←back to thread

The internet is no longer a safe haven

(brainbaking.com)
253 points akyuu | 6 comments | 16 Nov 25 13:12 UTC | HN request time: 0.008s | source | bottom
Show context
BinaryIgor ◴[16 Nov 25 13:36 UTC] No.45945045[source]
I wonder why is it that we get an increase in these automated scrapers and attacks as of late (some few years); is there better (open-source?) technology that allows it? Is it because hosting infrastructure is cheaper also for the attackers? Both? Something else?

Maybe the long-term solution for such attacks is to hide most of the internet behind some kind of Proof of Work system/network, so that mostly humans get to access to our websites, not machines.

replies(6): >>45945393 #>>45945467 #>>45945584 #>>45945643 #>>45945917 #>>45945959 #
marginalia_nu ◴[16 Nov 25 14:41 UTC] No.45945467[source]
What's missing is effective international law enforcement. This is a legal problem first and foremost. As long as it's as easy as it is to get away with this stuff by just routing the traffic through a Russian or Singaporean node, it's going to keep happening. With international diplomacy going the way it has been, odds of that changing aren't fantastic.

The web is really stuck between a rock and a hard place when it comes to this. Proof of work helps website owners, but makes life harder for all discovery tools and search engines.

An independent standard for request signing and building some sort of reputation database for verified crawlers could be part of a solution, though that causes problems with websites feeding crawlers different content than users, an does nothing to fix the Sybil attack problem.

replies(4): >>45945725 #>>45945809 #>>45945986 #>>45946661 #
Aurornis ◴[16 Nov 25 15:29 UTC] No.45945809[source]
> What's missing is effective international law enforcement.

International law enforcement on the Internet would also subject you to the laws of other countries. It goes both ways.

Having to comply with all of the speech laws and restrictions in other countries is not actually something you want.

replies(2): >>45945922 #>>45946229 #
1. marginalia_nu ◴[16 Nov 25 16:22 UTC] No.45946229[source]
We have historically solved this via treaties.

If you want to trade with me, a country that exports software, let's agree to both criminalize software piracy.

No reason why this can't be extended to DDoS attacks.

replies(1): >>45947147 #
2. beeflet ◴[16 Nov 25 18:17 UTC] No.45947147[source]
I don't want governments to have this level of control over the internet. It seems like you are paving over a technological problem with the way the internet is designed by giving some institution a ton of power over the internet.
replies(1): >>45948248 #
3. marginalia_nu ◴[16 Nov 25 20:45 UTC] No.45948248[source]
The alternative to governments stopping misbehavior is every website hiding behind Cloudflare or a small number of competitors, which is a situation that is far more susceptible to abuse than having a law that says you can't DDoS people even if you live in Singapore.

It really can not be overstated how unsustainable the status quo is.

replies(1): >>45949871 #
4. beeflet ◴[17 Nov 25 00:38 UTC] No.45949871{3}[source]
I think the alternative is to recreate the internet with more p2p friendly infrastructure. BitTorrent does not have this same DDoS problem. Mesh networks are designed with sybil resistance in mind
replies(1): >>45952200 #
5. marginalia_nu ◴[17 Nov 25 09:49 UTC] No.45952200{4}[source]
The internet already is p2p infrastructure.

BitTorrent is just as susceptible to this, it's just there's currently no economic incentive to try to exhaustively scrape it from 50,000 VPS nodes.

replies(1): >>45958930 #
6. beeflet ◴[17 Nov 25 22:09 UTC] No.45958930{5}[source]
>The internet already is p2p infrastructure.

No, it really isn't. Unless you mean like on the BGP level. But it's p2p in the sense where you have to trust every party not to break the system. It's like email or mastodon, it doesn't solve the fundamental sybil problem at hand.

>BitTorrent is just as susceptible to this,

In bittorrent things are hosted by adhoc users are that are roughly proportional to the number of downloaders. It is not unimaginable that you could staple a reputation system on top of it like PTs already do.