Comment by Nextgrid

Comment by Nextgrid 2 days ago

19 replies

View on Hacker News

What problem is this trying to solve exactly?

If a computer (or “agent” in modern terms) wants to order you a pizza it can technically already do so.

The reason computers currently can’t order us pizza or book us flights isn’t because of a technical limitation, it’s because the pizza place doesn’t want to just sell you a pizza and the airline doesn’t want to just sell you a flight. Instead they have an entire payroll of people whose salaries are derived from wasting human time, more commonly know as “engagement”. In fact those people will get paid regardless if you actually buy anything, so their incentive is often to waste more of your time even if it means trading off an actual purchase.

The “malicious” uses of AI that this very article refers to are mostly just that - computers/AI agents acting on behalf of humans to sidestep the “wasting human time” issue. The fact that agents may issue more requests than a human user is because information is intentionally not being presented to them in a concise, structured manner. If Dominos or Pizza Hut wanted to sell just pizzas tomorrow they can trivially publish an OpenAPI spec for agents to consume, or even collaborate on an HPOP protocol (Hypertext Pizza Ordering Protocol) to which HPOP clients can connect (no LLMs needed even). But they don’t, because wasting human time is the whole point.

So why would any of these companies suddenly opt into this system? Companies that are after actual money and don’t profit from wasting human time are already ready and don’t have to do anything (if an AI agent is already throwing Bitcoin or valid credit card details at you to buy your pizzas, you are fine), and those that do have zero incentive to opt in since they’d be trading off “engagement” for old-school, boring money (who needs that nowadays right?).

tennysont 2 days ago

I understood this as a tool to fight bot-net scraping. I imagined that this would add accountability to clients for how many requests they make.

I know that phrasing it like "large company cloudflare wants to increase internet accountability" will make many people uncomfortable. I think caution is good here. However, I also think that the internet has a real accountability problem that deserves attention. I think that the accountability problem is so bad, that some solution is going to end up getting implemented. That might mean that the most pro-freedom approach is to help design the solution, rather than avoiding the conversation.

Bad ideas:

You're getting lots of bot requests, so you start demanding clients login to view your blog. It's anti-user, anti-privacy, very annoying, readership drops, everyone is sad.

Instead, what if your browser included your government id in every request automatically? Anti-user, anti-privacy, no browser would implement it.

This idea:

But ARC is a middle ground. Subsets of the internet band together (in this case, via cloudflare) and strike a compromise with users. Individual users need to register with cloudflare, and then cloudflare gives you a million tokens per month to request websites. Or some scheme like this. I assume that it would be sufficiently pro-social that the IETF and browsers all agree to it and it's transparent & completely privacy-respecting to normal users.

We already sort of have some accountability: it's "proof of bandwidth" and "proof of multiple unique ip addresses", but that's not well tuned. In fact, IP addresses destroy privacy for most people, while doing very little to stop bot-nets.

Reply View 1 reply
  • AnthonyMouse 2 days ago

    > Individual users need to register with cloudflare, and then cloudflare gives you a million tokens per month to request websites. Or some scheme like this.

    This seems like it would just cause the tokens to become a commodity.

    The premise is that you're giving out enough for the usage of the large majority of people, but how many do you give out? If you give out enough for the 95th percentile of usage then 5% of people -- i.e. hundreds of millions of people in the world -- won't have enough for their normal usage. Which is the first problem.

    Meanwhile 95% of people would then have more tokens than they need, and the tokens would be scarce, so then they would sell the ones they're not using. Which is the second problem. The people who are the most strapped for cash sell all their tokens for a couple bucks but then get locked out of the internet.

    The third problem is that the AI companies would be the ones buying them, and since the large majority of people would have more than they need, they wouldn't be that expensive, and then that wouldn't prevent scraping. Unless you turn the scarcity way up and make the first and second problems really bad.

    Reply View 0 replies
wraptile 2 days ago

Many of us here are old enough to remember the promise of web 2.0 where "APIs will talk with APIs making everything super fast and automated". Then, businesses realized that they do no in fact just "sell a product" but have this entire flywheel and side hustle they depend on to extract maximum value from the user.

Oh and also turns out if the data you share is easily collected it can be analyzed and tracked to prove your crimes like price gauging, IP infringement and other unlawful acts - that's not good for business either!

Reply View 3 replies
  • tbrownaw 2 days ago

    > promise of web 2.0 where "APIs will talk with APIs making everything super fast and automated"

    Wait I thought web 2.0 was DHTML / client-side scripting and XmlHttpRequest?

    Reply View 2 replies
    • robinsonb5 2 days ago

      Web 2.0 was sites not having finished loading when you thought they had, buttons having a 1 in 20 chance of doing nothing when you click them, and the advent of "oops, something went wrong" being considered an acceptable error message.

      Reply View 1 reply
      • vpShane a day ago

        Also things working and behaving differently across 10 browsers

        Reply View 0 replies
tgsovlerkhgsel 2 days ago

One problem with HPOP is the chicken-egg adoption problem: There is little reason to implement HPOP because nobody will have a client for it, and little reason to build a client because nobody has implemented HPOP.

