Anubis provides protection against bots scraping websites and DDoSing projects.
This blog post is about Xe’s reasoning for originally only providing docker packages and their work to provide native packages.
Anubis provides protection against bots scraping websites and DDoSing projects.
This blog post is about Xe’s reasoning for originally only providing docker packages and their work to provide native packages.
Anubis without JavaScript is what I’m waiting for. I know that the Darknet forum Dread has a PoW system that doesn’t use JS (or maybe it does something else entirely and I completely missed it)
It might be pretty difficult to implement the work part of proof of work without JS in a practical way. Of the three languages available on the web, HTML, CSS & JS (+ WebAssembly, which requires a bit of JS IIRC & would probably not be available) JS is the only one that allows you to perform the work in a sane way. (It might be possible to use CSS magic with remote resources, but that has its own problems if it’s even possible.)
It would be possible to use a dedicated program or another website to perform the work, but it would be far from seamless to users.
I don’t know how PoW works but do you think that TOR and Dread’s PoW can be reused?
In proof of work, the client performs (relatively) slow & expensive calculations to prove that it’s not spam. If you tried to make too many connections, the work would add up, preventing you from affecting the availability of the service.
For PoW to work, the server needs to generate a challenge, then the client needs to solve it and return the answer. JavaScript can do this without any input from the user.
For JavaScriptless PoW, you need to find a way to perform those slow calculations without access to a programming language.
Like I said in my previous comment, solving the challenge can happen outside of the page, after which the user could paste the answer to a normal HTML form, for example. This allows PoW to work without JS, but requires user interaction & eternal tools.
I don’t know about Dread, but Tor has built-in PoW now. Since Tor runs outside of the document/tab, unlike JS, it can do a lot more. Tor’s PoW happens invisibly between the network request & response, making it unobtrusive & bypassing JS entirely.