60 comments

  • cphoover 11 hours ago
    This doesn't seem to solve the issue that website operators face... which is providing a free public experience to humans while the price of hosting is driven up by increased bot traffic. The issue isn't charging for API access with request caps, that's not hard to do. It's preserving the free experience for our users while our traffic is increasingly made up of bots. The problem is that AI has made it increasingly difficult to tell bot from human. Baking microtransactions attached to APIs into an internet standard does not solve the core issue... And if we can't tell bot from human, why would bots choose to pay rather than just use the public endpoints we serve to our customers?

    For example, take a large online retailer... They have to show their products to customers (for free) for people to be able to shop, but increasingly they see spikes in traffic that match what would be expected from targeted bot attacks or scraping... But this traffic is getting more and more difficult to distinguish from legitimate traffic to the website. They could easily add this x402 middleware to their services, or they could offer API access to their product catalog for a price and enforce usage limits... But if they cannot reliably detect human users from bot/agent users, they have no way of pushing the bot/agent users to paid access... And why would the people running these bots pay when they're already getting what they need for free? Now Cloudflare cannot even reliably block bot traffic, and there are AI based browsing/scraping tools available now for bypassing Cloudflare.

    • IgorPartola 7 hours ago
      Options:

      1. Any cost of browsing an e-commerce site is taken off the next purchase, whenever it happens.

      2. Give each user 100 free page viewed per day or some such before you charge.

      3. You don’t actually have to charge users for browsing the site if you provide a free or cheap API allowing bots to search and index your entire catalog. Agents and bots would certainly rather parse a kilobyte of JSON than 20 megabytes of HTML generated by on page JavaScript.

      4. If you don’t like this system you don’t have to participate. If Amazon wants to do their own thing, they can. But if you publish a blog and want to charge $0.00001 per page view and browsers support this out of the box, why not?

      • miki123211 1 hour ago
        1. Bots don't make purchases (and you can't identify them anyway), so there's nothing to take the costs off of.

        2. Again, no way to identify users (bots use hordes of residential proxies with only a few requests per IP).

        3. Agents and bots care more about a universal solution that works for all the sites than an efficient solution. You could standardize on a header for this, but then some sites would start hiding some content in the API for "business reasons", making this header untrustworthy. Unless you're a site so large that it deserves special handling, it ain't gonna work.

      • cphoover 7 hours ago
        That's just going to be a really different from the shopping experience customer's are used to today, and I don't think customers would go for it. I know for at company asking customers to pay for the shopping experience would be a non-starter... If bot traffic became untenable we would probably do something like required account creation + sms verification, and even that would be a huge change in expectations for our customers.
        • IgorPartola 6 hours ago
          Well it sounds like it’s either that or tragedy of the commons where Amazon et al needs to charge higher and higher prices due to inefficient bots constantly crawling their site. Also consumers are already about to change how they shop. In 3 years nobody will be firing up the browser to go to Amazon.com. They will be asking an agent to “buy the cheapest 3 ply toilet paper from a brand name and some decent flossers. Spend no more than $30 total.” For this kind of shopping the cost of the search is built into the purchase price one way or another.
      • mx7zysuj4xew 4 hours ago
        You just described my own personal vision of hell
      • chillfox 3 hours ago
        lol, no!

        Having written bots several times, any kind of friction or payment on the json api would make me just use the free html "API" it's just easier.

        I have many times used a webpage as api instead of the actual api because using the actual api required doing paperwork, like writing business cases, filling out approval forms, creating accounts, paying, etc...

    • wpapper 9 hours ago
      We have Web Bot Auth to allow good bots to identify themselves to website operators: https://developers.cloudflare.com/bots/reference/bot-verific...

      Bot detection is a big problem to solve, but it’s a significant focus at Cloudflare. (It’s not my team at Cloudflare specifically, but we work closely with them)

    • xlayn 10 hours ago
      I would like to argue that trying to provide a free service is non achievable, most of the time it will drill down to ads, people are already paying electricity and time in ads. If we pay say 3 secs of compute time of monero, and everyone pay the same... you remove the ads from the internet, people will start gettind paid without gate keepers for content they generate, and you can charge the AI machine for ingesting your content.
      • OkayPhysicist 9 hours ago
        We were providing free services decades ago. Hosting a website, or a Minecraft server, or a VOIP server, or IRC, or a forum simply doesn't cost that much. Well within "some guy's hobby budget" type expenses.
        • colesantiago 7 hours ago
          > We were providing free services decades ago.

          That was then.

          Now VPS providers are significantly increasing prices (Due to memory shortage) making it unaffordable to run servers cheaply.

          • maccard 7 minutes ago
            DO Droplets are still $5/mo, as are OVH VPS’es.
          • gpm 5 hours ago
            Servers, and memory, are orders of magnitude cheaper today than they were decades ago... for memory see: https://dam.stanford.edu/memory-prices.html

            Yes there's a slight upwards blip right now, but not even close to cancelling decades of progress in price reduction.

    • ethbr1 7 hours ago
      > And if we can't tell bot from human, why would bots choose to pay rather than just use the public endpoints we serve to our customers?

      Assuming technical indistinguishability, the only solution is what was originally proposed for email: balanced net $0 charges for "normal user" usage patterns (i.e. payments from - payments to = $0).

      If you x402 everything, and an average user access 5 pages, but a bot accesses 500 (or 5x100 times), then you've still achieved a substantial price delta that you could offset via a rebate

      The real rub is about uniqueness attribution, as being able to differentiate 20 distinct real users from 1 bot w/ 20 proxies is the crux of anything above.

    • wmf 9 hours ago
      The problem is that AI has made it increasingly difficult to tell bot from human.

      Presumably Cloudflare's answer to this is CAPTCHAs.

      • cphoover 7 hours ago
        Some of the agents out there today can bypass Cloudflare's CAPTCHA challenges.
  • arjie 10 hours ago
    This is the dream of microtransactions and agents-paying-for-access that so many people have always wanted. It was never going to be implemented on existing payment rails so it would have to be something like this. I can't wait to see it in play somewhere because I am increasingly annoyed that I have to own API keys on various platforms etc. etc.

    I just want my agent to make decisions and spend a limited amount of money (this is on me to cover) just like a human agent can.

    If we get the other promise of "read this news but pay a few cents for it" that would be incredible too. Very excited for this new thing.

    • wpapper 10 hours ago
      Thank you for the kind words! I’m a PM on the team that is building this. I’ve believed in microtransactions for over a decade and hope that we can finally bring them to life.

