Web scraping

History

After the birth of the World Wide Web in 1989, the first web robot, World Wide Web Wanderer, was created in June 1993, which was intended only to measure the size of the web.

In December 1993, the first crawler-based web search engine, JumpStation, was launched. As there were fewer websites available on the web, search engines at that time used to rely on human administrators to collect and format links. In comparison, Jump Station was the first WWW search engine to rely on a web robot.

In 2000, the first Web API and API crawler were created. In 2000, Salesforce and eBay launched their own API, with which programmers could access and download some of the data available to the public. Since then, many websites offer web APIs for people to access their public database.

Techniques

Data extraction techniques range from manual collection to sophisticated automated systems. Advanced methods analyze the underlying structure of web pages to transform unstructured content into a machine-readable format. These techniques utilize text processing or artificial intelligence, aligning with the technical goals of the Semantic Web.

Human copy-and-paste

The simplest form of web scraping is manually copying and pasting data from a web page into a text file or spreadsheet. Sometimes even the best web-scraping technology cannot replace a human's manual examination and copy-and-paste, and sometimes this may be the only workable solution when the websites for scraping explicitly set up barriers to prevent machine automation.

Text pattern matching

A simple yet capable approach to extract information from web pages is to use the UNIX grep command or regular expression-matching facilities of programming languages (for instance Perl or Python), in order to find text matching a specified pattern.

HTTP programming

Static and dynamic web pages can be retrieved by posting HTTP requests to the remote web server using socket programming.

HTML parsing

Many websites have large collections of pages generated dynamically from an underlying structured source like a database. Data of the same category are typically encoded into similar pages by a common script or template. In data mining, a program that detects such templates in a particular information source, extracts its content, and translates it into a relational form, is called a wrapper. Wrapper generation algorithms assume that input pages of a wrapper induction system conform to a common template and that they can be easily identified in terms of a URL common scheme. Moreover, some semi-structured data query languages, such as XQuery and the HTQL, can be used to parse HTML pages and to retrieve and transform page content.

DOM parsing

By using a program such as Selenium or Playwright, developers can control a web browser such as Chrome or Firefox wherein they can load, navigate, and retrieve data from websites. This method can be especially useful for scraping data from dynamic sites since a web browser will fully load each page. Once an entire page is loaded, you can access and parse the DOM using an expression language such as XPath.

Vertical aggregation

There are several companies that have developed vertical specific harvesting platforms. These platforms create and monitor a multitude of "bots" for specific verticals with no "man in the loop" (no direct human involvement), and no work related to a specific target site. The preparation involves establishing the knowledge base for the entire vertical and then the platform creates the bots automatically. The platform's robustness is measured by the quality of the information it retrieves (usually number of fields) and its scalability (how quick it can scale up to hundreds or thousands of sites). This scalability is mostly used to target the Long Tail of sites that common aggregators find complicated or too labor-intensive to harvest content from.

Semantic annotation recognizing

The pages being scraped may embrace metadata or semantic markups and annotations, which can be used to locate specific data snippets. If the annotations are embedded in the pages, as Microformat does, this technique can be viewed as a special case of DOM parsing. In another case, the annotations, organized into a semantic layer, are stored and managed separately from the web pages, so the scrapers can retrieve data schema and instructions from this layer before scraping the pages.

Computer vision web-page analysis

There are efforts using machine learning and computer vision that attempt to identify and extract information from web pages by interpreting pages visually as a human being might.{{cite web |url=http://www.xconomy.com/san-francisco/2012/07/25/diffbot-is-using-computer-vision-to-reinvent-the-semantic-web/

Legal issues

The legality of web scraping varies across the world. In general, web scraping may be against the terms of service of some websites, but the enforceability of these terms is unclear.{{cite web |url=http://www.chillingeffects.org/linking/faq.cgi#QID596 |title=FAQ about linking – Are website terms of use binding contracts? |access-date=2007-08-20 |date=2007-08-20 |publisher=www.chillingeffects.org |archive-url =https://web.archive.org/web/20020308222536/http://www.chillingeffects.org/linking/faq.cgi#QID596 |archive-date =2002-03-08 |url-status=dead}}

United States

In the United States, website owners can use three major legal claims to prevent undesired web scraping: (1) copyright infringement (compilation), (2) violation of the Computer Fraud and Abuse Act ("CFAA"), and (3) trespass to chattel. However, the effectiveness of these claims relies upon meeting various criteria, and the case law is still evolving. For example, with regard to copyright, while outright duplication of original expression will in many cases be illegal, in the United States the courts ruled in Feist Publications v. Rural Telephone Service that duplication of facts is allowable.

