i misunderstood, i thought the majority of your bot traffic was palo alto. there have been reports of their crawlers getting stuck in a loop and making the exact same request hundreds of times in short order. and then repeating that multiple times a day.
in this case, i can understand needing to take stricter measures.
if you request a non-existent page three times in a row then you'll be blocked for a month.
personally, i'd trial a week and then dial the block-time up if you still feel you're responding to too many requests. in principle, though, an automatic ip ban with an expiration is certainly one of the least drastic solutions i could think of for this problem. i'd be very interested in learning how it works out for you once it's set up.
it's great to hear somebody as against accounts as i am, but i'd be interested to hear just how far your adamancy extends before you have to compromise, and compare your experience to mine!
interesting! alright. i'd say that broadly i'm resistant to having to interact with a site beyond the most basic interactions necessary to view it. when cookie banners became A Thing i reconfigured my adblocker to hide them because the simple act of clicking "agree" or "close" or whatever was just a step too far for me. not that clicking those was too great a physical effort or anything, just that i didn't like being forced to acknowledge it in any way. i didn't want the servers to have the satisfaction of recieving that response.
if that sounds petty, i wouldn't disagree. i'm very resistant to doing what's expected of me (when i have not previously assented that this expectation can be made), to the point that it's probably a personality flaw.
for instance, you're on Melonland - and i would assume that you have at least a couple of accounts on sites that governments (or whoever) have forced you to register with (i know i have!).
i would attribute my making an account here entirely to the fact that i could read the forums freely without one. i read quite a lot before i made an account, and i still do mostly read while logged out.
tangentially to this, quite a lot of forums i used to frequent have gone login-to-view, which, despite the fact that i have accounts there of old, has dissuaded me from logging in again. i think, i should check up on this forum! oh. need to login.
as for my government (or whatever) forcing me to make an account...i'm assuming you mean web accounts because, depending on how you look at it, having a national insurance number functionally is having an account with my government.
funnily enough, i don't think i do?
i'm welsh, and both the welsh and english governments (wales isn't entirely devolved and still takes much of its law and governmental stuff from england) are quite enthusiastic about making things available
online but thus far nothing is exclusively
online, at least not that i'm aware of.
for example, the government has its own official petition site. (discourse about that set aside for brevity) it's certainly an effective tool for ensuring that there is one(1) petition for something. if everyone is signing the same
petition, you do increase the efficacy of any given petition. however...you're not required to use it. you can still run petitions on paper the old-fashioned way, without involving the website at all.
i'm vaguely aware that a lot of government stuff like taxes, benefits, nhs, and housing can be handled online now but i say vaguely because i've never even looked at the webportal(s) for these things. i have no interest in adding another point of failure for such vital aspects of my continued existence, let alone personal data. (i do not trust the government's cybersecurity, or cyber-anything for that matter)
the most recent census could apparently be filled in online, the thought of which horrifies me for the aforementioned reason. i filled in the paper one that came in the post.
should password managers even exist?
the first time i heard of a password manager, i thought "what a brilliant scam". i couldn't believe they were real things that were genuinely designed to help. you install this thing in your browser, and let it keep (and/or invent for you) a list of user/pass for every site you visit. does this not look exactly like those datamining and adware toolbars that used to plague browsers to anyone else?
i'm aware that (at least some, there probably are some scam ones out there by now) password managers were created out of a genuine desire to help improve some user's security. but i still can't beleive anyone with any real interest in security trusts them. it feels self-defeating to keep a singular database of all your credentials and then trust literally any third party with that database.
indeed, the cloud-based ones have already suffered the predictable leaks.
i don't think password managers as a concept are an inherently bad idea. but i do think all current iterations of such are bad ideas. i think password managers should be standalone software, that doesn't even attempt to access the internet, and which upon installation adds blacklist rules to the local firewall that actively prevents any in/out requests (for the sake of defeating at least the easiest approach to penetration).
even so, i think the concept of a digital password manager on the same device you're using those passwords on is...questionable. that's just asking for trouble.
my password manager is a book. an actual, physical, paper book. the thing i've been taught for decades is the worst possible approach to security.
it's fucking foolproof.
you can't download my book. you can't see it in teamview. it is absolutely impossible for you to know what is in my password book because it isn't digital.
seriously, if you struggle to remember your passwords, just write them down on actual paper.
