Erm… technically correct I guess? But disappointing. Other solutions let you run a local command to generate the response and then paste it into a form.
I sortof understand the argument that it can look like what some malware does, but I feel like there should be an easy fix for that, like maybe just label it as an “advanced user” feature or something, so at least it’s still available. I just feel like requiring wasm is a step in the wrong direction and even moreso shuts out legitimate users that don’t have/enable wasm on their browser.
Yes but it doesn’t actually do any work or verify anything… crawlers could follow the refresh URL immediately and get right through. And I’m skeptical that not having to actually solve a PoW could make a meaningful difference, especially if the delay from the meta refresh can be easily bypassed.
But on that page, the creator has a comment explaining that the meta refresh challenge does more than just reload the page and wait. They explain that it actually checks if the browser supports modern desktop browser features like gzip encoding, cookies, and more that’s not documented.
Yes but even curl easily passes those tests by default, regardless of the user-agent. I guess I’m just skeptical of how much effect it really has in the real world… you see a lot of people saying “oh yea it works great”, but they don’t tell you what the before and after bot traffic actually was.
Happen to be proven wrong though if anyone has some hard data.
Erm… technically correct I guess? But disappointing. Other solutions let you run a local command to generate the response and then paste it into a form.
I sortof understand the argument that it can look like what some malware does, but I feel like there should be an easy fix for that, like maybe just label it as an “advanced user” feature or something, so at least it’s still available. I just feel like requiring wasm is a step in the wrong direction and even moreso shuts out legitimate users that don’t have/enable wasm on their browser.
No, they also added a non webassembly non js based challenge as well.
Yes but it doesn’t actually do any work or verify anything… crawlers could follow the refresh URL immediately and get right through. And I’m skeptical that not having to actually solve a PoW could make a meaningful difference, especially if the delay from the meta refresh can be easily bypassed.
This site doesn’t seem to let me link to a specific comment: https://lobste.rs/s/aa7ske/anubis_now_supports_non_js_challenges
But on that page, the creator has a comment explaining that the meta refresh challenge does more than just reload the page and wait. They explain that it actually checks if the browser supports modern desktop browser features like gzip encoding, cookies, and more that’s not documented.
Yes but even curl easily passes those tests by default, regardless of the user-agent. I guess I’m just skeptical of how much effect it really has in the real world… you see a lot of people saying “oh yea it works great”, but they don’t tell you what the before and after bot traffic actually was.
Happen to be proven wrong though if anyone has some hard data.