News

We’re a few weeks into our end of year crowdfunding campaign—donate $100 or more (check out that $230 option!) and we’ll send you our first commemorative challenge coin celebrating 30 years of Section 230. I’ve already laid out why our coverage matters, why we’re not selling out (because we’re not like Bari Weiss), and why we’re one of the only sites getting Section 230 right.

But here’s the real reason to support Techdirt: we’re one of the rare remaining websites on the internet that doesn’t believe in annoying people as a business model.

You know the drill. You open a news article. There’s a banner ad at the top that won’t scroll away. Another at the bottom, also stuck. A skyscraper ad bisecting the text. You try to scroll past it and accidentally click, launching some garbage in a new tab. Or worse: the article itself is freely readable, but only after you’ve dismissed three different popups begging you to subscribe, register, or turn off your ad blocker.

Or you get six paragraphs in—just enough to get invested—and hit this:

Bait and switch. Every time.

Techdirt does none of that. You can read the site for free. You can also get the full text of all our posts via RSS or in your email with our newsletter. You don’t need to pay or register. Hell, you don’t even need to register to comment. We don’t cover the page in ads. We don’t pop up annoying reminders. You can share our content freely, safe from anyone saying “paywall, can’t read” in response.

When sites do that, it feels like the first stage of Cory Doctorow’s “enshittification” curve, where a site starts to figure out ways to annoy users to extract value from them by making them pay to avoid the annoyance. It’s deliberately decreasing the value in the hopes you’ll pay to get rid of the annoyance.

And while the “paid newsletter” Substack-style setup is a fascinating business model, when I’ve asked supporters of Techdirt how they would feel if we offered something similar, the response was almost unanimous: people love reading Techdirt in part to share what’s here, and they’d get annoyed if they felt they couldn’t share our stories any more.

I’d rather people pay here not because we’ve annoyed them into supporting us, but because they feel they get genuine value from what we do here and would like to enable much more of that.

And, in order to keep providing value we do need your support.

But this is about more than just keeping Techdirt running. It’s about proving that a different model can work—that you can run a news site by treating readers like people you respect, not resources to be mined. Here’s our work, we think it’s valuable, and if you agree, support it.

Every other model on the internet right now assumes you need to annoy people into paying. Frustrate them with paywalls. Interrupt them with popups. Make the experience just bad enough that they’ll hand over money to make it stop. That’s not a relationship. That’s a hostage negotiation.

We’re betting that if you get value from what we do, you’ll support it because you want more of it—not because we’ve made it impossible to read otherwise.

If you think that model deserves to exist, back it. Because if this works, it proves something: that you can build a sustainable news site by trusting your audience, not by annoying them into submission.

It’s nearly the end of 2025, and half of the US and the UK now require you to upload your ID or scan your face to watch “sexual content.” A handful of states and Australia now have various requirements to verify your age before you can create a social media account.

Age-verification laws may sound straightforward to some: protect young people online by making everyone prove their age. But in reality, these mandates force users into one of two flawed systems—mandatory ID checks or biometric scans—and both are deeply discriminatory. These proposals burden everyone’s right to speak and access information online, and structurally excludes the very people who rely on the internet most. In short, although these laws are often passed with the intention to protect children from harm, the reality is that these laws harm both adults and children. 

Here’s who gets hurt, and how: 

   1.  Adults Without IDs Get Locked Out

Document-based verification assumes everyone has the right ID, in the right name, at the right address. About 15 million adult U.S. citizens don’t have a driver’s license, and 2.6 million lack any government-issued photo ID at all. Another 34.5 million adults don’t have a driver’s license or state ID with their current name and address.

Specifically:

• 18% of Black adults don’t have a driver’s license at all.
• Black and Hispanic Americans are disproportionately less likely to have current licenses.
• Undocumented immigrants often cannot obtain state IDs or driver’s licenses.
• People with disabilities are less likely to have current identification.
• Lower-income Americans face greater barriers to maintaining valid IDs.

