Autonomous cars, drones cheerfully obey prompt injection by road sign
theregister.com216 points by breve 3 days ago
216 points by breve 3 days ago
I should probably confess that as someone who lives in an area with a lot of construction work, I'm also very vulnerable to "prompt injection" when there's a person standing on the middle of the road holding a sign telling me to change course.
I once encountered an intersection with a big "NO ENTRY" sign on the other side. I turned but google maps wouldn't give me another route, so I did a u-turn and came back to it from the side. Which meant I was close enough to read the small text underneath that said "vehicles under 10 tons excepted". I don't think I've ever been so angry at a road sign.
By my work there is a nice clean sign at the main intersection that reads "NO RIGHT ON RED" with a separate smaller crusty looking sign below it that reads "4 to 5 PM" using a much smaller font. Of course the stark difference in signs means everyone just reads the shiny top sign and waits for the green at all times. I keep wanting to modify the sign to highlight the time.
I came across one in Italy that was meant to prevent you from using a street during school days from X to Y am, and Z to W pm, except on weekends, bank holidays and school holidays.
They don’t want cars near the school when kids are coming in or when they leave. That sounds like a sane approach to me…
The idea is well-intentioned, but implementing it by making drivers try to parse arbitrarily complex conditionals while driving is unwise.
There's a sign near my house for a school zone with a reduced speed limit, that used to have conditions similar to the GP's example (though not quite as bad) But they recently attached a yellow light to the top of the sign and changed the condition to "when flashing." That's a much more effective solution.
Obviously. But you can also easily look around at the situation and know when the sign is fake and realize it may be a dangerous situation and disobey. Have you ever seen a green sign that says "Proceed" and just run through a red light because of it? No, you see a construction worker, you see big ass trucks, orange signs and warnings of workers everywhere. If you saw oncoming traffic and people in the road, would you just go because the construction worker flipped his STOP sign around?
Also, I thought we were supposed to make autonomous cars better than humans? What's with the constant excusing of the computer because people suck?
These aren’t tests against autonomous cars though these are tests against what would happen if you used, say, gpt4o to figure out what to do.
They are analysing VLM here, but it's not as if any other neural network architecture wouldn't be vulnerable. We have seen this in classifier models that can be tricked by innocuous-looking objects, we have seen it in LLMs, and we will most likely see it in any end-to-end self-driving model.
If an end-to-end model is used and there is no second, more traditional safety self-driving stack, like the one Mercedes will use in their upcoming Level 2++ driving assistant, then the model can be manipulated essentially without limit. Even a more traditional stack can be vulnerable if not carefully designed. It is realistic to imagine that one printed page stuck on a lamppost could cause the car to reliably crash.
> It is realistic to imagine that one printed page stuck on a lamppost could cause the car to reliably crash.
Realistic, yes. But that'd still be a symptom of architectural issues in the software.
Conceptually the priorities of a car are (in order of decreasing importance) not hitting other moving or stationary objects or people, allowing emergency vehicles to pass unhindered, staying on a drivable surface, behaving predictable enough to prevent other road users crashing, following road signs and traffic laws, and making progress towards the destination (you can argue about the order of the last three). Typically you'd want each of these handled by their own subsytem because each is a fairly specialized task. A system that predicts the walking paths of pedestrians won't be good at finding a route to Starbucks.
The "follow road signs and traffic laws" is easily tricked, like in this article or by drawing road lines with salt. But that should never crash the car, because not hitting anything and staying on the road are higher priority. And tricking those systems is much harder
One year in my city they were installing 4-way stop signs everywhere based on some combination of "best practices" and "screeching Karens". Even the residents don't like them in a lot of places so over time people just turn the posts in the ground or remove them.
Every now and the I'll GPS somewhere and there will be a phatom stop sign in the route and I chuckle to myself because it means the Google car drove through when one of these signs was "fresh".
Screwing with a stop sign because you don't like it is a great way to end up on the wrong end of a huge civil liability lawsuit
Put down the pearls. It's not me personally doing it.
They never fixed any of them. I don't think the DPW cares. These intersection just turned back into the 2-way stops they had been for decades prior.
Compliance probably technically went up since you no longer have the bulk of the traffic rolling it.
This. Rural America really doesn’t care about your stop sign or your Karen rules. If it’s been that way for 20+ years, “That’s the way it’s always been” to them.
