logoalt Hacker News

Chu4eenotoday at 5:43 AM1 replyview on HN

Except when it throws you into a reload loop. It's pretty buggy, and trivial to bypass.

And contrary to grandparent, PoW only worked because it was a novel thing to work around, a simple "type human" prompt would've worked as well.

When anubis gets widespread enough users will still run the PoW in javascript or whatever while the scrapers will run much more optimized native code, so no, it doesn't scale.


Replies

harshrealitytoday at 8:36 AM

Putting aside the question of whether it will continue to work, even somewhat, against botnets, I find your first paragraph confusing.

Reload loops, or being able to "bypass" anubis (unless you merely mean bypassing it for the token validity period by solving a challenge), sound like misconfigurations. There's no reason for anubis itself to cause reload loops; it's tricky to configure a webserver to use it in some scenarios.

Any ability to bypass anubis probably means the site is using it in auth/challenge mode only, and then misconfigured their webserver's auth checking. Or it's a bug. If you mean the double-spend tavis mentioned in his blog post which previously made the HN frontpage, that was patched right after it was reported to the maintainer almost a year ago.