U.S. courts have acknowledged that users of "scrapers" or "robots" may be held liable for committing trespass to chattels,{{cite web |url=http://www.tomwbell.com/NetLaw/Ch06.html |title=Internet Law, Ch. 06: Trespass to Chattels |access-date=2007-08-20 |date=2007-08-20 |publisher=www.tomwbell.com |archive-date =2002-03-08 |url-status=dead}} which involves a computer system itself being considered personal property upon which the user of a scraper is trespassing. The best known of these cases, eBay v. Bidder's Edge, resulted in an injunction ordering Bidder's Edge to stop accessing, collecting, and indexing auctions from the eBay web site. This case involved automatic placing of bids, known as auction sniping. However, in order to succeed on a claim of trespass to chattels, the plaintiff must demonstrate that the defendant intentionally and without authorization interfered with the plaintiff's possessory interest in the computer system and that the defendant's unauthorized use caused damage to the plaintiff. Not all cases of web spidering brought before the courts have been considered trespass to chattels.

One of the first major tests of screen scraping involved American Airlines (AA), and a firm called FareChase.{{cite web |url=http://www.fornova.net/documents/AAFareChase.pdf |title=American Airlines v. FareChase |access-date=2007-08-20 |date=2007-08-20 |archive-url =https://web.archive.org/web/20110723131832/http://www.fornova.net/documents/AAFareChase.pdf |archive-date =2011-07-23|url-status=dead}} AA successfully obtained an injunction from a Texas trial court, stopping FareChase from selling software that enables users to compare online fares if the software also searches AA's website. The airline argued that FareChase's websearch software trespassed on AA's servers when it collected the publicly available data. FareChase filed an appeal in March 2003. By June, FareChase and AA agreed to settle and the appeal was dropped.

Southwest Airlines has also challenged screen-scraping practices, and has involved both FareChase and another firm, Outtask, in a legal claim. Southwest Airlines charged that the screen-scraping is Illegal since it is an example of "Computer Fraud and Abuse" and has led to "Damage and Loss" and "Unauthorized Access" of Southwest's site. It also constitutes "Interference with Business Relations", "Trespass", and "Harmful Access by Computer". They also claimed that screen-scraping constitutes what is legally known as "Misappropriation and Unjust Enrichment", as well as being a breach of the web site's user agreement. Outtask denied all these claims, claiming that the prevailing law, in this case, should be US Copyright law and that under copyright, the pieces of information being scraped would not be subject to copyright protection. Although the cases were never resolved in the Supreme Court of the United States, FareChase was eventually shuttered by parent company Yahoo!, and Outtask was purchased by travel expense company Concur. In 2012, a startup called 3Taps scraped classified housing ads from Craigslist. Craigslist sent 3Taps a cease-and-desist letter and blocked their IP addresses and later sued, in Craigslist v. 3Taps. The court held that the cease-and-desist letter and IP blocking was sufficient for Craigslist to properly claim that 3Taps had violated the Computer Fraud and Abuse Act (CFAA).

Although these are early scraping decisions, and the theories of liability are not uniform, it is difficult to ignore a pattern emerging that the courts are prepared to protect proprietary content on commercial sites from uses which are undesirable to the owners of such sites. However, the degree of protection for such content is not settled and will depend on the type of access made by the scraper, the amount of information accessed and copied, the degree to which the access adversely affects the site owner's system and the types and manner of prohibitions on such conduct.{{cite web|url=http://library.findlaw.com/2003/Jul/29/132944.html

While the law in this area becomes more settled, entities contemplating using scraping programs to access a public web site should also consider whether such action is authorized by reviewing the terms of use and other terms or notices posted on or made available through the site. In Cvent Inc. v. Eventbrite Inc. (2010), the United States district court for the eastern district of Virginia, ruled that the terms of use should be brought to the users' attention in order for a browsewrap contract or license to be enforceable. In a 2014 case, filed in the United States District Court for the Eastern District of Pennsylvania, e-commerce site QVC objected to the Pinterest-like shopping aggregator Resultly's 'scraping of QVC's site for real-time pricing data. QVC alleges that Resultly "excessively crawled" QVC's retail site (allegedly sending 200-300 search requests to QVC's website per minute, sometimes to up to 36,000 requests per minute) which caused QVC's site to crash for two days, resulting in lost sales for QVC. QVC's complaint alleges that the defendant disguised its web crawler to mask its source IP address and thus prevented QVC from quickly repairing the problem. This is a particularly interesting scraping case because QVC is seeking damages for the unavailability of their website, which QVC claims was caused by Resultly.

