Comment by nyanpasu64
9 days ago
I suppose it does make sense that a "make curl look like a browser" program would get sponsored by "bypass bot detection" services...
9 days ago
I suppose it does make sense that a "make curl look like a browser" program would get sponsored by "bypass bot detection" services...
Easy. Just make a small fragment shader to produce a token in your client. No bot is going to waste GPU resources to compile your shader.
Why do people even think this? Bots almost always just use headful instrumented browsers now. if a human sitting at a keyboard can load the content, so can a bot.
Security measures never prevent all abuse. They raise the cost of abuse above an acceptable threshold. Many things work like this. Cleaning doesn't eliminate dirt, it dilutes the dirt below an acceptable threshold. Same for "repairing" and "defects", and some other pairs of things that escape me atm.
4 replies →
We are talking about Curl bots here. How is what you are saying relevant?
1 reply →
Can't they use a software renderer like swiftshader? You don't need to pass in an actual gpu through virtio or whatever.
Maybe you can call a WebGL extension that isn't supported. Or better yet have a couple of overdraws of quads. Their bot will handle it, but it will throttle their CPU like gangbusters.
5 replies →
You are just guessing, please stop. Also, you’re wrong. All serious scraping is using browsers today.
Can't a bot just collect a few real tokens and then send those instead of trying to run the shader?
How do you automate that? Just generate a new token for each day.
2 replies →