Part of this is the friction required to implement a client for a bespoke API that only one vendor offers, and the even bigger friction of building a standard.

AI and MCP servers might be able to fix this. In turn, companies will have a motivation to offer AI-compatible interfaces because if the only way to order a pizza is through an engagement farm, the AI agent is just going to order the pizza somewhere else.

Reply View 4 replies
  • otterley a day ago

    You don’t even need a custom protocol. A published OpenAPI schema is enough to help an LLM-powered agent figure out the right APIs to invoke on the user’s behalf.

    I wonder how long it will take for sellers to realize the war against agents cannot be won and that their compute resources are better spent giving agents a fast path to task completion.

    Reply View 0 replies
  • procaryote 2 days ago

    If big pizza franchises wanted HPOP they could just make it the api by which their apps talk to their backend. New cross-pizza-place-apps and tools would pop up within a month

    Really, they could each do their own bespoke thing as long as they didn't go out of their way to shut out other implementers.

    Instant messaging used to work like this until everyone wanted to own their customer bases and lock them in, for the time-wasting aspect

    Reply View 2 replies
    • tgsovlerkhgsel a day ago

      That would require them and there random IT teams to get together, sit down, agree on doing this, design a common protocol, etc. - that's enough friction to make it not happen, especially given the lack of reward.

      With AI browsers, all they have to do initially is not break them, and long term, each of them can individually choose to offer their API - no coordination required - and gain a slight advantage.

      Reply View 1 reply
      • procaryote a day ago

        There's nothing special about AI there. If they each offered their own API there would be a plethora of multi-chain pizza apps really quickly. It just takes a couple of hungry engineers to build the abstraction

        Reply View 0 replies
afiori 2 days ago

You can see it another way: everyone wants to be the one that controls access to services; it is what search and news aggregators have in common.

Even if pizza hut wanted people to order pizza the most efficiently with no time wasted it would still want it to happen on their own platforms.

Because if people went to all-pizzas.com for their pizza need then each restaurant and chain would depend on them not to screw them up

Reply View 2 replies
  • otterley a day ago

    > Because if people went to all-pizzas.com for their pizza need then each restaurant and chain would depend on them not to screw them up

    This is precisely what makes food delivery ordering services (GrubHub, UberEats, Deliveroo, etc.) so challenging to operate and maintain. Practically every restaurant accepts orders in a different way, and maintaining custom mechanisms for each one is costly. Restaurant front-of-house technology companies like Toast are helping make them operate alike, but adoption is slow and there are many, many restaurants to tackle.

    Reply View 0 replies
  • DANmode a day ago

    What they want isn’t always what they get.

    People were searching AOL keywords for things, and will again.

    Only now: by asking OpenAI, Anthropic, or a competitor’s agent.

    Reply View 0 replies
Thorrez 2 days ago

Maybe the company doesn't want to spend the effort to develop an API. They can through some Cloudflare solution in front and call it done.

Also I wonder if credit card chargebacks are a concern. They might worry that allowing a single user to make a million orders would be a problem, so they might want to rate limit users.

Reply View 0 replies
matsemann 2 days ago

What are you on about? I genuinely don't understand your point. Of course they make money by selling pizzas, not something else. And they've figured the way to maximize that is by having a brand and a presence and own the customer relationship, thus people buy from then.

If they end up as just a pizza-api they have no moat and are trivially replaced by another api and bakery, and will make less money.

Reply View 3 replies
  • stubish 2 days ago

    Making money by selling pizzas? Maybe. Big chains make money by selling high profit items like drinks or fries or getting you to upsize. And a whole sales process and a/b tested menus and marketing to encourage you do choose the profitable options. They lose all that if an agent just makes an order 'large pepporoni kthx bye'. Probably fantastic from a consumer point of view, but lots of businesses are going to hate it.

    Reply View 0 replies
  • rixed 2 days ago

    The original comment may be phrased clumsily. I believe the idea was that they do not want to make money by competing on a pizza market. That's the contradiction as old as the modern economy that it both relies on free market in principle, yet evolves naturally toward monopolies/walled gardens/fiefdoms.

    Another contradiction at play here is that of inovation vs standardisation. Indeed, you could argue that dominoes' website is also a place where thay can inovate (bring your own recipes! delivery by drone! pay with tokens! wtv!) whereas a pizza protocol would slow down or prevent some inovation. And that LLMs are used to circumvent and therefore standardize the process of ordering a pizza (like you had user maintained APIs to query various incompatible banq websites; these days they probably use LLMs as well).

    Reply View 0 replies
  • terribleperson 2 days ago

    They're talking about the sales experience that a pizza API would completely sidestep.

    The big national pizza chains don't offer good prices on pizza. They offer bad prices on pizza, and then offer 'deals' that bring prices back down. These deals, generally, exist to steer customers towards buying more or buying higher-margin items (bread sticks, soda, etc).

    If you could order pizza through an API, they wouldn't get the chance to upsell you. If it worked for multiple pizza places, it would advantage places who offer better value with their list prices.

    Reply View 0 replies