Brutkey

rancidrabbit
@rancidrabbit@anarchism.space

@thenexusofprivacy@infosec.exchange Other instances need access to the API so it's not possible to do tests like Anubis does to try to make sure there's a real browser there. And they're willing to change their UserAgent strings to evade bans so likely will change IPs too but I guess I should be looking for that list of netblocks.

The Nexus of Privacy
@thenexusofprivacy@infosec.exchange

@rancidrabbit@anarchism.space It's not clear whether or not Meta is changing UserAgent strings - I've seen at least one admin saying he's not seeing that. It's totally the kind of thing they'd do, but they get so much PR value out of being perceived as "good fedi citizens" that I don't know how they think of the tradeoffs.

here's a post from @cuchaz@gladtech.social with some tools to set up firewall-level blocks - https://gladtech.social/@cuchaz/115004304985099620

Moved to @bonfire@bonfire.cafe
@bonfire@indieweb.social

@thenexusofprivacy@infosec.exchange

That would be great to know.

Probably this requires blocking at every possible level to be sure (eg. robots.txt, user agent, IP ranges...) And if some bots are using ActivityPub for scraping we could also block their HTTP signature public keys?

We've prototyped a system that builds on Bonfire's circles/boundaries to define and enforce blocks at the instance, user, and post levels. Would love feedback and suggestions to make it stronger!

@rancidrabbit@anarchism.space @cuchaz@gladtech.social @FediPact@cyberpunk.lol