Some laws allow platforms to ask for financial documents like credit cards or mortgage records instead. But they still overlook the fact that nearly 35% of U.S. adults also don’t own homes, and close to 20% of households don’t have credit cards. Immigrants, regardless of legal status, may also be unable to obtain credit cards or other financial documentation.

   2.  Communities of Color Face Higher Error Rates

Platforms that rely on AI-based age-estimation systems often use a webcam selfie to guess users’ ages. But these algorithms don’t work equally well for everyone. Research has consistently shown that they are less accurate for people with Black, Asian, Indigenous, and Southeast Asian backgrounds; that they often misclassify those adults as being under 18; and sometimes take longer to process, creating unequal access to online spaces. This mirrors the well-documented racial bias in facial recognition technologies. The result is that technology’s inherent biases can block people from speaking online or accessing others’ speech.

   3.  People with Disabilities Face More Barriers

Age-verification mandates most harshly affect people with disabilities. Facial recognition systems routinely fail to recognize faces with physical differences, affecting an estimated 100 million people worldwide who live with facial differences, and “liveness detection” can exclude folks with limited mobility. As these technologies become gatekeepers to online spaces, people with disabilities find themselves increasingly blocked from essential services and platforms with no specified appeals processes that account for disability.

Document-based systems also don’t solve this problem—as mentioned earlier, people with disabilities are also less likely to possess current driver’s licenses, so document-based age-gating technologies are equally exclusionary.

   4.  Transgender and Non-Binary People Are Put At Risk

Age-estimation technologies perform worse on transgender individuals and cannot classify non-binary genders at all. For the 43% of transgender Americans who lack identity documents that correctly reflect their name or gender, age verification creates an impossible choice: provide documents with dead names and incorrect gender markers, potentially outing themselves in the process, or lose access to online platforms entirely—a risk that no one should be forced to take just to use social media or access legal content.

   5.  Anonymity Becomes a Casualty

Age-verification systems are, at their core, surveillance systems. By requiring identity verification to access basic online services, we risk creating an internet where anonymity is a thing of the past. For people who rely on anonymity for safety, this is a serious issue. Domestic abuse survivors need to stay anonymous to hide from abusers who could track them through their online activities. Journalists, activists, and whistleblowers regularly use anonymity to protect sources and organize without facing retaliation or government surveillance. And in countries under authoritarian rule, anonymity is often the only way to access banned resources or share information without being silenced. Age-verification systems that demand government IDs or biometric data would strip away these protections, leaving the most vulnerable exposed.

   6.  Young People Lose Access to Essential Information 

Because state-imposed age-verification rules either block young people from social media or require them to get parental permission before logging on, they can deprive minors of access to important information about their health, sexuality, and gender. Many U.S. states mandate “abstinence only” sexual health education, making the internet a key resource for education and self-discovery. But age-verification laws can end up blocking young people from accessing that critical information. And this isn’t just about porn, it’s about sex education, mental health resources, and even important literature. Some states and countries may start going after content they deem “harmful to minors,” which could include anything from books on sexual health to art, history, and even award-winning novels. And let’s be clear: these laws often get used to target anything that challenges certain political or cultural narratives, from diverse educational materials to media that simply includes themes of sexuality or gender diversity. What begins as a “protection” for kids could easily turn into a full-on censorship movement, blocking content that’s actually vital for minors’ development, education, and well-being. 

This is also especially harmful to homeschoolers, who rely on the internet for research, online courses, and exams. For many, the internet is central to their education and social lives. The internet is also crucial for homeschoolers’ mental health, as many already struggle with isolation. Age-verification laws would restrict access to resources that are essential for their education and well-being.

   7.  LGBTQ+ Youth Are Denied Vital Lifelines

For many LGBTQ+ young people, especially those with unsupportive or abusive families, the internet can be a lifeline. For young people facing family rejection or violence due to their sexuality or gender identity, social media platforms often provide crucial access to support networks, mental health resources, and communities that affirm their identities. Age verification systems that require parental consent threaten to cut them from these crucial supports. 

