Dear admins,

I see that feddit has adopted Anubis for bot protection. I’m glad it was chosen instead of Cloudflare (or some other invasive service).

However, having to wait for the Anubis check before I can use the site is annoying, especially when I’m already logged in. And it happens multiple times per day, amplifying the feeling that my time is being wasted.

Will you please consider skipping the Anubis check when my browser already has a valid login cookie?

Thank you.

  • feddit.org@feddit.orgMEnglish
    24·
    12 days ago

    @who@feddit.org : this is sadly not possible, as Anubis knows nothing about the user session or login status of the user within Lemmy (or cookies for that matter). It’s a tool that does heuristic checks, taking into account e.g. the IP address, the browsers user-agent header etc. It however stores sessions it has “seen” for 12h (with its own cookie) and doesn’t send a challenge as long as this is persisted.

    If you’re seeing the challenge multiple times a day, that this usually means that the cookie either was deleted, or the session somehow otherwise got interrupted on the client side.

    • who@feddit.orgOPEnglish
      1·
      11 days ago

      It however stores sessions it has “seen” for 12h

      Wow; that’s surprisingly short. That means I get hit with Anubis at least six times a day when I use three browsers, and eight times a day when I use four. I often do switch between devices throughout the day, so I think this explains it.

      If it can’t be made login-aware, how about extending the session time to 24 or 48 hours? That would at least reduce the continual annoyances that some of us are now experiencing.

      • surprised pikachu@feddit.orgMEnglish
        3·
        2 days ago

        we’re currently working on building some dashboards to visualize the effectiveness of anubis. once we have this setup we’ll try tuning some settings and hopefully be able to measure the effectiveness of said tuning.

    • Aniki@feddit.org
      32·
      12 days ago

      could we maybe increase the session persistence time to 3 days then? i have the same issue as OP

          • Tarogar@feddit.org
            4·
            11 days ago

            If we just remove Anubis we don’t need to worry about time limits for sessions…

            Oh wait I think that defeats the purpose of Anubis in the first place. Almost like it has these short session lengths for a reason. But I am not an expert.