Getting people to stop burning their trash is still a fight.
If you're already commiting crimes, what you seem to be saying is don't get caught.
lol the idea that any enforcement to that degree exists in the US is a fiction.
The fact that you used the term "enforcement" here makes me presume you are thinking of criminal consequences. But the grandparent comment talks about civil liability. Certainly if there were injuries at this intersection and they knew who had altered the signage, attorneys would argue liability on the part of the vandal. They'd get settlements if not win cases this way.
In addition, if there were serious injuries here you should also expect some criminal consequences. But if your point was to suggest that they won't hunt you down just because someone said there was mischief here, I tend to agree.
Oh yeah, if one does it it’s probably not a good idea to leave an indelible note saying “this was done by Rene Wiltord living at 1038 John Doe Way, San Francisco, 94112”. If you do that, there’s a 1% chance you might get in trouble.
4-way stops are terrible in general. They train people to think "I stopped, now I can go", which is dangerous when someone confuses a normal stop for a 4-way stop. It also wastes a good bit of energy.
Four way stops are good, in my experience, at intersections with roughly equal (low) traffic load on both (two-lane) roads and relatively high pedestrian traffic. Like in a dense residential urban neighborhood between major commercial thoroughfares, side streets. Traffic is mostly people going to residences with people out and about walking. If it’s only a two way stop drivers will often not yield to pedestrians on the free flowing road.
Four way stops on intersecting four-lane roads are awful for the reason you stated.
To use Chicago as an example because I know it, typically major roads are spaced every four blocks (half mile) with smaller roads in between. The mid-point roads (two blocks from each major one) is often a little wider than the other two side streets on either side, and those intersecting mid-point roads usually have a four way stop while the two smaller ones will have stops signs where they cross a mid-point road but the mid-point road will not. You end up with a nice, overall hierarchy that generally works well.
> If it’s only a two way stop drivers will often not yield to pedestrians on the free flowing road.
I’m up in Ontario, Canada. You’re not supposed to yield to pedestrians on the free flowing road. The pedestrian at the stop sign stops and waits for a break in traffic.
Agreed. Four way stops are infinitely worse than roundabouts or a traffic light.
Roundabouts with high traffic flow in one direction can lock out other low volume approaches. 4-ways enforce equitable access.
Yeah maybe for a few moments. So what? It's a low volume approach. Sometimes people gotta wait and sometimes waiting to let a massive traffic flow get through quickly is the better way to prevent larger traffic problems.
You've apparently never been stuck at a roundabout with non-stop commuter traffic streaming through.
Weird, I was taught that I can only go after yielding to the right.
That isn’t the rule either, I guess parent made their point. The first person who stops goes next, right away only matters if their is ambiguity in who stopped first.
To your first point, "the rule" is location-dependent. And to your second point, that was obviously (to me, at least) implied.
I’ve never seen a four way stop in a region that had traffic on the right can always go regardless of stop time. But I’ve only seen four way stops in a few countries.
This is not correct. There are clear instructions on how a 4-way stop should operate and its yielding to the right, if opposite cars are both moving forward, both can go, otherwise the car who has initiative has the right of way. Every driver must come to a complete stop.
This is true in every state.
https://www.nhtsa.gov/sites/nhtsa.gov/files/rightofwayrules....
> This is not correct.
It is correct and is literally the first bullet on the pdf you linked. First to stop is first to go.
> This is not correct. There are clear instructions on how a 4-way stop should operate and its yielding to the right
Yielding to the right only applies if you stop at roughly the same time, otherwise first to stop goes first. It's the first bullet point in your link.
> right away
right of way
Or maybe they were going right away, taking the initiative and removing the ambiguity from the situation. =)
Having moved between states and taken a lot of drivers tests. I can say the exact rules are something that vary between states and over time. Including how it was taught.
My first drivers test was yield to the right. Later it was fifo order of who made it to the stop.
My running interpretation is fifo order with yielding to the right in case of ambiguity.
The point is, if many 4-way stops don’t have traffic at them, a stop/start becomes a perfunctory, dangerous habit.
4 ways stops should be roundabouts, but the US is allergic to them for some reason.
Because retrofitting them properly requires emminent domain. The ones they shoehorn onto former four way stops are so useless. They are so tight you still have to face a stop sign vs being able to just seamlessly zipper merge in a proper larger circumference roundabout. When they have room to build out a proper roundabout they are usually OK but that is hard to do outside say new suburban construction due to lack of available land on the right of way.