When parents must consent to or monitor their children’s social media accounts, LGBTQ+ youth who lack family support lose these vital connections. LGBTQ+ youth are also disproportionately likely to be unhoused and lack access to identification or parental consent, further marginalizing them. 

   8.  Youth in Foster Care Systems Are Completely Left Out

Age verification bills that require parental consent fail to account for young people in foster care, particularly those in group homes without legal guardians who can provide consent, or with temporary foster parents who cannot prove guardianship. These systems effectively exclude some of the most vulnerable young people from accessing online platforms and resources they may desperately need.

   9.  All of Our Personal Data is Put at Risk

An age-verification system also creates acute privacy risks for adults and young people. Requiring users to upload sensitive personal information (like government-issued IDs or biometric data) to verify their age creates serious privacy and security risks. Under these laws, users would not just momentarily display their ID like one does when accessing a liquor store, for example. Instead, they’d submit their ID to third-party companies, raising major concerns over who receives, stores, and controls that data. Once uploaded, this personal information could be exposed, mishandled, or even breached, as we’ve seen with past data hacks. Age-verification systems are no strangers to being compromised—companies like AU10TIX and platforms like Discord have faced high-profile data breaches, exposing users’ most sensitive information for months or even years. 

The more places personal data passes through, the higher the chances of it being misused or stolen. Users are left with little control over their own privacy once they hand over these immutable details, making this approach to age verification a serious risk for identity theft, blackmail, and other privacy violations. Children are already a major target for identity theft, and these mandates perversely increase the risk that they will be harmed.

   10.  All of Our Free Speech Rights Are Trampled

The internet is today’s public square—the main place where people come together to share ideas, organize, learn, and build community. Even the Supreme Court has recognized that social media platforms are among the most powerful tools ordinary people have to be heard.

Age-verification systems inevitably block some adults from accessing lawful speech and allow some young people under 18 users to slip through anyway. Because the systems are both over-inclusive (blocking adults) and under-inclusive (failing to block people under 18), they restrict lawful speech in ways that violate the First Amendment. 

The Bottom Line

Age-verification mandates create barriers along lines of race, disability, gender identity, sexual orientation, immigration status, and socioeconomic class. While these requirements threaten everyone’s privacy and free-speech rights, they fall heaviest on communities already facing systemic obstacles.

The internet is essential to how people speak, learn, and participate in public life. When access depends on flawed technology or hard-to-obtain documents, we don’t just inconvenience users, we deepen existing inequalities and silence the people who most need these platforms. As outlined, every available method—facial age estimation, document checks, financial records, or parental consent—systematically excludes or harms marginalized people. The real question isn’t whether these systems discriminate, but how extensively.

Republished from the EFF’s Deeplinks blog.

While each iteration presents a chance to improve, there are some very real reasons why facial recognition tech will do a bit of stagnating. And that reason is the biggest market for this tech: law enforcement agencies.

In 2019, the US National Institute for Science and Technology studied 189 different facial recognition algorithms. The results were conclusive: every single one of them performed worse when asked to “recognize” anything other than white male faces. Asians and African Americans were more than 100 times more likely to be misidentified by the tech. While some were a little bit better, the average across the board was bad news for people who’ve already been subjected to decades of biased policing.

Adding tech to existing biases only allows them to compound the inequities faster. That’s something that was pointed out less than a year later to the EU Parliament. Allowing cops to control both the input and the output just means the systems will generate plausible deniability for racist policing, rather than create a playing field that’s a bit more level.

Not only does facial recognition tech have a built-in bias problem, it also seems to have a problem with recognizing faces, no matter what color those faces are. Police forces in the UK have seen this happen repeatedly, racking up alarming false positive rates during tech rollouts. Despite these failures (and the unacknowledged flip side of false positives: false negatives), the UK government has continued to expand facial recognition programs.

