi, a member of the Fedora Pagure project’s sysadmin team, reported on his blog that the project had to block all traffic from Brazil after repeated attempts to mitigate bot traffic failed. GNOME GitLab implemented Iaso’s “Anubis” system, requiring browsers to solve computational puzzles before accessing content. GNOME sysadmin Bart Piotrowski shared on Mastodon that only about 3.2 percent of requests (2,690 out of 84,056) passed their challenge system, suggesting the vast majority of traffic was automated. KDE’s GitLab infrastructure was temporarily knocked offline by crawler traffic originating from Alibaba IP ranges, according to LibreNews, citing a KDE Development chat.

While Anubis has proven effective at filtering out bot traffic, it comes with drawbacks for legitimate users. When many people access the same link simultaneously—such as when a GitLab link is shared in a chat room—site visitors can face significant delays. Some mobile users have reported waiting up to two minutes for the proof-of-work challenge to complete, according to the news outlet.

The situation isn’t exactly new. In December, Dennis Schubert, who maintains infrastructure for the Diaspora social network, described the situation as “literally a DDoS on the entire internet” after discovering that AI companies accounted for 70 percent of all web requests to their services.

The costs are both technical and financial. The Read the Docs project reported that blocking AI crawlers immediately decreased their traffic by 75 percent, going from 800GB per day to 200GB per day. This change saved the project approximately $1,500 per month in bandwidth costs, according to their blog post “AI crawlers need to be more respectful.”

A disproportionate burden on open source

The situation has created a tough challenge for open source projects, which rely on public collaboration and typically operate with limited resources compared to commercial entities. Many maintainers have reported that AI crawlers deliberately circumvent standard blocking measures, ignoring robots.txt directives, spoofing user agents, and rotating IP addresses to avoid detection.

As LibreNews reported, Martin Owens from the Inkscape project noted on Mastodon that their problems weren’t just from “the usual Chinese DDoS from last year, but from a pile of companies that started ignoring our spider conf and started spoofing their browser info.” Owens added, “I now have a prodigious block list. If you happen to work for a big company doing AI, you may not get our website anymore.”

On Hacker News, commenters in threads about the LibreNews post last week and a post on Iaso’s battles in January expressed deep frustration with what they view as AI companies’ predatory behavior toward open source infrastructure. While these comments come from forum posts rather than official statements, they represent a common sentiment among developers.

As one Hacker News user put it, AI firms are operating from a position that “goodwill is irrelevant” with their “$100bn pile of capital.” The discussions depict a battle between smaller AI startups that have worked collaboratively with affected projects and larger corporations that have been unresponsive despite allegedly forcing thousands of dollars in bandwidth costs on open source project maintainers.

Beyond consuming bandwidth, the crawlers often hit expensive endpoints, like git blame and log pages, placing additional strain on already limited resources. Drew DeVault, founder of SourceHut, reported on his blog that the crawlers access “every page of every git log, and every commit in your repository,” making the attacks particularly burdensome for code repositories.

The problem extends beyond infrastructure strain. As LibreNews points out, some open source projects began receiving AI-generated bug reports as early as December 2023, first reported by Daniel Stenberg of the Curl project on his blog in a post from January 2024. These reports appear legitimate at first glance but contain fabricated vulnerabilities, wasting valuable developer time.

Who is responsible, and why are they doing this?

AI companies have a history of taking without asking. Before the mainstream breakout of AI image generators and ChatGPT attracted attention to the practice in 2022, the machine learning field regularly compiled datasets with little regard to ownership.

While many AI companies engage in web crawling, the sources suggest varying levels of responsibility and impact. Dennis Schubert’s analysis of Diaspora’s traffic logs showed that approximately one-fourth of its web traffic came from bots with an OpenAI user agent, while Amazon accounted for 15 percent and Anthropic for 4.3 percent.

The crawlers’ behavior suggests different possible motivations. Some may be collecting training data to build or refine large language models, while others could be executing real-time searches when users ask AI assistants for information.

The frequency of these crawls is particularly telling. Schubert observed that AI crawlers “don’t just crawl a page once and then move on. Oh, no, they come back every 6 hours because lol why not.” This pattern suggests ongoing data collection rather than one-time training exercises, potentially indicating that companies are using these crawls to keep their models’ knowledge current.

Some companies appear more aggressive than others. KDE’s sysadmin team reported that crawlers from Alibaba IP ranges were responsible for temporarily knocking their GitLab offline. Meanwhile, Iaso’s troubles came from Amazon’s crawler. A member of KDE’s sysadmin team told LibreNews that Western LLM operators like OpenAI and Anthropic were at least setting proper user agent strings (which theoretically allows websites to block them), while some Chinese AI companies were reportedly more deceptive in their approaches.

It remains unclear why these companies don’t adopt more collaborative approaches and, at a minimum, rate-limit their data harvesting runs so they don’t overwhelm source websites. Amazon, OpenAI, Anthropic, and Meta did not immediately respond to requests for comment, but we will update this piece if they reply.

Tarpits and labyrinths: The growing resistance

In response to these attacks, new defensive tools have emerged to protect websites from unwanted AI crawlers. As Ars reported in January, an anonymous creator identified only as “Aaron” designed a tool called “Nepenthes” to trap crawlers in endless mazes of fake content. Aaron explicitly describes it as “aggressive malware” intended to waste AI companies’ resources and potentially poison their training data.

“Any time one of these crawlers pulls from my tarpit, it’s resources they’ve consumed and will have to pay hard cash for,” Aaron explained to Ars. “It effectively raises their costs. And seeing how none of them have turned a profit yet, that’s a big problem for them.”

On Friday, Cloudflare announced “AI Labyrinth,” a similar but more commercially polished approach. Unlike Nepenthes, which is designed as an offensive weapon against AI companies, Cloudflare positions its tool as a legitimate security feature to protect website owners from unauthorized scraping, as we reported at the time.

“When we detect unauthorized crawling, rather than blocking the request, we will link to a series of AI-generated pages that are convincing enough to entice a crawler to traverse them,” Cloudflare explained in its announcement. The company reported that AI crawlers generate over 50 billion requests to their network daily, accounting for nearly 1 percent of all web traffic they process.

The community is also developing collaborative tools to help protect against these crawlers. The “ai.robots.txt” project offers an open list of web crawlers associated with AI companies and provides premade robots.txt files that implement the Robots Exclusion Protocol, as well as .htaccess files that return error pages when detecting AI crawler requests.

As it currently stands, both the rapid growth of AI-generated content overwhelming online spaces and aggressive web-crawling practices by AI firms threaten the sustainability of essential online resources. The current approach taken by some large AI companies—extracting vast amounts of data from open-source projects without clear consent or compensation—risks severely damaging the very digital ecosystem on which these AI models depend.

Responsible data collection may be achievable if AI firms collaborate directly with the affected communities. However, prominent industry players have shown little incentive to adopt more cooperative practices. Without meaningful regulation or self-restraint by AI firms, the arms race between data-hungry bots and those attempting to defend open source infrastructure seems likely to escalate further, potentially deepening the crisis for the digital ecosystem that underpins the modern Internet.

Benj Edwards is Ars Technica’s Senior AI Reporter and founder of the site’s dedicated AI beat in 2022. He’s also a tech historian with almost two decades of experience. In his free time, he writes and records music, collects vintage computers, and enjoys nature. He lives in Raleigh, NC.

Open Source devs say AI crawlers dominate traffic, forcing blocks on entire countries Read More »

Author name: Beth Washington