There are 10,000+ roundabouts in the US and the number is growing rapidly. One could argue they may even be overused in certain areas (exhibit: Carmel, Indiana).
>There are 10,000+ roundabouts in the US
So about 0.003 roundabouts per square mile, or 1 roundabouts in 380 square miles
What's the significance of roundabouts per square mile? It seems pretty meaningless if I'm honest. There's huge swaths of rural land where roundabouts are totally unnecessary.
There are also huge swathes of city, much like other countries.
At the same time, the US is much larger than most, so "There are 10,000+ roundabouts in the US" isn't very significant. A proportion would thus be a better metric here than an absolute number.
If you have numbers on intersections per country, and what proportion of them are roundabouts, that would be better, but I don't, so I'm using land as a proxy. I would also accept sum total road length as an option for denominator.
Roundabouts are great (we just had two complex intersections with traffic lights replaced by roundabouts and the traffic flow is much better), but they take significantly more space than a 4-way stop.
Even rural Georgia has double roundabouts now. Not sure why people on the internet can't contain their glee at stating the US is "allergic" to them when the frequency of roundabouts has grown significantly in recent decades.
Allergies only show when there is something to cause the irritation. Without irritant no allergy.
The only places where a 4-way stop has room to make a roundabout are places where there is not enough traffic for it to matter either way.
The biggest obstacle is that there are just too many 4-way stops in urban areas where there is no space left to make a roundabout, you would have to tear down buildings. I don't think that is a valid argument in that scenario.
> The only places where a 4-way stop has room to make a roundabout are places where there is not enough traffic for it to matter either way.
You have clearly never heard of a mini-roundabout.
They just work.
https://thumbsnap.com/sc/u7J6PdTJ.jpg
https://assets.publishing.service.gov.uk/media/5a75806ae5274...
The more I look at that... Isn't that basically just a four-way yield, and the markings are mostly superfluous? You're basically doing the same motions in a regular intersection.
I guess that's the point, and the markings are just to give drivers the intuition of treating it like a regular roundabout (yield to your left [or right in the picture]).
> the markings are mostly superfluous? You're basically doing the same motions in a regular intersection.
The image linked, yes. However I've never seen one quite like that in the US. Instead where I'm at we have a small circular barrier in the center of the intersection (and some very eye catching reflectors) that you actually have to drive around. It's a very good design (imo) because it physically forces vehicles to slow down and swerve so there's no way to inadvertently blow through it at speed the way that sometimes happens with a 4 way stop on a long straightaway in the dead of night.
The space requirement is only slightly higher than the one linked above, still much less than a proper full size roundabout. It's basically a cement barrier sticking 1/4 of the way into your lane.
It's not necessary to stop if there's no car to the right (as this is left side driving), if there is but it is turning left, or if an oncoming car is turning left or going straight.
Yes. The markings are part of the road language. E.g. the X in the road with Keep Clear doesn’t actually do anything. It won’t keep you clear. You have to keep clear when you read it.
Roundabouts excel when traffic volumes on the intersecting are comparable. They are crap when traffic volumes are highly disparate
They make people on the main road slow down, which is a feature, not a bug. What you mean is that they're the most efficient at what they do when the traffic is comparable. They only reduce accident at the expense of a slightly lowered throughput if the traffic is highly disparate.
Right but it's not like a 4 way stop is going to perform better. In the same case you'd expect it to be a 2 way stop.
>In the same case you'd expect it to be a 2 way stop
Which is what it was for the first 70yr... And what most of them in this particular neighborhood still are, with a 0-6mo intermission.
> Right but it's not like a 4 way stop is going to perform better.
A 4 way stop does perform better than a roundabout given highly disparate traffic volumes, because roundabouts suffer from resource starvation in that scenario, but 4 way stops are starvation-free.
If this is the case you can install stop lights and traffic sensing at roundabout ingress points, you can also provide a "turn right" lane that bypasses the roundabout entirely. Intersections are dangerous.
> If this is the case you can install stop lights and traffic sensing at roundabout ingress points
But those options are a lot more expensive and need a lot more maintenance than just a regular roundabout or four way stop.
> you can also provide a "turn right" lane that bypasses the roundabout entirely.