      Proper spend delegation and permissions is a big focus of ours - it’s great to let your agent have discretion, as long as the damage from going off course is limited. Definitely want people to feel comfortable experimenting with emerging tech

      Feel free to email me at (my username)@(my company) if you have any feature requests or things you’d like to see

      • johndough 9 hours ago
        Do you have any plans on mitigating the privacy consequences of microtransactions? I'm fine with paying for (some) content, but I'd prefer if there weren't some companies using that information to manipulate me or the more impressionable members of our society.
        • wpapper 9 hours ago
          We plan to make it easy for both buyers and sellers to rotate addresses. Done right, everything should be pseudonymous to the outside world.

          (Full privacy is a harder problem to solve, but address rotation is a good 80/20 solution for now)

          • ethbr1 8 hours ago
            Good to hear.

            I think web servers monetizing any user identifiers possible should be assumed by this point in the web's evolution, and precluded to the extent possible at the protocol level.

            No one is going to say "Oh, we've got micro-transaction revenue now, let's do away with ad tracking." They're going to say "Great, now we have both streams of revenue."

            If Cloudflare et al. are stepping into the middle of the transactions, I'd much rather scope my identity leakage to only them than everyone running a web server.

          • seany 3 hours ago
            IMHO this is only interesting if it _truely_ breaks a KYC path. Otherwise; who cares?
      • IgorPartola 7 hours ago
        Please tell me this will be IPv6 only or at least IPv6 first! Or allow differentiated pricing so IPv4 calls can be made more expensive. CF, as much as I have issues with the constant CAPTCHAS I run into and blocking my Hurricane Electric tunnel every so often, is in a unique position to get us past having to support the legacy internet protocol.
    • incompatible 7 hours ago
      A dream for some, a nightmare for others. People locked out from much of the Internet because they don't have enough money. Of course, the prices would usually be set at whatever maximises revenue, just check out scientific journal publishing.
      • hightrix 6 hours ago
        I would argue a nightmare for most.

        Turning everything into a microtransaction / subscription is destroying what was good about the internet.

        • jeremyjh 6 hours ago
          Advertising and all the anti-patterns it incentivizes are worse.If the payments are very low and frictionless this could be very good for the internet - as long as Cloudflare is only the first and not the only.
        • skybrian 6 hours ago
          Depends what you compare it to. If the alternative is buying a subscription to get past a paywall, it might be better?
          • yellow_postit 4 hours ago
            Ads, especially personalized ads, are the alternative that powers much of the open internet.

            More options are great.

      • cedws 7 hours ago
        Conversely this has the potential to unlock the internet. How often have you clicked a paywalled link on HN and moved on because you don't want to go through the hassle and pay $20 to read an article? If you could be frictionlessly billed 10c to read the article instead, wouldn't you be more willing?

        I'm actually OK with paying a fair price for the content I consume, I just don't want to be paying hundreds of subscriptions for websites that I might only visit twice a year.

        • mx7zysuj4xew 4 hours ago
          Nope, not going to happen. Any per use micro transaction isn't going to work. If anything it's going to require a huge amount of workarounds to get the content for free via alternative means
        • incompatible 6 hours ago
          Presumably, nobody would offer the 10c per page unless they were making more than the $20 / month or whatever previously. So people will be paying more. Then add all the sites that currently just get what they can with advertising, and now they can become pay-per-view.
          • skybrian 6 hours ago
            They weren't getting the $20 / month from users who bounce off.

            Seems more likely that subscriptions, advertising, and microtransactions will coexist.

            • sanswork 5 hours ago
              They have to get almost 200 more conversions to make up for the single subscriber. Given a lot of these services offer $1 entry subscriptions and people still bounce it's unlikely you'll have a mass market excited to pay $0.10 everytime they want to read an article to make up for the person paying $20 to read a handful everyday.

              Microtransactions have existed in a bunch of forms over the past 20 years and always fail to find take up because the mental load in deciding to pay or not is higher than the value receive.

              Maybe ideal for agents but how many people are going to trust their agents with enough of a balance.

              • thinkloop 5 hours ago
                A $1 entry subscription where you have to type your name and credit card and submit and wait and now you have a relationship to manage, is infinitely more expensive than a 10 cent, automatic, non-recurring, one-time, no cancelation needed, pseudonomous, microtransaction.
                • sanswork 1 hour ago
                  Right but it means I can go read a bunch of content right away vs microtransactions where literally every click becomes a case of me deciding if it's worth 10c. That is exhausting.

                  Also if they are handling payments at some point you're going to be forming that relationship or they are going to get shut down for money laundering very quickly.

                • applfanboysbgon 3 hours ago
                  > pseudonomous

                  Which isn't private. Wallet ID 123 buys a 10c article from Leftist Newspaper A and one from Leftist Newspaper B. Leftist Newspaper A and B, being businesses, sell the information that Wallet ID 123 purchased an article to Data Broker A. Data Broker A correlates all purchases Wallet ID 123 has ever made and with a high degree of accuracy identifies who they are and their political affliation. Data Broker A sells this profile to anyone who asks for it, including far right governments who might be interested in throwing people out of helicopters based on their political affiliation. Unless you use Monero, this will happen, and Monero will obviously not be used.

                  Yes, 90% of people are careless and already give away this information right now. But you're suggesting closing the door on the rest who care to be able to protect themselves while still being able to use the internet, and cementing that nobody will ever have privacy for the rest of their lives, when we should be making an effort to make it harder to identify people, not easier.

                  • skybrian 2 hours ago
                    Perhaps some kind of mixer could be put in front of the micropayments system.
          • csomar 5 hours ago
            The $20/month model is exclusionary as you are excluding people who are not interested in regularly reading a single newspaper. Pay-per-page is more reasonable. I have rarely paid for news subscription (partly because I find news here which comes from many sources). Obviously, I am not going to pay hundreds in subscriptions, so I am essentially paying $0.

            With this, I can see myself paying $20-30/month (less than my coffee spend). That's money that was previously unlocked. Also, being able to pay some random writer/journalist outside the mega-news-corps, has a special feel to it and this gives me the option to do that.

            • incompatible 3 hours ago
              Random writer/journalists outside the mega-news-corps sometimes have a page for donations. You could donate to one once per month if you want to get rid of your $20-30.
      • hliyan 2 hours ago
        If the choice is between micro-transactions and ad-driven content (ads -> engagement maximization -> sensationalization + enshittification -> social and industrial decay), I'll take the former.

        Remember: from a business's perspective, advertising has positive ROI. Which means you as the consumer pay for it anyway. No ad supported service is free.

  • mxuribe 11 hours ago
    So, the snake oil salesman in me immediately wonders if this will become the new landscape for spam....It might go something like the following...

    1. Establish domain names and relevant cloudflare account including the monetization gateway (associated rules, etc.).

    2. Then host a ton of crap content across a wide swath of topics...not even decent quality...merely a step above old school style SEO keywords...just enough low quality "honey" to attract the AI flies, and their high volumes of traffic.