The UK’s version of the NIST, the National Physical Laboratory (NPL), performed its own examination of tech currently being used by UK law enforcement. Its conclusions were just as unsurprising:

UK forces use the police national database (PND) to conduct retrospective facial recognition searches, whereby a “probe image” of a suspect is compared to a database of more than 19 million custody photos for potential matches.

The Home Office admitted last week that the technology was biased, after a review by the National Physical Laboratory (NPL) found it misidentified Black and Asian people and women at significantly higher rates than white men, and said it “had acted on the findings”.

These findings were passed on to law enforcement by the Home Office last September. The National Police Chiefs’ Council (NPCC) responded about as well as it could: it ordered any users of the tech examined by the NPL to adjust sensitivity settings to raise the “confidence threshold” for matches. This order was meant to counteract (to a point) the false positives generated by the tech’s inability to accurately match images involving women, Black people, and pretty much anyone of any race under the age of 40. (Whew. That’s a lot of failure.)

Well, that apparently angered a whole lot of UK officers and supervisors. With the threshold raised, fewer matches (and, presumably, fewer incorrect matches) were being generated. Rather than recognize this was part of necessary compromise needed to offset faulty tech, they decided to get bitchy about not being given enough false positives to act on.

That decision was reversed the following month after forces complained the system was producing fewer “investigative leads”. NPCC documents show that the higher threshold reduced the number of searches resulting in potential matches from 56% to 14%.

Yep, the NPCC rolled this decision back because officers weren’t getting as many matches as they were used to getting. Sure, the matches they were generating were likely much better than the ones they had generated in the past, but accuracy doesn’t seem to matter to UK law enforcement. It collectively pushed back hard enough to get this order reversed, allowing UK agencies to once again exploit the known, scientifically studied limitations of the facial recognition tech they were using. They valued quantity over quality — the sort of thing that naturally lends itself to the biased policing efforts these officers prefer to engage in.

Chief Constable Amanda Blakeman, an NPCC lead, claims there’s a tradeoff being made here that will ultimately benefit the public, even if it means more of them will be falsely arrested and the increase in false negatives will mean more criminals will escape justice.

“The decision to revert to the original algorithm threshold was not taken lightly and was made to best protect the public from those who could cause harm, illustrating the balance that must be struck in policing’s use of facial recognition.”

Blakeman insists additional training is all that’s needed to overcome the known limitations of the tech. Anyone who has ever attended mandatory training knows this simply isn’t true. All that means is that a bunch of people will doze or daydream through these sessions and pencil whip whatever form is given to them that will supposedly “verify” that all the training they never paid attention to has been put to use. Blakeman even said some of this training will be “reissued,” which makes it clear no one was paying any attention to it the first time around.

It’s fucking amazing. When confronted with the fact that their tech is flawed, UK law enforcement agencies demanded everything be reverted back to the fully-broken “normal” they’d been allowed to abuse since the tech’s inception. And now that this is all out in the open, police spokespeople are back to pretending law enforcement has anything to do with competently and carefully enforcing laws.

If your product is even a third as innovative and useful as you claim it is, you shouldn’t have to go around trying a little too hard to convince people. The product’s usefulness should speak for itself. And you definitely shouldn’t be forcing people to use products they’ve repeatedly told you they don’t actually appreciate or want.

LG and Microsoft learned that lesson recently when LG began installing Microsoft’s Copilot “AI” assistant on people’s televisions, without any way to disable it:

“According to affected users, Copilot appears automatically after installing the latest webOS update on certain LG TV models. The feature shows up on the home screen alongside streaming apps, but unlike Netflix or YouTube, it cannot be uninstalled.”

To be clear this isn’t the end of the world. Users can apparently “hide” the app, but people are still generally annoyed at the lack of control. Especially coming from two companies with a history of this sort of behavior.

Many people just generally don’t like Copilot, much like they didn’t really like a lot of the nosier features integrated into Windows 11. Or they don’t like being forced to use Copilot when they’d prefer to use ChatGPT or Gemini.