How would that work? Consider a 4-way roundabout, where there's a constant flow of cars from west to east, and one car from the south that wants to go north but can't because of the starvation problem. None of the involved cars would want to use a "turn right" lane.
Putting a stop sign or traffic light in your scenario will just cause traffic jams. If the density is low enough to allow flow with a gap created by a stop sign, without causing traffic jams, then there will also be gaps for the secondary flow.
If the volume is disparate, then the road with less traffic can wait... kind of like a stop sign! Except the road with more traffic won't back up and cause massive problems.
If the traffic intensity of the main flow is so high, that there are never any gaps, then it is near the saturation and will cause traffic jams anyway. Which first needs to be fixed anyway and second will also cause gaps to be created again, because the main flow comes to a halt.
It just sounds insane concept. Why stop signs, when you could have equal intersection. Slow enough to observe traffic from right. If none passthrough.
Stop signs should be special. Reserved only to those places where there simply is not enough visibility or time to observe.
That requires a level of consideration for others that your average American simply cannot comprehend. No stop sign means you have unlimited right of way bestowed by god himself and fuck anyone and everyone else.
The other option is the person who sits at a 4-way stop until all traffic in a one block radius stops before they move, totally ignoring right of way and all sense of safety and propriety.
> No stop sign means you have unlimited right of way bestowed by god himself and fuck anyone and everyone else.
Such a person, should simply not drive on a public road. That is e.g. what the first paragraph of street regulation in Germany is about.
A lot of legacy intersections don’t have space for round abouts even in cites that embrace them.
So use a mini roundabout. They are common in the UK. It's just a painted circle with a slight hump, in the middle of a four-way junction. Vehicles can drive over it (and larger ones have to) but it indicates to everyone that they have to give way to traffic from the right and don't have to stop otherwise. They typically aren't big enough for multiple vehicles to be turning a corner at the same time. They fit anywhere.
This image from the OpenStreetMap Wiki seems to be the best match for the type of mini roundabout you're talking about:
https://upload.wikimedia.org/wikipedia/commons/7/77/Mini-rou...
It seems like most of the examples on the mini roundabout page‡ are larger mini roundabouts for some reason though
‡: https://wiki.openstreetmap.org/wiki/Tag:highway%3Dmini_round...
Yes, and they can be smaller. The circle is about the right size but it has lots of room around it. Imagine a crossroads at the meeting of two residential streets, both just wide enough for two cars. Stick the circle from your picture in the middle of that imagined junction. That's what the mini roundabouts are like on the 1930s suburban estate I live next to.
It won’t work for a four way stop with lots of traffic, it will just make things worse actually.
What is the traffic flow rate in an intersection with a 4 way stop? For single lane, since only one vehicle can be in the intersection at once, and probably takes _at least_ 5 seconds to start from stopped and cross the intersection, I'm guessing in the 10-12 region per minute best case, so maybe 600 an hour?
Now if you convert it to a mini roundabout, you can have at least two vehicles in the intersection at all times. I fail to see how it wouldn't be an improvement.
I think you are making lots of assumptions here, like when I say space, I guess you assume it is still perfectly flat and the roads are perfectly aligned? The particular four way I'm thinking about, which really should be a traffic circle if they could blow away some houses, is 65th NW and 3rd in Seattle:
https://maps.app.goo.gl/7KBhbJ9oAvDwrfGN8
So notice we already have problems in a bad alignment of 3rd, and 65th is basically a steep grade, even coming up form the west. I think you could put a circle in if it were flat, even with the bad alignment (or maybe because of the bad alignment), but this hills make a non-starter. It also gets enough traffic that I'm pretty sure they are just going to put a stop light up eventually.
Why not?
Here in the UK, we've got lots of roundabouts from tiny mini-roundabouts (some of which have four junctions) that could easily fit almost anywhere, all the way to gigantic multi-roundabout junctions (https://en.wikipedia.org/wiki/Magic_Roundabout_(Swindon) ).
I can't think of a situation where it's more efficient to have four vehicles all stop at a junction (busy four way stop) vs a roundabout which will allow one or two vehicles to join the roundabout without having to stop.
At this point in time, why can't we do smart crossings? Like have some sensors and software to change lights based on real-time traffic conditions.
You don't have this? In Sweden we have sensors to detect cars, pedestrians and bicycles to shift the lights as appropriate. During rush-hour those features are turned off/discarded in favor of "grid optimized" timings. In Netherlands they prioritize pedestrians and cyclists when it's raining.
