A short history of web bots and bot detection techniques

73•OlegWock•7mo ago

Comments

ape4•7mo ago

I liked the depiction of different TCP SYN packets ;)

osigurdson•7mo ago

I needed a new github account the other day. The "are you human tests" were so hard that I almost gave up. I think a new way to do this will be needed soon.

laurent_du•7mo ago

Does anyone know of a good reference on the topic of fingerprinting?

keysdev•7mo ago

https://github.com/gautamkrishnar/nothing-private

Recently used DDG browser it just cant get some sites to clear! Try the flame button. But still logged in after few browser data clearing.

Are company resorting to this kinda tactic to keep user remembered. Its a major booking for lodging site!!!

Qubes OS seems more and more attractive.

ghxst•7mo ago

https://abrahamjuliot.github.io/creepjs/ https://github.com/abrahamjuliot/creepjs

Usually my go to. The readme, source code and GitHub issues are great source of information, and the website itself is useful to test against.

edit:

For anything network fingerprinting related, especially censorship related I usually browse https://github.com/net4people/bbs/issues

yellow_lead•7mo ago

> Orchestraion frameworks

Small typo here

ahmedhawas123•7mo ago

I'm curious about how this world will evolve in the era of AI agents/MCP. It is not entirely unlikely that AI agents will have access to limited wallets etc to facilitate a broader set of use cases. In that case, a one shot solution to bot vs. human may not make sense, and a more nuanced human/bot-we-like/bot-we-don't-like may be needed by corporations. This would esp be the case for unofficial MCP servers that would use technologies like headless browsing etc to support an API.

m3047•7mo ago

I'm not sure I understand the mental model you're basing your inferences on, but my model leads to a far different outcome:

If you've got a good enough bot and it's pre-qualified to spend money, then it can use the special "register as a bot" API and provide personal information and whatever else I want to understand that there is a "real human" behind the curtain. A credit card alone is not enough, they can be (trivially) stolen. The way I see it using agentic bots will ultimately require you to provide more personal details than an actual human would.

nerdsniper•7mo ago

If I'm running bots that reliably evade bot detection, what would motivate me to provide all that information when I could just ... not?

alexpotato•7mo ago

"robots spending money" has already been going since the 1980s in algorithmic trading.

irico•7mo ago

How do systems like OpenAI Operator bypass bot protection for the entire web?

notjoemama•7mo ago

Maybe I missed it, but I didn't see a mention of the permanent token cell network providers inject into client requests. Knowing what these are and mocking them is another thing a bot might do to impersonate a real device.

rShergold•7mo ago

Back in the early 2000s lots of websites had an unauthenticated "guestbook" feature where visitors could leave a message. As soon as Google and page rank became a thing bots would drive by and leave links to the website they were promoting. The idea was to increase the number of backlinks and thus improve your Google rank.

The fix to this was shockingly simple. Add an input box with a standard name like "title" and then hide it with CSS. The bots would always provide a value for every input. If you saw a value for your hidden input you returned 200 but never added the post to your website.

alexpotato•7mo ago

This is bringing me back to running my own site back in the day.

semolino•7mo ago

I implemented this very technique last year after getting some crypto spam on the guestbook of my personal website. It works like a charm.

bobbiechen•7mo ago

Great high-level overview. One of the challenges about learning about bot detection is that it's adversarial, and revealing info about your techniques can help the attackers evade you.

I do work on a bot detection product, and I've seen some group chats where crackers are sharing notes about how they're evading detection tools. The more unnerving part is that the public groups are less serious, and there are certainly better private groups aiming at anything with a good financial reward.

I Was Trapped in Chinese Mafia Crypto Slavery [video]

U.S. CBP Reported Employee Arrests (FY2020 – FYTD)

Show HN: I built a free UCP checker – see if AI agents can find your store

Show HN: SVGV – A Real-Time Vector Video Format for Budget Hardware

Study of 150 developers shows AI generated code no harder to maintain long term

Spotify now requires premium accounts for developer mode API access

When Albert Einstein Moved to Princeton

Agents.md as a Dark Signal

System time, clocks, and their syncing in macOS

McCLIM and 7GUIs – Part 1: The Counter

So whats the next word, then? Almost-no-math intro to transformer models

Ed Zitron: The Hater's Guide to Microsoft

UK infants ill after drinking contaminated baby formula of Nestle and Danone

Show HN: Android-based audio player for seniors – Homer Audio Player

Starter Template for Ory Kratos

LLMs are powerful, but enterprises are deterministic by nature

Make your iPad 3 a touchscreen for your computer

Internationalization and Localization in the Age of Agents

Building a Custom Clawdbot Workflow to Automate Website Creation

Why the "Taiwan Dome" won't survive a Chinese attack

Xkcd: Game AIs

Windows 11 is finally killing off legacy printer drivers in 2026

From Offloading to Engagement (Study on Generative AI)

AI for People

Rome is studded with cannon balls (2022)

8-piece tablebase development on Lichess (op1 partial)

US to bankroll far-right think tanks in Europe against digital laws

Ask HN: Have AI companies replaced their own SaaS usage with agents?

pi-nes

Show HN: Crew – Multi-agent orchestration tool for AI-assisted development