In the plaintiff's web site during the period of this trial, the terms of use link are displayed among all the links of the site, at the bottom of the page as most sites on the internet. This ruling contradicts the Irish ruling described below. The court also rejected the plaintiff's argument that the browse-wrap restrictions were enforceable in view of Virginia's adoption of the Uniform Computer Information Transactions Act (UCITA)—a uniform law that many believed was in favor on common browse-wrap contracting practices.

In Facebook, Inc. v. Power Ventures, Inc., a district court ruled in 2012 that Power Ventures could not scrape Facebook pages on behalf of a Facebook user. The case is on appeal, and the Electronic Frontier Foundation filed a brief in 2015 asking that it be overturned. In Associated Press v. Meltwater U.S. Holdings, Inc., a court in the US held Meltwater liable for scraping and republishing news information from the Associated Press, but a court in the United Kingdom held in favor of Meltwater.

The Ninth Circuit ruled in 2019 that web scraping did not violate the CFAA in hiQ Labs v. LinkedIn. The case was appealed to the United States Supreme Court, which returned the case to the Ninth Circuit to reconsider the case in light of the 2021 Supreme Court decision in Van Buren v. United States which narrowed the applicability of the CFAA. On this review, the Ninth Circuit upheld their prior decision.

Internet Archive collects and distributes a significant number of publicly available web pages without being considered to be in violation of copyright laws.

European Union

In February 2006, the Danish Maritime and Commercial Court (Copenhagen) ruled that systematic crawling, indexing, and deep linking by portal site ofir.dk of real estate site Home.dk does not conflict with Danish law or the database directive of the European Union.

Ethical data scraping supports offmarket sourcing in business but must comply with GDPR to avoid privacy violations in automated data collection.

In a February 2010 case complicated by matters of jurisdiction, Ireland's High Court delivered a verdict that illustrates the inchoate state of developing case law. In the case of Ryanair Ltd v Billigfluege.de GmbH, Ireland's High Court ruled Ryanair's "click-wrap" agreement to be legally binding. In contrast to the findings of the United States District Court Eastern District of Virginia and those of the Danish Maritime and Commercial Court, Justice Michael Hanna ruled that the hyperlink to Ryanair's terms and conditions was plainly visible, and that placing the onus on the user to agree to terms and conditions in order to gain access to online services is sufficient to comprise a contractual relationship.{{cite web |url=http://www.bailii.org/ie/cases/IEHC/2010/H47.html |title=High Court of Ireland Decisions Ryanair Ltd -v- Billigfluege.de GMBH 2010 IEHC 47 (26 February 2010) |date=2010-02-26 |publisher=British and Irish Legal Information Institute |access-date=2012-04-19}} The decision is under appeal in Ireland's Supreme Court.{{cite web |url=http://www.lkshields.ie/htmdocs/publications/newsletters/update26/update26_03.htm |title=Intellectual Property: Website Terms of Use |date=June 2010 |publisher=LK Shields Solicitors Update |work=Issue 26: June 2010 |url-status=dead}}

On April 30, 2020, the French Data Protection Authority (CNIL) released new guidelines on web scraping. The CNIL guidelines made it clear that publicly available data is still personal data and cannot be repurposed without the knowledge of the person to whom that data belongs.

Australia

In Australia, the Spam Act 2003 outlaws some forms of web harvesting, although this only applies to email addresses.

India

Leaving a few cases dealing with IPR infringement, Indian courts have not expressly ruled on the legality of web scraping. However, since all common forms of electronic contracts are enforceable in India, violating the terms of use prohibiting data scraping will be a violation of the contract law. It will also violate the Information Technology Act, 2000, which penalizes unauthorized access to a computer resource or extracting data from a computer resource.

Methods to prevent web scraping

The administrator of a website can use various measures to stop or slow a bot. Some techniques include:

• Blocking an IP address either manually or based on criteria such as geolocation and DNSRBL. This will also block all browsing from that address.
• Disabling any web service API that the website's system might expose.
• Bots sometimes declare who they are (using user agent strings) and can be blocked on that basis using robots.txt; 'googlebot' is an example. Other bots make no distinction between themselves and a human using a browser.
• Bots can be blocked by monitoring excess traffic.
• Bots can sometimes be blocked with tools to verify that it is a real person accessing the site, like a CAPTCHA. Bots are sometimes coded to explicitly break specific CAPTCHA patterns or may employ third-party services that utilize human labor to read and respond in real-time to CAPTCHA challenges. They can be triggered because the bot is: 1) making too many requests in a short time, 2) using low-quality proxies, or 3) not covering the web scraper’s fingerprint properly.
• Commercial anti-bot services: Companies offer anti-bot and anti-scraping services for websites. A few web application firewalls have limited bot detection capabilities as well. However, many such solutions are not very effective.
• Locating bots with a honeypot or other method to identify the IP addresses of automated crawlers.
• Obfuscation using CSS sprites to display such data as telephone numbers or email addresses, at the cost of accessibility to screen reader users.
• Because bots rely on consistency in the front-end code of a target website, adding small variations to the HTML/CSS surrounding important data and navigation elements would require more human involvement in the initial set up of a bot and if done effectively may render the target website too difficult to scrape due to the diminished ability to automate the scraping process.
• Websites can declare if crawling is allowed or not in the robots.txt file and allow partial access, limit the crawl rate, specify the optimal time to crawl and more.
• Trapping bots in a tarpit, feeding them nonsensical data to poison their dataset. This method is particularly effective against bots which ignore robots.txt files.
• TLS Fingerprinting: Modern security systems analyze the Transport Layer Security (TLS) handshake to identify the client application. Different clients (e.g., Google Chrome vs. a Python script) send cryptographic ciphers and extensions in unique orders. This creates a unique "fingerprint" (such as a JA3 signature) that allows servers to detect and block automated scripts regardless of their IP address.

References

References

1. (2021-07-28). "SASSCAL WebSAPI: A Web Scraping Application Programming Interface to Support Access to SASSCAL's Weather Data". Data Science Journal.
2. "Search Engine History.com".
3. (3 September 1995). "eBay, API's, and the Connected Web".
4. Song, Ruihua. (Sep 14, 2007). "Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining".
5. [http://www.gooseeker.com/en/node/knowledgebase/freeformat Semantic annotation based web scraping]
6. Kenneth, Hirschey, Jeffrey. (2014-01-01). "Symbiotic Relationships: Pragmatic Acceptance of Data Scraping". Berkeley Technology Law Journal.
7. (2007-08-20). "Ticketmaster Corp. v. Tickets.com, Inc.".
8. (2003-06-13). "American Airlines, FareChase Settle Suit.". The Free Library.
9. Imperva (2011). [http://www.imperva.com/docs/WP_Detecting_and_Blocking_Site_Scraping_Attacks.pdf Detecting and Blocking Site Scraping Attacks]. Imperva white paper.
10. (2014-11-24). "CVENT, Inc. v. Eventbrite, Inc.,et al".
11. "QVC Inc. v. Resultly LLC, No. 14-06714 (E.D. Pa. filed Nov. 24, 2014)".
12. (5 December 2014). "QVC Sues Shopping App for Web Scraping That Allegedly Triggered Site Outage". Proskauer Rose LLP.
13. (2010-09-17). "Did Iqbal/Twombly Raise the Bar for Browsewrap Claims?".
14. (2009-06-10). "Can Scraping Non-Infringing Content Become Copyright Infringement... Because Of How Scrapers Work? {{!}} Techdirt".
15. (July 2011). "Facebook v. Power Ventures".
16. Chung, Andrew. (June 14, 2021). "U.S. Supreme Court revives LinkedIn bid to shield personal data". [[Reuters]].
17. (18 April 2022). "Web scraping is legal, US appeals court reaffirms".
18. (2006-02-24). "UDSKRIFT AF SØ- & HANDELSRETTENS DOMBOG". bvhd.dk.
19. (2025-09-16). "AI Act {{!}} Shaping Europe's digital future".
20. "La réutilisation des données publiquement accessibles en ligne à des fins de démarchage commercial {{!}} CNIL".
21. FindDataLab.com. (2020-06-09). "Can You Still Perform Web Scraping With The New CNIL Guidelines?".
22. National Office for the Information Economy. (February 2004). "Spam Act 2003: An overview for business". Australian Communications Authority.
23. National Office for the Information Economy. (February 2004). "Spam Act 2003: A practical guide for business". Australian Communications Authority.
24. (2023-08-31). "Web Scraping for Beginners: A Guide 2024".
25. Mayank Dhiman [https://s3.us-west-2.amazonaws.com/research-papers-mynk/Breaking-Fraud-And-Bot-Detection-Solutions.pdf Breaking Fraud & Bot Detection Solutions] ''OWASP AppSec Cali' 2018'' Retrieved February 10, 2018.
26. (2022-03-06). "What is web scraping?". DataDome.
27. (28 January 2025). "AI haters build tarpits to trap and trick AI scrapers that ignore robots.txt". Ars Technica.
28. "JA3 - A method for profiling SSL/TLS Clients". Salesforce Engineering.
29. Ermakovich, Sergey. "What Is Web Scraping?".