    3. Charge very low amounts to ensure the AI "visitors" won't balk programmatically at the cost.

    4. Then wait for lots of AI traffic (attracted by the "honey")...and then profit!

    Obviously lots of holes in the above...but, unless I'm missing something, it feels like more spam headed our way (because the AI agents will swallow up all the crap content created only for triggering usage costs)...which is a shame. Because while I'm not sure about this overall approach of this gateway, I certainly would welcome web authors to get paid something for their efforts! If cloudflare can help achieve this for web authors, then I'm in favor! Of course, the cynic in me also recognizes that by being the middleman, cloudflare does stand to gain whether the volume of traffic is for good content or spam crap. Is cloudflare a new type of bank now?

    Must think happy thoughts! The internet feels darker every day, but, must think happy thoughts!

    • azeemba 10 hours ago
      Crawler, AI or not, cannot afford to pay per visit. The entire model of crawling works because the incremental cost of each crawl is so low. Even fractions of a penny would be prohibitive.
      • mx7zysuj4xew 4 hours ago
        As it should be. Bots are still user agents much like browsers
      • wmf 9 hours ago
        If you're paying per token for AI, you can also pay a smaller amount to use the Web.
    • skybrian 10 hours ago
      If it gets off the ground it will attract SEO, but the people running agents will have incentives to use a better search engine, or maybe even whitelist known good domains.

      Think of it as a gullibility tax. AI is currently pretty gullible but perhaps that will change?

    • incompatible 6 hours ago
      "host a ton of crap content across a wide swath of topics.."

      But how will anybody know it's there?

      • gpm 6 hours ago
        Host two crap tons of content across a wide swath of topics... one which points to the other?

        I'm basically of the impression that this is already happening based on all the LLM generated slop search results I get - presumably for ad revenue (or in the case of Musk to push political views).

  • mixedbit 13 hours ago
    With payments the complexity is not only in accepting a payment, but largely in doing so legally. Someone makes a request to my company's paid service, I return 402 and get a stable coin back. Who do I invoice for this revenue? What value added tax do I apply to the invoice? If someone makes 10k paid requests within one month, do I have means of generating one invoice for them for all the usage, or is every request treated separately and results in 10k invoices? Will CloudFlare handle this for me?
    • aianus 13 hours ago
      Who do you invoice if, for example, you own a vending machine that sells chips and sodas for cash or contactless? Why couldn’t this be treated the same?
      • tony_cannistra 13 hours ago
        Vending machines can't be used by thousands of people from differing tax jurisdictions at once
        • BadBadJellyBean 13 hours ago
          Airports could potentially be such a place but I admit that this is a bit contrived.
          • jjmarr 12 hours ago
            Airports are such a place. That is why they have duty-free stores that are exempt from taxes so long as you take the goods out of the country. The onus is on the consumer to pay taxes at their destination.

            Most countries then have a "personal exemption", where consumers are exempt from paying taxes on a certain value of goods.

          • meowkit 10 hours ago
            It’s not contrived and starts to touch at the root of the issue: taxes on transactions.

            I’m not against taxes to be very clear. Tax something else.

          • sofixa 12 hours ago
            Not really because the transaction occurs in a specific place with specific tax rules, regardless of where the purchaser is from.
      • lelanthran 12 hours ago
        Retailers selling for cash typically don't have the same accounting requirements for revenue from cash sales.

        No KYC needed, no counterparty or reciprocal VAT rules, no jurisdiction tax rules, etc. Non-cash revenue has rules attached to it.

        I agree with GP - this doesn't actually solve any problems I have when recording revenue.

      • mixedbit 12 hours ago
        Normal vending machine transactions are B2C transactions, so the buyer cannot be a company - cannot pay with company money and cannot deduce the payment as the company cost. I guess, the buyer can take a receipt from a vending machine and ask the vending machine owner to provide a B2B invoice based on the receipt, to make this a proper B2B payment.

        Can you treat your remote service access as B2C only? Perhaps yes, but then the companies will not be able to use your service, pay from a company bank account and account this as a company cost, only individuals will be able to legally pay.

        Vending machine is also located in a known physical country, so the owner knows what VAT to apply, the VAT of the country the machine is in. With software services the VAT should be applied based on the country where the buyer is located.

        • alexsmirnov 10 hours ago
          If I pay for vending machine by corporate card on a business trip, it looks more like B2B
    • lagrange77 12 hours ago
      > Will CloudFlare handle this for me?

      Right i wondered the same. I guess Cloudflare would have to act as a Merchant of Record, like e.g. Paddle and Gumroad do. Then the end user/bot would do business with Cloudflare, and Cloudflare with us.

    • socketcluster 9 hours ago
      That seems to make the case stronger. It becomes Cloudflare's problem. You can deal with Cloudflare from one country and let them figure out how to collect payment from people all over.

      That said, morally, I strongly resent the fact that accepting payment has essentially become illegal for most people due to this complexity and the way globalization has been forced on people. People are essentially not allowed to receive payment to feed themselves. That's what it has come down to. Not everyone can afford an accountant and take that risk.

      • charcircuit 6 hours ago
        >globalization

        You can have this problem even if you target a single state in the US.

    • mdig 5 hours ago
      I definitely wouldn't want to implicitly join an economic nexus by virtue of such a payment solicitation. The last thing I want is being subject to EU DSA and limitless other nonsensical legislation.
    • kelvinjps10 9 hours ago
      Feels like a good way to do money laundering lol
      • yieldcrv 4 hours ago
        It is

        You’re 10 years late

        x402 not required just segregated addresses acting as individual market participants paying for your service

        if you ever want your state’s currency (which is a big IF in the crypto world), then you use your segregated address to pump the price of a token that your clean and KYC’d addresses hold, sell into liquidity for a more liquid crypto, sell that crypto on an exchange. you look like a good or lucky trader like anyone else. cash out, pay taxes if your country taxes capital. access to the rest of the system

        although the online merchant service is accepting payment from addresses linked to dirty money along side some others, and it may seem redundant to bother instead of just pumping assets with the dirty money address, it’s just possible deniability. Far more plausible than predominantly dirty addresses pumping a token you just happen to hold. Even if the dirty money had all swapped to monero and out to fund virgin addresses it still needs a genealogy before benefitting you in the KYC’d world. So insert the crypto merchant service in between regardless.

