Comment

Comment on Anubis is awesome and I want to talk aout it

It also doesn’t function without JavaScript. If you’re security or privacy conscious chances are not zero that you have JS disabled, in which case this presents a roadblock.

On the flip side of things, if you are a creator and you’d prefer to not make use of JS (there’s dozens of us) then forcing people to go through a JS “security check” feels kind of shit. The alternative is to just take the hammering, and that feels just as bad.

source

Sort:hotnew top

SmokeyDope@piefed.social ⁨2⁩ ⁨months⁩ ago
Theres a compute option that doesnt require javascript. Its on site owners to configure IMO, though you can make the argument its not default I guess.

https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

From docs on Meta Refresh Method

Meta Refresh (No JavaScript)

The metarefresh challenge sends a browser a much simpler challenge that makes it refresh the page after a set period of time. This enables clients to pass challenges without executing JavaScript.

To use it in your Anubis configuration:

# Generic catchall rule - name: generic-browser user_agent_regex: >- Mozilla|Opera action: CHALLENGE challenge: difficulty: 1 # Number of seconds to wait before refreshing the page algorithm: metarefresh # Specify a non-JS challenge method

This is not enabled by default while this method is tested and its false positive rate is ascertained. Many modern scrapers use headless Google Chrome, so this will have a much higher false positive rate.
source
- z3rOR0ne@lemmy.ml ⁨2⁩ ⁨months⁩ ago
  Yeah I actually use the noscript extension and i refuse to just whitelist certain sites unless I’m very certain I trust them.
  
  I run into Anubis checks all the time and while I appreciate the software, having to consistently temporarily whitelist these sites does get cumbersome at times. I hope they make this noJS implementation the default soon.
  
  source
  - Prathas@lemmy.zip ⁨1⁩ ⁨month⁩ ago
    Wait, you keep temporarily allowing then over and over again? Why temporary?
    
    source
    z3rOR0ne@lemmy.ml ⁨1⁩ ⁨month⁩ ago
    Most of the Anubis encounters I have are to redlib instances that are shuffled around, go down all the time, and generally are more ephemeral than other sites. Because I use another extension called Libredirect to shuffle which redlib instance I visit when clicking on a reddit link, I don’t bother whitelisting them permanently.
    
    I already have solved this on my desktop by self hosting my own redlib instance via localhost and using libredirect to just point there, but on my phone I still do the whole nojs temp unblock random redlib instance. Eventually I plan on using wireguard to host a private redlib instance on a vps so I can just not deal with this.
    
    This is a weird case I know, but its honestly not that bad.
    
    source
- Dojan@pawb.social ⁨2⁩ ⁨months⁩ ago
  This is news to me! Thanks for enlightening me!
  
  source
natecox@programming.dev ⁨2⁩ ⁨months⁩ ago
[deleted]
source
- bitcrafter@programming.dev ⁨2⁩ ⁨months⁩ ago
  What would you propose as an alternative?
  
  source
  - natecox@programming.dev ⁨2⁩ ⁨months⁩ ago
    [deleted]
    source
    Axolotl_cpp@feddit.it ⁨2⁩ ⁨months⁩ ago
    Not having catgirls is def a con
    
    source
    rtxn@lemmy.world ⁨2⁩ ⁨months⁩ ago
    No numbers, no testimonials, or even anecdotes… “It works, trust me bro” is not exactly convincing.
    
    source
    poVoq@slrpnk.net ⁨2⁩ ⁨months⁩ ago
    That blog post is fundamentally misunderstanding what Anubis actually does.
    
    source
- url@feddit.fr ⁨1⁩ ⁨month⁩ ago
  Imagine friends seeing catgirl on your browser and now you have to explain it to them who has zero knowledge in it
  
  source
cecilkorik@piefed.ca ⁨2⁩ ⁨months⁩ ago

if you are a creator and you’d prefer to not make use of JS (there’s dozens of us) then forcing people to go through a JS “security check” feels kind of shit. The alternative is to just take the hammering, and that feels just as bad.

I’m with you here. I come from an older time on the Internet. I’m not much of a creator, but I do have websites, and unlike many self-hosters I think, in the spirit of the internet, they should be open to the public as a matter of principle, not cowering away for my own private use behind some encrypted VPN. I want it to be shared. Sometimes that means taking a hammering. It’s fine. It’s nothing that’s going to end the world if it goes down or goes away, and I try not to make a habit of being so irritating that anyone would have much legitimate reason to target me.

I don’t like any of these sort of protections that put the burden onto legitimate users. I get that’s the reality we live in, but I reject that reality, and substitute my own. I understand that some people need to be able to block that sort of traffic to be able to limit and justify the very real costs of providing services for free on the Internet and Anubis does its job for that. But I’m not one of those people. It has yet to cost me a cent above what I have already decided to pay, and until it does, I have the freedom to adhere to my principles on this.

To paraphrase another great movie: Why should any legitimate user be inconvenienced when the bots are the ones who suck. I refuse to punish the wrong party.

source
quick_snail@feddit.nl ⁨1⁩ ⁨month⁩ ago
This is why we need these sites to have .onions. Tor Browser has a PoW that doesn’t require js

source

Meta Refresh (No JavaScript)