← Back to context

Comment by echelon

16 hours ago

I'm surprised these platforms don't have advanced heuristics to detect API calls and inauthentic traffic.

Did you clone the Reddit API from browser traffic and then turn it into a 100% API driven thing?

I'd imagine they'd be sniffing browser agents, plugins, cookies, etc. to fingerprint. Using JavaScript scroll position, browsing rate and patterns, etc.

Maybe their protections just aren't that sophisticated.

3 comments

echelon

Reply
tardedmeme  16 hours ago

Reddit is known to fingerprint TLS and quickly shadowban accounts that don't have the fingerprints of browsers.

  • echelon  15 hours ago

    TLS fingerprinting and Cloudflare are easy to bypass. There are lots of libraries that do so.

    The application-layer stuff is harder. Each application can develop its own heuristics, and that's difficult to automate in a cross-cutting fashion.

    Reddit doesn't do anything about that? That seems stupid.