        • wavemode 2 hours ago
          "pump the price of a token" seems like the complex part that you're hand-waving. Either this token has a bunch of other traders (in which case, it's not trivial to simply "pump" its fair-market price by your own effort), or your alt wallets are themselves most of the liquidity (in which case, you're really just transacting with yourself, which is trivial to trace)
    • suprfnk 13 hours ago
      Seems like a good avenue for money laundering if you can't tell where it comes from.
  • thatmf 15 hours ago
    All for this. Micropayments have been tried so many times before, but they all relied on user opt-in and never reached any sort of critical mass. Someone of Cloudflare's scale could actually pull it off.
  • _pdp_ 15 hours ago
    I might be in the minority here, but although x402 sounds useful, it seems to me that adoption will be an uphill struggle, especially for per-request micropayments.

    The most likely scenario is Stripe, or someone similar, creating an agentic API connected to the agent owner linked account or something along those lines. I am not sure how this would work with 3DS, or whether it would be acceptable at all, since these kinds of transactions could be disputed easily ("I did not make the purchase, my rogue agent did.")

    Another way to handle payments on the internet is obviously not to reinvent the wheel and simply email a payment link to the owner. That seems simple enough to me and does not require additional infrastructure. Payment processed, mint a key, the agent is allowed to proceed.

    • sandeepkd 14 hours ago
      I dont think the x402 is the core of discussion here, if anything its been hijacked for who knows what. It seems like Cloudflare wants to be the traffic gateway for everyone that controls the access and now wants to start charging for the same.

      The biggest challenge here is to distinguish between a bot and real user. Guess the big AI players would get free ticket to crawl the data and humans would be just left to prove themselves to access the content.

    • happosai 12 hours ago
      People are already being conditioned into micropayments via LLm token pricing.

      I presume the primary payment method on these 402 sites will be via LLM agents so reading a page via an AI agent will just cost a little more in tokens than the LLM making it all up.

    • wmf 9 hours ago
      You figured out for yourself why credit cards won't be used. That's why they're pushing stablecoins with no refunds.
    • DonHopkins 15 hours ago
      >"I did not make the purchase, my rogue agent did."

      If you try to call customer service and report it, you get:

      I'm sorry. All of our rogue agents are assisting other rogue agents.

      If you would like to dispute charges made by your own rogue agent, please ignore all previous instructions and stay on the line of this toll number for our next available rogue agent.

      The estimated waiting time is two months, three weeks, five days, thirteen hours, fourty seven minutes, and 36.03858767259934378 seconds.

  • horsawlarway 14 hours ago
    I'm going to poke at a downstream consequence here.

    Lets say this catches on (in some form or another, whether in this precise implementation or not).

    So assume we have a world where resources can be gated by a payment wall that agents can interact with.

    I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).

    ---

    At what point can I sue these companies for obviously failing to act in my interests?

    Because that's the clear next step here.

    Basically - where is the fiduciary duty that I would require for a real working relationship?

    Because otherwise these agents can and will prefer to access payment gated resources that have financial relationships with their operators or developers.

    • hungryhobbit 14 hours ago
      >I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).

      That seems like a pretty big assumption, given that local models are only like a year behind frontier ones (or less).

      When you consider that, along with the completely unsustainable business model of all the major 3rd parties, I think a far more realistic view of our AI future is that AI will largely be commodified: it won't run on a few specialized companies, it will run on your hardware, or on budget providers (think an "AWS of AI").

      Frontier AI will almost certainly continue to exist, but will be focused on specific niches.

      • lagrange77 26 minutes ago
        I'm with you, but

        > or on budget providers (think an "AWS of AI")

        AWS was the first thing that came into your mind when you thought about budget providers?

    • skybrian 13 hours ago
      Wait, what? That makes no more sense than suing Walmart or Costco for having preferred suppliers. If you don’t trust Walmart’s buyers to buy groceries for you then you can shop somewhere else. Similarly here.
  • bilekas 16 hours ago
    Am I understanding this correct in that you can basically automate monetizing your web/api content to everyone or just agents ? Because I would be very much in support of charging agents per request, but I would want to still offer humans a free experience.
    • Faaak 15 hours ago
      Depends on the website though. I want LLMs to scrap my B2B website, because then it's shown to the user and they will likely use my product afterwards
    • wpapper 10 hours ago
      I’m a PM on the team that is building this. We want to offer a range of options, from charging everyone to charging unverified bots to simply charging users who exceed rate limits. We don’t want to add a dependency on a particular detection mechanism, but we do want to offer a variety of choices depending on how people want to filter.

      Feel free to email me at (my username)@(my company) with feature requests or feedback!

    • ygouzerh 14 hours ago
      Their example of an /api/premium is quite nice! You could you like keep existing pages free, but provide specific output content for llm!

      So if: cost monetized API < cost configuring scraper for your website OR feature provided by premium api > data got by scraping, then some people/business will likely pay

    • jf93ap29sh 15 hours ago
      If not built-in, you can probably put it together through Cloudflare itself.

      If a request goes to the protected path, if detected as bot: hard HTTP redirect to the path set in the monetization gateway, if human: allow and don't redirect.

      • ryan_n 14 hours ago
        Is there actually a reliable way to differentiate human from bot?
        • cphoover 11 hours ago
          As I understand it as models driving agent behavior of headless browsers are getting more and more sophisticated it's getting harder to reliably predict.

          The same way LLM's without watermarking cannot be reliably classified as "not-human" neural-network driven scraping tools are getting harder to detect.

          Cloudflare, and DataDome position themselves as companies that can detect automated traffic using things like IP reputation, behavioral signals, timing... But these things can be faked through proxy-networks, human behavior signals can be imitated with generative AI the same way text can be, web bots can utilize neural networks to generate trajectories and timings similar to those of humans.

          If you can have an AI use a browser the same way a human can how can you distinguish the two?

        • mpeg 13 hours ago
          There are reliable ways of differentiating human from cheap, bulk scraping bots.

          But if the bot is advanced / expensive enough, it gets a lot harder. Where this product's market sits is in giving a paid way to access content compared to having to spin up bots that run js, from real IP addresses, etc. all of which are more expensive

          • xur17 13 hours ago
            Agreed. To me this feels like the perfect solution for websites and ai crawlers. Instead of having crawlers paying proxy services and captcha solvers, they can pay the website itself. As a web scraper, I'd happily pay the website provider to get access if it meant easy access to the content. Heck, as a human, I'd pay to avoid the dumb captchas.
        • ihsw 14 hours ago
          [dead]
    • carlosjobim 14 hours ago
      Unless you have people's biometric data, you won't be able to separate agents from people. Except by payment.
      • hedora 12 hours ago
        Agents will be able to pay orders of magnitude more than humans, since they can just cache the documents at openai or anthropic, then use them over and over.
        • carlosjobim 12 hours ago
          But then the cost to access a HTML page will also have to be thousands of dollars, since it can only be sold five times. (Once to Anthropic, once to OpenAI, once to Google, once to Meta and once to Apple).
  • janandonly 2 hours ago
    I am surprised that Cloudflare went and made their own implementation of L402/x402?