You only have to peruse this Reddit thread to get a sense of the annoyance. You can also head over to the Microsoft forums to get a sense of how Microsoft customers are very very tired of all the forced Copilot integration across Microsoft’s other products, even though you can (sometimes) disable the integration.

But “smart” TVs are already a sector where user choice and privacy take a backseat to the primary goal of collecting and monetizing viewer behavior. And LG has been at the forefront of disabling features if you try to disconnect from the internet. So there are justifiable privacy concerns raised over this tight integration (especially in America, which is too corrupt to pass even a baseline internet privacy law).

This is also coming on the heels of widespread backlash over another Microsoft “AI” feature, Recall. Recall takes screenshots of your PC’s activity every five seconds, giving you an “explorable timeline of your PC’s past,” that Microsoft’s AI-powered assistant, Copilot, can then help you peruse.

Here, again, there was widespread condemnation over the privacy implications of such tight integration. Microsoft’s response was to initially pretend to care, only to double down. It’s worth noting that Microsoft’s forced AI integration into its half-assed journalism efforts, like MSN, has also been a hot, irresponsible mess. So this is not a company likely to actually listen to its users.

It’s not like Microsoft hasn’t had some very intimate experiences surrounding the backlash of forcing products down customers’ throats. But like most companies, Microsoft knows U.S. consumer protection and antitrust reform has been beaten to a bloody pulp, and despite the Trump administration’s hollow and performative whining about the power of “big tech,” big tech giants generally have carte blanche to behave like assholes for the foreseeable future, provided they’re polite to the dim autocrats in charge.

Last week, Google filed suit against SerpApi, a scraping company that helps businesses pull data from Google search results. The lawsuit claims SerpApi violated DMCA Section 1201 by circumventing Google’s “technological protection measures” to access search results—and the copyrighted content within them—without permission.

There’s just one problem with this theory: Google built its entire business on scraping the web without asking permission first. And now it wants to use one of the most abused provisions in copyright law to stop others from doing something functionally similar to what made Google a tech giant in the first place.

The lawsuit comes on the heels of Reddit’s equally problematic anti-scraping suit from October—which we called an attack on the open internet. Reddit sued Perplexity and various scraping firms (including SerpApi), claiming they violated 1201 by circumventing… Google’s technological protections. Reddit was mad it had cut a multi-million dollar licensing deal with Google for access to Reddit content, and these firms were routing around both that deal and Google itself to provide similar results to users. The legal theory was bizarre: Reddit didn’t own the copyright on user posts, and the scrapers weren’t even touching Reddit directly—yet Reddit claimed standing to sue based on circumventing someone else’s TPMs.

So now, Google has filed its own, similar lawsuit, going after SerpApi directly, focused on how SerpApi gets around its attempts to block such scraping. Google released a blog post defending this lawsuit:

We filed a suit today against the scraping company SerpApi for circumventing security measures protecting others’ copyrighted content that appears in Google search results. We did this to ask a court to stop SerpApi’s bots and their malicious scraping, which violates the choices of websites and rightsholders about who should have access to their content. This lawsuit follows legal action that other websites have taken against SerpApi and similar scraping companies, and is part of our long track record of affirmative litigation to fight scammers and bad actors on the web.

Google follows industry-standard crawling protocols, and honors websites’ directives over crawling of their content. Stealthy scrapers like SerpApi override those directives and give sites no choice at all. SerpApi uses shady back doors — like cloaking themselves, bombarding websites with massive networks of bots and giving their crawlers fake and constantly changing names — circumventing our security measures to take websites’ content wholesale. This unlawful activity has increased dramatically over the past year.

SerpApi deceptively takes content that Google licenses from others (like images that appear in Knowledge Panels, real-time data in Search features and much more), and then resells it for a fee. In doing so, it willfully disregards the rights and directives of websites and providers whose content appears in Search.