(i'm aware this is poor security if you work in an office. i'm talking about individual use)
similarly, chan boards are known for being not-the-best which is often attributed to their anonymity - do you think that pushing content to the web (in whichever form, websites included) should require something that defeats your anonymity?
i used to be a frequenter of various anonymous message boards (not only but certainly including chan-boards) and sometimes still am in places like dreamwidth where anonymous communities continue to thrive.
people who think chan-boards are bad because
of the anonymity have it backwards. they're anonymous because
they're anonymous because no-one wants to tie themselves concretely to the kind of things their post is proximate to, even if their own post is entirely innocent.
plenty of anon communities continue to thrive without being anything close to the chan-boards in terms of content or meanness simply because...that's not what they're about.
even chan-boards have admins that ban people for violating rules, because they do have rules.
the difference between chan-boards and dreamwidth anon communities is what is and isn't against the rules.
also, formal rules and admins aside, anon communities are often self-policing. if you say something that the community deems unacceptable, the community
will deal with you as they see fit. even if they have no power to remove your post, or to ban you, they can tell you, en masse, exactly what was wrong with what you said.
it's a more powerful tool than you might expect. ten, twenty replies to your post all saying some variation of "we don't use that word here" and otherwise ignoring anything else you said...most problem posters either adjust, or leave.
the few that turn troll are handled by the mods.
i made a melonland account because i considered it to be a fair bargain: my email address for permission to participate in what is, essentially, a collaborative art project in the form of a community.
but if i could post here anonymously, i wouldn't have taken that deal. where anonymity is an option, i will usually choose it.
actually, i'd go so far as to say reddit is still an anonymouse platform. sure, you need an account to post, but you don't need an email for an account. you can just make an account and not give an email.
throwaways are a whole thing
on reddit. people make single-use accounts for discussing one particular topic, for posting one comment or thread. sometimes they're deleted after the fact, sometimes they're just abandoned forever.
they're functionally anonymous.
even when you post somewhere anonymously, you're still giving your ip, or at least an
really, creating a no-email account on reddit is just making it so the public see an arbitrary name you decide instead of your ip.
in fact, "being an ip" is a whole thing in some communities. have you ever looked in the wikipedia forums? yeah, wikipedia has forums. because of dynamic ips, you can't be certain that the ip you're talking to today is the same user you were talking to last month. and quite often, it genuinely isn't.
if so: why do you have this mindset - is it because you don't trust whoever is at the other end to keep your data secure and away from third-party fingerprinting, or is it because it's inconvenient to register for a site - or some other reason?
the inconvenience is always at least part of my reckoning, and depending on the percieved inconvenience:gain ratio that alone can be enough for me to say "fuck that" and leave.
to some considerable degree it is not trusting the other end with my data. sometimes i assume they want my data for nefarious purposes. big companies like google and adobe come to mind for that. sometimes, even if i believe they have no bad intentions, i still don't trust them to keep it secure.
my sentiment is fairly linear: the fewer databases any given piece of information about me is in, the fewer chances there are for that data to leak.
even if the data is incredibly minor, i still either avoid giving it or give fake data wherever possible.
i don't think any website has my real date of birth, nor do they need it. asking for an exact date is unnecessary. i miss the days of "are you over 18" buttons. the outcome is the same. anyone can lie. but now you've got a database of dates of birth for no good reason.
(as an aside, i despise that all government departments will take knowing my date of birth as proof i am who i say i am. the thing that most people tell their friends! is used as proof of identity! it's fucking idiotic)
the vast majority of steam users were born on the 1st of january, somehow. weird coincidence. wonder why that could be.
i buy digital things quite often. or at least i used to, less so these days. still, when i buy a digital thing, i'm often asked for completely unnecessary information, like my address.
always, i give a blatantly fake address, because you don't need my physical address to email me a fucking zip. (yeah it's for tax reasons or something. i don't care. you're still not getting my address. figure out your tax data by the country my ip shows, it's not hard.)
i understand, and i think i appreciate the Crawler Struggle is bigger than i realised