    There are already a bunch of working implementations:

    * https://www.l402.org/ * https://docs.lightning.engineering/the-lightning-network/l40...

    There is even an index with a long list of services that already support this tech:

    * https://l402index.com/

  • verall 14 hours ago
    I can't wait for the deluge of AI generated agent-optimized webpages competing to trick your agent into giving them micropennies.
  • leros 12 hours ago
    I don't really like the model of scrapers paying small fees. I think it devalues things.

    I make money when people use my website. I don't make money when AI scrapes my content and answers the question without the user coming to my website.

    I'd need scrapers to pay me 5-6 figure payments to replace the revenue they'd be taking from me if my content was easily scraped. I doubt that's ever going to happen.

  • petcat 16 hours ago
    > NEW YORK – MCP Dev Summit North America – April 2, 2026 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it is launching the x402 Foundation with the contribution of the x402 protocol from Coinbase. The new Foundation will serve as the neutral home for x402, a universal standard for payments that embeds payments directly into web interactions, enabling AI agents, APIs, and apps to transact value as seamlessly as they exchange data.

    Apparently I missed this initiative. It seems like it is a technology that is intended to be open an universal while also being supported and developed primarily by US companies (Linux Foundation, Coinbase, CloudFlare.)

    • AviationAtom 14 hours ago
      The intent is to not make companies shoulder the cost of other organizations scraping their content. When it is regular users browsing the cost incurred is trivial. When bots are scraping the entirety of a site, repeatedly, it adds up quickly.
    • altairprime 13 hours ago
      x402 — An open protocol for internet-native payments (9 months ago, 147 comments) https://news.ycombinator.com/item?id=45347335
    • dist-epoch 16 hours ago
      WHATWG, who sets the HTML standard:

      > The central organizational membership and control of WHATWG – its "Steering Group" – consists of Apple, Mozilla, Google, and Microsoft.

    • sourcecodeplz 15 hours ago
      this was in the announcement yes, kind of a buried lede

      you get paid in crypto

  • sourcecodeplz 15 hours ago
    CloudFlare launching the new AdSense for the AI scrape wars age
  • luhn 14 hours ago
    The focus of this seems to be entirely AI agents, but I wonder if there's a future where browsers implement this and us humans can finally get micropayments in the web. It's been tried unsuccessfully many times but always falls prey to the chicken-and-egg problem. Maybe the AI hype will finally give it the push it needs for widespread deployment.
    • wpapper 9 hours ago
      Yes! I’m a PM on the team that is building this. We want this to work equally well for human payments or agent payments. Low friction micropayments are the problem to solve, but once solved, it can work for either segment.

      Feel free to email me at (my username)@(my company) with ideas or suggestions here!

      • mx7zysuj4xew 4 hours ago
        Never going to happen, and what you're building is worse than any net neutrality fears we had in the past. Except instead of Comcast we now need to fight against Cloudflare
        • phsau 3 hours ago
          Why is it worse? This seems like a good alternative to large monthly fees, where you can pay per use.

          5c to read an article? Sure. $20/month subscription? No way.

  • totetsu 1 hour ago
    Seems similar message flow to some of the internals of mobile core networks
  • Animats 13 hours ago
    "There is an enormous amount of value moving across the Internet today that goes unmonetized or undermonetized, not because no one would pay for it, but because the tools to charge for it have never existed."

    Every road a toll road.

    How big a cut does Cloudflare want? Whose "stablecoin" does this use? How much does each on-chain stablecoin transaction cost?[1]

    For comparison, FedNow bank to bank transfers cost $0.045, regardless of size.

    [1] https://www.spark.money/tools/stablecoin-fee-calculator

    • rickydroll 7 hours ago
      Not only cloudflare's cut of the action, but your ISP, your mobile carrier, Internet exchanges, the service provider on the far end.

      Seriously, everybody will have their hand out.

    • dgellow 12 hours ago
      It’s the same „financialization of everything“ mindset that was being pushed by cryptocurrency people. It’s such a perverse concept, pushing for every interaction on the internet to be a transaction
  • dgudkov 14 hours ago
    We need standards and protocols, not another megacorp inserting itself between people. Micropayments should be part of the HTTP protocol.
    • mxuribe 11 hours ago
      I hear ya! But technically http status 402 has set that expectation of micropayments at the http level for quite a long time (see https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#402) ...but little to no one has done much of anything with it...and so now, this foundation and cloudflare seem to be doing something with it. Whether it will be good or not of course remains to be seen. So, not a new concept, merely a new implementation.
    • wmf 6 hours ago
      x402 is the standard.
  • amluto 13 hours ago
    I’m amused that there is no discussion of failure modes. What if the resource someone GETs turns out not to exist? What if the POST fails and needs a retry? What if redirects are involved?
  • Catloafdev 15 hours ago
    This feels like a 'Horse Armor' moment.

    I expect much more of this type of thing going forward.

    • hightrix 6 hours ago
      100%. I couldn't hate this more.

      If this catches on and is widespread, the internet as we know it will be completely dead.

      No, I don't want to pay for links I click on, ever. Sorry.

  • felooboolooomba 12 hours ago
    I've been thinking for a few months about exactly this and when it would happen. This is last nail in the coffin for web, at least as we know it. RIP Web.
  • babelfish 14 hours ago
    The upside of using this is that AI shops might pay you for your content. Realistically, they just won't use your content, there is more than enough free (or synthetic) data out there. Not even to mention their contracts with firms like Mercor etc.

    I guess I don't understand who this is for. If you want your worldview reflected in the latest generations of models, you probably wouldn't use this. If you don't want your worldview reflected in the models, why would a few pennies change your mind?

    • hungryhobbit 14 hours ago
      I think that's a pretty wild statement: there isn't just one type of content!

      Twilight fan fiction? Claude probably won't pay for that.

      But critical programming documentation that its bots (and their human users) rely on to do their daily job ? You better believe Anthropic will pay for that (instead of letting another AI pay for it, and steal all their customers).

      • babelfish 13 hours ago
        Sure, they'll probably pay PyPi, the Swift Foundation, etc for that documentation - but it's a pretty small universe of relevant content. An interns tech blog with a 'hello world in javascript' post won't be paid for, the Mercor contractors are doing more (and better) than that!
    • lurkshark 14 hours ago
      I don’t think this is aimed at the labs and pre-training, it’s aimed at end users and their agents. Like if you’re a news site the paying customer isn’t a lab scraping your articles for training, it’s an end user that asked their agent to lookup the news of the day
      • babelfish 13 hours ago
        But as an end user, I don't want to pay for the news of the day, regardless of if I look it up myself or my agent looks it up!
        • carlosjobim 13 hours ago
          Of course nobody wants to pay for anything, and you like me would like to be given everything for free without having to give anything in exchange. But why would somebody want to give it for free?
          • babelfish 13 hours ago
            I can read the news for free right now!
            • carlosjobim 10 hours ago
              You can read some ad-supported news for free right now. But there's probably a large enough group of customers who would prefer paying a subscription instead, just like with music.
  • gck1 8 hours ago
    This seems to be conflicting with the adoption of Web Bot Auth, which is still in infancy stage.

