Reddit.
Just here for good conversation with good people.
Reddit.
This is correct. I work in bot detections. There are baseline checks for various browser automation used as bot frameworks like Puppeteer or Playwright. Then there is basic analysis of server side and client side fingerprints; meaning, do the fingerprints you claim make sense. There are other heuristics too and I imagine Cloudflare is monitoring movements that point to automation. All of this happens after you click. I personally prefer this over Google’s captcha which frequently doesn’t recognize me as a human but is easily bypassed by bots.
I’m not sure they have the power to arrest Satan incarnate.
Sick embroidery!
What an absolute baller.
Also, on another note, I really love and appreciate your posts. They have introduced me to a lot of art and artists I wouldn’t have otherwise known about.
Almost every type of Streptomyces releases geosmin when they die. Now your butt can too.
You son of a removed, I’m in.
Late reply here too. I’m sorry about that.
You can read my comment that I made here in regards to what I think could be causing you problems.
I do take this seriously and will try to find some time to put together a configuration like this for testing, so thanks for sharing.
Apologies for the late response!
I’ll echo similar thoughts to what I said in another comment. Librewolf, Mullvad, and other privacy based browsers are going to be a double-edged sword. You can take me with a grain of salt but these types of browsers actually do make you stand out in terms of fingerprinting. They have their own unique signatures, and the more you tweak the more you stand out too. Does it protect your privacy? It’s really hard to tell, there’s no data to suggest one way or another that I’m aware of. But, these changes are going to make you more likely to be challenged by captcha and blocked by sites in general.
I wish we didn’t have to try and solve this type of problem. Privacy should be a right.
Thanks for sharing that!
Truthfully, Firefox is fairly easy to detect. Several facets of the API it uses makes for quick identification. For example, Firefox should be able to report its build ID. Also, it won’t report specifics about the WebGL renderer you’re using like the vendor and architecture.
The link you shared is great and really highlights something I was thinking about today regarding this subject. The more you harden and change things the more you stand out. You’re also more likely to trigger bot detection when you alter specifics about your browser like the major version you’re on. I’ve seen some extensions change the user agent to much older major versions like Firefox 60. That’s a big red flag.
The user agent thing was bizarre, especially since it was also on Minecraft.net! I swapped to a generic Chrome on Windows agent and it instantly started working again and let me use the site as normal again.
Yes that is bizarre 😂 It’s not clear to me if Microsoft is using their own anti-bot solution or a third party one, but it doesn’t sound really successful with the way it’s reacting.
Overall, I can’t help but thinking the best route is to use the same thing as everyone else but roll your own VPN and change MAC addresses. Ideally, we would have some laws against all of this but I don’t foresee that anytime soon.
I wish I could do more to help. I’m happy to answer questions you might have, though.
I for one want to offer a heartfelt apology. As someone that works in this space, bots are becoming more and more sophisticated. I can’t speak for Cloudflare, but we’re definitely not interested in your personal information. As someone who also prefers their privacy on the web, the fact that bot signatures overlap with privacy-centric signatures sucks. I myself have experienced it on my mobile device with Ghostery. It’s frustrating, I know.
Would you mind sharing the guide you used for hardening your Firefox? I’m curious to see what could potentially be triggering the issue.
Also, I just want to say, I think it’s hilarious that a site blocked you but then allows you to continue browsing after changing your user agent. That right there is bot behavior.
To circle back around to the actual block, I bet changing your skin executes JavaScript which flags something from the anti-bot software.
Out of curiosity, was this the dynamic growing up and prior to the move? I just wonder if your father is a narcissist. If you were always blamed while your siblings could do no wrong then there’s a strong chance that’s the issue.
Regardless, I’m so sorry about how your father has treated you. I feel like I can relate in some way. As an adult it’s taken some time to sort through those past issues. It’s hard to come to the realization that a parent can’t be what you want or need them to be.
Someone else in the comments mentioned therapy and I just want to echo that. There’s nothing wrong with it and I think everyone should do sessions with an expert in their life. I hope you can find some peace regardless. Best of luck OP.
Chaotic. I love it.
NYT also uses a third party bot identification and mitigation service.
That is an excellent portmanteau.
Are you referring to email verification on sign up? If so, it’s unfortunately easily overcome by bad actors. Depending on how the platform handles it, one email can be used over and over again to verify accounts or there are many services out there that provide an endless amount of quick and easy emails. The automation of this has already been solved too. For the first scenario, limits on how many times an email is used for account verification is useful. For the second scenario, we really start the cat and mouse game. You can block sign up from accounts using spam email domains. There are lists out there that can help. If someone is really persistent, they may have a trove of legitimate email addresses they can use. Then you have to start considering where the sign ups are coming from, the IP, it’s reputation, the behaviors, and hopefully it’s fingerprints from the device. You could serve a captcha but most are trivial to bypass with code straight from GitHub or captcha passing services. Overall, this is not an easy problem to solve. I know a lot of conversation on Lemmy is being had regarding this topic. It’s going to take all of us together to help solve the problem.
My mom taught me growing up that you can never be too professional. Going by that advice, I think A & B at the same time is the clear answer.