Comment by immibis
1 day ago
It's one of many possible strategies. Any one strategy can be blocked if it's used by enough malicious actors (e.g. Twitter can be forced to block base64 tweets); if they all use different strategies, it becomes harder to justify blocking each individual one.
you either need whitelisting, which ppl dont want because they need to send tweets and sync gdrive on their corpo laptops ;')...
so i guess that leaves u with modeling normal user behavior to spot anomalies without the actual packet data being an indicator.
then the bots could piggyback on regular coms still, but it'd definitely raise the bar...