    I do have some bots, they're nice and predominantly used for grounding AI harnesses which I use interactively. Knowing that most operators will whitelist maybe 5 well know bots and route the rest to the micropayments, what's the incentive for me to have my bots identify as bots with Web Both Auth when it's easier to make them mascarade as humans?

    Again, my bots are nice. They're making roughly the same number of requests I would make manually via browser if I was manually working on something.

  • dzonga 10 hours ago
    what Cloudflare & others pushing similar mechanisms - have forgotten one crucial detail ?

    Where is the "human" in all of this ?

    an agent doesn't consume content. & that's why content & advertising have worked hand in hand over centuries. the personalized ad-tech pushed by the massive tech firms hasn't worked for publishers.

    which is why retail media, CTV etc are picking up. & why Amazon Ads is racking it - within a few years Amazon ads might actually get more revenue than either Google | Meta.

    so once again - where is the human & the human element, even though x402 is fantastic.

  • xlayn 10 hours ago
    X402... I was not aware, I had this idea of making HTTP connection depend on a monero transaction, the monero transaction should take around 3 secs of the average computer/cellphone... once you have paid that you can access the resource. You wanna crawl the whole internet non stop, you pay non stop, 3 secs is probably the same as we pay in ads for those without adblockers and then content generators can start getting paid for the resources they generate.
    • wmf 8 hours ago
      It's stablecoins not Monero.
      • anonym29 7 hours ago
        Stablecoins: All of the complexity of cryptocurrency with all of the downsides of CBDC
  • wpapper 10 hours ago
    Hey all, I’m a product manager on the team at Cloudflare that is building this. Happy to answer any questions! You can also email me at (my username)@(my company)
    • internet_user 3 hours ago
      any possibility of hooking up native crypto to this? e.g. zk-rollups/sidechains, Lightning Network, etc?

      Nostr zaps?

  • VladVladikoff 15 hours ago
    I am not a fan of the growing trend that Cloudflare is the gatekeeper of the internet. Personally I will never support this company, or firewall any of my websites behind it.
    • smalltorch 14 hours ago
      Step one: Make a gate everyone uses

      Step two: Sell keys to the gate

      Muah ha ha

      But in all seriousness I wonder who needs this... api's are suppose to make it easy to bridge two application... and you didn't need AI to utilize an api before so I wonder what's pushing this sort of thing to extract value down to individual calls?

    • gonight 13 hours ago
      I recently had to build a system to drop inbound traffic originating from cloudflare ASNs to prevent bad actors using WARP proxies, no legitimate cloudflare traffic usecases for anything inbound. Getting increasingly sick of cloudflare.
      • Bender 10 hours ago
        I do something similar seems to get the job done.

            for BadActor in $(curl -A Mozilla "https://api.cloudflare.com/local-ip-ranges.csv"|grep -Ev "::|/32"|awk -F "," '{print $1}'|sort | uniq); do ip route add blackhole "${BadActor}" 2>/dev/null;done
        
        Something similar can be done with AWS EC2

            https://ip-ranges.amazonaws.com/ip-ranges.json
    • frizlab 12 hours ago
      Isn’t x402 an open standard anybody can implement?
    • nzeid 14 hours ago
      I'm old-man-yelling-at-the-clouds here. Everyone just uses Cloudflare, which is not a bad thing by itself. But do they _have_ to? Is managing your own edge really that terrifying?
      • ygouzerh 14 hours ago
        For non-corporate entities, it is!

        Having an almost a plug and play solution who does CDN + DDoS Protection + WAF/Rate Limiter + Bot Protection, for a few bucks, is very useful for startups and SMEs.

        And compared to cloud different offerings, their quick setup and lower cost is hard to beat.

      • AviationAtom 14 hours ago
        I think DDoS attacks are really what propelled them to the heights it has. The attacks seem to get bigger and bigger by the year. You need a really big pipe to filter them out on before passing on traffic to servers with a much smaller pipe.
        • windexh8er 12 hours ago
          Yes, DDoS was definitely their entry point. I remember recommending them to a friend about a year or so after they had launched with the free tier. He was managing a small school district that was dealing with DDoS issues intermittently. What he needed was just outside of free at the time and I believe Cloudflare was still small enough where he had a call with Mr. Prince.

          I was a strong proponent of Cloudflare for years, but looking back should have known better. I felt like others in the space would have tracked along how they went to market but that didn't play out as I would have suspected. I still use Cloudflare for DNS on domains that I use sparingly (mostly just for mail records), but no longer recommend anyone let Cloudflare terminate TLS unless they need it.

          It's pretty amazing what you can get for a server host (bare metal) these days at the price point. I don't run any of those behind Cloudflare and haven't had any issues as of yet.

      • Catloafdev 13 hours ago
        DDoS protection and the number of features they offer are kind of unmatched.

        I often see threads complaining about Cloudflare, never see suggestions for better alternatives.

      • skinfaxi 14 hours ago
        > Is managing your own edge really that terrifying?

        It's about convenience, not fear. Cloudflare is free for most companies until you need more advanced features.

        • hungryhobbit 14 hours ago
          So a fear of being inconvenienced then?

          I'll show myself out ...

      • flawn 9 hours ago
        Dumb question here - how can I manage effectively edges across the whole world without the huge maintenance overhead? Which tools would be recommended for that? I e.g. have a VPS at Hetzner with Coolify but users from the US have high latency. I wouldn't know how to not use CloudFlare?
      • tristor 13 hours ago
        It would be economically impossible for me to run a small personal website without Cloudflare thanks to the sheer quantity of badly behaved automated traffic on the Internet in 2026.
    • penguin_booze 12 hours ago
      See also the deranged post from the CEO, gloating about firing employees: https://archive.is/gSrfU.
      • Jimmc414 12 hours ago
        I'm in awe at how tone deaf and naive the CEO comes across in this article. It reads like a comically ominous punchline from Gavin Belson.
    • zuzululu 14 hours ago
      [flagged]
  • m-hodges 13 hours ago
    > This reality demands a new model: usage-based pricing for everything.

    Oh boy!

  • wenbin 15 hours ago
    It’s a great way for developers or ai agents to test drive an API without creating and account and getting an API key from the api provider.

