Independence Day: Cloudflare's Dual Defense for Mobile Apps & Original Content Podcast Por arte de portada

Independence Day: Cloudflare's Dual Defense for Mobile Apps & Original Content

Independence Day: Cloudflare's Dual Defense for Mobile Apps & Original Content

Escúchala gratis

Ver detalles del espectáculo
Independence Day: Cloudflare's Dual Defense for Web Mobile Apps & Original ContentWelcome to "Upwardly Mobile"! In this episode, we dive deep into Cloudflare's groundbreaking efforts to protect both mobile applications and original online content from the escalating challenge of AI bots and data scrapers.Key Topics Covered:Protecting Mobile Applications from AI Bots:Cloudflare's AI bot blocking features are fully capable of protecting mobile APIs.Their Bot Management system analyzes incoming traffic without differentiating between desktop and mobile user agents when scoring bot activity.Leveraging machine learning models, Cloudflare identifies and blocks various bot behaviors, including those targeting mobile apps. They have specifically developed and deployed a Mobile-Focused ML Model trained on mobile request data to improve accuracy and reduce false positives for mobile app traffic.Features like Super Bot Fight Mode offer a robust defense against various automated traffic, including mobile-based bots.For mobile apps primarily driven by APIs, Cloudflare's API Gateway offers enhanced protection.If you require very specific handling of different mobile user agents, premium support is available by upgrading to a Cloudflare Enterprise account with the Bot Management add-on.Safeguarding Original Content from AI Data Scrapers:Cloudflare has introduced a new permission-based setting that automatically blocks artificial intelligence companies from exploiting websites by collecting their digital data. This changes the rules of the internet, requiring bots to "go on the toll road" to get content.This initiative aims to protect original content on the internet, addressing concerns that AI companies freely using data without permission or payment could discourage and ultimately kill the incentives for content creation.Cloudflare, whose network of servers handles about 20% of internet traffic, has observed a sharp increase in AI data crawlers on the web.The company is developing a "Pay Per Crawl" system, which would give content creators the option to request payment from AI companies for utilizing their original content.Many content creators, publishers, authors, and news organizations have accused AI firms of using their material without permission and payment, leading to legal actions such as Reddit suing Anthropic and The New York Times suing OpenAI and Microsoft.Cloudflare argues that AI breaks the unwritten agreement between publishers and crawlers, as AI crawlers collect content to generate answers without sending visitors to the original source, thus depriving content creators of revenue.Cloudflare's CEO, Matthew Prince, is confident they can block AI companies from accessing content if they don't pay, asserting that their product will be worse as a result.This move is considered a "game-changer" for publishers by Roger Lynch, chief executive of Condé Nast.Revolutionizing Bot Authentication with Cryptography:Historically, Cloudflare relied on user agent headers and IP addresses to verify legitimate crawlers, but these methods are now considered broken or impractical due to easy spoofing, shared IP addresses, and the impracticality of managing individual secrets at scale.Cloudflare is proposing a better mechanism for legitimate agents and bots to declare who they are using well-established cryptography techniques, providing a clearer signal for site owners to decide what traffic to permit.Two primary proposals are being introduced: HTTP Message Signatures and request mTLS (mutual TLS).HTTP Message Signatures (RFC 9421) is a standard defining the cryptographic authentication of a request sender, allowing bots/agents to cryptographically sign requests originating from their service, proving their identity in a tamper-proof manner. OpenAI has already begun signing their Operator requests using this method. Cloudflare is prioritizing this approach as it relies on an adopted RFC and works at the HTTP layer, making adoption simpler.Request mTLS is another mechanism for mutual authentication via TLS certificates, though it has limitations, fewer implementations, and upgrading the TLS stack has proven more challenging.This authentication can be consumed by Cloudflare when acting as a reverse proxy or directly by site owners on their own infrastructure.These advancements will be integrated into Cloudflare's AI Audit and Bot Management products to provide better visibility into bots and agents willing to identify themselves.Relevant Links & Resources:Explore Cloudflare's solutions for AI bot protection for mobile apps, their new approach to safeguarding content from AI data scrapers, and innovative cryptographic bot verification mechanisms in their official documentation and blog posts.For cutting-edge mobile app security solutions, visit our sponsor: Approov Mobile Security Keywords: Cloudflare, AI bot protection, mobile apps, bot management, content creation, data scraping, AI crawlers, copyright, intellectual ...
Todavía no hay opiniones