BioHacker News | Faking a JPEG

▲Faking a JPEG(ty-penguin.org.uk)

203 points by todsacerdoti 9 hours ago | 14 comments

▲tomsmeding 23 minutes ago

They do have a robots.txt [1] that disallows robot access to the spigot tree (as expected), but removing the /spigot/ part from the URL seems to still lead to Spigot. [2] The /~auj namespace is not disallowed in robots.txt, so even well-intentioned crawlers, if they somehow end up there, can get stuck in the infinite page zoo. That's not very nice.

[1]: https://www.ty-penguin.org.uk/robots.txt

[2]: https://www.ty-penguin.org.uk concatenated with /~auj/cheese (don't want to create links there)

▲derefr 6 hours ago

> It seems quite likely that this is being done via a botnet - illegally abusing thousands of people's devices. Sigh.

Just because traffic is coming from thousands of devices on residential IPs, doesn't mean it's a botnet in the classical sense. It could just as well be people signing up for a "free VPN service" — or a tool that "generates passive income" for them — where the actual cost of running the software, is that you become an exit node for both other "free VPN service" users' traffic, and the traffic of users of the VPN's sibling commercial brand. (E.g. scrapers like this one.)

This scheme is known as "proxyware" — see https://www.trendmicro.com/en_ca/research/23/b/hijacking-you...

▲cAtte_ 6 hours ago

sounds like a botnet to me

▲whatsupdog 3 hours ago

Botnet with extra steps.

▲ronsor 6 hours ago

because it is, but it's a legal botnet

▲derefr 6 hours ago

Eh. To me, a bot is something users don't know they're running, and would shut off if they knew it was there.

Proxyware is more like a crypto miner — the original kind, from back when crypto-mining was something a regular computer could feasibly do with pure CPU power. It's something users intentionally install and run and even maintain, because they see it as providing them some potential amount of value. Not a bot; just a P2P network client.

Compare/contrast: https://en.wikipedia.org/wiki/Winny / https://en.wikipedia.org/wiki/Share_(P2P) / https://en.wikipedia.org/wiki/Perfect_Dark_(P2P) — pieces of software which offer users a similar devil's bargain, but instead of "you get a VPN; we get to use your computer as a VPN", it's "you get to pirate things; we get to use your hard drive as a cache node in our distributed, encrypted-and-striped pirated media cache."

(And both of these are different still to something like BitTorrent, where the user only ever seeds what they themselves have previously leeched — which is much less questionable in terms of what sort of activity you're agreeing to play host to.)

▲tgsovlerkhgsel 6 hours ago

AFAIK much of the proxyware runs without the informed consent of the user. Sure, there may be some note on page 252 of the EULA of whatever adware the user downloaded, but most users wouldn't be aware of it.

▲jandrese 2 hours ago

I wonder if you could mess with AI input scrapers by adding fake captions to each image? I imagine something like:

    (big green blob)

    "My cat playing with his new catnip ball".


    (blue mess of an image)

    "Robins nesting"

▲Dwedit 50 minutes ago

A well-written scraper would check the image against a CLIP model or other captioning model to see if the text there actually agrees with the image contents.

▲Simran-B 28 minutes ago

Then captions that are somewhat believable? "Abstract digital art piece by F. U. Botts resembling wide landscapes in vibrant colors"

▲levzzz 1 hour ago

[dead]

▲mrbluecoat 8 hours ago

> I felt sorry for its thankless quest and started thinking about how I could please it.

A refreshing (and amusing) attitude versus getting angry and venting on forums about aggressive crawlers.

▲ASalazarMX 8 hours ago

Helped without doubt by the capacity to inflict pain and garbage unto those nasty crawlers.

▲EspadaV9 7 hours ago

I like this one

https://www.ty-penguin.org.uk/~auj/spigot/pics/2025/03/25/fa...

Some kind of statement piece

▲creatonez 4 hours ago

For the full experience:

Firefox: Press F12, go to Network, click No Throttling > change it to GPRS

Chromium: Press F12, go to Network, click No Throttling > Custom > Add Profile > Set it to 20kbps and set the profile

▲extraduder_ire 1 hour ago

Good mention. There's probably some good art to be made by serving similar jpeg images with the speed limited server-side.

▲myelinsheep 5 hours ago

Anything with Shakespeare in it?

▲EspadaV9 3 hours ago

Looks like he didn't get time to finish

https://www.ty-penguin.org.uk/~auj/spigot/pics/2025/03/25/fa...

