Anubis provides protection against bots scraping websites and DDoSing projects.
This blog post is about Xe’s reasoning for originally only providing docker packages and their work to provide native packages.
Anubis provides protection against bots scraping websites and DDoSing projects.
This blog post is about Xe’s reasoning for originally only providing docker packages and their work to provide native packages.
Anubis without JavaScript is what I’m waiting for. I know that the Darknet forum Dread has a PoW system that doesn’t use JS (or maybe it does something else entirely and I completely missed it)
How would that work? And how easy would it be to circumvent? Anubis probably forces spinning up a browser or something that supports a JS runtime (again probably a browser), so it’s not as easily scriptable as just callling an HTTP endpoint. I’m curious how you would implement a system without JS.
Anti Commercial-AI license
Honestly I have no idea how PoW works at all. I’m just happy to see the innovation in this space. With that said, people have raised the idea of using TOR’s PoW mechanism, or in my case, Dread’s PoW. I believe both of them work without JavaScript
I would then encourage you to look up how those work and what proof of work actually is. Proof of work requires some work to be done by the client. If you want regular people to browse the internet normally and “do work”, that means JavaScript, otherwise it requires them to install an extra binary like TOR or something, which would lock out most of real users. I imagine that’s not the goal of site operators.
Anti Commercial-AI license
Maybe the solution is for browsers to include POW functionality natively.
We see dumb shit like “you need to enable DRM yadayada.” We could have a similar thing for “you need to enable POW.”
It might be pretty difficult to implement the work part of proof of work without JS in a practical way. Of the three languages available on the web, HTML, CSS & JS (+ WebAssembly, which requires a bit of JS IIRC & would probably not be available) JS is the only one that allows you to perform the work in a sane way. (It might be possible to use CSS magic with remote resources, but that has its own problems if it’s even possible.)
It would be possible to use a dedicated program or another website to perform the work, but it would be far from seamless to users.
I don’t know how PoW works but do you think that TOR and Dread’s PoW can be reused?
In proof of work, the client performs (relatively) slow & expensive calculations to prove that it’s not spam. If you tried to make too many connections, the work would add up, preventing you from affecting the availability of the service.
For PoW to work, the server needs to generate a challenge, then the client needs to solve it and return the answer. JavaScript can do this without any input from the user.
For JavaScriptless PoW, you need to find a way to perform those slow calculations without access to a programming language.
Like I said in my previous comment, solving the challenge can happen outside of the page, after which the user could paste the answer to a normal HTML form, for example. This allows PoW to work without JS, but requires user interaction & eternal tools.
I don’t know about Dread, but Tor has built-in PoW now. Since Tor runs outside of the document/tab, unlike JS, it can do a lot more. Tor’s PoW happens invisibly between the network request & response, making it unobtrusive & bypassing JS entirely.