Look, SerpApi’s behavior is sketchy. Spoofing user agents, rotating IPs to look like legitimate users, solving CAPTCHAs programmatically—Google’s complaint paints a picture of a company actively working to evade detection. But the legal theory Google is deploying to stop them threatens something far bigger than one shady scraper.

Google’s entire business is built on scraping as much of the web as possible without first asking permission. The fact that they now want to invoke DMCA 1201—one of the most consistently abused provisions in copyright law—to stop others from scraping them exposes the underlying problem with these licensing-era arguments: they’re attempts to pull up the ladder after you’ve climbed it.

Just from a straight up perception standpoint, it looks bad.

To be clear: this isn’t about defending SerpApi. They appear to be bad actors who built a business on evading detection systems. The problem is that Google chose to go after them using a legal weapon with a long history of collateral damage. When you invoke Section 1201 against web scraping, you’re not just targeting one sketchy company—you’re potentially rewriting the rules for how the entire open web functions. The choice of weapon matters, especially when that weapon has been repeatedly abused to stifle legitimate competition and could now be turned against the very openness that made the modern internet possible.

For many years, we’ve discussed the many, many problems of DMCA Section 1201. It’s the “anti-circumvention” part of the law that says merely any attempt to get around a “technological protection measure” (or even just tell someone else how to get around a technological protection measure) could be deemed to violate the law, even if the TPMs in question were wholly ineffective, and even if the intent in getting around the TPM had nothing to do with copyright infringement.

That has lead to years of abusive practices by companies who would put silly, pointless “TPMs” in place just in order to be able to use the law to limit competition. There were lawsuits over printer ink cartridges and garage door openers, among other things.

Here, Google is saying that it put in place a TPM in January of 2025 called “SearchGuard” (which sounds like an advanced CAPTCHA of some sort) to prevent SerpApi from scraping its search results, but SerpApi figured out a way around it:

When SearchGuard launched in January 2025, it effectively blocked SerpApi from accessing Google’s Search results and the copyrighted content of Google’s partners. But SerpApi immediately began working on a means to circumvent Google’s technological protection measure. SerpApi quickly discovered means to do so and deployed them.

SerpApi’s answer to SearchGuard is to mask the hundreds of millions of automated queries it is sending to Google each day to make them appear as if they are coming from human users. SerpApi’s founder recently described the process as “creating fake browsers using a multitude of IP addresses that Google sees as normal users.”

SerpApi’s fakery takes many forms. For example, when SerpApi submits an automated query to Google and SearchGuard responds with a challenge, SerpApi may misrepresent the device, software, or location from which the query is sent in order to solve the challenge and obtain authorization to submit queries. Additionally or alternatively, SerpApi may solve SearchGuard’s challenge with a “legitimate” request and then syndicate the resulting authorization, that is, share it with unauthorized machines around the world, to enable their “fake browsers” to generate automated queries that appear to Google as authorized. It also uses automated means to bypass CAPTCHAs, another aspect of SearchGuard that tests users to ensure they are humans rather than machines.

Getting around these protections eats up Google’s resources, and sure, that must be annoying for Google. But the real motivation shows up when Google gets to the economics of the situation. Google has started cutting licensing deals with content partners—most notably the multi-million dollar Reddit deal—and now those partners are pissed that SerpApi lets others access similar data without paying anyone:

For Google, SerpApi’s automated scraping not only consumes substantial computing resources without payment, but also disrupts Google’s content partnerships. Google licenses content so that it can enhance the Search results it provides to users and thereby boost its competitive standing. SerpApi undermines Google’s substantial investment in those licenses, making the content available to other services that need not incur similar costs.

SerpApi’s scraping of Google Search results also impacts the rights holders who license content to Google. Without permission or compensation, SerpApi takes their content from Google and widely distributes it for use by third parties. That, in turn, threatens to disrupt Google’s relationship with the rights holders who look to Google to prevent the misappropriation of the content Google displays. At least one Google content partner, Reddit, has already sued SerpApi for its misconduct.

