undefined | Better HN

0 pointsazalemeth4y ago0 comments

You very much missed the false positive rate! I'm fed up of being classed as a bot just because I browse with uMatrix, a Linux user agent, and a ton of ad filtering and anonymisation tech. I had to try to log in to my bank about ten times today because their js-crap website didn't like me (grumble why does it even need to ask for my desktop's accelerometer data via js...)

Stuff like this is a pain beyond pain. I really hope that the clients you mention know that they piss off a proportion of their users with every move they take.

0 comments

spijdar4y ago

> I really hope that the clients you mention know that they piss off a proportion of their users with every move they take.

With all due respect, if the tech can make a large impact on the problems mentioned above, I'm sure it's an easy decision for the big companies to take decimating bot activity over the tiny minority of users who proactively decide to disable JavaScript.

Said as someone who uses NoScript, FWIW.

fragmede4y ago

You could always go into your local bank branch instead of accessing it over the Internet. Your desktop's accelerometer helps add to your computers 'run by a human' score. Normally I'd take more issue with whatever possible privacy issue there, but my bank is where I keep my money so I'm really okay with them trying hard to keep bots out of my account.

Tor34y ago

The physical presence of banks is going away. Where I live you can't do any kind of monetary transaction in the local branch offices of any of the banks anymore. You can a) apply for a loan (and even that may go away soon), and b) identify yourself and get a physical token used for accessing the bank via the net. You can't withdraw money, you can't pay bills, you can't exchange currency. I haven't been inside my bank for many years, there's just nothing I can do there. The last time I visited the bank was with my wife (an immigrant), with her documents, to get her into the system.

smichel174y ago

Where do you live (country or US state)?

oxymoron4y ago

Different customers have different attitudes towards this. Some of them are _very_ focused on conversion and will disable anything which causes additional user friction. For others, the economic damage of bots is just so painful that it makes economic sense for them to add friction for a few percent of users.

I'm a linux user myself, so I know for a fact that neither my previous employer, nor other bot vendors, will block linux user agents in particular. Customers generally don't mind a universal requirement for JS execution, so that's just a fact of life. We generally did try to avoid blocking privacy focused browsers, though. We certainly monitored false positive rates and knew pretty well how we affected users.

raxxorrax4y ago

Cloudflare is pretty guilty of this if you use some more exotic approaches to request info. How often have I seen their captcha that is intended for bots...

striking4y ago

Doesn't your bank already know who you are?

charcircuit4y ago

>I'm fed up of being classed as a bot just because I browse with uMatrix, a Linux user agent, and a ton of ad filtering and anonymisation tech.

Have you tried not using these things? Anonymity is exactly what bots want. They want to be able to post a spam message every single second and be impossible to ban since they are anonymous. The internet can't function if people are allowed to be anonymous.

selfhoster114y ago

> The internet can't function if people are allowed to be anonymous.

You must have missed the first 20 or so years of its existence, if that's your position.

charcircuit4y ago

Okay let's go back to before I was born when people still used IRC and let's say you hated someone else's IRC server. You can just use a program to flood their server with garbage messages. In order to try and stop this spam they first try and deanonymize where this traffic is coming from. This can be done by looking at the IP that these bots are coming from. Now they can gline you and the flood ends. Now let's say the internet didn't leak your IP deanonymizing you. What are they to do? They essentially are forced to lock down the server and whitelist it. They can not allow anonymous users to join or else risk just being flooded.

Stopping abuse has always been a game of trying to deanonymize users in order to try and ban the harmful ones.

orf4y ago

It was much smaller, and spam messages where everywhere.

leppr4y ago

With many of these big anti-bot services like Google ReCaptcha, it's not even specialized anonymity tools that can cause shadow banning, just unusual user-agents.

All of these have independently caused me to get into endless ReCaptcha loops: firefox on android, smartphone with unusual screen resolution, clean browser profile with VPN.

It's so common that I now default to using duckduckgo, which never blocks me. I doubt DDG has a lower DDoS/Resources ratio than Google. Some companies are just lazier and less principled than others.

RNCTX4y ago

> it's not even specialized anonymity tools that can cause shadow banning, just unusual user-agents.

"Unusual" = not Chrome and doesn't allow tracking scripts.

Switch to Safari with an ad blocker for a week, see how many more ReCaptcha prompts you get.

charcircuit4y ago

As a person who also uses mobile Firefox, I don't feel like I personally have issues with recaptcha.

wumpus4y ago

This is not quite up there with "won't someone think about the children!!!!", but still, it's sad.

Fortunately, almost all of the websites I visit with my anonymized browser aren't places that I wish to attempt to post a message. Unfortunately, I can easily run into defenses of an entire site when the problem is spam sending.

bryan_w4y ago

To kinda tweak this since people do tend to like their anonymity, "Do you have to be anonymous to all parties, all the time?"

Parent poster trusts his bank, and his bank would trust his once it knows he's not an fraudster, so maybe it's in everyone's interest to just allow the javascript for that one site.

j / k navigate · click thread line to collapse

0 comments

spijdar4y ago

> I really hope that the clients you mention know that they piss off a proportion of their users with every move they take.

Said as someone who uses NoScript, FWIW.

fragmede4y ago

Tor34y ago

smichel174y ago

Where do you live (country or US state)?

oxymoron4y ago

raxxorrax4y ago

Cloudflare is pretty guilty of this if you use some more exotic approaches to request info. How often have I seen their captcha that is intended for bots...

striking4y ago

Doesn't your bank already know who you are?

charcircuit4y ago

>I'm fed up of being classed as a bot just because I browse with uMatrix, a Linux user agent, and a ton of ad filtering and anonymisation tech.

selfhoster114y ago

> The internet can't function if people are allowed to be anonymous.

You must have missed the first 20 or so years of its existence, if that's your position.

charcircuit4y ago

Stopping abuse has always been a game of trying to deanonymize users in order to try and ban the harmful ones.

orf4y ago

It was much smaller, and spam messages where everywhere.

leppr4y ago

With many of these big anti-bot services like Google ReCaptcha, it's not even specialized anonymity tools that can cause shadow banning, just unusual user-agents.

All of these have independently caused me to get into endless ReCaptcha loops: firefox on android, smartphone with unusual screen resolution, clean browser profile with VPN.

It's so common that I now default to using duckduckgo, which never blocks me. I doubt DDG has a lower DDoS/Resources ratio than Google. Some companies are just lazier and less principled than others.

RNCTX4y ago

> it's not even specialized anonymity tools that can cause shadow banning, just unusual user-agents.

"Unusual" = not Chrome and doesn't allow tracking scripts.

Switch to Safari with an ad blocker for a week, see how many more ReCaptcha prompts you get.

charcircuit4y ago

As a person who also uses mobile Firefox, I don't feel like I personally have issues with recaptcha.

wumpus4y ago

This is not quite up there with "won't someone think about the children!!!!", but still, it's sad.

bryan_w4y ago

To kinda tweak this since people do tend to like their anonymity, "Do you have to be anonymous to all parties, all the time?"

Parent poster trusts his bank, and his bank would trust his once it knows he's not an fraudster, so maybe it's in everyone's interest to just allow the javascript for that one site.

j / k navigate · click thread line to collapse