> The reason is basically the same: we want scarce compute going to real people, not attackers.

You are defining "Bots" and "Scrapers" as a subset of attackers, though.

Is this really fair? The value in your product came from people who wrote for other people, not bots, but your bot scraped them anyway.

There is no way to determine if a request that is coming from my browser is typed in by me or automated with a browser extension. Your only way to win this "war" on "attackers" is by forcing users into using your own application to access your product.

My browser extension (see my previous reply on this story) automates the existing open tab I have to all the different chat AIs (GPT, Claude, Gemini, etc).

I suppose all you can do is rate-limit each user.