Comment

Comment on Anubis is awesome and I want to talk aout it

It also doesn’t function without JavaScript. If you’re security or privacy conscious chances are not zero that you have JS disabled, in which case this presents a roadblock.

On the flip side of things, if you are a creator and you’d prefer to not make use of JS (there’s dozens of us) then forcing people to go through a JS “security check” feels kind of shit. The alternative is to just take the hammering, and that feels just as bad.

source

Sort:hotnew top

SmokeyDope@piefed.social ⁨19⁩ ⁨hours⁩ ago
Theres a compute option that doesnt require javascript. Its on site owners to configure IMO, though you can make the argument its not default I guess.

https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

From docs on Meta Refresh Method

Meta Refresh (No JavaScript)

The metarefresh challenge sends a browser a much simpler challenge that makes it refresh the page after a set period of time. This enables clients to pass challenges without executing JavaScript.

To use it in your Anubis configuration:

# Generic catchall rule - name: generic-browser user_agent_regex: >- Mozilla|Opera action: CHALLENGE challenge: difficulty: 1 # Number of seconds to wait before refreshing the page algorithm: metarefresh # Specify a non-JS challenge method

This is not enabled by default while this method is tested and its false positive rate is ascertained. Many modern scrapers use headless Google Chrome, so this will have a much higher false positive rate.
source
- z3rOR0ne@lemmy.ml ⁨15⁩ ⁨hours⁩ ago
  Yeah I actually use the noscript extension and i refuse to just whitelist certain sites unless I’m very certain I trust them.
  
  I run into Anubis checks all the time and while I appreciate the software, having to consistently temporarily whitelist these sites does get cumbersome at times. I hope they make this noJS implementation the default soon.
  
  source
  - Prathas@lemmy.zip ⁨2⁩ ⁨hours⁩ ago
    Wait, you keep temporarily allowing then over and over again? Why temporary?
    
    source
- Dojan@pawb.social ⁨15⁩ ⁨hours⁩ ago
  This is news to me! Thanks for enlightening me!
  
  source
quick_snail@feddit.nl ⁨6⁩ ⁨hours⁩ ago
This is why we need these sites to have .onions. Tor Browser has a PoW that doesn’t require js

source
natecox@programming.dev ⁨19⁩ ⁨hours⁩ ago
I feel comfortable hating on Anubis for this. The compute cost per validation is vanishingly small to someone with the existing budget to run a cloud scraping farm, it’s just another cost of doing business.

The cost to actual users though, particularly to lower income segments who may not have compute power to spare, is annoyingly large. There are plenty of complaints out there about Anubis being painfully slow on old or underpowered devices.

Some of us do actually prefer to use the internet minus JS, too.

Plus the minor irritation of having anime catgirls suddenly be a part of my daily browsing.

source
- url@feddit.fr ⁨6⁩ ⁨hours⁩ ago
  Imagine friends seeing catgirl on your browser and now you have to explain it to them who has zero knowledge in it
  
  source
- bitcrafter@programming.dev ⁨19⁩ ⁨hours⁩ ago
  What would you propose as an alternative?
  
  source
  - natecox@programming.dev ⁨19⁩ ⁨hours⁩ ago
    There’s a caddy config out there that works as well as Anubis without the catgirls and mining: fxgn.dev/blog/anubis/
    
    source
    Axolotl_cpp@feddit.it ⁨18⁩ ⁨hours⁩ ago
    Not having catgirls is def a con
    
    source
    rtxn@lemmy.world ⁨17⁩ ⁨hours⁩ ago
    No numbers, no testimonials, or even anecdotes… “It works, trust me bro” is not exactly convincing.
    
    source
    poVoq@slrpnk.net ⁨17⁩ ⁨hours⁩ ago
    That blog post is fundamentally misunderstanding what Anubis actually does.
    
    source
cecilkorik@piefed.ca ⁨19⁩ ⁨hours⁩ ago

if you are a creator and you’d prefer to not make use of JS (there’s dozens of us) then forcing people to go through a JS “security check” feels kind of shit. The alternative is to just take the hammering, and that feels just as bad.

I’m with you here. I come from an older time on the Internet. I’m not much of a creator, but I do have websites, and unlike many self-hosters I think, in the spirit of the internet, they should be open to the public as a matter of principle, not cowering away for my own private use behind some encrypted VPN. I want it to be shared. Sometimes that means taking a hammering. It’s fine. It’s nothing that’s going to end the world if it goes down or goes away, and I try not to make a habit of being so irritating that anyone would have much legitimate reason to target me.

I don’t like any of these sort of protections that put the burden onto legitimate users. I get that’s the reality we live in, but I reject that reality, and substitute my own. I understand that some people need to be able to block that sort of traffic to be able to limit and justify the very real costs of providing services for free on the Internet and Anubis does its job for that. But I’m not one of those people. It has yet to cost me a cent above what I have already decided to pay, and until it does, I have the freedom to adhere to my principles on this.

To paraphrase another great movie: Why should any legitimate user be inconvenienced when the bots are the ones who suck. I refuse to punish the wrong party.

source

Meta Refresh (No JavaScript)