Skip to main content

glitchsoc - Link to source

Sabot in the Age of AI


A list of offensive methods & strategic approaches for facilitating (algorithmic) sabotage, framework disruption, & intentional data poisoning.

Selected Tools & Frameworks


This is a living resource — regularly updated to reflect the shifting terrain of collective techno-disobedience and algorithmic Luddism.

A fake JPEG filled with random data.

Libre / Markov Tarpit · GitLab

GitLab Community Edition
GitLab
This entry was edited (1 week ago)
in reply to ASRG

Matt 🔶 (LordMatt)
mastodon - Link to source
Matt 🔶 (LordMatt)
@Fingel This very much reminds me of the infinitely crawlable nonsense first designed (by me) to give Microsoft Recall a headache.
@Fingel
in reply to ASRG

Marcos Dione
mastodon - Link to source
Marcos Dione

@Fingel another take that I hope I have time to write:

An app that feeds either static text or a poisoned Markov Chain, but it writes back one byte at a time, and tries to delay the client as much as possible. It would probably would have to have start with a big delay, and every time the client disconnects, it registers the IP and the delay in a db so next time it tries a lower delay until it finds the best delay for each client.

@Fingel
in reply to Marcos Dione

Marcos Dione
mastodon - Link to source
Marcos Dione
@Fingel is there a site where some of the craziest delusions from the original LLMs are recorded? We should feed them that back.
@Fingel
in reply to ASRG

Mr Salteena is not quite a gentleman
akkoma - Link to source
Mr Salteena is not quite a gentleman
@Fingel I have been doing something primitive with fail2ban and a "trigger" URL. But. What I see is that the latest in scraping is to use a rotating set of IPs or proxies so requests never seem to come from the same IP number, and with plausible user agents. I'm struggling with this because although I can see the overall behaviour, it's not clear until after a request is made that's part of a scrape session, and blocking that IP number won't block the remaining scrapes. Firms are offering this kind of service commercially and there are plenty of writeups on how to do it.
@Fingel
in reply to Mr Salteena is not quite a gentleman

Aaron
gotosocial - Link to source
Aaron

A medium term plan for Nepenthes is to coordinate data amongst instances to conclusively identity crawlers, and hopefully allow people to ban them preemptively.

Still thinking through it. No ETA.
@asrg

@ASRG
in reply to ASRG

[moved] Floppy 💾
mastodon - Link to source
[moved] Floppy 💾

Thank you for this comprehensive list, this is great! I will need one of such defenses sooner or later I believe.

I worry a bit that looking at IP-ranges and User-Agent-strings might not be enough long-term. UA can be faked easily and different ranges are possible.

Are there other reliable ways employed to identify bots, without giving away any important content (e.g. beyond landing page)? Maybe looking at behavioural data (e.g. rate of accessing URLs)?

@aaron @marcusb @mike @Fingel

@Aaron @marcusb @Mike Coats 🏴󠁧󠁢󠁳󠁣󠁴󠁿🇪🇺🌍♻️ @Fingel

This website uses cookies. If you continue browsing this website, you agree to the usage of cookies.