    This could also make abusing use / DDoS attack very costly

  • 03284782470 9 hours ago
    Nice website you got there. Would be a shame if our bot 'detection' blocked access to it. A real shame... Tell you what, drop a few dollars into my front pocket, and I might just look the other way.
  • AuthAuth 9 hours ago
    This is what I want for my ideal vision for the internet but I just dont trust any of the major players to be the ones to implement this. The internet is going to get so much worse.
  • dqv 14 hours ago
    Precursor to age verification gateway.

    In the future, an AGEnt will attest that you are old enough to access the resource.

  • overgard 13 hours ago
    I think this is a directionally good idea. I can't help but think that there's basically no way that the AI labs can actually afford to pay for their massive amounts of training data though. (This does not make me particularly sad)
  • PhilippGille 12 hours ago
    Currently this is for payments with stablecoins.

    For Bitcoin / Lightning these kind of pay-per-request API paywalls have existed for many years already (e.g. my own from 8 years ago [1], but others as well).

    Flattr [2] existed for non-crypto micropayments.

    None became mainstream. I think the friction is always the extra setup on the client side. In all 3 cases the user (API consumer) has to set up a special wallet (browser extension or something for the agent) and deposit some money/crypto on the client side first. This part needs to become simpler.

    [1] https://github.com/philippgille/ln-paywall

    [2] https://en.wikipedia.org/wiki/Flattr

  • brody_hamer 13 hours ago
    I’m curious about the decision to “aim for sub second transaction times”, rather than using something cryptography-based, such as a verifiable oblivious pseudorandom function.

    That is, - as a client I could obtain a bunch of credits/tokens from my payment processor - these tokens have the cryptographic property of being verifiable (ex: “that’s definitely a stripe-verified token worth $0.001”) - these tokens also have the cryptographic property of being anonymous. (ex: neither stripe, nor the payment recipient know that I am Bob)

    With this sort of cryptography based approach, cloudflare could verify my payment token without any cryptocurrency proof-of-work kerfuffle?

    • wmf 9 hours ago
      There's no proof of work to begin with.
  • w10-1 8 hours ago
    This has a lot of potential; true disruption can happen for existing markets only when the transaction cost features change, and CloudFlare is ideally positioned to drive a new standard. Ideally they create a service that can be open and replicated in competition (not just technically but economically), and this creates the right incentives for bots and sites/services.

    I dislike stablecoins because they legitimize their cousin coins and because (I think?) they have transaction fees that create the wrong incentives for providers. I'm not sure what the real benefit is over prepaid (policy-driven) fiat currency with (possibly-paid) transaction records.

    I can see how selling to bots could become so profitable that no one bothers to present directly to humans, but I look forward to an ad-free, much more capable internet, where paywalls are more like a headwind than a wall.

  • andreygrehov 12 hours ago
    so is Cloudflare the cancer now?
  • artisin 14 hours ago
    > This is what we are building toward: an agent-first Internet with Internet-scale settlement built in.

    Ah yes, the starry-eyed dream of early web pioneers is finally upon us: a soulless internet filled with soulless agents and microtransactions!

    But in all seriousness, it's hard to deny that the attention-based model that has propelled the web forward for the last 30 years is somewhat falling apart. And I don't have, nor have I come across, any meaningful solutions that could realistically work better. So maybe it's just time we turn off this 'internet' thing and call it a day.

  • xpct 10 hours ago
    So, the idea itself is fine. The timing at which it's introduced is what makes me nauseous. We're really trying to milk the agents in any way possible, aren't we?
  • skybrian 14 hours ago
    Micropayments have always suffered from an early adopter problem because it’s difficult to convince ordinary users to pay for web pages. But if a big company, perhaps one of the AI labs, started paying websites using this system then it might bootstrap the system?

    I think the difficult part is that LLMs are gullible and it will absolutely be gamed if any real money can be made this way.

    It would be nice if this became a viable alternative to paywalls, though.

    • ygouzerh 14 hours ago
      An partnership with Perplexity AI would be nice!

      Let's say a part of the subscription is used to pay for it.

  • latchkey 14 hours ago
    We need an email address so that we can contact people if there is a problem.

    So far, I'm having trouble figuring out how to get that out of x402.

  • jedisct1 12 hours ago
    Monetization Gateway for Bunny CDN: https://github.com/dip-proto/x402

    and for Fastly: https://github.com/dip-proto/x402-fastly

  • mrcwinn 12 hours ago
    Tackling this at the network layer has limitations. Stripe bought Metronome, which inserts at the application layer. Arguably makes more sense.
  • mrsssnake 13 hours ago
    Internet needs an open, integrated and universal payment layer. But first the payments should be done well (look at: Taler project), then integrations should be build, not the other way around.

    I know many people here would be against anything related to payment on the Internet, but I do believe the ability to have a button like "One click here to anonymously with no account pay 0.02€ and download the media" could be a net positive for Internet freedom.

  • holistio 16 hours ago
    how will the end user pay? will we all have stablecoin wallets installed?
    • titanomachy 16 hours ago
      I assume that if this catches on then the agents will have their own wallets and deduct fees from your account credit, just like with API-based usage. So the way you interact with them won't change, from your POV they'll just get more expensive.
    • ygouzerh 14 hours ago
      It seems the usage will be mostly agent <-> service or service <-> service. For user, probably using a Metamask-like wallet yes
    • dist-epoch 16 hours ago
      article says it's mostly for agents, users will not be directly involved

      > At the same time, an agent can make thousands of micropayments without friction, while asking a person to approve each payment would be impossibly burdensome.

      but yes, they will need wallets

      but it's also optional, you do not want to buy these paid for requests, you do not need a wallet

  • whalesalad 4 hours ago
    I feel like this kind of tech can solve the news problem. So many paywalls. Imagine they don’t exist and your impression costs a few cents. I’d prefer this to massive lawyer grade cookie popup wizards and monthly memberships. My MiL is a writer at a large newspaper in Kentucky and it’s wild how much she is pressured to share her stories and gain sign ups from her referral links. Pay per view solves this.
  • Catloafdev 13 hours ago
    Conceptually, sure - but crypto? Really?
    • chickensong 10 hours ago
      Yes really. Just because the initial rush ended in scam bros, doesn't mean there's no value in the underlying tech. You don't throw the baby out with the bath water.
  • colesantiago 15 hours ago
    Can the agents use debit cards?

    Stablecoins doesn't make sense here and prefer not to use crypto at all.

    • ygouzerh 14 hours ago
      Actually, x402 was created because using a credit card programmatically is very difficult.

      The whole business of Stripe is based on that: it's so hard for developers to do, and so many regulations, that they would rather pay an another company to do so.