Terry Pratchett has one I'd like to think he'd approve of. Just a shame I'm unable to see the 8th colour, I'm sure it's in there somewhere.

https://www.ty-penguin.org.uk/~auj/spigot/pics/2025/03/25/fa...

▲superjan 1 hour ago

There is a particular pattern (block/tag marker) that is illegal the compressed JPEG stream. If I recall correctly you should insert a 0x00 after a 0xFF byte in the output to avoid it. If there is interest I can followup later (not today).

▲marcod 6 hours ago

Reading about Spigot made me remember https://www.projecthoneypot.org/

I was very excited 20 years ago, every time I got emails from them that the scripts and donated MX records on my website had helped catching a harvester

> Regardless of how the rest of your day goes, here's something to be happy about -- today one of your donated MXs helped to identify a previously unknown email harvester (IP: 172.180.164.102). The harvester was caught a spam trap email address created with your donated MX:

▲112233 2 hours ago

So how do I set up an instance of this beautiful flytrap? Do I need a valid personal blog, or can I plop something on cloudflare to spin on their edge?

▲ffsm8 2 hours ago

It's a flask app, he linked to it

https://github.com/gw1urf/spigot/

▲Modified3019 5 hours ago

Love the effort.

That said, these seem to be heavily biased towards displaying green, so one “sanity” check would be if your bot is suddenly scraping thousands of green images, something might be up.

▲lvncelot 3 minutes ago

Nature photographers around the world rejoice as their content becomes safe from scraping.

▲recursive 5 hours ago

Mission accomplished I guess

▲lblume 8 hours ago

Given that current LLMs do not consistently output total garbage, and can be used as judges in a fairly efficient way, I highly doubt this could even in theory have any impact on the capabilities of future models. Once (a) models are capable enough to distinguish between semi-plausible garbage and possibly relevant text and (b) companies are aware of the problem, I do not think data poisoning will be an issue at all.

▲jesprenj 7 hours ago

Yes, but you still waste their processing power.

▲immibis 6 hours ago

There's no evidence that the current global DDoS is related to AI.

▲lblume 15 minutes ago

The linked page claims that most identified crawlers are related to scraping for training data of LLMs, which seems likely.

▲bschwindHN 8 hours ago

You should generate fake but believable EXIF data to go along with your JPEGs too.

▲bigiain 2 hours ago

Fake exif data with lat/longs showing the image was taken inside Area 51 or The Cheyenne Mountain Complex or Guantanamo Bay...

▲russelg 4 hours ago

They're taking the valid JPEG headers from images already on their site, so it's possible those are already in place.

▲electroglyph 1 hour ago

there's no metadata in the example image

▲derektank 7 hours ago

From the headline that's actually what I was expecting the link to discuss

▲hashishen 7 hours ago

the hero we needed and deserved

▲dheera 8 hours ago

> So the compressed data in a JPEG will look random, right?

I don't think JPEG data is compressed enough to be indistinguishable from random.

SD VAE with some bits lopped off gets you better compression than JPEG and yet the latents don't "look" random at all.

So you might think Huffman encoded JPEG coefficients "look" random when visualized as an image but that's only because they're not intended to be visualized that way.

▲maxbond 6 hours ago

Encoded JPEG data is random in the same way cows are spherical.

▲BlaDeKke 5 hours ago

Cows can be spherical.

▲ 5 hours ago

▲bigiain 2 hours ago

And have uniform density.

▲anyfoo 33 minutes ago

Yeah, but in practice you only get that in a perfect vacuum.

▲puttycat 6 hours ago

> compression tends to increase the entropy of a bit stream.

Does it? Encryption increases entropy, but not sure about compression.

▲gregdeon 5 hours ago

Yes: the reason why some data can be compressed is because many of its bits are predictable, meaning that it has low entropy per bit.

▲JCBird1012 5 hours ago

I can see what was meant with that statement. I do think compression increases Shannon entropy by virtue of it removing repeating patterns of data - Shannon entropy per byte of compressed data increases since it’s now more “random” - all the non-random patterns have been compressed out.

Total information entropy - no. The amount of information conveyed remains the same.

▲gary_0 1 minute ago

Technically with lossy compression, the amount of information conveyed will likely change. It could even increase the amount of information of the decompressed image, for instance if you compress a cartoon with simple lines and colors, a lossy algorithm might introduce artifacts that appear as noise.