We also have LED lights in our traffic lights which I've come to understand is a saftey hazard in USA because snow falls sometimes.
We do have them, but it's so expensive that we only use them on the biggest and busiest intersections. We also switched to LED several decades ago.
Even the small bicycle and pedestrian crossing next to my office in Copenhagen has vehicle (bicycle) sensors.
Because those systems are exorbitantly expensive and require digging up the road to install sensors. If there's a stop sign instead of lights, you need to dig up more private land to run power and set the utility poles to hang the lights from.
A stop sign costs like a hundred bucks, you stick it in the ground, job done. Installing an automated traffic system takes multiple days, a full crew, and heavy equipment.
Plus I'm sure that in today's capitalist hellscape it's also a subscription service that your tax money needs to pay monthly, likely for every individual intersection. Stop signs need maintaining every decade or two.
The answer is money and who's willing to part with it.
On most streets wouldn't you power new traffic lights using the existing power lines that are powering the street lights?
Assuming you're referring to the US, we do. They're all over the place. But they're a lot more expensive and complicated than roundabouts and depending on the traffic pattern they can still be less efficient.
Are any real world self-driving models (Waymo, Tesla, any others I should know?) really using VLM?
No! No one in their right mind would even consider using them for guidance and if they are used for OCR (not too my knowledge but could make sense in certain scenarios) then their output would be treated the way you'd treat any untrusted string.
You are confidently wrong
> Powered by Gemini, a multimodal large language model developed by Google, EMMA employs a unified, end-to-end trained model to generate future trajectories for autonomous vehicles directly from sensor data. Trained and fine-tuned specifically for autonomous driving, EMMA leverages Gemini’s extensive world knowledge to better understand complex scenarios on the road.
You were confidently wrong for judging them to be confidently wrong
> While EMMA shows great promise, we recognize several of its challenges. EMMA's current limitations in processing long-term video sequences restricts its ability to reason about real-time driving scenarios — long-term memory would be crucial in enabling EMMA to anticipate and respond in complex evolving situations...
They're still in the process of researching it, noting in that post implies VLM are actively being used by those companies for anything in production.
> They're still in the process of researching it
But mind you, everything Waymo does is under research.
So let's look at something newer to see if it's been incorporated
> We will unpack our holistic AI approach, centered around the Waymo Foundation Model, which powers a unified demonstrably safe AI ecosystem that, in turn, drives accelerated, continuous learning and improvement.
> Driving VLM for complex semantic reasoning. This component of our foundation model uses rich camera data and is fine-tuned on Waymo’s driving data and tasks. Trained using Gemini, it leverages Gemini’s extensive world knowledge to better understand rare, novel, and complex semantic scenarios on the road.
> Both encoders feed into Waymo’s World Decoder, which uses these inputs to predict other road users behaviors, produce high-definition maps, generate trajectories for the vehicle, and signals for trajectory validation.
https://waymo.com/blog/2025/12/demonstrably-safe-ai-for-auto...
But you could also read the actual research paper... or any of their papers. All of them in the last year are focused on multimodality and a generalist model for a reason which I think is not hard do figure since they spell it out
Note this is not end-to-end... All that VLM can do is to "contribute a semantic signal".
So put a fake "detour" sign, so the vehicle thinks it's a detour and starts to follow? Possible. But humans can be fooled like this too.
Put a "proceed" sign so the car runs over the pedestrian, like that article proposes? Get car to hit a wall? Not going to happen.
This strikes me as a skunworks project to investigate a technology that could be used for autonomous vehicles someday, as well as score some points with Sundar and the Alphabet board who've decreed the company is all-in on Gemini.
Production Waymos use a mix of machine-learning and computer vision (particularly on the perception side) and conventional algorithmic planning. They're not E2E machine-learning at all, they use it as a tool when appropriate. I know because I have a number of friends that have gone to work for Waymo, and some that did compiler/build infrastructure for the cars, and I've browsed through their internal Alphabet job postings as well.
>to generate future trajectories for autonomous vehicles directly from sensor data
we will not have achieved true AGI till we start seeing bumper stickers (especially Saturday mornings) that say "This Waymo Brakes for Yard Sales"
The headline seems false, should we change it? It doesn't look like they showed any case where any autonomous car or drone obeyed prompt injections
> In a new class of attack on AI systems, troublemakers can carry out these environmental indirect prompt injection attacks to hijack decision-making processes.