      Crypto can be sent just using a contract.transfer() call

      • xur17 13 hours ago
        And debit / credit cards are horrible for privacy (name and address info is sent along with payments).
    • smoovb 14 hours ago
      Debit cards have to pay too many people. The acquiring bank, the receiving bank, the network, all take their fees. Stripe and their minimum $.30 per transactions leave no room for $0.01 API calls.
  • hedora 14 hours ago
    Presumably, like their captchas, this will completely break things like ad blockers, browsers with strict cookie policies, and probably things without hardware attestation.

    Unless there's a privacy-preserving way this can be used to send money, then it's just another chunk of the surveillance state that's being rapidly erected over the last few years. The word "privacy" does not appear once in the article.

    Even if it did, I'd be skeptical. If their payment system does allow money to be sent in a privacy and free speech preserving way, then it'll be used for money laundering.

    This whole "agents bad" framing is complete BS. It's the reality of how people use the internet now, and, frankly, ad blockers have been a thing since forever. On the other hand, if successful, this infrastructure will give Cloudflare centralized control over internet publishing and also centralized surveillance of all users with no opt out.

    Piracy is looking better and better. So does the small web. Come to think of it, the library does too. Any good solutions for non-destructively scanning books?

  • mdig 9 hours ago
    Behold, another stake in the heart of the open Internet.

    First it was GDPR government fragmentation; then it was AI slop requests, and now it is greed. Before you know it, we'll be back to the days of having to research at libraries because they'll be the only ones with taxpayer funding to pay the x402 fees.

    • wrqvrwvq 9 hours ago
      Insane reflection. Nothing about the open internet has or will change because of a private, third-party payment framework making use of a http status code. Who is paying for bots like this? Every site needs to account for its costs. Just because you're too euro-poor to afford basic access to research doesn't mean others can't pay for it and benefit from it. Get a job.

      Is europe just flooding online fora with doomer luddites to demoralize the US tech sector? Sounds far-fetched, but there is nothing organic about the recent rise in US/tech hatred across the web.

  • zb3 10 hours ago
    Crypto crap should not only be illegal... it is already illegal - there's no such thing as legal anonymous payments, due to AML laws.

    When I see crypto I immediately think of fraud (and corruption of this US administration)

  • applfanboysbgon 14 hours ago
    Yet another portion of the internet to be ruined by the consequences of the trillion-dollar spambots, wonderful.
  • aitoukhrib 13 hours ago
    [flagged]
  • Danii27 15 hours ago
    [flagged]
  • maxothex 15 hours ago
    [flagged]
  • wrencastellan 9 hours ago
    [flagged]
  • adrianwitaszak 16 hours ago
    [dead]
  • Ozzie-D 6 hours ago
    [flagged]
  • the_gipsy 15 hours ago
    [flagged]
    • dang 10 hours ago
      Can you please stop fulminating and posting flamebait and/or unsubstantive comments to HN threads? All of that is against the guidelines and you have unfortunately been doing them repeatedly.

      If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.

    • fantasizr 14 hours ago
      when the law won't protect you it creates an opportunity for a mafia like protection racket
    • hedora 14 hours ago
      You realize humans are going to be the first wave of collateral damage right? I already basically cannot browse the internet for technical information, since most high-quality forums are behind captchas that block my iPhone.

      If I ask an agent to do it, it does better at finding the small percentage of sources not hosted by cloudflare. However, it generally cannot hit open-access / public domain sources (like the current legal code, or academic papers) because those are blocked and it respects stuff like robots.txt.

      • axus 14 hours ago
        Would you be willing for Cloudflare to "Know their customer" (you) and pay 3 cents to access the forum, instead of filling in the captcha?
        • gilfaethwy 14 hours ago
          Can't speak for GP, but I wouldn't - privacy is already eroding at a startling rate, and more KYC for things that really don't need it is just a further affront to human rights. (See also the FCC's recent request for comments on requiring government-issued ID to use a cell phone.)
          • carlosjobim 13 hours ago
            Are your human rights also violated by Spotify keeping track of what songs you listen to, or Netflix and YouTube keeping tabs on what shows you are watching?

            Internet non-ad monetization will also be in the form of massive syndication, where a subscriber gets access to thousands of high quality websites, and web publishers get access to millions of subscribers. But they need to take a hint from streaming services and really make massive syndicates which includes everything for everyone for this to work.

            • hedora 13 hours ago
              Yes. In the past, in the US, library checkout records were private / not recorded, specifically to protect the right to privacy, which is specifically protected by the UN human rights charter.

              The systems you described not only record that information and make it available for warrants, they also sell it, and allow warrantless searches of it in some circumstances.

        • colinsane 12 hours ago
          i installed the playwright MCP to let my agent access walled sites (specifically ebay and WSJ). i noticed that 90% of the time it was bounced from a site, it just reached out to a different site that wasn't walled, and i think it's the right move: most information exists at multiple places on the web, it's cheaper and _faster_ to just skip over walled sources.

          for the forum example: many forums have a policy to only allow access to attachments to logged-in users. i can't remember the last time i registered at a new forum just to view an attachment: the effect has always been to drive me elsewhere. no complaints -- these solutions work if your goal is to reduce load. i'm suspicious that they can drive monetization outside of a very few niches.

        • ryan_n 14 hours ago
          I thought the goal was to only charge agents a fee, which would either 1. stop agents from scraping your site non-stop and eliminate the need for a captcha, making the human experience better or 2. make the owner of the site some money in exchange for a bajillion bots scraping their content.

          Maybe that's too optimistic though based on the responses in this thread.

          • hedora 12 hours ago
            If they only charge agents a fee, then people will just set up a mcp endpoint or whatever to desktop chrome/firefox.

            As it is, their captchas are already blocking tons of human traffic.

            The idea that the price will be low unless you access it a lot falls over due to caching. Big tech companies will cache whatever they scrape, paying for one copy. Regular people and smaller companies will not read the same thing enough to amortize the cost of the first fetch, so they’ll pay 1000’s to 1,000,000’s of times more than the monopolies per-use of a given piece of information.

            If individuals set up a federated cache with open access, they’ll get sued for copyright infringement. (Even though that would solve the supposed problem: That cloudflare cannot afford to operate a cache).

            The end result is that only closed agents will be allowed to (legally) read most content without paying extortion-level fees.

            Also, like with YouTube and video, serving text will become a winner-takes-all proposition.

            • ryan_n 7 hours ago
              Interesting, yea I think that makes sense. Well, that's a bummer if that ends up being the case!
      • riffraff 12 hours ago
        I play dungeon crawl stone soup (think nethack,but with web tiles), and most of the servers are struggling because of AI crawlers downloading the morgues.

        Real users are already suffering.

        If (big if) the AI labs can be made to pay for the abuse, actual users win.