if you're one of the many people i've heard say "i used to have a website for my art and prose but bots and ai scrapers stomped all over it so i gave up and shut it down"
then please please have a look at this!
the creator of iocaine, a tool designed to poison those bots, is offering it as a free hosted service. the bots get poison and you receive only legitimate visitors
@NatureMC @pho4cexa the scrapers have failed to come up with a defense against iocaine for the past year or so. There is no cat and mouse game1, and unlike regulation, iocaine is here.
As for iocaine being illegal in some countries... it isn't in mine, nor where the service is hosted.
I fully agree that regulation is sorely needed. That's not something I can make happen, nor am I going to wait for it.
if there is, the mouse2 is winning. â©ïž
hi, I'm iocaine's author, with a mousey avatar. â©ïž
@algernon great, then I can ask you directly!
Little misunderstanding: the cat and mouse game happens only with anti-scrapers like Glaze and Nightshade and such things like bot-disallows.
If I understand it correct (non-techie), your system is completely different from these? Do I understand it right that your system is more like a trap catching the bots and sending them in endless loops?
For the legal aspect: is there a difference to Ddos attacks? Are these "tarpit" methods far
@algernon away from malware?
What about resource consumption?
Is there any collateral damage for other bots that I do want to get?
Would be nice if you could answer like to a child, as I said, I'm not techie at all (but fascinated what is possible). So far, each of these protection systems has exceeded my capabilities, so it was easier to change the website.
@NatureMC @pho4cexa it is very different from malware too. It's just nonsensical text, and noisy images. Not much different from your average AI slop ;)
As for resources: I'm running mine on a 2vCPU / 4GiB RAM virtual server I rent for âŹ4/month. It uses about 120MiB of memory, and serving one garbage response requires less CPU instructions than serving a static file from the filesystem (in other words, it is very efficient). Handling encryption for HTTPS is orders of magnitudes more expensive than anything iocaine can do. I spent a great deal of effort on making it as lightweight as possible.
To paint a different pucture: your fedi servers will spend more time processing this toot than iocaine spends on serving garbage to a thousand crawlers.
Well behaved bots won't see it, but even if they do, the damage is limited to downloading a few kb of garbage insted of whatever they wanted to access. Good bots don't crawl the maze forever.
Now, deploying iocaine requires tech chops. Its not terribly hard, but not simple either - it's a constant effort to make that simpler. This is a major reason why I'm launching OnlyJunk.Fans: so people don't have to install iocaine.
It will have limitations, and requires some compromises, but I hope it will help. Happy to elaborate more, but I already wrote two walls of text. O:)
@NatureMC @pho4cexa it's complicated! 
It tries to detect crawlers (and does a decent job of that), and if it detects one, serves it garbage. The garbage is whatever the admin configures. By default, it is random symbols from Rust code (iocaine's own source) - harmless, but also useless. Its possible to go much wilder, click around on https://poison.madhouse-project.org/ for samples :)
The garbage is full of links, sending the crawlers deeper into the maze.
It's not DDoS, because 1) it isnt distributed; 2) I am not sending anyone anything they didn't request. Iocaine responds. If any bot finds that overwhelming, they can stop crawling. I'm not sending large amounts of data, either: 4-10kb text, small images. No zipbombs, no gigantic files, no endlessly dripping content.
It is different from Nughtshade and Glaze, because it doesn't change your content to make it poisonous. It stops the crawlers from reaching them in the first place. It is both a tarpit, and a bot detector - but the deyection works well enough that the vaaaast majority of the bots can't get past.
It isn't 100% effective, but it reduces the problem considerably. It does have false positives, but few, and those are easier to make an exception for than catching the crawlers otherwise.
(More in the next toot)
@algernon Thank you so much for your effort to answer my questions, I appreciate that very much. đ
And you have the rare skill to explain complicated things in a short way, understandable to everyone!
It's the *first* time that I understand how Iocaine works (and I already read some articles).
And you show me that some of these articles were not correct by blaming the method.
It's fascinating!
@NatureMC @pho4cexa Regarding articles: they may have been correct at the time they were written. iocaine evolved quite a bit since its inception.
Originally, it was a pure garbage generator - it has come a long way since.
The goals also changed, the original idea was to poison the models. I only realized months later that poisoned URLs are an actually useful property, and then started to place more emphasis on them.
On top of that, because the garbage iocaine serves depends on its configuration, my servers send a somewhat more malicious kind of garbage. One that can crash Chrome (that payload is not active on poison.madhouse-project.org, because that is meant to be safe for human visitors too), because I found it useful: it slowed down a couple of previous bigger crawler waves. That's not something I will deploy on OnlyJunk.Fans, though. But on my own turf, watching the crawlers hit me with a dozen of requests at the exact same time, then disappearing for a minute until they reboot was hilarious. Multiply this with a thousand distinct crawlers... that must have been a lot of crashy Chromes. Would've loved to see the face of whoever had to put that dumpster fire out.
"It still wonât be sustainable in the long run, but it doesnât have to be: we just need to outlast the Crawlers. If youâve read this blog, or follow me on the Fediverse, youâll know thereâs enough spite left in me to see us through."
That same spite is increasingly motivating a lot of my personal IT-related energy.
This is awesome! Thanks.
Marc Moskowitz
a very weeny construct đ
Petra van Cronenburg
Gergely Nagy
Hraban (fiëé visuëlle)
Diego Assustado
Donald Hobern
oldguycrusty
skua