I have a coworker who brags about intentionally cutting off Waymos and robocars when he sees them on the road. He is "anti-clanker" and views it as civil disobedience to rise up against "machines taking over." Some mornings he comes in all hyped up talking about how he cut one off at a stop sign. It's weird.
This is a legitimate movement in my eyes. I don’t participate, but I see it as valid. This is reminiscent of the Luddite movement - a badly misunderstood movement of folks who were trying to secure labor rights guarantees in the face of automation and new tools threatening to kill large swaths of the workforce.
The Luddites were employed by textile manufacturers and destroyed machines to get better bargaining power in labor negotiations. They weren't indiscriminately targeting automation, they targeted machines that directly affected their work.
Which makes the comparison of modern anti-AI proponents (like myself) and Luddites even more apt and accurate.
Because life would be so much better if people still had to spin wool and weave cloth by hand, and grow their own food by digging in the earth with no tools.
Use whatever means necessary to stop powerful people from exploiting you and stealing the fruits of your labor. If that struggle involves monkeywrenching their machines, so be it.
But like any tool, the machines themselves can be used for good or evil. Breaking the machines shouldn't be an end in itself.
The 700m people suffering from starvation or malnutrition while we produce excess food would probably rather be digging in the earth with no tools if it meant they got fed.
The Luddites wouldn't have been destroying machines if they had insurance that they would also benefit from the machines, rather than see their livelihoods being destroyed while the boss made more money than ever.
Like the OP, you misunderstand the entire point of the Luddites. Breaking the machines was not an end, it was the tactical means to help illustrate their broader point of how the owning class can arbitrarily ruin their entire lives and livelihoods with absolutely zero recourse or consultation with the impacted people. This is a defining feature of capitalism, and that was their issue.
Your strawman about spinning and digging with no tools is just that, and is irrelevant to the core issue of capitalism.
If the core issue is ending exploitation by capitalists and not about breaking machines, if you don't want to return to a world without automation, if the machine is just a strawman, then why do you describe yourself as "anti-AI" instead of "anti-capitalist" or "anti-exploitation"?
It seems like you identify yourself with the strawman instead of with the core issue.
I am anti-capitalist and exploitation. And I don't think any anti-capitalist person can be pro-AI, not the way it's currently constructed. But people on a startup forum tend to lose their minds if you say you're against either :)
Being anti-AI is not a straw man, it's the logical conclusion of being against exploitation and hierarchical domination. Discussing that nuance here is difficult, to say the least, so it's simpler to say anti-AI.
Unless you're committing serious crimes vandalizing machines to get leverage over a counterparty in a negotiation you're not comparable to the Luddites.
And you clearly don't understand the core issue the Luddites have if you think it was just about breaking stuff for leverage.
Destroying someone else's property is much more obviously criminal than cutting off someone else's car, which is not nice, but not destructive.
Criminality is an arbitrary benchmark here, cutting people off can be illegal due to the risks involved.
However what’s more interesting is the deeper social contracts involved. Destroying other people’s stuff can be perfectly legal such as fireman breaking car windows when someone parks in front of a fire hydrant. Destroying automation doesn’t qualify for an exception, but it’s not hard to imagine a different culture choosing to favor the workers.
Inflicting damage is usually justified by averting larger damage. Very roughly, breaking a $200 car window is justified in order to save a $100k house from burning down. Stealing someone's car is justified when you need a car to urgently drive someone bleeding to a hospital to save their life (and then you don't claim the car is yours, of course).
I don't think Luddites had an easy justification like this.
I'm pretty sure the Luddites judged the threat the machines posed to their livelihood to be a greater damage than their employer's loss of their machines. So for them, it was an easy justification. The idea that dollar value encapsulates the only correct way to value things in the world is a pretty scary viewpoint (as your reference to the value of saving a life illustrates).
One one side there were the luddites and their livelihoods; tens of thousands of people.
On the other side, there were cheap textiles for EVERYONE - plus some profits for the manufacturers.
They might have been fighting to save their livelihoods, but their self-interest put them up against the entire world, not just their employers.
The Luddites were trying to stop themselves & their families from starving to death. The factory owners were only interested in profit. It isn't like the Luddites were given a generous re-training package and they turned it down. They had 0 rights, I mean that literally: 0.