This is where the 1201 theory becomes genuinely dangerous. Google’s argument, if accepted, provides a roadmap for any website operator who wants to lock down their content: slap on a trivial TPM—a CAPTCHA, an IP check, anything—and suddenly you can invoke federal law against anyone who figures out how to get around it, even if their purpose has nothing to do with copyright infringement.

The implications spiral outward quickly. If Google succeeds here, what stops every major website from deciding they want licensing revenue from the largest scrapers? Cloudflare could put bot detection on the huge swath of the internet it serves and demand Google pay up. WordPress could do the same across its massive network. The open web—built on the assumption that published content is publicly accessible for indexing and analysis—becomes a patchwork of licensing requirements, each enforced through 1201 threats.

That doesn’t seem good for the prospects of a continued open web.

Google’s legal theory has another significant problem: the requirement that a TPM must “effectively control” access. Just last week, a court rejected Ziff Davis’s attempt to turn robots.txt into a 1201 violation when OpenAI allegedly ignored its crawling restrictions. The court’s reasoning is directly applicable here:

Robots.txt files instructing web crawlers to refrain from scraping certain content do not “effectively control” access to that content any more than a sign requesting that visitors “keep off the grass” effectively controls access to a lawn. On Ziff Davis’s own telling, robots.txt directives are merely requests and do not effectively control access to copyrighted works. A web crawler need not “appl[y] . . . information, or a process or a treatment,” in order to gain access to web content on pages that include robots.txt directives; it may access the content without taking any affirmative step other than impertinently disregarding the request embodied in the robots.txt files. The FAC therefore fails to allege that robots.txt files are a “technological measure that effectively controls access” to Ziff Davis’s copyrighted works, and the DMCA section 1201(a) claim fails for this reason.

Google will argue SearchGuard is different—it’s more than a polite request, it actively challenges and blocks scrapers. But if SerpApi can routinely bypass it by spoofing browsers and rotating IPs, does it really “effectively control” access? Or is it just a slightly more sophisticated “keep off the grass” sign that determined actors can ignore?

This question matters enormously because it determines whether the statute that was supposed to prevent piracy of CDs and DVDs now also governs every attempt to access publicly-available web pages through automated means.

For decades, we’ve operated under a system where robots.txt represented a voluntary, good-faith approach to web crawling. The major players respected these directives not because they had to, but because maintaining that norm benefited everyone. That system is breaking down, not because of SerpApi, but because of the rise of scrapers focused on LLM training, mixed with other companies wanting to find licensing deals to get a cut of the money flows. Reddit and Google negotiating licensing deals over open web content was a warning sign of all of this, and now it’s spilling out into the courts with questionable 1201 claims.

Both Reddit and Google frame this as protecting the open internet from bad actors. But pulling up the ladder after you’ve climbed it isn’t protection—it’s rent-seeking. Google built an empire on the assumption that publicly accessible web content could be freely scraped and indexed. Now it wants to rewrite the rules… using Hollywood’s favorite tool to block access to information.

The real problem isn’t that Google is fighting back against SerpApi’s evasive tactics. It’s that they chose to fight using a legal weapon that, if successful, fundamentally changes how we understand access to the open web. Section 1201 has already been wildly abused to stifle competition in everything from printer cartridges to garage door openers. Extending it to cover basic web scraping because SerpApi seems sketchy threatens the foundational assumption that published web content is accessible for indexing, research, and analysis.

Google has the resources to solve this problem through better engineering or by raising the actual cost of evasion high enough that SerpApi’s business model fails. Instead, they’ve opted for a legal shortcut that, if it works, will reshape the internet in ways that go far beyond one sketchy scraping company.

The internet is changing, and legitimate questions exist about how web scraping should function in an era of large language models and AI training. But those questions won’t be answered well by stretching copyright law to cover something it was never designed for, and empowering every website operator to demand licensing fees simply by putting up a CAPTCHA.

That’s not protecting the open web. That’s closing it.